{config, pkgs, ...}:
let
  source = builtins.fetchGit {
    url = "https://stuebinm.eu/git/picarones/";
    rev = "0596b9f6c561daa67945adb81570efd30650dffd";
  };
in
{

  imports = [ source.outPath ];

  services.picarones = {
    enable = true;
    frontend = {
      enable = true;
      domain = "picarones.stuebinm.eu";
      proxyBackend = true;
      config = {
        enableACME = true;
        forceSSL = true;
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}