{ config, ... }: { imports = [ ../../../modules/wstunnel.nix ]; disabledModules = [ "services/networking/wstunnel.nix" ]; sops = { secrets."wstunnel/http-upgrade-path-prefix" = { sopsFile = ../../../secrets/common.yaml; }; templates."wstunnel-environment.env".content = let inherit (config.sops) placeholder; in '' WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"} WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX=${placeholder."wstunnel/http-upgrade-path-prefix"} ''; }; services.wstunnel = { enable = true; servers."ws-tsuki" = { listen = { host = "127.0.0.1"; port = 8789; }; enableHTTPS = false; environmentFile = config.sops.templates."wstunnel-environment.env".path; }; }; }