{ config, ... }: let inherit (config) networking; inherit (config.services) biboumi; inherit (config.users) users groups; in { networking.nftables.ruleset = '' table inet filter { chain input-net { tcp dport ${toString biboumi.settings.identd_port} counter accept comment "biboumi: identd" } chain output-net { skuid ${users.biboumi.name} meta l4proto tcp counter accept comment "biboumi" } } ''; users.users."biboumi".isSystemUser = true; users.users."biboumi".group = groups."biboumi".name; users.groups."biboumi" = { }; systemd.services.biboumi.after = [ "prosody.service" ]; services.biboumi = { enable = true; settings = { hostname = "biboumi.${networking.domain}"; password = "useless-secret-on-loopback"; xmpp_server_ip = "127.0.0.1"; port = 5347; admin = [ "julm@${networking.domain}" ]; #fixed_irc_server = ""; persistent_by_default = true; realname_customization = true; realname_from_jid = false; log_level = 1; }; }; }