{ config, ... }: let ssl = { cert = "${ config.security.acme.certs."technogothic.net".directory }/fullchain.pem"; key = "${config.security.acme.certs."technogothic.net".directory}/key.pem"; }; in { services.prosody = { enable = true; admins = [ "Agatha@argent.technogothic.net" ]; inherit ssl; virtualHosts."argent.technogothic.net" = { enabled = true; domain = "argent.technogothic.net"; inherit ssl; }; muc = [{ domain = "muc.argent.technogothic.net"; }]; uploadHttp.domain = "upload.argent.technogothic.net"; }; users.users."${config.services.prosody.user}".extraGroups = [ "acme" "nginx" ]; networking.firewall.allowedTCPPorts = [ 5000 5222 5269 5281 ]; }