diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix
index bff67ea..e08d403 100644
--- a/hosts/parsons/configuration.nix
+++ b/hosts/parsons/configuration.nix
@@ -21,6 +21,7 @@
     ../../services/gitlab-runner.nix
     ../../services/lantifa.nix
     ../../services/vaultwarden.nix
+    ../../services/workadventure.nix
 
     ./lxc.nix
   ];
diff --git a/nix/sources.json b/nix/sources.json
index 9e76668..74a7b15 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -100,7 +100,7 @@
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "workadventure": {
-        "branch": "master",
+        "ref": "master",
         "repo": "https://stuebinm.eu/git/workadventure-nix",
         "rev": "8db4bbc5eccaac218c68fb0853f1972dadd7a40c",
         "type": "git"
diff --git a/services/workadventure.nix b/services/workadventure.nix
new file mode 100644
index 0000000..47009a2
--- /dev/null
+++ b/services/workadventure.nix
@@ -0,0 +1,85 @@
+{ config, lib, pkgs, modules, profiles, evalConfig, sources, ... }:
+let
+  wapkgs = "${sources.workadventure}/wapkgs.nix";
+in
+{
+  services.coturn = {
+    enable = true;
+    realm = "void.hacc.space";
+    no-cli = true;
+    lt-cred-mech = true;
+
+    extraConfig = ''
+      user=turn:a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457
+      fingerprint
+      external-ip=116.203.185.253
+      server-name=void.hacc.space
+      prometheus
+    '';
+
+    cert = config.security.acme.certs."void.hacc.space".directory + "full.pem";
+    pkey = config.security.acme.certs."void.hacc.space".directory + "key.pem";
+  };
+
+  networking.firewall = with config.services.coturn;
+    let
+      ports = [ listening-port tls-listening-port ];
+    in {
+      allowedTCPPorts = ports ++ [ 9641 ]; # 9641 is the port for the prometheus endpoint
+      allowedUDPPorts = ports;
+      allowedUDPPortRanges = [
+        { from = min-port; to = max-port; }
+      ];
+    };
+
+
+  services.nginx.virtualHosts."void.hacc.space" = {
+    locations."/" = {
+      proxyPass = "http://192.168.150.3";
+      proxyWebsockets = true;
+    };
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  containers.wa-truelove = {
+
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.150.1";
+    localAddress = "192.168.150.3";
+
+
+    path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
+      boot.isContainer = true;
+      networking.useDHCP = false;
+      users.users.root.hashedPassword = "";
+
+      imports = [
+        "${sources.workadventure.outPath}/default.nix"
+        ((import sources.nix-hexchen) {}).profiles.nopersist
+      ];
+
+      services.workadventure."truelove" = {
+
+        packageset = (import wapkgs {inherit pkgs;}).workadventure-xce;
+
+        nginx = {
+          default = true;
+          domain = "https://void.hacc.space";
+        };
+
+        frontend.startRoomUrl = "/_/global/localhost/maps/main.json";
+        commonConfig = {
+          webrtc.stun.url = "stun:void.hacc.space:3478";
+          webrtc.turn = {
+            url = "turn:135.181.215.233";
+            user = "turn";
+            password = "a4c9ad080dc51146611eabd15a27b07fc92850a9ae90c53e7745fce6c5a2c457";
+          };
+          jitsi.url = "meet.ffmuc.net";
+        };
+      };
+    })).config.system.build.toplevel;
+  };
+}