From c14a3682ff008ecb1e2c9050b1be800869565baa Mon Sep 17 00:00:00 2001
From: imxyy_soope_ <imxyy1soope1@gmail.com>
Date: Sat, 16 Aug 2025 23:25:18 +0800
Subject: [PATCH] fix(tuwunel): delegation

---
 config/hosts/imxyy-nix-server/matrix.nix | 35 +++++-------------------
 config/hosts/imxyy-nix-server/net.nix    |  7 -----
 2 files changed, 7 insertions(+), 35 deletions(-)

diff --git a/config/hosts/imxyy-nix-server/matrix.nix b/config/hosts/imxyy-nix-server/matrix.nix
index 4c564fd..fcf0c22 100644
--- a/config/hosts/imxyy-nix-server/matrix.nix
+++ b/config/hosts/imxyy-nix-server/matrix.nix
@@ -18,52 +18,31 @@
       server_name = "imxyy.top";
       allow_registration = true;
       registration_token_file = config.sops.secrets.tuwunel-reg-token.path;
+      well_known = {
+        server = "matrix.imxyy.top:443";
+        client = "https://matrix.imxyy.top";
+      };
     };
   };
   services.caddy.virtualHosts."imxyy.top" = {
     extraConfig = ''
-      handle /.well-known/matrix/client {
+      handle /.well-known/matrix/server {
         header Content-Type application/json
         header "Access-Control-Allow-Origin" "*"
 
-        respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
+        respond `{"m.server": "matrix.imxyy.top:443"}` 200
       }
-    '';
-  };
-  services.caddy.virtualHosts."imxyy.top:8448" = {
-    extraConfig = ''
-      reverse_proxy :8094
-
       handle /.well-known/matrix/client {
         header Content-Type application/json
         header "Access-Control-Allow-Origin" "*"
 
-        respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
+        respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top/"}}` 200
       }
     '';
   };
   services.caddy.virtualHosts."matrix.imxyy.top" = {
     extraConfig = ''
       reverse_proxy :8094
-
-      handle /.well-known/matrix/client {
-        header Content-Type application/json
-        header "Access-Control-Allow-Origin" "*"
-
-        respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
-      }
-    '';
-  };
-  services.caddy.virtualHosts."matrix.imxyy.top:8448" = {
-    extraConfig = ''
-      reverse_proxy :8094
-
-      handle /.well-known/matrix/client {
-        header Content-Type application/json
-        header "Access-Control-Allow-Origin" "*"
-
-        respond `{"m.homeserver": {"base_url": "https://matrix.imxyy.top"}}` 200
-      }
     '';
   };
 }
diff --git a/config/hosts/imxyy-nix-server/net.nix b/config/hosts/imxyy-nix-server/net.nix
index 43958f2..fd6dc8c 100644
--- a/config/hosts/imxyy-nix-server/net.nix
+++ b/config/hosts/imxyy-nix-server/net.nix
@@ -405,13 +405,6 @@
           localPort = 443;
           customDomains = [ "matrix.imxyy.top" ];
         }
-        {
-          name = "matrix-fed";
-          type = "tcp";
-          localIP = "127.0.0.1";
-          localPort = 8448;
-          remotePort = 8448;
-        }
 
         {
           name = "immich-http";