{ lib, pkgs, config, ... }: { services.podman.enable = true; services.podman.autoUpdate.enable = true; services.podman.autoUpdate.onCalendar = "*-*-* 00:00"; services.podman.containers = { actual = { image = "docker.io/actualbudget/actual-server:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/actual:/data" ]; ports = [ "5006:5006" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; archivebox = { image = "docker.io/archivebox/archivebox:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/archivebox" ]; volumes = [ "/mnt/services/podman/archivebox:/data" ]; ports = [ "8002:8000" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; bazarr = { image = "lscr.io/linuxserver/bazarr:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/bazarr:/config" "/mnt/media/video/movies:/movies" "/mnt/media/video/tv:/tv" ]; ports = [ "6767:6767" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; ddclient = { image = "lscr.io/linuxserver/ddclient:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/ddclient:/config" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; eclipse-mosquitto = { image = "docker.io/eclipse-mosquitto:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/eclipse-mosquitto:/mosquitto" ]; ports = [ "1883:1883" "9001:9001" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; freshrss = { image = "lscr.io/linuxserver/freshrss:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/home/admin/podman/freshrss:/config" ]; ports = [ "8555:80" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; frigate = { image = "ghcr.io/blakeblackshear/frigate:stable"; autoStart = true; autoUpdate = "registry"; network = "bridge"; devices = [ "nvidia.com/gpu=all" ]; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/frigate" ]; volumes = [ "/etc/localtime:/etc/localtime:ro" "/mnt/services/podman/frigate:/config" "/mnt/services/cctv:/media/frigate" ]; ports = [ "5005:5000" "5001:8971" "1935:1935" "8554:8554" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; gitea = { image = "docker.gitea.com/gitea:1.23.7"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/gitea" ]; volumes = [ "/mnt/services/podman/gitea:/data" ]; ports = [ "3001:3000" "222:22" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; home-assistant = { image = "ghcr.io/home-assistant/home-assistant:stable"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/etc/localtime:/etc/localtime:ro" "/mnt/services/podman/homeassistant:/config" ]; ports = [ "8123:8123" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; immich-db = { image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:739cdd626151ff1f796dc95a6591b55a714f341c737e27f045019ceabf8e8c52"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/immich" ]; volumes = [ "/mnt/services/podman/immich/db:/var/lib/postgresql/data:z" ]; ports = [ "5433:5432" ]; userNS = "keep-id"; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; immich-machine-learning = { image = "ghcr.io/immich-app/immich-machine-learning:release-cuda"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/immich" ]; volumes = [ "/mnt/services/podman/immich/cache:/cache" ]; ports = [ "3003:3003" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; immich-redis = { image = "registry.hub.docker.com/library/redis:6.2-alpine"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/immich" ]; ports = [ "6379:6379" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; immich-server = { image = "ghcr.io/immich-app/immich-server:release"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/immich" ]; volumes = [ "/mnt/services/immich:/usr/src/app/upload" "/etc/localtime:/etc/localtime:ro" ]; ports = [ "2283:2283" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; jellyfin = { image = "docker.io/jellyfin/jellyfin:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; devices = [ "nvidia.com/gpu=all" ]; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/jellyfin:/config" "/mnt/media/video/movies:/movies" "/mnt/media/video/tv:/tv" "/mnt/media/audio/music/flac:/music" "/mnt/media/video/family:/family" "/mnt/media/video/livetv:/livetv" ]; ports = [ "8096:8096" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; jellyseerr = { image = "ghcr.io/fallenbagel/jellyseerr"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/jellyseerr:/app/config" ]; ports = [ "5055:5055" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; joplin = { image = "docker.io/joplin/server:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/joplin" ]; ports = [ "22300:22300" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; joplin-db = { image = "docker.io/postgres:15"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/joplin" ]; volumes = [ "/home/admin/podman/joplin-db:/var/lib/postgresql/data" ]; ports = [ "5432:5432" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; kiwix = { image = "ghcr.io/kiwix/kiwix-serve:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; exec = "*.zim"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/media/kiwix:/data" ]; ports = [ "8088:8080" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; lidarr = { image = "lscr.io/linuxserver/lidarr:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/lidarr:/config" "/mnt/media/audio/music/flac:/music" "/mnt/media/torrents:/downloads" ]; ports = [ "8686:8686" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; metube = { image = "ghcr.io/alexta69/metube:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/media/youtube-dl:/downloads" "/mnt/media/audio/music/flac:/music" ]; ports = [ "8081:8081" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; nginx = { image = "docker.io/nginx:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/nginx" ]; volumes = [ "/mnt/services/podman/nginx/nginx.conf:/etc/nginx/nginx.conf:ro" "/mnt/services/podman/nginx/html:/usr/share/nginx/html" ]; ports = [ "888:80" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; nginx-proxy-manager = { image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/nginx-proxy-manager:/data" "/mnt/services/podman/letsencrypt:/etc/letsencrypt" ]; ports = [ "80:80" "443:443" "81:81" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; ollama = { image = "docker.io/ollama/ollama:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; devices = [ "nvidia.com/gpu=all" ]; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/ollama" ]; volumes = [ "/mnt/services/podman/ollama:/root/.ollama" ]; ports = [ "11434:11434" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; open-webui = { image = "ghcr.io/open-webui/open-webui:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/open-webui" ]; volumes = [ "/mnt/services/podman/open-webui:/app/backend/data" ]; ports = [ "3000:8080" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; paperless-ngx = { image = "ghcr.io/paperless-ngx/paperless-ngx:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/paperless-ngx" ]; volumes = [ "/mnt/services/podman/paperless-ngx/data:/usr/src/paperless/data" "/mnt/services/podman/paperless-ngx/media:/usr/src/paperless/media" "/mnt/services/podman/paperless-ngx/export:/usr/src/paperless/export" "/mnt/data/scans:/usr/src/paperless/consume" ]; ports = [ "8010:8000" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; paperless-ngx-redis = { image = "registry.hub.docker.com/library/redis:6.2-alpine"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; ports = [ "6380:6379" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; prowlarr = { image = "lscr.io/linuxserver/prowlarr:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/prowlarr:/config" ]; ports = [ "9696:9696" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; radarr = { image = "lscr.io/linuxserver/radarr:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/radarr:/config" "/mnt/media/video/movies:/movies" "/mnt/media/torrents:/downloads" ]; ports = [ "7878:7878" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; readarr = { image = "lscr.io/linuxserver/readarr:develop"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/readarr:/config" "/mnt/media/books:/books" "/mnt/media/torrents:/downloads" ]; ports = [ "8787:8787" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; rutorrent = { image = "docker.io/crazymax/rtorrent-rutorrent:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/home/admin/podman/rutorrent/passwd:/passwd" "/home/admin/podman/rutorrent/data:/data" "/mnt/media/torrents:/downloads" ]; ports = [ "8888:8080" "5000:8000" "50000:50000" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; searxng = { image = "docker.io/searxng/searxng:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/searxng:/etc/searxng" ]; ports = [ "8880:8080" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; sonarr = { image = "lscr.io/linuxserver/sonarr:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/sonarr:/config" "/mnt/media/video/tv:/tv" "/mnt/media/torrents:/downloads" ]; ports = [ "8989:8989" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; tandoor = { image = "docker.io/vabene1111/recipes"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/tandoor" ]; volumes = [ "/mnt/services/podman/tandoor/staticfiles:/opt/recipes/staticfiles" "/mnt/services/podman/tandoor/mediafiles:/opt/recipes/mediafiles" ]; ports = [ "9092:8080" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; tandoor-db = { image = "docker.io/postgres:16-alpine"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/tandoor" ]; volumes = [ "/home/admin/podman/tandoor/db:/var/lib/postgresql/data" ]; ports = [ "5434:5432" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; thelounge = { image = "lscr.io/linuxserver/thelounge:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/thelounge:/config" ]; ports = [ "9000:9000" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; unifi-network-application = { image = "lscr.io/linuxserver/unifi-network-application:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/unifi-network-application" ]; volumes = [ "/mnt/services/podman/unifi-network-application:/config" ]; ports = [ "8443:8443" "10001:10001/udp" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; unifi-network-application-db = { image = "docker.io/mongo:7.0"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/unifi-network-application" ]; volumes = [ "/mnt/services/podman/unifi-network-application-db" ]; ports = [ "27017:27017" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; vaultwarden = { image = "docker.io/vaultwarden/server:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/vaultwarden" ]; volumes = [ "/mnt/services/podman/vaultwarden:/data/" ]; ports = [ "8000:80" "3012:3012" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; webdav = { image = "docker.io/bytemark/webdav:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/webdav" ]; volumes = [ "/mnt/services/webdav:/var/lib/dav" ]; ports = [ "8009:80" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; wireguard = { image = "lscr.io/linuxserver/wireguard:latest"; autoStart = true; autoUpdate = "registry"; network = "bridge"; addCapabilities = [ "NET_RAW" "NET_ADMIN" "SYS_MODULE" ]; environmentFile = [ "/mnt/services/secrets/default" "/mnt/services/secrets/wireguard" ]; volumes = [ "/mnt/services/podman/wireguard:/config" #"/lib/modules:/lib/modules" ]; ports = [ "51820:51820/udp" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; zigbee2mqtt = { image = "docker.io/koenkk/zigbee2mqtt"; autoStart = true; autoUpdate = "registry"; network = "bridge"; devices = [ "/dev/ttyACM0:/dev/ttyACM0" ]; environmentFile = [ "/mnt/services/secrets/default" ]; volumes = [ "/mnt/services/podman/zigbee2mqtt:/app/data" ]; ports = [ "8808:8080" ]; extraConfig = { Service = { TimeoutStartSec = 900; }; }; }; }; # Don't touch home.stateVersion = "24.11"; }