{ config, pkgs, ... }: let urlpath = "/members"; metaJSONFile = (pkgs.formats.json {}).generate "meta-service-info.json" config.mine.shared.meta; port = 5050; in { systemd.services.website-member = { description = "members area website"; wantedBy = [ "multi-user.target" ]; after = [ "networking.target" ]; serviceConfig = { ExecStart = let pythonEnv = pkgs.python3.withPackages(ps: with ps; [ flask ]); in "${pythonEnv}/bin/python ${./app.py} --port ${builtins.toString port} --meta-json ${metaJSONFile}"; Restart = "always"; }; }; services.nginx.virtualHosts."${config.mine.shared.settings.domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite { endpoint = urlpath; vhostConfig.locations."${urlpath}" = { extraConfig = "rewrite ^${urlpath}(.*)$ /$1 break;"; proxyPass = "http://localhost:${builtins.toString port}"; }; }; }