{ pkgs, config, inputs, ... }: let immichDataDir = "/mnt/storage/immich"; syncthingDataDir = "/mnt/storage/syncthing"; smtp = { host = "horologium.uberspace.de"; port = 587; username = "noreply@${config.networking.domain}"; from = "noreply@${config.networking.domain}"; heloName = config.networking.domain; }; secrets = config.age.secrets; in { virtualisation.podman.enable = true; virtualisation.oci-containers.backend = "podman"; modules.storageBoxMounts = { ${immichDataDir} = { path = "/backup/immich"; user = "u407959"; uid = config.users.users.${config.services.immich.user}.uid; gid = config.users.groups.${config.services.immich.user}.gid; }; ${syncthingDataDir} = { path = "/backup/syncthing"; user = "u407959"; uid = config.users.users.${config.services.syncthing.user}.uid; gid = config.users.groups.${config.services.syncthing.user}.gid; }; }; services = { postgresql.package = pkgs.postgresql_16; octodns = { enable = true; records."".MX = { ttl = 86400; values = [ { exchange = "${smtp.host}."; } ]; }; defaults.CNAME.ttl = 60; }; hastebin = { enable = true; subdomain = "bin"; renderers = with pkgs; let hl = rustPlatform.buildRustPackage { name = "syntax-renderer"; src = inputs.syntax-renderer; cargoHash = "sha256-vlX4jMzwyELvg+KWfYEmsjOc8smofw2zbjD6uxBeOv0="; }; in { hl = "${hl}/bin/syntax-renderer"; sha = writeShellScript "sha-renderer" '' echo "Content-Type: text/plain" echo "---" ${coreutils}/bin/sha256sum - | cut -d' ' -f1 ''; stl = writeShellScript "stl-renderer" '' echo "Content-Type: model/stl" echo "Content-Disposition: attachment; filename=$(basename "$1" .scad).stl" echo "---" ${openscad}/bin/openscad --export-format stl -o - - ''; }; cleanup.enable = true; }; readeck = { enable = true; subdomain = "read"; settings.email = { host = smtp.host; port = smtp.port; username = smtp.username; encryption = "starttls"; from = smtp.from; from_noreply = smtp.from; }; }; donetick = { enable = true; subdomain = "do"; settings = { email = { host = smtp.host; port = smtp.port; email = smtp.username; }; }; }; grafana = { enable = true; subdomain = "graph"; settings = { server.http_port = 3005; smtp = { enabled = true; host = smtp.host; port = smtp.port; user = smtp.username; from_address = smtp.from; }; }; }; owncast = { enable = true; subdomain = "stream"; }; gtrackmap = { enable = true; subdomain = "trackmap"; port = 3001; }; invidious = { enable = true; subdomain = "vid"; }; syncthing = { enable = true; subdomain = "sync"; dataDir = syncthingDataDir; }; tailscale.enable = true; gotosocial = { enable = true; subdomain = "social"; settings = { port = 3002; smtp-host = smtp.host; smtp-port = smtp.port; smtp-username = smtp.username; smtp-from = smtp.from; instance-languages = [ "de" "fi" "en" ]; }; }; vaultwarden = { enable = true; subdomain = "pw"; config = { YUBICO_CLIENT_ID = 86799; SMTP_HOST = smtp.host; SMTP_FROM = smtp.from; SMTP_FROM_NAME = "Vaultwarden"; SMTP_USERNAME = smtp.username; SMTP_PORT = smtp.port; HELO_NAME = smtp.heloName; }; }; workout-tracker = { enable = true; subdomain = "fit"; port = 3004; }; workout-sync = { enable = true; subdomain = "ws"; }; immich = { enable = true; subdomain = "img"; mediaLocation = immichDataDir; timezone = "Europe/Helsinki"; settings.job = { thumbnailGeneration.concurrency = 8; videoConversion.concurrency = 2; }; }; dnote = { enable = true; subdomain = "note"; environment = { SmtpHost = smtp.host; SmtpPort = smtp.port; SmtpUsername = smtp.username; }; environmentFile = secrets.dnote.path; }; tailscaledAdguardhome = { enable = true; subdomain = "dns"; port = 3006; }; mealie = { enable = true; package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.mealie; subdomain = "cook"; credentialsFile = secrets.mealie.path; settings = { SMTP_HOST = smtp.host; SMTP_FROM_EMAIL = smtp.from; SMTP_USER = smtp.username; SMTP_PORT = smtp.port; }; }; uptime-kuma = { enable = true; subdomain = "status"; settings = { PORT = "3007"; }; }; }; }