diff --git a/caddy/default.nix b/caddy/default.nix
index 558ac75..6961387 100644
--- a/caddy/default.nix
+++ b/caddy/default.nix
@@ -58,18 +58,6 @@ in
     '';
 
     virtualHosts = {
-      # üü.ee
-      "xn--tdaa.ee".extraConfig = ''
-        tls {
-          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
-          resolvers 1.1.1.1
-        }
-
-        root * ${inputs.xn--tdaa-website}
-        file_server browse {
-          hide .git
-        }
-      '';
       "kaya.ee".extraConfig = ''
         tls {
           dns cloudflare {env.CLOUDFLARE_API_TOKEN}
diff --git a/services/default.nix b/services/default.nix
index f5f0371..6313ef9 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -23,5 +23,6 @@
     ./rr.nix
     ./plex.nix
     ./komga.nix
+    ./prosody.nix
   ];
 }
\ No newline at end of file
diff --git a/services/prosody.nix b/services/prosody.nix
new file mode 100644
index 0000000..274cd97
--- /dev/null
+++ b/services/prosody.nix
@@ -0,0 +1,71 @@
+{ config, ... }: {
+  services = {
+    prosody = {
+      enable = true;
+      xmppComplianceSuite = false;
+      admins = [ "kaya@üü.ee" ];
+      ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
+      ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
+      virtualHosts = {
+        "üü.ee" = {
+          enabled = true;
+          domain = "üü.ee";
+          ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
+          ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
+        };
+
+        "xn--tdaa.ee" = {
+          enabled = true;
+          domain = "xn--tdaa.ee";
+          ssl.cert = "/var/lib/acme/xn--tdaa.ee/fullchain.pem";
+          ssl.key = "/var/lib/acme/xn--tdaa.ee/key.pem";
+        };
+      };
+
+      muc = [{
+        domain = "conference.üü.ee";
+      }];
+      uploadHttp = {
+        domain = "upload.üü.ee";
+      };
+
+      httpFileShare.domain = "share.üü.ee";
+    };
+
+    # üü.ee
+    caddy.virtualHosts."üü.ee" = {
+      useACMEHost = "xn--tdaa.ee";
+      extraConfig = ''
+        reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)} {
+          header_up Host "(.*).xn--tdaa.ee" "$1.üü.ee"
+        }
+      '';
+
+      serverAliases = [
+        "conference.üü.ee"
+        "upload.üü.ee"
+        "share.üü.ee"
+      ];
+    };
+  };
+
+  users.users.caddy.extraGroups = [
+    "prosody" # Caddy needs access to the certs
+  ];
+
+  networking.firewall.allowedTCPPorts = [
+    5222 # c2s?
+    5269 # s2s
+  ];
+
+  security.acme.certs."xn--tdaa.ee" = {
+    dnsProvider = "cloudflare";
+    group = "prosody";
+    extraDomainNames = [
+      "conference.xn--tdaa.ee"
+      "upload.xn--tdaa.ee"
+      "share.xn--tdaa.ee"
+    ];
+    environmentFile = "/etc/secrets/acme.env";
+  };
+}