nixos/services.nix

{ ... }:
{
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.caddy = {
    enable = true;
    enableReload = true;
    email = "admin@pimeys.pm";
  };

  services.postgresql.enable = true;

  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    dockerCompat = true;
    defaultNetwork.settings = {
      # Required for container networking to be able to use names.
      dns_enabled = true;
    };
  };

  virtualisation.oci-containers.backend = "podman";

  networking.firewall = {
    trustedInterfaces = [ "podman1" ];
    interfaces.podman1.allowedUDPPorts = [ 53 ];
  };

  imports = [
    ./vaultwarden.nix
    ./immich.nix
    ./syncthing.nix
    ./invidious.nix
    ./grafana.nix
    ./gtrackmap.nix
    ./owncast.nix
    ./hydra.nix
    ./wireguard.nix
  ];
}