{ config, inputs }:
let
  inherit (inputs.self.lib)
    enableList
    mkEnabled
    mkEnabledWithUsers
    ;
  wgServerIp = config.my.ips.wg-server;
  mkEnabledProxyIp = inputs.self.lib.mkEnabledProxyIp wgServerIp;
  mkEnabledProxySocketIp = name: {
    inherit name;
    value = {
      enableProxy = true;
      enableSocket = true;
      ip = wgServerIp;
    };
  };
in
{
  enableProxy = true;
  enableContainers = true;
  apps.dictionaries.enable = true;
  apps.dictionaries.users = "jawz";
  services = enableList mkEnabled [
    "network"
    "wireguard"
  ];
  shell = enableList mkEnabledWithUsers [
    "multimedia"
    "tools"
  ];
  dev = enableList mkEnabledWithUsers [
    "nix"
    "sh"
  ];
  websites = {
    portfolio.enableProxy = true;
    lidarrMbReport.enableProxy = true;
  };
  servers = {
    isso = {
      enable = true;
      enableProxy = true;
      ip = wgServerIp;
    };
    microbin = {
      enable = true;
      enableProxy = true;
      ip = wgServerIp;
    };
  }
  // enableList mkEnabledProxySocketIp [
    "audiobookshelf"
    "collabora"
    "jellyfin"
    "nextcloud"
    "plausible"
    "plex"
  ]
  // enableList mkEnabledProxyIp [
    "bazarr"
    "gitea"
    "homepage"
    "kavita"
    "keycloak"
    "lidarr"
    "linkwarden"
    "maloja"
    "mealie"
    "metube"
    "multi-scrobbler"
    "oauth2-proxy"
    "prowlarr"
    "radarr"
    "sonarr"
    "vaultwarden"
    "yamtrack"
  ];
}