{ pkgs, lib, config, ... }: {
  services.update-from-hydra.paths.traveldrafter = {
    enable = true;
    hydraUrl = "https://hydra.clerie.de";
    hydraProject = "clerie";
    hydraJobset = "traveldrafter";
    hydraJob = "packages.x86_64-linux.traveldrafter";
    nixStoreUri = "https://nix-cache.clerie.de";
    resultPath = "/srv/traveldrafter";
  };

  sops.secrets.traveldrafter-htpasswd = {
    owner = "nginx";
    group = "nginx";
  };

  services.nginx.virtualHosts = {
    "traveldrafter.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      root = "/srv/traveldrafter/lib/node_modules/traveldrafter/web/";
      basicAuthFile = config.sops.secrets.traveldrafter-htpasswd.path;
      locations."/api" = {
        proxyPass = "http://[::1]:3001";
      };
    };
  };

  systemd.services."traveldrafter" = {
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      RuntimeDirectory = "traveldrafter";
      DynamicUser = true;
    };
    environment = {
      HTTP_PORT = "3001";
    };
    script = lib.getExe pkgs.traveldrafter;
  };
}