diff --git a/modules/htgen.nix b/modules/htgen.nix
index 6f1e043..9cdd0bf 100644
--- a/modules/htgen.nix
+++ b/modules/htgen.nix
@@ -3,45 +3,108 @@
   lib,
   pkgs,
   ...
-}: let
-  htgen = pkgs.callPackage ../packages/htgen.nix {};
-in {
-  options.services.htgen = lib.mkOption {
-    default = {};
-    type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
-      options = {
-        enable = lib.mkEnableOption "htgen-${config._module.args.name}";
-        port = lib.mkOption {
-          type = lib.types.int;
-        };
-        script = lib.mkOption {
-          type = lib.types.str;
-        };
-      };
-    }));
+}:
+
+let
+  optionalAttr = name: value: if name != null then { ${name} = value; } else { };
+
+  cfg = config.services.htgen;
+
+  out = {
+    options.services.htgen = api;
+    config = imp;
   };
-  config = {
-    systemd.services =
-      lib.mapAttrs' (
-        name: cfg:
-          lib.nameValuePair "htgen-${name}" {
-            wantedBy = ["multi-user.target"];
-            after = ["network.target"];
-            environment = {
-              HOME = "/var/lib/htgen-${name}";
-              HTGEN_PORT = toString cfg.port;
-              HTGEN_SCRIPT = cfg.script;
-            };
-            serviceConfig = {
-              SyslogIdentifier = "htgen-${name}";
-              DynamicUser = true;
-              StateDirectory = "htgen-${name}";
-              PrivateTmp = true;
-              Restart = "always";
-              ExecStart = "${htgen}/bin/htgen --serve";
+
+  htgen = pkgs.callPackage ../packages/htgen.nix { };
+
+  api =
+    with lib;
+    mkOption {
+      default = { };
+      type = types.attrsOf (
+        types.submodule (
+          { config, ... }:
+          {
+            options = {
+              enable = mkEnableOption "services.htgen-${config._module.args.name}";
+
+              name = mkOption {
+                type = types.str;
+                default = config._module.args.name;
+              };
+
+              package = mkOption {
+                default = htgen;
+                type = types.package;
+              };
+
+              port = mkOption {
+                type = types.port;
+              };
+
+              script = mkOption {
+                type = types.nullOr types.str;
+                default = null;
+              };
+
+              scriptFile = mkOption {
+                type = types.nullOr (types.either types.package types.pathname);
+                default = null;
+              };
+
+              user = mkOption {
+                default = {
+                  name = "htgen-${config.name}";
+                  home = "/var/lib/htgen-${config.name}";
+                };
+                defaultText = {
+                  name = "htgen-‹name›";
+                  home = "/var/lib/htgen-‹name›";
+                };
+              };
             };
           }
-      )
-      config.services.htgen;
+        )
+      );
+    };
+  imp = {
+
+    systemd.services = lib.mapAttrs' (
+      name: htgen:
+      lib.nameValuePair "htgen-${name}" {
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+        environment = {
+          HTGEN_PORT = toString htgen.port;
+        }
+        // optionalAttr "HTGEN_SCRIPT" htgen.script
+        // optionalAttr "HTGEN_SCRIPT_FILE" htgen.scriptFile;
+        serviceConfig = {
+          SyslogIdentifier = "htgen";
+          User = htgen.user.name;
+          PrivateTmp = true;
+          Restart = "always";
+          ExecStart = "${htgen.package}/bin/htgen --serve";
+        };
+      }
+    ) cfg;
+
+    users.users = lib.mapAttrs' (
+      name: htgen:
+      lib.nameValuePair htgen.user.name {
+        inherit (htgen.user) home name;
+        group = htgen.user.name;
+        createHome = true;
+        isSystemUser = true;
+      }
+    ) cfg;
+
+    users.groups = lib.mapAttrs' (
+      name: htgen:
+      lib.nameValuePair htgen.user.name {
+        name = htgen.user.name;
+      }
+    ) cfg;
   };
-}
+in
+out
diff --git a/packages/htgen.nix b/packages/htgen.nix
index 7d129b0..1ee1378 100644
--- a/packages/htgen.nix
+++ b/packages/htgen.nix
@@ -1,17 +1,12 @@
-{
-  fetchgit,
-  lib,
-  pkgs,
-  stdenv,
-}:
+{ fetchgit, lib, pkgs, stdenv }:
 stdenv.mkDerivation rec {
   pname = "htgen";
-  version = "1.3.1";
+  version = "1.4.0";
 
   src = fetchgit {
-    url = "http://cgit.krebsco.de/htgen";
+    url = "https://cgit.krebsco.de/htgen";
     rev = "refs/tags/${version}";
-    sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r";
+    sha256 = "1k6xdr4g1p2wjiyizwh33ihw3azbar7kmhyxywcq0whpip9inpmj";
   };
 
   installPhase = ''
@@ -19,10 +14,10 @@ stdenv.mkDerivation rec {
     {
       echo '#! ${pkgs.dash}/bin/dash'
       echo 'export PATH=${lib.makeBinPath [
-      pkgs.coreutils
-      pkgs.jq
-      pkgs.ucspi-tcp
-    ]}''${PATH+":$PATH"}'
+        pkgs.coreutils
+        pkgs.jq
+        pkgs.ucspi-tcp
+      ]}''${PATH+":$PATH"}'
       sed 's:^Server=htgen$:&/${version}:' htgen
     } > $out/bin/htgen
     chmod +x $out/bin/htgen
diff --git a/systems/makanek/tarot.nix b/systems/makanek/tarot.nix
index d633310..849a8c2 100644
--- a/systems/makanek/tarot.nix
+++ b/systems/makanek/tarot.nix
@@ -17,7 +17,7 @@
 in {
   services.htgen.tarot = {
     port = tarotPort;
-    script = ''. ${pkgs.writers.writeDash "tarot" ''
+    script = pkgs.writers.writeDash "tarot" ''
         case "$Method $Request_URI" in
           "GET /")
             if item=$(${pkgs.findutils}/bin/find ${toString tarotFiles} -type f | ${pkgs.coreutils}/bin/shuf -n1); then
@@ -40,7 +40,7 @@ in {
             fi
           ;;
         esac
-      ''}'';
+      '';
   };
 
   niveum.passport.services = [