{ config, pkgs, lib, mkDomain, ... }:
{
  # Galene
  # Videoconferencing server that is easy to deploy, written in Go

  services.galene = {
    #enable = true;
    insecure = true; # reverse proxy instead, but can i feed it the acme cert?
    httpAddress = "127.0.0.1";
    httpPort = 3975;
  };
  services.nginx.virtualHosts.${mkDomain "galene"} = lib.mkIf config.services.galene.enable {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString config.services.galene.httpPort}";
      proxyWebsockets = true;
    };
  };
  #networking.firewall = lib.mkIf config.service.jellyfin.enable {
  #  allowedTCPPorts = [ 1194 ];
  #  allowedUDPPorts = [ 1194 ]; # TODO: Only if behind a NAT?
  #};

}