{ pkgs, ... }:
{
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.caddy = {
    enable = true;
    enableReload = true;
    email = "admin@pimeys.pm";
  };

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_17;
  };

  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
    defaultNetwork.settings = {
      # Required for container networking to be able to use names.
      dns_enabled = true;
    };
  };

  virtualisation.oci-containers.backend = "podman";

  networking.firewall = {
    trustedInterfaces = [ "podman1" ];
    interfaces.podman1.allowedUDPPorts = [ 53 ];
  };

  imports = [
    ./vaultwarden.nix
    ./immich.nix
    ./syncthing.nix
    ./invidious.nix
    ./grafana.nix
    ./gtrackmap.nix
    ./owncast.nix
    ./tailscale.nix
    ./workout-tracker.nix
    ./gotosocial.nix
  ];
}