{ pkgs, config, ... }:
let
  immichDataDir = "/mnt/storage/immich";
  syncthingDataDir = "/mnt/storage/syncthing";
  smtp = {
    host = "horologium.uberspace.de";
    port = 587;
    username = "noreply@${config.networking.domain}";
    from = "noreply@${config.networking.domain}";
    heloName = config.networking.domain;
  };
  secrets = config.age.secrets;
in
{
  services.postgresql.package = pkgs.postgresql_16;
  virtualisation.podman.enable = true;
  virtualisation.oci-containers.backend = "podman";

  modules.storageBoxMounts = {
    ${immichDataDir} = {
      path = "/backup/immich";
      user = "u407959";
      uid = config.users.users.${config.services.immich.user}.uid;
      gid = config.users.groups.${config.services.immich.user}.gid;
    };

    ${syncthingDataDir} = {
      path = "/backup/syncthing";
      user = "u407959";
      uid = config.users.users.${config.services.syncthing.user}.uid;
      gid = config.users.groups.${config.services.syncthing.user}.gid;
    };
  };

  services = {
    hastebin = {
      enable = true;
      subdomain = "bin";
    };

    readeck = {
      enable = true;
      subdomain = "read";
      settings.email = {
        host = smtp.host;
        port = smtp.port;
        username = smtp.username;
        encryption = "starttls";
        from = smtp.from;
        from_noreply = smtp.from;
      };
    };

    donetick = {
      enable = true;
      subdomain = "do";
      settings = {
        email = {
          host = smtp.host;
          port = smtp.port;
          email = smtp.username;
        };
      };
    };

    grafana = {
      enable = true;
      subdomain = "graph";
      settings = {
        server.http_port = 3005;
        smtp = {
          enabled = true;
          host = smtp.host;
          port = smtp.port;
          user = smtp.username;
          from_address = smtp.from;
        };
      };
    };

    owncast = {
      enable = true;
      subdomain = "stream";
    };

    gtrackmap = {
      enable = true;
      subdomain = "trackmap";
      port = 3001;
    };

    invidious = {
      enable = true;
      subdomain = "vid";
    };

    syncthing = {
      enable = true;
      subdomain = "sync";
      dataDir = syncthingDataDir;
    };

    tailscale.enable = true;

    gotosocial = {
      enable = true;
      subdomain = "social";
      settings = {
        port = 3002;
        smtp-host = smtp.host;
        smtp-port = smtp.port;
        smtp-username = smtp.username;
        smtp-from = smtp.from;
        instance-languages = [ "de" "fi" "en" ];
      };
    };

    vaultwarden = {
      enable = true;
      subdomain = "pw";
      config = {
        YUBICO_CLIENT_ID = 86799;
        SMTP_HOST = smtp.host;
        SMTP_FROM = smtp.from;
        SMTP_FROM_NAME = "Vaultwarden";
        SMTP_USERNAME = smtp.username;
        SMTP_PORT = smtp.port;
        HELO_NAME = smtp.heloName;
      };
    };

    workout-tracker = {
      enable = true;
      subdomain = "fit";
      port = 3004;
    };

    workout-sync = {
      enable = true;
      subdomain = "ws";
    };

    immich = {
      enable = true;
      subdomain = "img";
      mediaLocation = immichDataDir;
      timezone = "Europe/Helsinki";
      settings.job = {
        thumbnailGeneration.concurrency = 8;
        videoConversion.concurrency = 2;
      };
    };

    dnote = {
      enable = true;
      subdomain = "note";
      environment = {
        SmtpHost = smtp.host;
        SmtpPort = smtp.port;
        SmtpUsername = smtp.username;
      };
      environmentFile = secrets.dnote.path;
    };
  };
}