services = {
  "acme_dns" = {
    host = "node001"
    dns = [{
      domain = "acme.serguzim.me"
    }]
    monitoring = {
      url = "/health"
      group = "7-support"
    }
    ports = [
      {
        description = "DNS"
        port = 53
        protocol = "tcp"
        type = "firewall"
      },
      {
        description = "DNS"
        port = 53
        protocol = "udp"
        type = "firewall"
      }
    ]
    auth = false
    database = true
    s3 = false
  },

  "authentik" = {
    host = "node001"
    dns = [{
      domain = "auth.serguzim.me"
    }]
    monitoring = {
      url = "/-/health/live/"
      group = "4-services"
    }
    certificates = ["auth.serguzim.me"]
    auth = false
    database = true
    s3 = false
    mail = "auth"
  },

  "backup" = {
    host = "*"
    auth = false
    database = false
    s3 = false
  },

  "caddy" = {
    host = "*"
    ports = [
      {
        description = "HTTP"
        port = 80
        protocol = "tcp"
        type = "reverse_proxy"
      },
      {
        description = "HTTPS"
        port = 443
        protocol = "tcp"
        type = "reverse_proxy"
      },
      {
        description = "HTTP/3 QUIC"
        port = 443
        protocol = "udp"
        type = "reverse_proxy"
      },
      #"2019:2019",
    ]
    auth = false
    database = false
    s3 = false
  },

  "dokku" = {
    host = "node001"
    dns = [
      {
        domain = "paas.serguzim.me"
      },
      {
        domain = "*.paas.serguzim.me"
        name = "dokku-wildcard"
        alias = "dokku"
      },
      {
        domain = "serguzim.me"
        name = "webpage-serguzim"
        alias = "dokku"
      },
      {
        domain = "www.serguzim.me"
        name = "webpage-serguzim-www"
        alias = "webpage-serguzim"
      },
    ]
    backup = [{
      name = "dokku"
      type = "directory"
      path = "/var/lib/dokku"
    }]
    monitoring = {
      group = "7-support"
    }
    ports = [
      {
        description = "SSH for dokku"
        port = 3022
        protocol = "tcp"
        type = "firewall"
      }
    ]
    auth = false
    database = false
    s3 = false
  },

  "extra_services" = {
    host = "node001"
    auth = false
    database = false
    s3 = false
  },

  "forgejo" = {
    host = "node001"
    dns = [{
      domain = "git.serguzim.me"
    }]
    backup = [{
      name = "forgejo_data"
      type = "docker"
    }]
    monitoring = {
      url = "/api/v1/version"
      group = "4-services"
    }
    ports = [
      {
        description = "SSH for forgejo"
        port = 22
        protocol = "tcp"
        type = "firewall"
      }
    ]
    auth = true
    auth_redirects = ["https://git.serguzim.me/user/oauth2/auth.serguzim.me/callback"]
    database = true
    s3 = true
    mail = "git"
  },

  "forgejo_runner" = {
    host = "node001"
    auth = false
    database = false
    s3 = false
  },

  "healthcheck" = {
    host = "node001"
    auth = false
    database = false
    s3 = false
  },

  "gatus" = {
    host = "node001"
    dns = [{
      domain = "status.serguzim.me"
    }]
    backup = [{
      name = "gatus_data"
      type = "docker"
    }]
    auth = false
    database = false
    s3 = false
    mail = "status"
  },

  "homebox" = {
    host = "node001"
    dns = [{
      domain = "inventory.serguzim.me"
    }]
    backup = [{
      name = "homebox_data"
      type = "docker"
    }]
    monitoring = {
      url = "/api/v1/status"
      group = "4-services"
      conditions = [
        "DEFAULT",
        "[BODY].health == true"
      ]
    }
    auth = false
    database = false
    s3 = false
    mail = "inventory"
  },

  "immich" = {
    host = "node001"
    dns = [{
      domain = "gallery.serguzim.me"
    }]
    backup = [
      #{
      #  name = "immich_upload"
      #  type = "docker_remote"
      #},
      {
        name = "immich_database"
        type = "hook"
      }
    ]
    monitoring = {
      group = "4-services"
    }
    auth = true
    auth_redirects = ["https://gallery.serguzim.me/auth/login"]
    database = false
    s3 = false
  },

  "influxdb" = {
    host = "node001"
    dns = [{
      domain = "tick.serguzim.me"
    }]
    backup = [{
      name = "influxdb_data"
      type = "docker"
    }]
    monitoring = {
      url = "/health"
      group = "4-services"
      conditions = [
        "DEFAULT",
        "[BODY].status == pass"
      ]
    }
    auth = false
    database = false
    s3 = false
  },

  "jellyfin" = {
    host = "node001"
    dns = [{
      domain = "media.serguzim.me"
    }]
    backup = [
      {
        name = "jellyfin_config"
        type = "docker"
      },
      #{
      #  name = "jellyfin_media"
      #  type = "docker_remote"
      #}
    ]
    monitoring = {
      url = "/health"
      group = "4-services"
      conditions = [
        "DEFAULT",
        "[BODY] == Healthy"
      ]
    }
    auth = false
    database = false
    s3 = false
  },

  "lego" = {
    host = "*"
    auth = false
    database = false
    s3 = false
  },

  "linkwarden" = {
    host = "node001"
    dns = [{
      domain = "bookmarks.serguzim.me"
    }]
    monitoring = {
      url = "/api/v1/logins"
      group = "4-services"
    }
    auth = true
    auth_cert = "rsa"
    auth_redirects = ["https://bookmarks.serguzim.me/api/v1/auth/callback/authentik"]
    database = true
    s3 = true
  },

  mailcowdockerized = {
    host = "node003"
    dns = [{
      domain = "mail.serguzim.me"
    }]
    backup = [{
      name = "mailcowdockerized"
      type = "hook"
    }]
    monitoring = {
      group = "4-services"
    }
    ports = [
      {
        description = "SMTP"
        port = 25
        protocol = "tcp"
        type = "firewall"
      },
      {
        description = "SMTP TLS"
        port = 465
        protocol = "tcp"
        type = "firewall"
      },
      {
        description = "SMTP StartTLS"
        port = 587
        protocol = "tcp"
        type = "firewall"
      },
      {
        description = "IMAPS"
        port = 993
        protocol = "tcp"
        type = "firewall"
      },
      {
        description = "POPS"
        port = 995
        protocol = "tcp"
        type = "firewall"
      },
      {
        description = "Sieve"
        port = 4190
        protocol = "tcp"
        type = "firewall"
      }
    ]
    auth = false
    database = false
    s3 = false
  },

  "minio" = {
    host = "node001"
    dns = [
      {
        domain = "s3.serguzim.me"
      },
      {
        domain = "console.s3.serguzim.me"
        name = "minio-console"
        alias = "minio"
      }
    ]
    backup = [{
      name = "minio_data"
      type = "docker"
    }]
    monitoring = {
      url = "/minio/health/live"
      group = "7-support"
    }
    auth = true
    auth_redirects = ["https://console.s3.serguzim.me/oauth_callback"]
    database = false
    s3 = false
  },

  "ntfy" = {
    host = "node001"
    dns = [{
      domain = "push.serguzim.me"
    }]
    backup = [{
      name = "ntfy_data"
      type = "docker"
    }]
    monitoring = {
      url = "/v1/health"
      group = "4-services"
      conditions = [
        "DEFAULT",
        "[BODY].healthy == true"
      ]
    }
    auth = false
    database = false
    s3 = false
  },

  "postgresql" = {
    host = "node001"
    dns = [{
      domain = "db.serguzim.me"
    }]
    backup = [{
      name = "postgresql"
      type = "hook"
    }]
    monitoring = {
      url = "tcp://db.serguzim.me:5432"
      group = "7-support"
      conditions = [
        "[CONNECTED] == true"
      ]
    }
    certificates = ["db.serguzim.me"]
    auth = false
    database = false
    s3 = false
  },

  "reitanlage_oranienburg" = {
    host = "node001"
    dns = [
      {
        domain = "reitanlage-oranienburg.de"
      },
      {
        domain = "www.reitanlage-oranienburg.de"
        name = "reitanlage_oranienburg-www"
        alias = "reitanlage_oranienburg"
      }
    ]
    backup = [{
      name = "reitanlage_oranienburg_data"
      type = "docker"
    }]
    monitoring = {
      group = "5-websites"
    }
    auth = false
    database = false
    s3 = false
  },

  "shlink" = {
    host = "node001"
    dns = [
      {
        domain = "msrg.cc"
      },
      {
        domain = "msvg.cc"
        name = "shlink-msvg"
        alias = "shlink"
      },
      {
        domain = "emgauwa.app"
        name = "shlink-emgauwa"
        alias = "shlink"
      }
    ]
    monitoring = {
      url = "/rest/health"
      group = "4-services"
      conditions = [
        "DEFAULT",
        "[BODY].status == pass"
      ]
    }
    auth = false
    database = true
    s3 = false
  },

  "synapse" = {
    host = "node001"
    dns = [
      {
        domain = "matrix.serguzim.me"
      },
      {
        domain = "matrix.msrg.cc"
        name = "synapse-msrg"
        alias = "synapse"
      }
    ]
    backup = [{
      name = "synapse_media_store"
      type = "docker"
    }]
    monitoring = {
      url = "/_matrix/client/versions"
      group = "4-services"
    }
    ports = [
      {
        description = "Matrix"
        port = 8448
        protocol = "tcp"
        type = "reverse_proxy"
      }
    ]
    auth = true
    auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"]
    database = true
    s3 = false
    mail = "matrix"
  },

  "tandoor" = {
    host = "node001"
    dns = [{
      domain = "recipes.serguzim.me"
    }]
    backup = [{
      name = "tandoor_mediafiles"
      type = "docker"
    }]
    monitoring = {
      url = "/accounts/login/"
      group = "4-services"
    }
    auth = false
    database = true
    s3 = false
  },

  "teamspeak_fallback" = {
    host = "node001"
    dns = [
      {
        domain = "ts.serguzim.me"
      },
      {
        domain = "hook.serguzim.me"
        name = "teamspeak_fallback-hook"
        alias = "teamspeak_fallback"
      }
    ]
    backup = [{
      name = "teamspeak_fallback_data"
      type = "docker"
    }]
    monitoring = {
      group = "7-support"
    }
    ports = [
      {
        description = "Teamspeak server"
        port = 9987
        protocol = "udp"
        type = "firewall"
      },
      {
        description = "Teamspeak filetransfer"
        port = 30033
        protocol = "tcp"
        type = "firewall"
      },
      {
        description = "Teamspeak serverquery"
        port = 10011
        protocol = "tcp"
        type = "firewall"
      }
    ]
    auth = false
    database = false
    s3 = false
  }

  "telegraf" = {
    host = "node001"
    auth = false
    database = true
    s3 = false
  },

  "tinytinyrss" = {
    host = "node001"
    dns = [{
      domain = "rss.serguzim.me"
    }]
    monitoring = {
      url = "/tt-rss/"
      group = "4-services"
    }
    auth = false
    database = true
    s3 = false
  },

  "umami" = {
    host = "node001"
    dns = [{
      domain = "analytics.serguzim.me"
    }]
    monitoring = {
      url = "/api/heartbeat"
      group = "4-services"
    }
    auth = false
    database = true
    s3 = false
  },

  "vikunja" = {
    host = "node001"
    dns = [{
      domain = "todo.serguzim.me"
    }]
    backup = [{
      name = "vikunja_data"
      type = "docker"
    }]
    monitoring = {
      url = "/api/v1/info"
      group = "4-services"
    }
    auth = true
    auth_redirects = ["https://todo.serguzim.me/auth/openid/authserguzimme"]
    database = true
    s3 = false
    mail = "todo"
  },

  "watchtower" = {
    host = "*"
    auth = false
    database = false
    s3 = false
    mail = "watchtower"
  },

  "wiki_js" = {
    host = "node001"
    dns = [{
      domain = "wiki.serguzim.me"
    }]
    monitoring = {
      group = "4-services"
    }
    auth = true
    auth_redirects = ["https://wiki.serguzim.me/login/f792bc7d-1a25-4437-944e-55eaf0111102/callback"]
    database = true
    s3 = false
    mail = "wiki"
  },

  "woodpecker" = {
    host = "node001"
    dns = [
      {
        domain = "ci.serguzim.me"
      },
      {
        domain = "agents.ci.serguzim.me"
        name = "woodpecker-agents"
        alias = "woodpecker"
      }
    ]
    monitoring = {
      url = "/healthz"
      group = "4-services"
    }
    auth = false
    database = true
    s3 = false
  }
}