diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 4a6ecac6bd0e..845a5f09dae4 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -135,6 +135,13 @@
services.baget.
+
+
+ prosody-filer,
+ a server for handling XMPP HTTP Upload requests. Available at
+ services.prosody-filer.
+
+
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 9540681fa4fe..ad4743d7cd9c 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -41,6 +41,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable).
+- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
+
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index b56b9ae8d8b4..3d54810050a5 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1032,6 +1032,7 @@
./services/web-apps/plausible.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/powerdns-admin.nix
+ ./services/web-apps/prosody-filer.nix
./services/web-apps/matomo.nix
./services/web-apps/openwebrx.nix
./services/web-apps/restya-board.nix
diff --git a/nixos/modules/services/web-apps/prosody-filer.nix b/nixos/modules/services/web-apps/prosody-filer.nix
new file mode 100644
index 000000000000..6a52c36ab2cf
--- /dev/null
+++ b/nixos/modules/services/web-apps/prosody-filer.nix
@@ -0,0 +1,88 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+
+ cfg = config.services.prosody-filer;
+
+ settingsFormat = pkgs.formats.toml { };
+ configFile = settingsFormat.generate "prosody-filer.toml" cfg.settings;
+in {
+
+ options = {
+ services.prosody-filer = {
+ enable = mkEnableOption "Prosody Filer XMPP upload file server";
+
+ settings = mkOption {
+ description = ''
+ Configuration for Prosody Filer.
+ Refer to for details on supported values.
+ '';
+
+ type = settingsFormat.type;
+
+ example = literalExample ''
+ {
+ secret = "mysecret";
+ storeDir = "/srv/http/nginx/prosody-upload";
+ }
+ '';
+
+ defaultText = literalExpression ''
+ {
+ listenport = mkDefault "127.0.0.1:5050";
+ uploadSubDir = mkDefault "upload/";
+ }
+ '';
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services.prosody-filer.settings = {
+ listenport = mkDefault "127.0.0.1:5050";
+ uploadSubDir = mkDefault "upload/";
+ };
+
+ users.users.prosody-filer = {
+ group = "prosody-filer";
+ isSystemUser = true;
+ };
+
+ users.groups.prosody-filer = { };
+
+ systemd.services.prosody-filer = {
+ description = "Prosody file upload server";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ serviceConfig = {
+ User = "prosody-filer";
+ Group = "prosody-filer";
+ ExecStart = "${pkgs.prosody-filer}/bin/prosody-filer -config ${configFile}";
+ Restart = "on-failure";
+ CapabilityBoundingSet = "";
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ PrivateTmp = true;
+ PrivateMounts = true;
+ ProtectHome = true;
+ ProtectClock = true;
+ ProtectProc = "noaccess";
+ ProcSubset = "pid";
+ ProtectKernelLogs = true;
+ ProtectKernelModules = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectHostname = true;
+ RestrictSUIDSGID = true;
+ RestrictRealtime = true;
+ RestrictNamespaces = true;
+ LockPersonality = true;
+ RemoveIPC = true;
+ RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+ SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+ };
+ };
+ };
+}
diff --git a/pkgs/servers/xmpp/prosody-filer/default.nix b/pkgs/servers/xmpp/prosody-filer/default.nix
new file mode 100644
index 000000000000..a6de3a104740
--- /dev/null
+++ b/pkgs/servers/xmpp/prosody-filer/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+ pname = "prosody-filer";
+ version = "unstable-2021-05-24";
+
+ vendorSha256 = "05spkks77x88kc31c1zdg1cbf9ijymjs7qzmhg4c6lql5p2h5fbd";
+
+ src = fetchFromGitHub {
+ owner = "ThomasLeister";
+ repo = "prosody-filer";
+ rev = "c65edd199b47dc505366c85b3702230fda797cd6";
+ sha256 = "0h6vp5flgy4wwmzhs6pf6qkk2j4ah8w919dwhfsq4wdpqs78kc0y";
+ };
+
+ doCheck = false;
+
+ meta = with lib; {
+ homepage = "https://github.com/ThomasLeister/prosody-filer";
+ maintainers = with maintainers; [ abbradar ];
+ license = licenses.mit;
+ platforms = platforms.linux;
+ description = "A simple file server for handling XMPP http_upload requests";
+ };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 9a5b526c6d33..77500d7fbaf6 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -20945,6 +20945,8 @@ with pkgs;
withExtraLibs = [];
};
+ prosody-filer = callPackage ../servers/xmpp/prosody-filer { };
+
biboumi = callPackage ../servers/xmpp/biboumi { };
elasticmq-server-bin = callPackage ../servers/elasticmq-server-bin {