{
  config,
  pkgs,
  lib,
  ...
}: let
  domain = "xmpp.tonybtw.com";
  dataDir = "/var/lib/xmpp-register";
  phpUser = "xmpp-register";
  phpGroup = "xmpp-register";

  phpApp = pkgs.runCommand "xmpp-register-app" {} ''
    mkdir -p $out
    cp ${./xmpp-register/index.php} $out/index.php
  '';
in {
  services.phpfpm.pools.xmpp-register = {
    user = phpUser;
    group = phpGroup;
    settings = {
      "listen.owner" = config.services.nginx.user;
      "listen.group" = config.services.nginx.group;
      "pm" = "ondemand";
      "pm.max_children" = 4;
      "pm.process_idle_timeout" = "10s";
    };
    phpOptions = ''
      session.save_path = "${dataDir}/sessions"
    '';
  };

  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    useACMEHost = domain;

    locations."= /register" = {
      return = "301 /register/";
    };

    locations."^~ /register/" = {
      extraConfig = ''
        fastcgi_pass unix:${config.services.phpfpm.pools.xmpp-register.socket};
        include ${pkgs.nginx}/conf/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME ${phpApp}/index.php;
      '';
    };
  };

  users.users.${phpUser} = {
    isSystemUser = true;
    group = phpGroup;
    home = dataDir;
  };
  users.groups.${phpGroup} = {};

  systemd.tmpfiles.rules = [
    "d ${dataDir} 0750 ${phpUser} ${phpGroup} -"
    "d ${dataDir}/sessions 0750 ${phpUser} ${phpGroup} -"
  ];

  security.sudo.extraConfig = ''
    ${phpUser} ALL=(prosody) NOPASSWD: /run/current-system/sw/bin/prosodyctl register *
  '';

  environment.systemPackages = [pkgs.prosody];
}