nix-config/systems/x86_64-linux/jallen-nas/apps.nix

{
  config,
  lib,
  namespace,
  ...
}:
let
  inherit (lib.${namespace}) enabled disabled;
  net = lib.${namespace}.network;
in
{
  ${namespace} = {
    services = {
      actual = {
        enable = true;
        port = 3333;
        createUser = true;
        reverseProxy = disabled;
        hostedService = {
          group = "Finance";
          icon = "si:actualbudget";
        };
      };
      ai = {
        enable = true;
      };
      arrs.enable = true;
      attic = {
        enable = true;
        port = 9012;
        listenAddress = "[::]";
        environmentFile = "/run/secrets/jallen-nas/attic-key";
        reverseProxy = {
          enable = true;
          subdomain = "cache";
        };
        hostedService = {
          group = "Dev";
        };
      };
      authentik = {
        enable = true;
        configureDb = true;
        port = 9000;
        reverseProxy = enabled;
        environmentFile = "/run/secrets/jallen-nas/authentik-env";
        hostedService = {
          group = "Infrastructure";
        };
        redis = {
          enable = true;
          port = 6379;
        };
      };
      authentikRac = {
        enable = true;
        port = 4823;
        # environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO
      };
      caddy = enabled;
      cockpit = {
        enable = true;
        port = 9091;
      };
      calibre = {
        enable = false;
        port = 8084;
      };
      calibre-web = {
        enable = false;
        port = 8083;
      };
      code-server = {
        enable = true;
        port = 4444;
        extraEnvironment = {
          PROXY_DOMAIN = "code.mjallen.dev";
        };
      };
      coturn = {
        enable = true;
        port = 3478;
        reverseProxy = enabled;
      };
      collabora = {
        enable = true;
        port = 9980;
        reverseProxy = {
          enable = true;
          subdomain = "office";
        };
      };
      crowdsec = {
        enable = true;
        port = 8181;
        apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path;
        ntfy = {
          enable = true;
          envFile = config.sops.templates."ntfy.env".path;
        };
      };
      dispatcharr = {
        enable = false;
        port = 9191;
      };
      tunarr = {
        enable = true;
        port = 8000;
      };
      free-games-claimer = {
        enable = false;
        port = 6080;
      };
      gitea = {
        enable = true;
        port = 3000;
        reverseProxy = enabled;
        hostedService = {
          group = "Dev";
          icon = "si:gitea";
        };
      };
      guacd = {
        enable = true;
        port = 4822;
      };
      glance = {
        enable = true;
        port = 5555;
        hostedServiceGroups = true;
        weather = {
          enable = true;
          location = "Saint Paul, Minnesota, United States";
          units = "imperial";
          hour-format = "12h";
        };
        servers = [
          {
            name = "NAS";
            mountpoints."/media/nas/main" = {
              name = "Main Pool";
            };
          }
          {
            name = "Pi5";
            mountpoints."/" = {
              name = "Root";
            };
          }
        ];
        bookmarks = [
          {
            title = "General";
            links = [
              {
                title = "Gmail";
                url = "https://mail.google.com/mail/u/0/";
              }
              {
                title = "Proton Mail";
                url = "https://mail.proton.me/u/0/inbox";
              }
              {
                title = "MyNixOS";
                url = "https://www.mynixos.com/";
              }
              {
                title = "Github";
                url = "https://github.com/";
              }
            ];
          }
          {
            title = "Entertainment";
            links = [
              {
                title = "YouTube";
                url = "https://www.youtube.com/";
              }
              {
                title = "Prime Video";
                url = "https://www.primevideo.com/";
              }
              {
                title = "Disney+";
                url = "https://www.disneyplus.com/";
              }
            ];
          }
          {
            title = "Social";
            links = [
              {
                title = "Reddit";
                url = "https://www.reddit.com/";
              }
              {
                title = "Twitter";
                url = "https://twitter.com/";
              }
              {
                title = "Instagram";
                url = "https://www.instagram.com/";
              }
            ];
          }
        ];
        reddit = [
          "hockey"
          "formula1"
        ];
        search = [
          {
            title = "YouTube";
            shortcut = "!yt";
            url = "https://www.youtube.com/results?search_query={QUERY}";
          }
          {
            title = "Wikipedia";
            shortcut = "!w";
            url = "https://en.wikipedia.org/wiki/{QUERY}";
          }
        ];
        extraSites = [
          {
            title = "Home Assistant";
            url = "http://${net.hosts.nuc.lan}:${toString net.ports.nuc.homeAssistant}/";
            icon = "si:vscodium";
            allow-insecure = true;
          }
          {
            title = "ESPHome";
            url = "http://${net.hosts.nuc.lan}:${toString net.ports.nuc.esphome}/";
            icon = "si:vscodium";
            allow-insecure = true;
          }
          {
            title = "Sonarr";
            url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sonarr}/";
            icon = "si:sonarr";
            allow-insecure = true;
            basic-auth = true;
          }
          {
            title = "Radarr";
            url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.radarr}/";
            icon = "si:radarr";
            allow-insecure = true;
            basic-auth = true;
          }
          {
            title = "Sabnzbd";
            url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sabnzbd}/";
            icon = "si:sabnzbd";
            allow-insecure = true;
            basic-auth = true;
          }
          {
            title = "AdGuard";
            url = "http://${net.hosts.pi5.lan}:${toString net.ports.pi5.adguard}/";
            icon = "si:adguard";
            allow-insecure = true;
          }
          {
            title = "Manyfold";
            url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.manyfold}/collections";
            icon = "sh:manyfold";
            allow-insecure = true;
          }
          {
            title = "Code Server";
            url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.codeServer}/";
            icon = "si:vscodium";
            allow-insecure = true;
          }
          {
            title = "NAS KVM";
            url = "http://nas-kvm.local/";
            icon = "si:iterm2";
            allow-insecure = true;
          }
          {
            title = "NUC KVM";
            url = "http://pikvm.local/";
            icon = "si:raspberrypi";
            allow-insecure = true;
          }
        ];
      };
      glances = {
        enable = true;
        port = 61208;
        createUser = true;
      };
      grimmory = {
        enable = false;
        port = 6066;
      };
      headscale = {
        enable = false;
        port = 2112;
        reverseProxy.enable = true;
      };
      immich = {
        enable = true;
        port = 2283;
        reverseProxy = enabled;
        hostedService = {
          group = "Media";
          icon = "si:immich";
        };
      };
      jellyfin = {
        enable = true;
        port = 8096;
        reverseProxy = enabled;
        hostedService = {
          group = "Media";
          icon = "si:jellyfin";
        };
      };
      seerr = {
        enable = true;
        port = 5055;
        createUser = true;
        reverseProxy = enabled;
        hostedService = {
          group = "Media";
        };
      };
      kavita = {
        enable = true;
        port = 5000;
        reverseProxy = disabled;
      };
      lemonade = {
        enable = false;
        port = 8001;
        modelsDir = "/media/nas/main/ai/lemonade/models";
        reverseProxy = disabled;
      };
      lubelogger = {
        enable = true;
        port = 6754;
        reverseProxy = enabled;
        hostedService = {
          group = "Finance";
        };
      };
      manyfold = {
        enable = true;
        port = 3214;
      };
      matrix = {
        enable = true;
        port = 8448;
        reverseProxy = enabled;
        hostedService = {
          group = "Infrastructure";
          icon = "si:element";
        };
      };
      minecraft = disabled;
      mongodb = disabled;
      nebula = {
        enable = true;
        port = 4242;
        lighthouses = [ "10.1.1.1" ];
        staticHostMap = {
          "10.1.1.1" = [ "mjallen.dev:4242" ];
        };
        secretsPrefix = "jallen-nas/nebula";
        secretsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
        hostSecretName = "nas";
      };
      netbootxyz = {
        enable = false;
        port = 4000;
      };
      nextcloud = {
        enable = true;
        port = 9988;
        reverseProxy = {
          enable = true;
          subdomain = "cloud";
        };
        hostedService = {
          group = "Infrastructure";
          icon = "si:nextcloud";
        };
      };
      ntfy = {
        enable = true;
        port = 2586;
        createUser = true;
        reverseProxy = enabled;
        hostedService = {
          group = "Infrastructure";
        };
      };
      ocis = disabled;
      onlyoffice = {
        enable = false;
        port = 9200;
      };
      opencloud = {
        enable = false;
        port = 9200;
        reverseProxy.enable = false;
      };
      orca-slicer = {
        enable = false;
        port = 3100;
        httpsPort = 3101;
      };
      paperless = {
        enable = true;
        port = 28981;
      };
      paperless-ai = {
        enable = true;
        port = 28982;
      };
      protonmail-bridge = {
        enable = true;
        smtpPort = 1025;
        imapPort = 1143;
      };
      restic-server = {
        enable = true;
        port = 8008;
      };
      sparky-fitness-server = {
        enable = true;
        port = 3010;
      };
      sparky-fitness = {
        enable = true;
        port = 3004;
        reverseProxy = {
          enable = true;
          subdomain = "sparky";
        };
      };
      sunshine = {
        enable = true;
        port = 47989;
      };
      tdarr = {
        enable = false;
        port = 8265;
        serverPort = 8266;
      };
      termix = {
        enable = true;
        port = 7777;
        reverseProxy = enabled;
      };
      unmanic = {
        enable = true;
        port = 8265;
      };
      uptime-kuma = {
        enable = true;
        port = 3001;
      };
      wyoming = enabled;
    };
  };
}