{ sources, config, ... }: let host = "kahulm.normalesup.eu"; port = 3009; in { imports = [ (sources.kahulm + "/module.nix") ]; services.kahulm = { inherit port; enable = true; baseUrl = "https://${host}"; sessionSecretFile = config.age.secrets.kahulm-session_secret.path; }; services.nginx = { enable = true; virtualHosts.${host} = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString port}"; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; }