{pkgs, ...}: {
  project.name = "smarthome";

  networks.dmz = {
    name = "dmz";
    external = true;
  };

  services = {
    homeassistant.service = {
      image = "ghcr.io/home-assistant/home-assistant:2024.4.1";
      container_name = "homeassistant";
      privileged = true;
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.homeassistant.entrypoints" = "websecure";
        "traefik.http.routers.homeassistant.rule" = "Host(`home.ghoscht.com`)";
        "traefik.http.routers.homeassistant.tls" = "true";
        "traefik.http.routers.homeassistant.tls.certresolver" = "letsencrypt";
        "traefik.http.services.homeassistant.loadbalancer.server.port" = "8123";
        # "traefik.http.routers.homeassistant.middlewares" = "authentik@file";
      };
      volumes = [
        "/home/ghoscht/.docker/smarthome/homeassistant_data:/config"
        "/etc/localtime:/etc/localtime:ro"
        "/run/dbus:/run/dbus:ro"
      ];
      restart = "always";
      networks = [
        "dmz"
      ];
    };
  };
}