{pkgs, ...}: {
  project.name = "push";

  networks.dmz = {
    name = "dmz";
    external = true;
  };

  services = {
    ntfy.service = {
      image = "binwiederhier/ntfy:v2.10.0";
      container_name = "ntfy";
      user = "1000:1000";
      command = "serve";
      useHostStore = true;
      labels = {
        "traefik.enable" = "true";

        "traefik.http.routers.ntfy.service" = "ntfy";
        "traefik.http.services.ntfy.loadbalancer.server.port" = "80";
        "traefik.http.routers.ntfy.entrypoints" = "websecure";
        "traefik.http.routers.ntfy.rule" = "Host(`push.ghoscht.com`)";
        "traefik.http.routers.ntfy.tls" = "true";
        "traefik.http.routers.ntfy.tls.certresolver" = "letsencrypt";

        "traefik.http.routers.ntfy-external.service" = "ntfy-external";
        "traefik.http.services.ntfy-external.loadbalancer.server.port" = "80";
        "traefik.http.routers.ntfy-external.rule" = "Host(`push.ghoscht.com`)";
        "traefik.http.routers.ntfy-external.entrypoints" = "websecure-external";
        "traefik.http.routers.ntfy-external.tls" = "true";
        "traefik.http.routers.ntfy-external.tls.certresolver" = "letsencrypt";
      };
      volumes = [
        "/home/ghoscht/.docker/push/ntfy_config/server.yml:/etc/ntfy/server.yml"
        "/home/ghoscht/.docker/push/ntfy_data:/etc/ntfy/data"
      ];
      environment = {
        TZ = "Europe/Berlin";
      };
      restart = "always";
      networks = [
        "dmz"
      ];
    };
  };
}