diff --git a/hosts/library/default.nix b/hosts/library/default.nix
index 0826572..447bbb2 100644
--- a/hosts/library/default.nix
+++ b/hosts/library/default.nix
@@ -5,6 +5,7 @@
     ./hardware-configuration.nix
     ./grafana.nix
     ./prometheus.nix
+    ./tunnel.nix
     ../server.nix
   ];
 
@@ -48,32 +49,6 @@
     enable = true;
   };
 
-  systemd.services.vps1-tunnel = {
-    enable = true;
-    description = "vps1.mesh.vimium.net SSH tunnel";
-    after = [
-      "network-online.target"
-      "jellyfin.service"
-    ];
-    wants = [ "network-online.target" ];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = pkgs.lib.mkForce ''
-        ${pkgs.openssh}/bin/ssh \
-          -NT \
-          -o ExitOnForwardFailure=yes \
-          -o ServerAliveInterval=60 \
-          -o TCPKeepAlive=no \
-          -i %h/.ssh/id_jellyfin \
-          -R localhost:8000:localhost:8000 \
-          jellyfin@vps1.mesh.vimium.net
-      '';
-      Restart = "always";
-      RestartSec = 20;
-    };
-    wantedBy = [ "default.target" ];
-  };
-
   services.nginx =
     let
       proxyConfig = ''
diff --git a/hosts/library/tunnel.nix b/hosts/library/tunnel.nix
new file mode 100644
index 0000000..7cc86fb
--- /dev/null
+++ b/hosts/library/tunnel.nix
@@ -0,0 +1,32 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  systemd.services.vps1-tunnel = {
+    enable = true;
+    description = "vps1.mesh.vimium.net SSH tunnel";
+    after = [
+      "network-online.target"
+      "jellyfin.service"
+    ];
+    wants = [ "network-online.target" ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = pkgs.lib.mkForce ''
+        ${pkgs.openssh}/bin/ssh \
+          -NT \
+          -o ExitOnForwardFailure=yes \
+          -o ServerAliveInterval=60 \
+          -o TCPKeepAlive=no \
+          -i %h/.ssh/id_jellyfin \
+          -R localhost:8000:localhost:8000 \
+          jellyfin@vps1.mesh.vimium.net
+      '';
+      Restart = "always";
+      RestartSec = 20;
+    };
+    wantedBy = [ "default.target" ];
+  };
+}