{ config, ... }:
let
  inherit (config) networking;
  inherit (config.services) biboumi;
  inherit (config.users) users groups;
in
{
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-net {
        tcp dport ${toString biboumi.settings.identd_port} counter accept comment "biboumi: identd"
      }
      chain output-net {
        skuid ${users.biboumi.name} meta l4proto tcp counter accept comment "biboumi"
      }
    }
  '';
  users.users."biboumi".isSystemUser = true;
  users.users."biboumi".group = groups."biboumi".name;
  users.groups."biboumi" = { };
  systemd.services.biboumi.after = [ "prosody.service" ];
  services.biboumi = {
    enable = true;
    settings = {
      hostname = "biboumi.${networking.domain}";
      password = "useless-secret-on-loopback";
      xmpp_server_ip = "127.0.0.1";
      port = 5347;
      admin = [
        "julm@${networking.domain}"
      ];
      #fixed_irc_server = "";
      persistent_by_default = true;
      realname_customization = true;
      realname_from_jid = false;
      log_level = 1;
    };
  };
}