{pkgs, ...}: {
  project.name = "dashboard";

  networks.dmz = {
    name = "dmz";
    external = true;
  };

  services = {
    homarr.service = {
      image = "ghcr.io/ajnart/homarr:0.15.2";
      container_name = "homarr";
      labels = {
        "traefik.enable" = "true";
        "traefik.http.routers.homarr.entrypoints" = "websecure";
        "traefik.http.routers.homarr.rule" = "Host(`dashboard.ghoscht.com`)";
        "traefik.http.routers.homarr.tls" = "true";
        "traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
      };
      environment = {
        AUTH_PROVIDER = "oidc";
        AUTH_OIDC_URI = "https://auth.ghoscht.com/application/o/homarr";
        AUTH_OIDC_CLIENT_NAME = "authentik";
        NEXTAUTH_URL = "https://dashboard.ghoscht.com";
        AUTH_OIDC_ADMIN_GROUP = "Homarr Admins";
        AUTH_OIDC_OWNER_GROUP = "Homarr Admins";
      };
      env_file = [
        "/home/ghoscht/.docker/dashboard/homarr.env"
      ];
      volumes = [
        "/storage/dataset/docker/dashboard/homarr_data:/data"
        "/storage/dataset/docker/dashboard/homarr_config:/app/data/configs"
        "/storage/dataset/docker/dashboard/homarr_icons:/app/public/imgs"
      ];
      restart = "always";
      networks = [
        "dmz"
      ];
    };
  };
}