diff --git a/nixos/machines/pennyworth/default.nix b/nixos/machines/pennyworth/default.nix
index 58d82c8..b05b6c2 100644
--- a/nixos/machines/pennyworth/default.nix
+++ b/nixos/machines/pennyworth/default.nix
@@ -14,14 +14,13 @@ let
   };
   vpn = import ../../vpn.nix;
 in {
-  disabledModules = [ "services/web-apps/calibre-web.nix" ];
   imports = [
     ./hetznercloud.nix
     ../../roles/server.nix
     ../../roles/datakami.nix
     ../../services/backup.nix
     ../../services/email.nix
-    ../../modules/calibre-web.nix
+    ../../services/calibre-web.nix
   ];
 
   system.stateVersion = "19.03";
@@ -44,6 +43,10 @@ in {
       enable = true;
       vhost = "muflax.church";
     };
+    calibre-web = {
+      enable = true;
+      vhost = "calibre.yori.cc";
+    };
   };
 
   age.secrets.muflax.file = ../../../secrets/http.muflax.age;
@@ -91,16 +94,6 @@ in {
       '';
     };
     "media.yori.cc" = sslforward "http://${vpn.ips.frumar}:32001";
-    "calibre.yori.cc" = lib.mkMerge [ (sslforward "http://[::1]:8083") {
-      locations."/kobo/" = {
-        proxyPass = "http://[::1]:8083/kobo/";
-        extraConfig = ''
-          proxy_buffer_size 128k;
-          proxy_buffers 4 256k;
-          proxy_busy_buffers_size 256k;
-        '';
-      };
-    } ];
   };
   networking.firewall.allowedUDPPorts = [ 31790 ]; # wg
   networking.firewall.allowedTCPPorts = [ 60307 ]; # weechat relay
@@ -124,12 +117,4 @@ in {
   ];
   nix.settings.allowed-users = [ "@wheel" ];
 
-  services.calibre-web = {
-    enable = true;
-    options = {
-      enableBookUploading = true;
-      #enableBookConversion = true;
-      extraConfig.config_kepubifypath = "${pkgs.kepubify}/bin/kepubify";
-    };
-  };
 }
diff --git a/nixos/services/calibre-web.nix b/nixos/services/calibre-web.nix
new file mode 100644
index 0000000..3b1c42b
--- /dev/null
+++ b/nixos/services/calibre-web.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.yorick.calibre-web;
+in {
+  disabledModules = [ "services/web-apps/calibre-web.nix" ];
+  imports = [ ../modules/calibre-web.nix ];
+  options.services.yorick.calibre-web = with lib; {
+    enable = mkEnableOption "calibre-web";
+    vhost = mkOption { type = types.str; };
+  };
+  config = lib.mkIf cfg.enable {
+    services.calibre-web = {
+      enable = true;
+      options = {
+        enableBookUploading = true;
+        #enableBookConversion = true;
+        extraConfig.config_kepubifypath = "${pkgs.kepubify}/bin/kepubify";
+      };
+    };
+    services.nginx.virtualHosts.${cfg.vhost} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://[::1]:8083";
+        proxyWebsockets = true;
+      };
+      locations."/kobo/" = {
+        proxyPass = "http://[::1]:8083/kobo/";
+        extraConfig = ''
+          proxy_buffer_size 128k;
+          proxy_buffers 4 256k;
+          proxy_busy_buffers_size 256k;
+        '';
+      };
+    };
+  };
+}