1 files changed, 60 insertions, 0 deletions

diff --git a/nix/prosody.nix b/nix/prosody.nix
new file mode 100644
index 0000000..cfbc551
--- /dev/null
+++ b/nix/prosody.nix
@@ -0,0 +1,60 @@
+{ lib, config, ... }:
+
+with lib;
+let
+  cfg = config.services.brook;
+in
+{
+  options.services.brook.prosody = {
+    enable = mkEnableOption "brook XMPP chat with prosody";
+
+    port = mkOption {
+      type = types.int;
+      default = 5281;
+      description = ''
+        Specify the port that prosody's web server is listening on.
+      '';
+    };
+
+    guest-domain = mkOption {
+      type = types.string;
+      description = ''
+        The virtualhost prosody uses as an anonymous user scope.
+        By default prosody can either run in normal user mode, or in
+        anonymous mode.  Becuase the stream chat doesn't require registration,
+        this creates a new virtualhost to achieve this.
+      '';
+    };
+
+    certRoot = mkOption {
+      type = types.string;
+      description = ''
+        Pass in the root path to the certificates that the 
+        prosody virtualhost should use.
+      '';
+    };
+  };
+
+  config = mkIf cfg.prosody.enable {
+    services.prosody = {
+      modules = { bosh = true; websocket = true; };
+      
+      virtualHosts."${cfg.prosody.guest-domain}" = {
+        enable = true;
+        domain = "${cfg.prosody.guest-domain}";
+        ssl = {
+          cert = "${cfg.prosody.certRoot}/fullchain.pem";
+          key = "${cfg.prosody.certRoot}/key.pem";
+        };
+        extraConfig = ''
+        authentication = "anonymous"
+        http_host = ${cfg.prosody.guest-domain}
+      '';
+      };
+
+      extraConfig = services.prosody.extraConfig + ''
+        consider_bosh_secure = true
+      '';
+    };
+  };
+}