diff --git a/hosts/vps1/default.nix b/hosts/vps1/default.nix
index a6a8b69..32b2ab0 100644
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@@ -1,7 +1,5 @@
 {
-  config,
   lib,
-  self,
   ...
 }:
 
@@ -10,12 +8,12 @@
     ./hardware-configuration.nix
     ./gitea.nix
     ./kanidm.nix
+    ./outline.nix
     ../server.nix
   ];
 
   nixpkgs = {
     hostPlatform = "x86_64-linux";
-    config.allowUnfree = true;
   };
 
   networking = {
@@ -51,48 +49,6 @@
 
   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
 
-  services.nginx.virtualHosts = {
-    "outline.vimium.com" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        extraConfig = ''
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Connection "Upgrade";
-          proxy_set_header Host $host;
-
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Scheme $scheme;
-          proxy_set_header X-Forwarded-Proto $scheme;
-          proxy_redirect off;
-        '';
-      };
-    };
-  };
-
-  age.secrets."passwords/services/outline/oidc-client-secret" = {
-    file = "${self.inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
-    owner = "outline";
-    group = "outline";
-  };
-
-  services.outline = {
-    enable = true;
-    forceHttps = false;
-    oidcAuthentication = {
-      clientId = "outline";
-      clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
-      displayName = "Vimium";
-      authUrl = "https://auth.vimium.com/ui/oauth2";
-      tokenUrl = "https://auth.vimium.com/oauth2/token";
-      userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
-    };
-    publicUrl = "https://outline.vimium.com";
-    storage.storageType = "local";
-  };
-
   modules = rec {
     services = {
       borgmatic = {
diff --git a/hosts/vps1/outline.nix b/hosts/vps1/outline.nix
new file mode 100644
index 0000000..2702359
--- /dev/null
+++ b/hosts/vps1/outline.nix
@@ -0,0 +1,53 @@
+{
+  config,
+  self,
+  ...
+}:
+let
+  domain = "outline.vimium.com";
+in
+{
+  nixpkgs.config.allowUnfree = true;
+
+  services.nginx.virtualHosts = {
+    "${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3000";
+        extraConfig = ''
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Scheme $scheme;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_redirect off;
+        '';
+      };
+    };
+  };
+
+  age.secrets."passwords/services/outline/oidc-client-secret" = {
+    file = "${self.inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
+    owner = "outline";
+    group = "outline";
+  };
+
+  services.outline = {
+    enable = true;
+    forceHttps = false;
+    oidcAuthentication = {
+      clientId = "outline";
+      clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
+      displayName = "Vimium";
+      authUrl = "https://auth.vimium.com/ui/oauth2";
+      tokenUrl = "https://auth.vimium.com/oauth2/token";
+      userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
+    };
+    publicUrl = "https://${domain}";
+    storage.storageType = "local";
+  };
+}