{ config, pkgs, ... }:

let
  wstunnel = with pkgs; haskell.lib.justStaticExecutables
    (haskellPackages.callPackage ../pkgs/wstunnel.nix {});
  port = 58613;
in

{

  systemd.services.wstunnel = rec {
    path = [ wstunnel ];
    wantedBy = [ "nginx.service" ];
    after = [ "network.target" ];
    script = ''
      wstunnel --server --restrictTo=htdf-gw.gebner.org:35869 ws://localhost:${toString port}
    '';
  };

  services.nginx.virtualHosts."gebner.org".locations = {
    "/wstunnel/udp/htdf-gw.gebner.org/35869" = {
      proxyWebsockets = true;
      proxyPass = "http://localhost:${toString port}";
    };
  };
}