{ lib, config, ... }:

let
  domain = "xmpp.giugl.io";
  conference_domain = "conference.${domain}";
  upload_domain = "uploads.${domain}";
  network = import ./network.nix;
in {
  services = {
    prosody = {
      enable = true;
      virtualHosts = {
        "${domain}" = {
          domain = domain;
          enabled = true;
          ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
          ssl.cert =
            "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
        };
      };

      muc = [{ domain = conference_domain; }];
      uploadHttp = { domain = upload_domain; };

      admins = [ "giulio@${domain}" ];
      #httpInterfaces = [ "wg0" ];
      #httpsInterfaces = [ "wg0" ];
    };
  };

  services.nginx.virtualHosts."${domain}".enableACME = true;
  #services.nginx.virtualHosts."${conference_domain}".enableACME = true;
  #services.nginx.virtualHosts."${upload_domain}".enableACME = true;

  networking.extraHosts = ''
    ${network.architect-lan} ${domain}
    ${network.architect-wg} ${domain}
    '';

  users.groups.acme.members = [ "prosody" ];
}