From 75a49c75161c344185cb68f46afc77fd15442ad3 Mon Sep 17 00:00:00 2001
From: Jet Pham <jetthomaspham@gmail.com>
Date: Mon, 23 Feb 2026 19:22:36 -0800
Subject: [PATCH] fix: matrix to allow federation and use synapse

---
 configuration.nix  |  2 +-
 modules/caddy.nix  | 17 ++++++++++++++---
 modules/matrix.nix | 29 +++++++++++++++++++++--------
 3 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 415f677..52ee07d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -25,7 +25,7 @@
   # Networking
   networking.hostName = "extremist-software";
   networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS
-
+  
   # Tailscale
   services.tailscale.enable = true;
   # We assume the user will authenticate manually or via a one-time key service
diff --git a/modules/caddy.nix b/modules/caddy.nix
index 7c8c621..e39f780 100644
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@@ -12,8 +12,18 @@
             root * /var/lib/acme/acme-challenge
             file_server
           }
+          handle /.well-known/matrix/server {
+            header Access-Control-Allow-Origin "*"
+            header Content-Type "application/json"
+            respond `{"m.server": "matrix.extremist.software:443"}`
+          }
+          handle /.well-known/matrix/client {
+            header Access-Control-Allow-Origin "*"
+            header Content-Type "application/json"
+            respond `{"m.homeserver": {"base_url": "https://matrix.extremist.software"}}`
+          }
           handle {
-            respond "Hi"
+            redir https://jetpham.com{uri}
           }
         '';
       };
@@ -51,8 +61,9 @@
 
       "matrix.extremist.software" = {
         extraConfig = ''
-          reverse_proxy /_matrix/* localhost:6167
-          reverse_proxy /_synapse/client/* localhost:6167
+          reverse_proxy /_matrix/* 127.0.0.1:8008
+          reverse_proxy /_synapse/client/* 127.0.0.1:8008
+          reverse_proxy /.well-known/matrix/* 127.0.0.1:8008
         '';
       };
     };
diff --git a/modules/matrix.nix b/modules/matrix.nix
index 3ba7954..198f0b0 100644
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@@ -1,16 +1,29 @@
 { config, pkgs, ... }:
 
 {
-  services.matrix-conduit = {
+  services.matrix-synapse = {
     enable = true;
     settings = {
-      global = {
-        server_name = "matrix.extremist.software";
-        allow_registration = true; # Disable after creating first user
-        port = 6167;
-      };
+      server_name = "extremist.software";
+      public_baseurl = "https://matrix.extremist.software";
+      
+      listeners = [
+        {
+          port = 8008;
+          bind_addresses = [ "127.0.0.1" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [
+            {
+              names = [ "client" "federation" ];
+              compress = false;
+            }
+          ];
+        }
+      ];
+      
+      enable_registration = true;
     };
   };
-
-  networking.firewall.allowedTCPPorts = [ 6167 8448 ];
 }