summary refs log tree commit diff
path: root/host
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2024-08-04 05:08:05 +0200
committerRory& <root@rory.gay>2024-08-04 05:08:05 +0200
commit4402873891edace4b678af537236ff1d81bba585 (patch)
tree343f32b070b98eaba7e11ab77bd27ce98a464bc7 /host
parentUpdate flake lock (diff)
downloadRory-Open-Architecture-4402873891edace4b678af537236ff1d81bba585.tar.xz
Server config cleanup
Diffstat (limited to 'host')
-rw-r--r--host/Rory-desktop/configuration.nix3
-rwxr-xr-xhost/Rory-desktop/ollama.nix2
-rwxr-xr-xhost/Rory-nginx/configuration.nix14
-rw-r--r--host/Rory-nginx/services/cgit.nix1
-rwxr-xr-xhost/Rory-nginx/services/containers/draupnir-cme/container.nix23
-rwxr-xr-xhost/Rory-nginx/services/containers/draupnir-cme/root.nix34
-rwxr-xr-xhost/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix13
-rwxr-xr-xhost/Rory-nginx/services/containers/draupnir-linux-mint/container.nix23
-rwxr-xr-xhost/Rory-nginx/services/containers/draupnir-linux-mint/root.nix34
-rwxr-xr-xhost/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix9
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests-conduit/container.nix20
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests-conduit/root.nix35
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix8
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix7
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix20
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests/container.nix13
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests/root.nix35
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests/services/conduit.nix8
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests/services/nginx.nix7
-rwxr-xr-xhost/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix20
-rwxr-xr-xhost/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix12
-rwxr-xr-xhost/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix23
-rwxr-xr-xhost/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix8
-rwxr-xr-xhost/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix7
-rwxr-xr-xhost/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix7
-rw-r--r--host/Rory-nginx/services/containers/shared.nix17
-rwxr-xr-xhost/Rory-nginx/services/discordbots.nix17
-rwxr-xr-xhost/Rory-nginx/services/jitsi.nix3
-rw-r--r--host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json17
-rw-r--r--host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json17
-rwxr-xr-xhost/Rory-nginx/services/matrix/coturn.nix9
-rwxr-xr-xhost/Rory-nginx/services/matrix/draupnir.nix21
-rwxr-xr-xhost/Rory-nginx/services/matrix/grapevine.nix12
-rwxr-xr-xhost/Rory-nginx/services/matrix/matrix-appservice-discord.nix7
-rwxr-xr-xhost/Rory-nginx/services/matrix/matrix-media-gate.nix46
-rwxr-xr-xhost/Rory-nginx/services/matrix/root.nix1
-rw-r--r--host/Rory-nginx/services/matrix/sliding-sync.nix2
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix224
-rwxr-xr-xhost/Rory-nginx/services/matrix/synapse/synapse-main.nix9
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/appservice.nix15
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/background.nix15
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix26
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix32
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix30
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix36
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix38
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/module.nix16
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/pusher.nix19
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix87
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix7
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/sync.nix26
-rw-r--r--host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix8
-rw-r--r--host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix280
-rw-r--r--host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix26
-rw-r--r--host/Rory-nginx/services/nginx/matrix-upstreams.nix26
-rwxr-xr-xhost/Rory-nginx/services/nginx/nginx.nix8
-rwxr-xr-xhost/Rory-nginx/services/ollama.nix3
-rwxr-xr-xhost/Rory-nginx/services/postgres.nix2
58 files changed, 205 insertions, 1283 deletions
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index 929cab8..9f6304d 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -14,7 +14,7 @@ args@{
     # (import ../../modules/base-secrets.nix {  path = "/home/rory/.config/sops/config.yaml"; })
     ../../modules/packages/vim.nix
     #      ../../modules/environments/home.nix
-#    ../../modules/software-templates/profilers.nix
+    #    ../../modules/software-templates/profilers.nix
     ./postgres.nix
     ./nginx.nix
 
@@ -120,7 +120,6 @@ args@{
     };
   };
 
-
   environment.systemPackages = with pkgs; [
     libreoffice
     qt6.qtwayland
diff --git a/host/Rory-desktop/ollama.nix b/host/Rory-desktop/ollama.nix
index 952203f..7f0ae8c 100755
--- a/host/Rory-desktop/ollama.nix
+++ b/host/Rory-desktop/ollama.nix
@@ -27,7 +27,7 @@
     environmentVariables = {
       OLLAMA_LLM_LIBRARY = "rocm";
     };
-#    writablePaths = [ "/data/ollama/home" ];
+    #    writablePaths = [ "/data/ollama/home" ];
     #listenAddress = "0.0.0.0:11434";
     host = "0.0.0.0";
     port = 11434;
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix
index ce9c2ad..83d7a35 100755
--- a/host/Rory-nginx/configuration.nix
+++ b/host/Rory-nginx/configuration.nix
@@ -18,7 +18,6 @@
     ../../modules/users/Alice.nix
 
     ./services/postgres.nix
-    ./services/discordbots.nix
     ./services/matrix/root.nix
     ./services/nginx/nginx.nix
     #./services/jitsi.nix
@@ -42,11 +41,6 @@
       }
     ];
     defaultGateway.interface = "ens18";
-    #    extraHosts = ''
-    #      127.0.0.1 rory.gay
-    #      127.0.0.1 matrix.rory.gay
-    #      127.0.0.1 conduit.rory.gay
-    #      '';
     nat = {
       enable = true;
       internalInterfaces = [
@@ -75,13 +69,9 @@
     conduit = conduit;
   };
 
-  containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix {
-    inherit pkgs lib nixpkgs-Draupnir;
-  };
+  containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
 
-  containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix {
-    inherit pkgs lib nixpkgs-Draupnir;
-  };
+  containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
 
   system.stateVersion = "22.11"; # DO NOT EDIT!
 }
diff --git a/host/Rory-nginx/services/cgit.nix b/host/Rory-nginx/services/cgit.nix
index 72ee221..5b80000 100644
--- a/host/Rory-nginx/services/cgit.nix
+++ b/host/Rory-nginx/services/cgit.nix
@@ -1,5 +1,4 @@
 {
-  config,
   pkgs,
   lib,
   ...
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/container.nix b/host/Rory-nginx/services/containers/draupnir-cme/container.nix
index 75ce709..6ea20a4 100755
--- a/host/Rory-nginx/services/containers/draupnir-cme/container.nix
+++ b/host/Rory-nginx/services/containers/draupnir-cme/container.nix
@@ -1,9 +1,4 @@
-{
-  pkgs,
-  lib,
-  nixpkgs-Draupnir,
-  ...
-}:
+{ nixpkgs-Draupnir, ... }:
 
 {
   privateNetwork = true;
@@ -12,21 +7,15 @@
     inherit nixpkgs-Draupnir;
   };
   config =
+    { lib, pkgs, ... }:
     {
-      lib,
-      pkgs,
-      ...
-    }:
-    {
-      imports = [ 
+      imports = [
+        ../shared.nix
         ./root.nix
+        ./services/draupnir.nix
         "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
       ];
-      nixpkgs.overlays = [
-        (final: prev: {
-          draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
-        })
-      ];
+      nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ];
     };
   hostAddress = "192.168.100.16";
   localAddress = "192.168.100.17";
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/root.nix b/host/Rory-nginx/services/containers/draupnir-cme/root.nix
index cf6f8c0..aa9bae8 100755
--- a/host/Rory-nginx/services/containers/draupnir-cme/root.nix
+++ b/host/Rory-nginx/services/containers/draupnir-cme/root.nix
@@ -1,31 +1,6 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
-  imports = [
-    ./services/draupnir.nix
-  ];
-
-  environment.systemPackages = with pkgs; [
-    neofetch
-    lnav
-    zsh
-    lsd
-    htop
-    btop
-    duf
-    kitty.terminfo
-    neovim
-    jq
-    yq
-    pv
-    dig
-  ];
-
   environment.etc."resolv.conf".text = ''
     nameserver 8.8.8.8
     nameserver 8.4.4.8
@@ -34,9 +9,12 @@
   '';
 
   networking.hosts = {
-    "192.168.100.16" = [ "matrix.rory.gay" "rory.gay" ];
+    "192.168.100.16" = [
+      "matrix.rory.gay"
+      "rory.gay"
+    ];
   };
-  
+
   networking.firewall = {
     enable = true;
   };
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
index c23680c..cf59809 100755
--- a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
+++ b/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
@@ -1,14 +1,10 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
   services.draupnir = {
     enable = true;
     accessTokenFile = "/etc/draupnir-access-token";
+    homeserverUrl = "https://matrix.rory.gay";
 
     settings = {
       managementRoom = "#draupnir-cme:rory.gay";
@@ -16,15 +12,12 @@
       autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
       automaticallyRedactForReasons = [ "*" ]; # Always autoredact
       fasterMembershipChecks = true;
-      homeserverUrl = "https://matrix.rory.gay";
 
       backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
       pollReports = false;
 
       admin.enableMakeRoomAdminCommand = false;
-      commands.ban.defaultReasons = [
-        "spam"
-      ];
+      commands.ban.defaultReasons = [ "spam" ];
     };
   };
 }
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix
index 57a14bf..6a126f1 100755
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix
+++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix
@@ -1,9 +1,4 @@
-{
-  pkgs,
-  lib,
-  nixpkgs-Draupnir,
-  ...
-}:
+{ nixpkgs-Draupnir, ... }:
 
 {
   privateNetwork = true;
@@ -12,21 +7,15 @@
     inherit nixpkgs-Draupnir;
   };
   config =
+    { lib, pkgs, ... }:
     {
-      lib,
-      pkgs,
-      ...
-    }:
-    {
-      imports = [ 
+      imports = [
+        ../shared.nix
         ./root.nix
+        ./services/draupnir.nix
         "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
       ];
-      nixpkgs.overlays = [
-        (final: prev: {
-          draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
-        })
-      ];
+      nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ];
     };
   hostAddress = "192.168.100.18";
   localAddress = "192.168.100.19";
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix
index bea6255..2254695 100755
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix
+++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix
@@ -1,31 +1,6 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ pkgs, ... }:
 
 {
-  imports = [
-    ./services/draupnir.nix
-  ];
-
-  environment.systemPackages = with pkgs; [
-    neofetch
-    lnav
-    zsh
-    lsd
-    htop
-    btop
-    duf
-    kitty.terminfo
-    neovim
-    jq
-    yq
-    pv
-    dig
-  ];
-
   environment.etc."resolv.conf".text = ''
     nameserver 8.8.8.8
     nameserver 8.4.4.8
@@ -34,9 +9,12 @@
   '';
 
   networking.hosts = {
-    "192.168.100.18" = [ "matrix.rory.gay" "rory.gay" ];
+    "192.168.100.18" = [
+      "matrix.rory.gay"
+      "rory.gay"
+    ];
   };
-  
+
   networking.firewall = {
     enable = true;
   };
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix
index 1eb159b..042651a 100755
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix
+++ b/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix
@@ -1,14 +1,10 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
   services.draupnir = {
     enable = true;
     accessTokenFile = "/etc/draupnir-access-token";
+    homeserverUrl = "https://matrix.rory.gay";
 
     settings = {
       managementRoom = "#draupnir-linux-mint:rory.gay";
@@ -16,7 +12,6 @@
       autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
       automaticallyRedactForReasons = [ "*" ]; # Always autoredact
       fasterMembershipChecks = true;
-      homeserverUrl = "https://matrix.rory.gay";
 
       backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
       pollReports = false;
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix
index 08e6760..987348e 100755
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix
@@ -1,9 +1,4 @@
-{
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
+{ conduit, ... }:
 
 {
   privateNetwork = true;
@@ -19,7 +14,11 @@
       ...
     }:
     {
-      imports = [ ./root.nix ];
+      imports = [
+        ../shared.nix
+        ./services/nginx.nix
+        ./services/conduit.nix
+      ];
       environment.etc."resolv.conf".text = ''
         nameserver 8.8.8.8
         nameserver 8.4.4.8
@@ -28,14 +27,9 @@
       '';
       networking.firewall = {
         enable = true;
-        allowedTCPPorts = [
-          80
-          5432
-        ];
+        allowedTCPPorts = [ 80 ];
       };
     };
   hostAddress = "192.168.100.14";
   localAddress = "192.168.100.15";
-  hostAddress6 = "fc00::5";
-  localAddress6 = "fc00::6";
 }
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix
deleted file mode 100755
index a9929d2..0000000
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/root.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
-
-{
-  imports = [
-    ./services/nginx.nix
-    ./services/conduit.nix
-    ./services/pantalaimon.nix
-  ];
-
-  environment.systemPackages = with pkgs; [
-    wget
-    neofetch
-    lnav
-    zsh
-    git
-    lsd
-    htop
-    btop
-    duf
-    kitty.terminfo
-    neovim
-    tmux
-    jq
-    yq
-    pv
-    dig
-    cloud-utils
-  ];
-}
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix
index 6713b26..3df71be 100755
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix
@@ -1,10 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
+{ pkgs, conduit, ... }:
 
 {
   services.matrix-conduit = {
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix
index 0678047..0d7874e 100755
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ pkgs, ... }:
 
 {
   services = {
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix
deleted file mode 100755
index da95e76..0000000
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/pantalaimon.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-
-{
-  services.pantalaimon-headless = {
-    instances."localhost" = {
-      homeserver = "http://localhost:6167";
-      ssl = false;
-      extraSettings = {
-        "DropOldKeys" = true;
-        "UseKeyring" = false;
-      };
-    };
-  };
-
-}
diff --git a/host/Rory-nginx/services/containers/matrixunittests/container.nix b/host/Rory-nginx/services/containers/matrixunittests/container.nix
index 5273b4e..3ef68bf 100755
--- a/host/Rory-nginx/services/containers/matrixunittests/container.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests/container.nix
@@ -1,9 +1,4 @@
-{
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
+{ conduit, ... }:
 
 {
   privateNetwork = true;
@@ -19,7 +14,11 @@
       ...
     }:
     {
-      imports = [ ./root.nix ];
+      imports = [
+        ../shared.nix
+        ./services/nginx.nix
+        ./services/conduit.nix
+      ];
       environment.etc."resolv.conf".text = ''
         nameserver 8.8.8.8
         nameserver 8.4.4.8
diff --git a/host/Rory-nginx/services/containers/matrixunittests/root.nix b/host/Rory-nginx/services/containers/matrixunittests/root.nix
deleted file mode 100755
index a9929d2..0000000
--- a/host/Rory-nginx/services/containers/matrixunittests/root.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
-
-{
-  imports = [
-    ./services/nginx.nix
-    ./services/conduit.nix
-    ./services/pantalaimon.nix
-  ];
-
-  environment.systemPackages = with pkgs; [
-    wget
-    neofetch
-    lnav
-    zsh
-    git
-    lsd
-    htop
-    btop
-    duf
-    kitty.terminfo
-    neovim
-    tmux
-    jq
-    yq
-    pv
-    dig
-    cloud-utils
-  ];
-}
diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix
index 573075e..b33117f 100755
--- a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix
@@ -1,10 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
+{ pkgs, conduit, ... }:
 
 {
   services.matrix-conduit = {
diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix
index 98d2e52..0236182 100755
--- a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ pkgs, ... }:
 
 {
   services = {
diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix b/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix
deleted file mode 100755
index da95e76..0000000
--- a/host/Rory-nginx/services/containers/matrixunittests/services/pantalaimon.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-
-{
-  services.pantalaimon-headless = {
-    instances."localhost" = {
-      homeserver = "http://localhost:6167";
-      ssl = false;
-      extraSettings = {
-        "DropOldKeys" = true;
-        "UseKeyring" = false;
-      };
-    };
-  };
-
-}
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
index 4ddffeb..837ae11 100755
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
@@ -1,9 +1,4 @@
-{
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
+{ conduit, ... }:
 
 {
   privateNetwork = true;
@@ -19,7 +14,10 @@
       ...
     }:
     {
-      imports = [ ./root.nix ];
+      imports = [
+        ./root.nix
+        ../shared.nix
+      ];
       environment.etc."resolv.conf".text = ''
         nameserver 8.8.8.8
         nameserver 8.4.4.8
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
index a9929d2..7e7c355 100755
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
@@ -1,8 +1,4 @@
 {
-  config,
-  pkgs,
-  lib,
-  conduit,
   ...
 }:
 
@@ -13,23 +9,4 @@
     ./services/pantalaimon.nix
   ];
 
-  environment.systemPackages = with pkgs; [
-    wget
-    neofetch
-    lnav
-    zsh
-    git
-    lsd
-    htop
-    btop
-    duf
-    kitty.terminfo
-    neovim
-    tmux
-    jq
-    yq
-    pv
-    dig
-    cloud-utils
-  ];
 }
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix
index bbc042c..db9df9a 100755
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix
@@ -1,10 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  conduit,
-  ...
-}:
+{ pkgs, conduit, ... }:
 
 {
   services.matrix-conduit = {
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix
index 0f9fad4..9d8041a 100755
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ pkgs, ... }:
 
 {
   services = {
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix
index da95e76..335176f 100755
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
   services.pantalaimon-headless = {
diff --git a/host/Rory-nginx/services/containers/shared.nix b/host/Rory-nginx/services/containers/shared.nix
new file mode 100644
index 0000000..f267ff0
--- /dev/null
+++ b/host/Rory-nginx/services/containers/shared.nix
@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    neofetch
+    lnav
+    zsh
+    git
+    lsd
+    htop
+    btop
+    duf
+    kitty.terminfo
+    neovim
+    jq
+    dig
+  ];
+}
diff --git a/host/Rory-nginx/services/discordbots.nix b/host/Rory-nginx/services/discordbots.nix
deleted file mode 100755
index 1183807..0000000
--- a/host/Rory-nginx/services/discordbots.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  botcore-v4,
-  ...
-}:
-
-{
-  imports = [
-    botcore-v4.modules.bots
-    botcore-v4.modules.frontend
-    botcore-v4.modules.dataupdater
-    botcore-v4.modules.users
-  ];
-
-}
diff --git a/host/Rory-nginx/services/jitsi.nix b/host/Rory-nginx/services/jitsi.nix
index 29f6a9e..ff7a229 100755
--- a/host/Rory-nginx/services/jitsi.nix
+++ b/host/Rory-nginx/services/jitsi.nix
@@ -1,7 +1,4 @@
 {
-  config,
-  pkgs,
-  lib,
   ...
 }:
 
diff --git a/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json
deleted file mode 100644
index f1e8d6a..0000000
--- a/host/Rory-nginx/services/matrix/appsettings.conduit-rory-gay.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft.AspNetCore": "Information",
-      "Microsoft.AspNetCore.Routing": "Warning",
-      "Microsoft.AspNetCore.Mvc": "Warning"
-    }
-  },
-  "ProxyConfiguration": {
-    "Upstream": "http://127.0.0.1:6167",
-    "Host": "conduit.rory.gay",
-    "TrustedServers": [
-      "conduit.rory.gay"
-    ]
-  }
-}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json b/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json
deleted file mode 100644
index 5240676..0000000
--- a/host/Rory-nginx/services/matrix/appsettings.matrix-rory-gay.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft.AspNetCore": "Information",
-      "Microsoft.AspNetCore.Routing": "Warning",
-      "Microsoft.AspNetCore.Mvc": "Warning"
-    }
-  },
-  "ProxyConfiguration": {
-    "Upstream": "http://matrix-rory-gay.localhost",
-    "Host": "matrix-rory-gay.localhost",
-    "TrustedServers": [
-      "rory.gay"
-    ]
-  }
-}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/matrix/coturn.nix b/host/Rory-nginx/services/matrix/coturn.nix
index 1fed755..805faa9 100755
--- a/host/Rory-nginx/services/matrix/coturn.nix
+++ b/host/Rory-nginx/services/matrix/coturn.nix
@@ -1,13 +1,8 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
   # coturn (WebRTC)
-  services.coturn = rec {
+  services.coturn = {
     enable = false; # Alicia - figure out secret first...
     no-cli = true;
     no-tcp-relay = true;
diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix
index f2a8357..9f48e6d 100755
--- a/host/Rory-nginx/services/matrix/draupnir.nix
+++ b/host/Rory-nginx/services/matrix/draupnir.nix
@@ -1,22 +1,17 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
-  # Alicia - doesnt work yet... until in nixpkgs...
   services.draupnir = {
     enable = true;
+    homeserverUrl = "https://matrix.rory.gay";
 
     pantalaimon = {
       enable = true;
       username = "draupnir";
       passwordFile = "/etc/draupnir-password";
       options = {
-        homeserver = "http://localhost:8008";
-        ssl = false;
+        #homeserver = "http://localhost:8008";
+        #ssl = false;
       };
     };
     settings = {
@@ -30,8 +25,6 @@
       backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
       pollReports = false; # this is a single person homeserver... let's save ourself the work
 
-      #homeserverUrl = "yes";
-
       admin.enableMakeRoomAdminCommand = true;
       commands.ban.defaultReasons = [
         "spam"
@@ -52,10 +45,4 @@
       };
     };
   };
-
-  #  services.pantalaimon-headless.instances.draupnir = {
-  #    homeserver = "http://localhost:8008";
-  #    ssl = false;
-  #  };
-
 }
diff --git a/host/Rory-nginx/services/matrix/grapevine.nix b/host/Rory-nginx/services/matrix/grapevine.nix
index 1cb2e19..0f0006b 100755
--- a/host/Rory-nginx/services/matrix/grapevine.nix
+++ b/host/Rory-nginx/services/matrix/grapevine.nix
@@ -1,18 +1,12 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
   services.grapevine = {
-    #package = conduit.packages.${pkgs.system}.default;
     enable = true;
     settings = {
       conduit_compat = true;
-      #      address = "127.0.0.1";
       server_name = "conduit.rory.gay";
+      trusted_servers = [ "rory.gay" ];
 
       listen = [
         {
@@ -31,7 +25,7 @@
 
       #log = "info";
       #log_format = "full";
-      #log = "debug";
+      log = "debug";
     };
   };
 }
diff --git a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix b/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix
index 43c26ca..3041aaa 100755
--- a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix
+++ b/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ ... }:
 
 {
   # Discord bridge
diff --git a/host/Rory-nginx/services/matrix/matrix-media-gate.nix b/host/Rory-nginx/services/matrix/matrix-media-gate.nix
deleted file mode 100755
index 7eb599c..0000000
--- a/host/Rory-nginx/services/matrix/matrix-media-gate.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  MatrixMediaGate,
-  ...
-}:
-
-{
-  systemd.services = {
-    "MatrixMediaGate-matrix-rory-gay" = {
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        ExecStart = "${MatrixMediaGate.packages.x86_64-linux.default}/bin/MatrixMediaGate";
-        ExecStartPre = "${pkgs.busybox}/bin/cp ${./appsettings.matrix-rory-gay.json} ./appsettings.matrix-rory-gay.json";
-        Restart = "always";
-        RestartSec = "5";
-        Type = "notify";
-        DynamicUser = true;
-        StateDirectory = "matrix-media-gate";
-        WorkingDirectory = "/var/lib/matrix-media-gate";
-      };
-      environment = {
-        "DOTNET_ENVIRONMENT" = "matrix-rory-gay";
-        "DOTNET_URLS" = "http://localhost:9001";
-      };
-    };
-    "MatrixMediaGate-conduit-rory-gay" = {
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        ExecStart = "${MatrixMediaGate.packages.x86_64-linux.default}/bin/MatrixMediaGate";
-        ExecStartPre = "${pkgs.busybox}/bin/cp ${./appsettings.conduit-rory-gay.json} ./appsettings.conduit-rory-gay.json";
-        Restart = "always";
-        RestartSec = "5";
-        Type = "notify";
-        DynamicUser = true;
-        StateDirectory = "matrix-media-gate";
-        WorkingDirectory = "/var/lib/matrix-media-gate";
-      };
-      environment = {
-        "DOTNET_ENVIRONMENT" = "conduit-rory-gay";
-        "DOTNET_URLS" = "http://localhost:9002";
-      };
-    };
-  };
-}
diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix
index 87b5cc9..968a14a 100755
--- a/host/Rory-nginx/services/matrix/root.nix
+++ b/host/Rory-nginx/services/matrix/root.nix
@@ -14,7 +14,6 @@
     ./draupnir.nix
     ./grapevine.nix
     ./sliding-sync.nix
-    #./matrix-media-gate.nix
   ];
 
 }
diff --git a/host/Rory-nginx/services/matrix/sliding-sync.nix b/host/Rory-nginx/services/matrix/sliding-sync.nix
index 9de4958..e66d325 100644
--- a/host/Rory-nginx/services/matrix/sliding-sync.nix
+++ b/host/Rory-nginx/services/matrix/sliding-sync.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ ... }:
 {
   services.matrix-sliding-sync = {
     enable = true;
diff --git a/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix b/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix
deleted file mode 100755
index 8bdaf19..0000000
--- a/host/Rory-nginx/services/matrix/synapse/_synapse.monolith.nix
+++ /dev/null
@@ -1,224 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-
-{
-  services.matrix-synapse = {
-    enable = true;
-    withJemalloc = true;
-
-    # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
-    settings = {
-      server_name = "rory.gay";
-
-      enable_registration = true;
-      registration_requires_token = true;
-
-      require_membership_for_aliases = false;
-      redaction_retention_period = null;
-      user_ips_max_age = null;
-      allow_device_name_lookup_over_federation = true;
-
-      federation = {
-        client_timeout = "60s";
-        max_short_retries = 6;
-        max_short_retry_delay = "10s";
-        max_long_retries = 5;
-        max_long_retry_delay = "30s";
-      };
-
-      event_cache_size = "1200K"; # defaults to 10K
-      caches = {
-        global_factor = 5000.0;
-        cache_entry_ttl = "12h";
-        expire_caches = true;
-        sync_response_cache_duration = "6h";
-        cache_autotuning = {
-          max_cache_memory_usage = "65536M";
-          target_cache_memory_usage = "32768M";
-          min_cache_ttl = "6h";
-        };
-      };
-
-      # Alicia - figure this out later...
-      #registration_shared_secret = builtins.exec ["cat" "/dev/urandom" "|" "tr" "-dc" "a-zA-Z0-9" "|" "fold" "-w" "256" "|" "head" "-n" "1"];
-      registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
-
-      listeners = [
-        {
-          port = 8008;
-          bind_addresses = [
-            "192.168.1.2"
-            "127.0.0.1"
-          ];
-          type = "http";
-          tls = false;
-          x_forwarded = true;
-          resources = [
-            {
-              names = [
-                "client"
-                "federation"
-              ];
-              compress = true;
-            }
-          ];
-        }
-      ];
-      dynamic_thumbnails = true;
-      presence = {
-        enable = true;
-        update_interval = 60;
-      };
-      url_preview_enabled = true;
-      database = {
-        name = "psycopg2";
-        args = {
-          user = "matrix-synapse-rory-gay";
-          #passwordFile = "/run/secrets/matrix-synapse-password";
-          password = "somepassword";
-          database = "matrix-synapse-rory-gay";
-          host = "127.0.0.1";
-          application_name = "matrix-synapse (rory.gay)";
-          cp_min = 5;
-          cp_max = 50;
-          #cp_reconnect_interval = "True";
-        };
-      };
-      app_service_config_files = [
-        #"/etc/matrix-synapse/appservice-registration.yaml"
-        "/var/lib/matrix-synapse/modas-registration.yaml"
-      ];
-
-      rc_message = {
-        per_second = 1000;
-        burst_count = 1000;
-      };
-      rc_login = {
-        address = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        account = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        failed_attempts = {
-          per_second = 0.1;
-          burst_count = 3;
-        };
-      };
-      rc_joins = {
-        local = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        remote = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-      };
-      rc_joins_per_room = {
-        per_second = 1000;
-        burst_count = 1000;
-      };
-      rc_invites = {
-        per_room = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        per_user = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-        per_issuer = {
-          per_second = 1000;
-          burst_count = 1000;
-        };
-      };
-      rc_federation = {
-        window_size = 10;
-        sleep_limit = 1000;
-        sleep_delay = 100;
-        reject_limit = 1000;
-        concurrent = 100;
-      };
-      federation_rr_transactions_per_room_per_second = 1;
-
-      max_image_pixels = "100M";
-
-      ui_auth = {
-        session_timeout = "1m";
-      };
-
-      login_via_existing_session = {
-        enabled = true;
-        require_ui_auth = true;
-        token_timeout = "1y";
-      };
-
-      #sentry = {
-      #  dsn = "https://77c8de07855d4e0c90dbcf0945a04f01@sentry.thearcanebrony.net/14";
-      #};
-
-      report_stats = false;
-
-      user_directory = {
-        enabled = true;
-        search_all_users = true;
-        prefer_local_users = true;
-      };
-
-      experimental_features = {
-        "org.matrix.msc3026.busy_presence" = true;
-        "fi.mau.msc2815" = true;
-        "org.matrix.msc3881" = true;
-        "org.matrix.msc3874" = true;
-        "org.matrix.msc3912" = true;
-      };
-    };
-
-    plugins = with pkgs.matrix-synapse-plugins; [
-      # Alicia - need to port draupnir...
-      #matrix-synapse-mjolnir-antispam
-      #      matrix-synapse-pam
-    ];
-    #    extraConfigFiles = [
-    #        (pkgs.writeTextFile {
-    #          name = "matrix-synapse-extra-config.yml";
-    #          text = ''
-    #            modules:
-    #              - module: "pam_auth_provider.PAMAuthProvider"
-    #                config:
-    #                  create_users: true
-    #                  skip_user_check: false
-    #          '';
-    #        })
-    #      ];
-  };
-
-  systemd.services.matrix-synapse-reg-token = {
-    description = "Random registration token for Synapse.";
-    before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-
-    script = ''
-
-      if [ ! -f "registration_shared_secret.txt" ]
-      then
-        cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
-      else
-        echo Not generating key, key exists;
-      fi'';
-    serviceConfig = {
-      User = "matrix-synapse";
-      Group = "matrix-synapse";
-      WorkingDirectory = "/var/lib/matrix-synapse";
-    };
-  };
-
-}
diff --git a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
index 4f3256f..5202ac1 100755
--- a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
+++ b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ pkgs, ... }:
 
 {
   # Worker plumbing examples: https://github.com/element-hq/synapse/blob/master/docker/configure_workers_and_start.py
@@ -15,6 +10,8 @@
     withJemalloc = true;
 
     nginxVirtualHostName = "matrix.rory.gay";
+    enableWorkers = true;
+
     federationSenders = 16;
     pushers = 1;
     mediaRepoWorkers = 4;
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix b/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix
index d259edd..e3b07bc 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/appservice.nix
@@ -1,23 +1,20 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 
 let
   cfg = config.services.matrix-synapse;
+  workerName = "appservice";
+  workerRoutes = [ ];
 in
 {
   services.matrix-synapse = lib.mkIf cfg.enableAppserviceWorker {
     settings = {
       instance_map = {
         appservice = {
-          path = "/run/matrix-synapse/appservice.sock";
+          path = "/run/matrix-synapse/${workerName}.sock";
         };
       };
 
-      notify_appservices_from_worker = "appservice";
+      notify_appservices_from_worker = workerName;
     };
 
     workers = {
@@ -26,7 +23,7 @@ in
         worker_listeners = [
           {
             type = "http";
-            path = "/run/matrix-synapse/appservice.sock";
+            path = "/run/matrix-synapse/${workerName}.sock";
             resources = [
               {
                 names = [ "replication" ];
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/background.nix b/host/Rory-nginx/services/matrix/synapse/workers/background.nix
index 501299a..611f6eb 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/background.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/background.nix
@@ -1,23 +1,20 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 
 let
   cfg = config.services.matrix-synapse;
+  workerName = "background";
+  workerRoutes = [ ];
 in
 {
   services.matrix-synapse = lib.mkIf cfg.enableBackgroundWorker {
     settings = {
       instance_map = {
         background = {
-          path = "/run/matrix-synapse/background.sock";
+          path = "/run/matrix-synapse/${workerName}.sock";
         };
       };
 
-      run_background_tasks_on = "background";
+      run_background_tasks_on = workerName;
     };
 
     workers = {
@@ -26,7 +23,7 @@ in
         worker_listeners = [
           {
             type = "http";
-            path = "/run/matrix-synapse/background.sock";
+            path = "/run/matrix-synapse/${workerName}.sock";
             resources = [
               {
                 names = [ "replication" ];
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
index ff7352b..c89b147 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
@@ -1,13 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 
 let
   cfg = config.services.matrix-synapse;
   workers = lib.range 0 (cfg.clientReaders - 1);
+  workerName = "client_reader";
   routes = [
     "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"
     "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"
@@ -44,9 +40,9 @@ in
       settings = {
         instance_map = lib.listToAttrs (
           lib.map (index: {
-            name = "client_reader-${toString index}";
+            name = "${workerName}-${toString index}";
             value = {
-              path = "/run/matrix-synapse/client_reader-${toString index}.sock";
+              path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
             };
           }) workers
         );
@@ -54,13 +50,13 @@ in
 
       workers = lib.listToAttrs (
         lib.map (index: {
-          name = "client_reader-${toString index}";
+          name = "${workerName}-${toString index}";
           value = {
             worker_app = "synapse.app.generic_worker";
             worker_listeners = [
               {
                 type = "http";
-                path = "/run/matrix-synapse/client_reader-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
                 resources = [
                   {
                     names = [ "replication" ];
@@ -70,7 +66,7 @@ in
               }
               {
                 type = "http";
-                path = "/run/matrix-synapse/client_reader-client-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-client-${toString index}.sock";
                 mode = "666";
                 resources = [
                   {
@@ -82,7 +78,7 @@ in
             ];
             database = (
               import ../db.nix {
-                workerName = "client_reader-${toString index}";
+                workerName = "${workerName}-${toString index}";
                 dbGroup = "medium";
               }
             );
@@ -91,13 +87,13 @@ in
       );
     };
 
-    services.nginx.upstreams."client_reader" = {
+    services.nginx.upstreams."${workerName}" = {
       extraConfig = ''
         keepalive 32;
       '';
       servers = lib.listToAttrs (
         lib.map (index: {
-          name = "unix:/run/matrix-synapse/client_reader-client-${toString index}.sock";
+          name = "unix:/run/matrix-synapse/${workerName}-client-${toString index}.sock";
           value = {
             max_fails = 0;
           };
@@ -109,7 +105,7 @@ in
       lib.map (route: {
         name = route;
         value = {
-          proxyPass = "http://client_reader";
+          proxyPass = "http://${workerName}";
         };
       }) routes
     );
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
index 9853601..2e3574f 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
@@ -1,16 +1,10 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 
 let
   cfg = config.services.matrix-synapse;
   workers = lib.range 0 (cfg.federationReaders - 1);
-  routes = [
-    "~ /_matrix/federation/(v1|v2)/send/"
-  ];
+  workerName = "federation_inbound";
+  workerRoutes = [ "~ /_matrix/federation/(v1|v2)/send/" ];
 in
 {
   config = lib.mkIf (cfg.federationInboundWorkers > 0) {
@@ -18,9 +12,9 @@ in
       settings = {
         instance_map = lib.listToAttrs (
           lib.map (index: {
-            name = "federation_inbound-${toString index}";
+            name = "${workerName}-${toString index}";
             value = {
-              path = "/run/matrix-synapse/federation_inbound-${toString index}.sock";
+              path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
             };
           }) workers
         );
@@ -28,13 +22,13 @@ in
 
       workers = lib.listToAttrs (
         lib.map (index: {
-          name = "federation_inbound-${toString index}";
+          name = "${workerName}-${toString index}";
           value = {
             worker_app = "synapse.app.generic_worker";
             worker_listeners = [
               {
                 type = "http";
-                path = "/run/matrix-synapse/federation_inbound-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
                 resources = [
                   {
                     names = [ "replication" ];
@@ -44,7 +38,7 @@ in
               }
               {
                 type = "http";
-                path = "/run/matrix-synapse/federation_inbound-federation-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-federation-${toString index}.sock";
                 mode = "666";
                 resources = [
                   {
@@ -56,7 +50,7 @@ in
             ];
             database = (
               import ../db.nix {
-                workerName = "federation_inbound-${toString index}";
+                workerName = "${workerName}-${toString index}";
                 dbGroup = "medium";
               }
             );
@@ -65,14 +59,14 @@ in
       );
     };
 
-    services.nginx.upstreams."federation_inbound" = {
+    services.nginx.upstreams."${workerName}" = {
       extraConfig = ''
         keepalive 32;
         ip_hash;
       '';
       servers = lib.listToAttrs (
         lib.map (index: {
-          name = "unix:/run/matrix-synapse/federation_inbound-federation-${toString index}.sock";
+          name = "unix:/run/matrix-synapse/${workerName}-federation-${toString index}.sock";
           value = {
             max_fails = 0;
           };
@@ -84,9 +78,9 @@ in
       lib.map (route: {
         name = route;
         value = {
-          proxyPass = "http://federation_inbound";
+          proxyPass = "http://${workerName}";
         };
-      }) routes
+      }) workerRoutes
     );
   };
 }
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
index 9aafb28..762f82c 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
@@ -1,14 +1,10 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 
 let
   cfg = config.services.matrix-synapse;
   workers = lib.range 0 (cfg.federationReaders - 1);
-  routes = [
+  workerName = "federation_reader";
+  workerRoutes = [
     "~ ^/_matrix/federation/(v1|v2)/event/"
     "~ ^/_matrix/federation/(v1|v2)/state/"
     "~ ^/_matrix/federation/(v1|v2)/state_ids/"
@@ -38,9 +34,9 @@ in
       settings = {
         instance_map = lib.listToAttrs (
           lib.map (index: {
-            name = "federation_reader-${toString index}";
+            name = "${workerName}-${toString index}";
             value = {
-              path = "/run/matrix-synapse/federation_reader-${toString index}.sock";
+              path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
             };
           }) workers
         );
@@ -48,13 +44,13 @@ in
 
       workers = lib.listToAttrs (
         lib.map (index: {
-          name = "federation_reader-${toString index}";
+          name = "${workerName}-${toString index}";
           value = {
             worker_app = "synapse.app.generic_worker";
             worker_listeners = [
               {
                 type = "http";
-                path = "/run/matrix-synapse/federation_reader-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
                 resources = [
                   {
                     names = [ "replication" ];
@@ -64,7 +60,7 @@ in
               }
               {
                 type = "http";
-                path = "/run/matrix-synapse/federation_reader-federation-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-federation-${toString index}.sock";
                 mode = "666";
                 resources = [
                   {
@@ -76,7 +72,7 @@ in
             ];
             database = (
               import ../db.nix {
-                workerName = "federation_reader-${toString index}";
+                workerName = "${workerName}-${toString index}";
                 dbGroup = "medium";
               }
             );
@@ -85,14 +81,14 @@ in
       );
     };
 
-    services.nginx.upstreams."federation_reader" = {
+    services.nginx.upstreams."${workerName}" = {
       extraConfig = ''
         keepalive 32;
         hash $request_uri consistent;
       '';
       servers = lib.listToAttrs (
         lib.map (index: {
-          name = "unix:/run/matrix-synapse/federation_reader-federation-${toString index}.sock";
+          name = "unix:/run/matrix-synapse/${workerName}-federation-${toString index}.sock";
           value = {
             max_fails = 0;
           };
@@ -104,9 +100,9 @@ in
       lib.map (route: {
         name = route;
         value = {
-          proxyPass = "http://federation_reader";
+          proxyPass = "http://${workerName}";
         };
-      }) routes
+      }) workerRoutes
     );
   };
 }
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
index 4cb137a..391e046 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
@@ -1,46 +1,36 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 let
   cfg = config.services.matrix-synapse;
   federationSenders = lib.range 0 (cfg.federationSenders - 1);
+  workerName = "federation_sender";
+  workerRoutes = [ ];
 in
 {
   services.matrix-synapse = lib.mkIf (cfg.federationSenders > 0) {
     settings = {
       instance_map = lib.listToAttrs (
         lib.map (index: {
-          name = "federation_sender-${toString index}";
+          name = "${workerName}-${toString index}";
           value = {
-            path = "/run/matrix-synapse/federation_sender-${toString index}.sock";
+            path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
           };
         }) federationSenders
       );
       send_federation = false;
-      federation_sender_instances = lib.map (index: "federation_sender-${toString index}") federationSenders;
-      outbound_federation_restricted_to = lib.map (index: "federation_sender-${toString index}") federationSenders;
-      worker_replication_secret = "federation_sender_secret";
-
-      database = (
-        import ../db.nix {
-          workerName = "federation_sender";
-          dbGroup = "solo";
-        }
-      );
+      federation_sender_instances = lib.map (index: "${workerName}-${toString index}") federationSenders;
+      outbound_federation_restricted_to = lib.map (index: "${workerName}-${toString index}") federationSenders;
+      worker_replication_secret = "${workerName}_secret";
     };
 
     workers = lib.listToAttrs (
       lib.map (index: {
-        name = "federation_sender-${toString index}";
+        name = "${workerName}-${toString index}";
         value = {
           worker_app = "synapse.app.generic_worker";
           worker_listeners = [
             {
               type = "http";
-              path = "/run/matrix-synapse/federation_sender-${toString index}.sock";
+              path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
               resources = [
                 {
                   names = [ "replication" ];
@@ -49,6 +39,12 @@ in
               ];
             }
           ];
+          database = (
+            import ../db.nix {
+              workerName = "${workerName}-${toString index}";
+              dbGroup = "solo";
+            }
+          );
         };
       }) federationSenders
     );
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
index e4d3b32..b030706 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
@@ -1,13 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 
 let
   cfg = config.services.matrix-synapse;
   workers = lib.range 0 (cfg.mediaRepoWorkers - 1);
+  workerName = "media_repo";
   routes = [
     "~ ^/_matrix/media/"
     "~ ^/_matrix/client/v1/media/"
@@ -25,26 +21,26 @@ in
       settings = {
         instance_map = lib.listToAttrs (
           lib.map (index: {
-            name = "media_repo-${toString index}";
+            name = "${workerName}-${toString index}";
             value = {
-              path = "/run/matrix-synapse/media_repo-${toString index}.sock";
+              path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
             };
           }) workers
         );
 
-        media_instance_running_background_jobs = "media_repo-0";
+        media_instance_running_background_jobs = "${workerName}-0";
         enable_media_repo = false;
       };
 
       workers = lib.listToAttrs (
         lib.map (index: {
-          name = "media_repo-${toString index}";
+          name = "${workerName}-${toString index}";
           value = {
             worker_app = "synapse.app.generic_worker";
             worker_listeners = [
               {
                 type = "http";
-                path = "/run/matrix-synapse/media_repo-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
                 resources = [
                   {
                     names = [ "replication" ];
@@ -54,7 +50,7 @@ in
               }
               {
                 type = "http";
-                path = "/run/matrix-synapse/media_repo-media-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-media-${toString index}.sock";
                 mode = "666";
                 resources = [
                   {
@@ -66,23 +62,33 @@ in
             ];
             database = (
               import ../db.nix {
-                workerName = "media_repo-${toString index}";
+                workerName = "${workerName}-${toString index}";
                 dbGroup = "solo";
               }
             );
             enable_media_repo = true;
+            max_upload_size = "512M";
+            remote_media_download_burst_count = "512G";
+            remote_media_download_per_second = "512G";
+            rc_federation = {
+              window_size = 1;
+              sleep_limit = 1000;
+              sleep_delay = 1;
+              reject_limit = 1000;
+              concurrent = 100;
+            };
           };
         }) workers
       );
     };
 
-    services.nginx.upstreams."media_repo" = {
+    services.nginx.upstreams."${workerName}" = {
       extraConfig = ''
         keepalive 32;
       '';
       servers = lib.listToAttrs (
         lib.map (index: {
-          name = "unix:/run/matrix-synapse/media_repo-media-${toString index}.sock";
+          name = "unix:/run/matrix-synapse/${workerName}-media-${toString index}.sock";
           value = {
             max_fails = 0;
           };
@@ -94,7 +100,7 @@ in
       lib.map (route: {
         name = route;
         value = {
-          proxyPass = "http://media_repo";
+          proxyPass = "http://${workerName}";
           extraConfig = ''
             client_max_body_size 500M;
           '';
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/module.nix b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
index 1450d52..bb46aed 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/module.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
@@ -1,19 +1,8 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 let
   cfg = config.services.matrix-synapse;
 in
-#eventWriters = lib.range 0 (count - 1);
-#typingWriters = lib.range 0 (count - 1);
-#deviceWriters = lib.range 0 (count - 1);
-#accountDataWriters = lib.range 0 (count - 1);
-#receiptsWriters = lib.range 0 (count - 1);
-#presenceWriters = lib.range 0 (count - 1);
-#pusherWriters = lib.range 0 (count - 1);
+
 {
   imports = [
     ./appservice.nix
@@ -51,6 +40,7 @@ in
         ]
     )
     // {
+      enableWorkers = lib.mkEnableOption "Enable dedicated workers";
       enableStreamWriters = lib.mkEnableOption "Enable stream writers";
       enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker";
       enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker";
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
index 63d903a..3391171 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
@@ -1,12 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 let
   cfg = config.services.matrix-synapse;
   pushers = lib.range 0 (cfg.pushers - 1);
+  workerName = "pusher";
+  workerRoutes = [ ];
 in
 {
   config = lib.mkIf (cfg.pushers > 0) {
@@ -16,23 +13,23 @@ in
           lib.map (index: {
             name = "pusher-${toString index}";
             value = {
-              path = "/run/matrix-synapse/pusher-${toString index}.sock";
+              path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
             };
           }) pushers
         );
 
-        pusher_instances = lib.map (index: "pusher-${toString index}") pushers;
+        pusher_instances = lib.map (index: "${workerName}-${toString index}") pushers;
       };
 
       workers = lib.listToAttrs (
         lib.map (index: {
-          name = "pusher-${toString index}";
+          name = "${workerName}-${toString index}";
           value = {
             worker_app = "synapse.app.generic_worker";
             worker_listeners = [
               {
                 type = "http";
-                path = "/run/matrix-synapse/pusher-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
                 resources = [
                   {
                     names = [ "replication" ];
@@ -43,7 +40,7 @@ in
             ];
             database = (
               import ../db.nix {
-                workerName = "pusher-${toString index}";
+                workerName = "${workerName}-${toString index}";
                 dbGroup = "small";
               }
             );
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix
deleted file mode 100644
index d4a9ff4..0000000
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/__OLD__module.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-let
-  cfg = config.services.matrix-synapse;
-in
-#eventWriters = lib.range 0 (count - 1);
-#typingWriters = lib.range 0 (count - 1);
-#deviceWriters = lib.range 0 (count - 1);
-#accountDataWriters = lib.range 0 (count - 1);
-#receiptsWriters = lib.range 0 (count - 1);
-#presenceWriters = lib.range 0 (count - 1);
-#pusherWriters = lib.range 0 (count - 1);
-{
-  options.services.matrix-synapse =
-    lib.listToAttrs (
-      lib.map
-        (option: {
-          name = "${option}StreamWriters";
-          value = lib.mkOption {
-            type = lib.types.int;
-            default = 1;
-            description = "Number of writers for ${option} streams";
-          };
-        })
-        [
-          "event"
-          "typing"
-          "toDevice"
-          "accountData"
-          "receipts"
-          "presence"
-          "pushRule"
-        ]
-    )
-    // {
-      enableStreamWriters = lib.mkEnableOption "Enable stream writers";
-      federationSenders = lib.mkOption {
-        type = lib.types.int;
-        default = 1;
-        description = "Number of federation senders";
-      };
-      pushers = lib.mkOption {
-        type = lib.types.int;
-        default = 1;
-        description = "Number of pushers";
-      };
-    };
-
-  config = lib.mkIf cfg.enableStreamWriters {
-    services.matrix-synapse = {
-      settings = {
-        instance_map = lib.listToAttrs (
-          lib.map (port: {
-            name = "stream-writer-${toString port}";
-            value = {
-              path = "/run/matrix-synapse/stream-writer-${toString port}.sock";
-            };
-          }) federationSenders
-        );
-
-        stream_writers = {
-          events = lib.map (port: "stream-writer-events-${toString port}") federationSenders;
-          typing = lib.map (port: "stream-writer-typing-${toString port}") typingWriters;
-          to_device = lib.map (port: "stream-writer-to_device-${toString port}") deviceWriters;
-          account_data = lib.map (port: "stream-writer-account_data-${toString port}") accountDataWriters;
-          receipts = lib.map (port: "stream-writer-receipts-${toString port}") receiptsWriters;
-          presence = lib.map (port: "stream-writer-presence-${toString port}") presenceWriters;
-          push_rules = lib.map (port: "stream-writer-push_rules-${toString port}") pusherWriters;
-        };
-      };
-
-      workers = lib.listToAttrs (
-        lib.map (port: {
-          name = "stream-writerr-${toString port}";
-          value = {
-            worker_app = "synapse.app.generic_worker";
-            worker_listeners = [ ];
-          };
-        }) federationSenders
-      );
-    };
-  };
-}
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
index 4dbf4ee..1f5b638 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 let
   cfg = config.services.matrix-synapse;
   streamWriters = lib.range 0 (cfg.eventStreamWriters - 1);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
index b9ccad3..579e14b 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
@@ -1,13 +1,9 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
+{ config, lib, ... }:
 
 let
   cfg = config.services.matrix-synapse;
   workers = lib.range 0 (cfg.syncWorkers - 1);
+  workerName = "sync";
   routes = [
     "~ ^/_matrix/client/(v2_alpha|r0|v3)/sync$"
     "~ ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$"
@@ -21,9 +17,9 @@ in
       settings = {
         instance_map = lib.listToAttrs (
           lib.map (index: {
-            name = "sync-${toString index}";
+            name = "${workerName}-${toString index}";
             value = {
-              path = "/run/matrix-synapse/sync-${toString index}.sock";
+              path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
             };
           }) workers
         );
@@ -31,13 +27,13 @@ in
 
       workers = lib.listToAttrs (
         lib.map (index: {
-          name = "sync-${toString index}";
+          name = "${workerName}-${toString index}";
           value = {
             worker_app = "synapse.app.generic_worker";
             worker_listeners = [
               {
                 type = "http";
-                path = "/run/matrix-synapse/sync-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
                 resources = [
                   {
                     names = [ "replication" ];
@@ -47,7 +43,7 @@ in
               }
               {
                 type = "http";
-                path = "/run/matrix-synapse/sync-client-${toString index}.sock";
+                path = "/run/matrix-synapse/${workerName}-client-${toString index}.sock";
                 mode = "666";
                 resources = [
                   {
@@ -59,7 +55,7 @@ in
             ];
             database = (
               import ../db.nix {
-                workerName = "sync-${toString index}";
+                workerName = "${workerName}-${toString index}";
                 dbGroup = "small";
               }
             );
@@ -68,13 +64,13 @@ in
       );
     };
 
-    services.nginx.upstreams."sync" = {
+    services.nginx.upstreams."${workerName}" = {
       extraConfig = ''
         keepalive 32;
       '';
       servers = lib.listToAttrs (
         lib.map (index: {
-          name = "unix:/run/matrix-synapse/sync-client-${toString index}.sock";
+          name = "unix:/run/matrix-synapse/${workerName}-client-${toString index}.sock";
           value = {
             max_fails = 0;
           };
@@ -86,7 +82,7 @@ in
       lib.map (route: {
         name = route;
         value = {
-          proxyPass = "http://sync";
+          proxyPass = "http://${workerName}";
         };
       }) routes
     );
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix b/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix
index 2eabe9d..f8d118e 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/user-dir.nix
@@ -7,6 +7,8 @@
 
 let
   cfg = config.services.matrix-synapse;
+  workerName = "user_dir";
+  workerRoutes = [ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$" ];
 in
 {
   config = lib.mkIf cfg.enableUserDirWorker {
@@ -18,7 +20,7 @@ in
           };
         };
 
-        update_user_directory_from_worker = "user_dir";
+        update_user_directory_from_worker = workerName;
       };
 
       workers = {
@@ -27,7 +29,7 @@ in
           worker_listeners = [
             {
               type = "http";
-              path = "/run/matrix-synapse/user_dir.sock";
+              path = "/run/matrix-synapse/${workerName}.sock";
               resources = [
                 {
                   names = [ "replication" ];
@@ -37,7 +39,7 @@ in
             }
             {
               type = "http";
-              path = "/run/matrix-synapse/user_dir-client.sock";
+              path = "/run/matrix-synapse/${workerName}-client.sock";
               mode = "666";
               resources = [
                 {
diff --git a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix b/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix
deleted file mode 100644
index 73c22b6..0000000
--- a/host/Rory-nginx/services/nginx/localhost/matrix-rory-gay.nix
+++ /dev/null
@@ -1,280 +0,0 @@
-{
-  enableACME = false;
-  addSSL = false;
-  # locations."/_matrix" = {
-  #   proxyPass = "http://192.168.1.5:8008"; 
-  #   extraConfig = ''
-  #     if ($request_method = 'OPTIONS') {
-  #       more_set_headers 'Access-Control-Allow-Origin: *';
-  #       more_set_headers 'Access-Control-Allow-Methods: *';
-  #       #
-  #       # Custom headers and headers various browsers *should* be OK with but aren't
-  #       #
-  #       more_set_headers 'Access-Control-Allow-Headers: *';
-  #       #
-  #       # Tell client that this pre-flight info is valid for 20 days
-  #       #
-  #       more_set_headers 'Access-Control-Max-Age' 1728000;
-  #       more_set_headers 'Content-Type: text/plain; charset=utf-8';
-  #       more_set_headers 'Content-Length' 0;
-  #       return 204;
-  #     };
-  #   '';
-  # };
-
-  # https://matrix-org.github.io/synapse/latest/workers.html#synapseappgeneric_worker
-  locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-    extraConfig = ''
-      # We want to wait for 15 minutes here...
-      proxy_read_timeout 54000;
-      proxy_connect_timeout 54000;
-      proxy_send_timeout 54000;
-    '';
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3)/events$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/createRoom$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/v1/rooms/.*/hierarchy$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/v1/rooms/.*/threads$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/unstable/org.matrix.msc2716/rooms/.*/batch_send$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/account/3pid$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/account/whoami$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/devices$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/versions$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/query$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/changes$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/claim$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/room_keys/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/keys/upload/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/register$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/v1/register/m.login.registration_token/validity$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-
-  # https://matrix-org.github.io/synapse/latest/workers.html#the-typing-stream
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing" = {
-    proxyPass = "http://stream_writer_typing_stream_workers_upstream$request_uri";
-  };
-
-  # https://matrix-org.github.io/synapse/latest/workers.html#the-to_device-stream
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/" = {
-    proxyPass = "http://stream_writer_to_device_stream_workers_upstream$request_uri";
-  };
-
-  # https://matrix-org.github.io/synapse/latest/workers.html#the-account_data-stream
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/tags" = {
-    proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/.*/account_data" = {
-    proxyPass = "http://stream_writer_account_data_stream_workers_upstream$request_uri";
-  };
-  # https://matrix-org.github.io/synapse/latest/workers.html#the-receipts-stream
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt" = {
-    proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers" = {
-    proxyPass = "http://stream_writer_receipts_stream_workers_upstream$request_uri";
-  };
-  # https://matrix-org.github.io/synapse/latest/workers.html#the-presence-stream
-  locations."~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/" = {
-    proxyPass = "http://stream_writer_presence_stream_workers_upstream$request_uri";
-  };
-
-  ### DUPLICATES????
-  # https://matrix-org.github.io/synapse/latest/workers.html#updating-the-user-directory
-  locations."~ ^/_matrix/client/(r0|v3|unstable)/user_directory/search$" = {
-    proxyPass = "http://user_dir_workers_upstream$request_uri";
-  };
-
-  # ???
-  locations."/" = {
-    #resolver 127.0.0.11 valid=5s;
-    #set $backend "matrix-synapse:8008";
-    #proxyPass = "http://$backend";
-    proxyPass = "http://127.0.0.1:8008";
-  };
-
-  locations."~ ^/_matrix/federation/v1/event/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/state/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/state_ids/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/backfill/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/get_missing_events/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/publicRooms" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/query/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/make_join/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/make_leave/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/(v1|v2)/send_join/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/(v1|v2)/send_leave/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/event_auth/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/timestamp_to_event/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/exchange_third_party_invite/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/user/devices/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/key/v2/query" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/hierarchy/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-  locations."~ ^/_matrix/federation/v1/send/" = {
-    proxyPass = "http://generic_workers_upstream$request_uri";
-  };
-
-  ##### media repo
-
-  # https://matrix-org.github.io/synapse/latest/workers.html#synapseappmedia_repository
-  locations."~ ^/_matrix/media/" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/purge_media_cache$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/room/.*/media.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/user/.*/media.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/media/.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/quarantine_media/.*$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-  locations."~ ^/_synapse/admin/v1/users/.*/media$" = {
-    proxyPass = "http://media_repository_workers_upstream$request_uri";
-  };
-
-  #locations."/" = {
-  #resolver 127.0.0.11 valid=5s;
-  #set $backend "matrix-synapse:8048";
-  #proxyPass = "http://$backend";
-  #};
-
-  locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
-}
diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix b/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix
deleted file mode 100644
index cdf3c92..0000000
--- a/host/Rory-nginx/services/nginx/matrix-upstreams-workers.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  generic_workers_upstream.servers = {
-    "127.0.0.1:18111" = { };
-  };
-  stream_writer_typing_stream_workers_upstream.servers = {
-    "127.0.0.1:20012" = { };
-  };
-  stream_writer_to_device_stream_workers_upstream.servers = {
-    "127.0.0.1:20013" = { };
-  };
-  stream_writer_account_data_stream_workers_upstream.servers = {
-    "127.0.0.1:20014" = { };
-  };
-  stream_writer_receipts_stream_workers_upstream.servers = {
-    "127.0.0.1:20015" = { };
-  };
-  stream_writer_presence_stream_workers_upstream.servers = {
-    "127.0.0.1:20016" = { };
-  };
-  media_repository_workers_upstream.servers = {
-    "127.0.0.1:18551" = { };
-  };
-  user_dir_workers_upstream.servers = {
-    "127.0.0.1:18661" = { };
-  };
-}
diff --git a/host/Rory-nginx/services/nginx/matrix-upstreams.nix b/host/Rory-nginx/services/nginx/matrix-upstreams.nix
deleted file mode 100644
index 5dd2fe8..0000000
--- a/host/Rory-nginx/services/nginx/matrix-upstreams.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{
-  generic_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-  stream_writer_typing_stream_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-  stream_writer_to_device_stream_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-  stream_writer_account_data_stream_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-  stream_writer_receipts_stream_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-  stream_writer_presence_stream_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-  media_repository_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-  user_dir_workers_upstream.servers = {
-    "127.0.0.1:8008" = { };
-  };
-}
diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix
index 0b53a28..d210fb1 100755
--- a/host/Rory-nginx/services/nginx/nginx.nix
+++ b/host/Rory-nginx/services/nginx/nginx.nix
@@ -41,7 +41,6 @@ in
         log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name"} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
         access_log /var/log/nginx/access.log combined_vhosts;
       '';
-      upstreams = import ./matrix-upstreams.nix;
       additionalModules = with pkgs.nginxModules; [ moreheaders ];
       virtualHosts = {
         "boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
@@ -63,7 +62,6 @@ in
         "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
 
         "rory.gay" = import ./rory.gay/root.nix;
-        #"rory.boo" = import ./rory.gay/root.nix;
         "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; };
 
         "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
@@ -73,7 +71,6 @@ in
         #matrix...
         "conduit.rory.gay" = import ./rory.gay/conduit.nix;
         "matrix.rory.gay" = import ./rory.gay/matrix.nix;
-        "matrix-rory-gay.localhost" = import ./localhost/matrix-rory-gay.nix;
         "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
         "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
         "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
@@ -109,8 +106,5 @@ in
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "root@thearcanebrony.net";
 
-  environment.systemPackages = with pkgs; [
-    #gitfs
-  ];
-
+  networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
 }
diff --git a/host/Rory-nginx/services/ollama.nix b/host/Rory-nginx/services/ollama.nix
index 42f8b93..954fe99 100755
--- a/host/Rory-nginx/services/ollama.nix
+++ b/host/Rory-nginx/services/ollama.nix
@@ -1,7 +1,4 @@
 {
-  config,
-  pkgs,
-  lib,
   ...
 }:
 
diff --git a/host/Rory-nginx/services/postgres.nix b/host/Rory-nginx/services/postgres.nix
index 2b29d42..fbe33b7 100755
--- a/host/Rory-nginx/services/postgres.nix
+++ b/host/Rory-nginx/services/postgres.nix
@@ -1,7 +1,5 @@
 {
-  config,
   pkgs,
-  lib,
   ...
 }: