{ pkgs, ... }:

{
  networking.firewall.allowedTCPPorts = [ 5222 5269 ];

  services.prosody.enable = true;
  services.prosody.modules.http_files = true;
  services.prosody.modules.mam = true;
  services.prosody.s2sSecureAuth = true;
  services.prosody.muc = [
    { domain = "muc.qyliss.net"; }
  ];
  services.prosody.package = pkgs.prosody.override {
    withCommunityModules = [ "http_upload" "smacks" "csi" "cloud_notify" ];
  };
  services.prosody.ssl.key = "/var/lib/acme/qyliss.net/key.pem";
  services.prosody.ssl.cert = "/var/lib/acme/qyliss.net/fullchain.pem";
  services.prosody.uploadHttp.domain = "upload.qyliss.net";
  services.prosody.virtualHosts."qyliss.net" = {
    domain = "qyliss.net";
    enabled = true;
    ssl.key = "/var/lib/acme/qyliss.net/key.pem";
    ssl.cert = "/var/lib/acme/qyliss.net/fullchain.pem";
  };

  users.users.prosody.extraGroups = [ "tls" ];
}