{ config, lib, namespace, ... }: let inherit (lib.${namespace}) enabled disabled; in { ${namespace} = { services = { actual = { enable = true; port = 3333; createUser = true; reverseProxy = { enable = true; subdomain = "actual"; middlewares = [ "crowdsec" "whitelist-geoblock" ]; }; }; ai = enabled; arrs = enabled; attic = { enable = true; port = 9012; listenAddress = "[::]"; environmentFile = "/run/secrets/jallen-nas/attic-key"; }; authentik = { enable = true; configureDb = true; port = 9000; environmentFile = "/run/secrets/jallen-nas/authentik-env"; redis = { enable = true; port = 6379; }; }; authentikRac = { enable = true; port = 4822; # environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO }; calibre = { enable = true; port = 8084; }; calibre-web = { enable = true; port = 8083; }; code-server = { enable = true; port = 4444; extraEnvironment = { PROXY_DOMAIN = "code.mjallen.dev"; }; }; collabora = enabled; crowdsec = { enable = true; port = 8181; apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path; }; ersatztv = { enable = true; port = 8409; }; free-games-claimer = { enable = true; port = 6080; }; gitea = { enable = true; port = 3000; }; glance = { enable = true; port = 5555; }; glances = { enable = true; port = 61208; bindAddress = "0.0.0.0"; }; headscale = { enable = false; port = 2112; dataDir = "/media/nas/main/nix-app-data/headscale"; reverseProxy = { enable = true; subdomain = "headscale"; middlewares = [ "crowdsec" "whitelist-geoblock" ]; }; }; immich = enabled; jellyfin = enabled; jellyseerr = { enable = true; dataDir = "/media/nas/main/nix-app-data/jellyseerr"; }; lubelogger = enabled; manyfold = enabled; matrix = { enable = true; port = 8448; localAddress = "10.0.1.3"; dataDir = "/media/nas/main/nix-app-data/matrix-synapse"; reverseProxy = { enable = true; subdomain = "matrix"; middlewares = [ "crowdsec" "whitelist-geoblock" ]; }; }; netbootxyz = { enable = true; }; nextcloud = enabled; ntfy = { enable = true; port = 2586; localAddress = "10.0.1.3"; dataDir = "/media/nas/main/nix-app-data/ntfy"; reverseProxy = { enable = true; subdomain = "ntfy"; middlewares = [ "crowdsec" "whitelist-geoblock" ]; }; }; ocis = disabled; onlyoffice = disabled; opencloud = { enable = true; port = 9200; reverseProxy.enable = true; }; orca-slicer = { enable = true; httpPort = "3100"; httpsPort = "3101"; }; paperless = enabled; protonmail-bridge = { enable = true; smtpPort = 1025; imapPort = 1143; user = "admin"; }; restic = { enable = true; port = 8008; dataDir = "/media/nas/main/backup/restic"; prometheus = true; listenAddress = "0.0.0.0"; htpasswdFile = "/media/nas/main/backup/restic/.htpasswd"; extraFlags = [ "--no-auth" ]; }; tdarr = disabled; traefik = enabled; unmanic = { enable = true; configPath = "/media/nas/main/nix-app-data/unmanic/config"; moviesPath = "/media/nas/main/movies"; tvPath = "/media/nas/main/tv"; transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode"; }; uptime-kuma = { enable = true; port = 3001; dataDir = "/media/nas/main/nix-app-data/uptime-kuma"; }; wyoming = enabled; }; }; }