diff --git a/seeds/postgres/dev_seed.sql b/seeds/postgres/dev_seed.sql
index a75e948..b4674b2 100644
--- a/seeds/postgres/dev_seed.sql
+++ b/seeds/postgres/dev_seed.sql
@@ -64,31 +64,41 @@ WHERE NOT EXISTS (SELECT 1 FROM hosts WHERE hosts.name = t.name AND hosts.ip = t
 -- ── Ports catalog ─────────────────────────────────────────────────────────────
 
 INSERT INTO ports (number, description) VALUES
-    (22,   'SSH'),
-    (25,   'SMTP'),
-    (53,   'DNS'),
-    (80,   'HTTP'),
-    (143,  'IMAP'),
-    (161,  'SNMP'),
-    (443,  'HTTPS'),
-    (445,  'SMB'),
-    (465,  'SMTPS'),
-    (500,  'IKE / IPSec'),
-    (514,  'Syslog'),
-    (587,  'SMTP Submission'),
-    (873,  'rsync'),
-    (993,  'IMAPS'),
-    (1194, 'OpenVPN'),
-    (2049, 'NFS'),
-    (3000, 'Grafana'),
-    (3389, 'RDP'),
-    (4500, 'IPSec NAT-T'),
-    (5044, 'Logstash Beats'),
-    (5432, 'PostgreSQL'),
-    (5601, 'Kibana'),
-    (9090, 'Prometheus'),
-    (9100, 'JetDirect'),
-    (9200, 'Elasticsearch')
+    (22,    'SSH'),
+    (25,    'SMTP'),
+    (53,    'DNS'),
+    (80,    'HTTP'),
+    (143,   'IMAP'),
+    (161,   'SNMP'),
+    (443,   'HTTPS'),
+    (445,   'SMB'),
+    (465,   'SMTPS'),
+    (500,   'IKE / IPSec'),
+    (514,   'Syslog'),
+    (587,   'SMTP Submission'),
+    (873,   'rsync'),
+    (993,   'IMAPS'),
+    (1194,  'OpenVPN'),
+    (2049,  'NFS'),
+    (3000,  'Grafana / Gitea'),
+    (3306,  'MariaDB / MySQL'),
+    (3389,  'RDP'),
+    (4500,  'IPSec NAT-T'),
+    (5044,  'Logstash Beats'),
+    (5432,  'PostgreSQL'),
+    (5601,  'Kibana'),
+    (6379,  'Redis'),
+    (8096,  'Jellyfin'),
+    (8123,  'Home Assistant'),
+    (8384,  'Syncthing UI'),
+    (8920,  'Jellyfin HTTPS'),
+    (9000,  'Portainer'),
+    (9090,  'Prometheus'),
+    (9100,  'node_exporter / JetDirect'),
+    (9200,  'Elasticsearch'),
+    (9443,  'Portainer HTTPS'),
+    (22000, 'Syncthing'),
+    (51820, 'WireGuard')
 ON CONFLICT (number) DO NOTHING;
 
 -- ── Host ports ────────────────────────────────────────────────────────────────
@@ -193,3 +203,84 @@ INSERT INTO host_ports (host_id, port_number)
 SELECT h.id, 22 FROM hosts h
 WHERE h.name = 'vpn-client-02' AND h.ip = '172.16.1.11'
 ON CONFLICT DO NOTHING;
+
+-- ── Applications ──────────────────────────────────────────────────────────────
+-- applications has no UNIQUE constraint on name, so we use WHERE NOT EXISTS.
+
+INSERT INTO applications (name)
+SELECT v.name FROM (VALUES
+    ('Nginx'),
+    ('Pi-hole'),
+    ('WireGuard'),
+    ('OpenVPN'),
+    ('PostgreSQL'),
+    ('MariaDB'),
+    ('Redis'),
+    ('Grafana'),
+    ('Prometheus'),
+    ('Elasticsearch'),
+    ('Kibana'),
+    ('Portainer'),
+    ('Jellyfin'),
+    ('Home Assistant'),
+    ('Syncthing'),
+    ('Vaultwarden')
+) AS v(name)
+WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = v.name);
+
+-- ── Application ports ─────────────────────────────────────────────────────────
+
+-- Nginx: HTTP, HTTPS
+INSERT INTO application_ports (application_id, port_number) SELECT id, 80  FROM applications WHERE name = 'Nginx' ON CONFLICT DO NOTHING;
+INSERT INTO application_ports (application_id, port_number) SELECT id, 443 FROM applications WHERE name = 'Nginx' ON CONFLICT DO NOTHING;
+
+-- Pi-hole: DNS, HTTP (admin UI), HTTPS
+INSERT INTO application_ports (application_id, port_number) SELECT id, 53  FROM applications WHERE name = 'Pi-hole' ON CONFLICT DO NOTHING;
+INSERT INTO application_ports (application_id, port_number) SELECT id, 80  FROM applications WHERE name = 'Pi-hole' ON CONFLICT DO NOTHING;
+INSERT INTO application_ports (application_id, port_number) SELECT id, 443 FROM applications WHERE name = 'Pi-hole' ON CONFLICT DO NOTHING;
+
+-- WireGuard
+INSERT INTO application_ports (application_id, port_number) SELECT id, 51820 FROM applications WHERE name = 'WireGuard' ON CONFLICT DO NOTHING;
+
+-- OpenVPN
+INSERT INTO application_ports (application_id, port_number) SELECT id, 1194 FROM applications WHERE name = 'OpenVPN' ON CONFLICT DO NOTHING;
+
+-- PostgreSQL
+INSERT INTO application_ports (application_id, port_number) SELECT id, 5432 FROM applications WHERE name = 'PostgreSQL' ON CONFLICT DO NOTHING;
+
+-- MariaDB
+INSERT INTO application_ports (application_id, port_number) SELECT id, 3306 FROM applications WHERE name = 'MariaDB' ON CONFLICT DO NOTHING;
+
+-- Redis
+INSERT INTO application_ports (application_id, port_number) SELECT id, 6379 FROM applications WHERE name = 'Redis' ON CONFLICT DO NOTHING;
+
+-- Grafana
+INSERT INTO application_ports (application_id, port_number) SELECT id, 3000 FROM applications WHERE name = 'Grafana' ON CONFLICT DO NOTHING;
+
+-- Prometheus
+INSERT INTO application_ports (application_id, port_number) SELECT id, 9090 FROM applications WHERE name = 'Prometheus' ON CONFLICT DO NOTHING;
+
+-- Elasticsearch
+INSERT INTO application_ports (application_id, port_number) SELECT id, 9200 FROM applications WHERE name = 'Elasticsearch' ON CONFLICT DO NOTHING;
+
+-- Kibana
+INSERT INTO application_ports (application_id, port_number) SELECT id, 5601 FROM applications WHERE name = 'Kibana' ON CONFLICT DO NOTHING;
+
+-- Portainer: HTTP, HTTPS
+INSERT INTO application_ports (application_id, port_number) SELECT id, 9000 FROM applications WHERE name = 'Portainer' ON CONFLICT DO NOTHING;
+INSERT INTO application_ports (application_id, port_number) SELECT id, 9443 FROM applications WHERE name = 'Portainer' ON CONFLICT DO NOTHING;
+
+-- Jellyfin: HTTP, HTTPS
+INSERT INTO application_ports (application_id, port_number) SELECT id, 8096 FROM applications WHERE name = 'Jellyfin' ON CONFLICT DO NOTHING;
+INSERT INTO application_ports (application_id, port_number) SELECT id, 8920 FROM applications WHERE name = 'Jellyfin' ON CONFLICT DO NOTHING;
+
+-- Home Assistant
+INSERT INTO application_ports (application_id, port_number) SELECT id, 8123 FROM applications WHERE name = 'Home Assistant' ON CONFLICT DO NOTHING;
+
+-- Syncthing: UI, data sync
+INSERT INTO application_ports (application_id, port_number) SELECT id, 8384  FROM applications WHERE name = 'Syncthing' ON CONFLICT DO NOTHING;
+INSERT INTO application_ports (application_id, port_number) SELECT id, 22000 FROM applications WHERE name = 'Syncthing' ON CONFLICT DO NOTHING;
+
+-- Vaultwarden: HTTP, HTTPS
+INSERT INTO application_ports (application_id, port_number) SELECT id, 80  FROM applications WHERE name = 'Vaultwarden' ON CONFLICT DO NOTHING;
+INSERT INTO application_ports (application_id, port_number) SELECT id, 443 FROM applications WHERE name = 'Vaultwarden' ON CONFLICT DO NOTHING;
diff --git a/seeds/sqlite/dev_seed.sql b/seeds/sqlite/dev_seed.sql
index dbadea2..af14e0a 100644
--- a/seeds/sqlite/dev_seed.sql
+++ b/seeds/sqlite/dev_seed.sql
@@ -44,31 +44,41 @@ INSERT INTO hosts (name, ip, network_id) SELECT 'vpn-client-02',  '172.16.1.11',
 -- ── Ports catalog ─────────────────────────────────────────────────────────────
 
 INSERT OR IGNORE INTO ports (number, description) VALUES
-    (22,   'SSH'),
-    (25,   'SMTP'),
-    (53,   'DNS'),
-    (80,   'HTTP'),
-    (143,  'IMAP'),
-    (161,  'SNMP'),
-    (443,  'HTTPS'),
-    (445,  'SMB'),
-    (465,  'SMTPS'),
-    (500,  'IKE / IPSec'),
-    (514,  'Syslog'),
-    (587,  'SMTP Submission'),
-    (873,  'rsync'),
-    (993,  'IMAPS'),
-    (1194, 'OpenVPN'),
-    (2049, 'NFS'),
-    (3000, 'Grafana'),
-    (3389, 'RDP'),
-    (4500, 'IPSec NAT-T'),
-    (5044, 'Logstash Beats'),
-    (5432, 'PostgreSQL'),
-    (5601, 'Kibana'),
-    (9090, 'Prometheus'),
-    (9100, 'JetDirect'),
-    (9200, 'Elasticsearch');
+    (22,    'SSH'),
+    (25,    'SMTP'),
+    (53,    'DNS'),
+    (80,    'HTTP'),
+    (143,   'IMAP'),
+    (161,   'SNMP'),
+    (443,   'HTTPS'),
+    (445,   'SMB'),
+    (465,   'SMTPS'),
+    (500,   'IKE / IPSec'),
+    (514,   'Syslog'),
+    (587,   'SMTP Submission'),
+    (873,   'rsync'),
+    (993,   'IMAPS'),
+    (1194,  'OpenVPN'),
+    (2049,  'NFS'),
+    (3000,  'Grafana / Gitea'),
+    (3306,  'MariaDB / MySQL'),
+    (3389,  'RDP'),
+    (4500,  'IPSec NAT-T'),
+    (5044,  'Logstash Beats'),
+    (5432,  'PostgreSQL'),
+    (5601,  'Kibana'),
+    (6379,  'Redis'),
+    (8096,  'Jellyfin'),
+    (8123,  'Home Assistant'),
+    (8384,  'Syncthing UI'),
+    (8920,  'Jellyfin HTTPS'),
+    (9000,  'Portainer'),
+    (9090,  'Prometheus'),
+    (9100,  'node_exporter / JetDirect'),
+    (9200,  'Elasticsearch'),
+    (9443,  'Portainer HTTPS'),
+    (22000, 'Syncthing'),
+    (51820, 'WireGuard');
 
 -- ── Host ports ────────────────────────────────────────────────────────────────
 -- INSERT OR IGNORE is safe: host_ports has a composite PRIMARY KEY (host_id, port_number).
@@ -124,7 +134,7 @@ INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 993 FROM host
 INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22  FROM hosts WHERE name = 'core-switch-01'   AND ip = '10.0.0.1';
 INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 161 FROM hosts WHERE name = 'core-switch-01'   AND ip = '10.0.0.1';
 
--- monitoring-01: SSH, HTTP, HTTPS, Prometheus, Grafana
+-- monitoring-01: SSH, HTTP, HTTPS, Grafana, Prometheus
 INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22   FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
 INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 80   FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
 INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 443  FROM hosts WHERE name = 'monitoring-01'    AND ip = '10.0.1.10';
@@ -152,3 +162,81 @@ INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 4500 FROM hos
 -- vpn clients: SSH only
 INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22 FROM hosts WHERE name = 'vpn-client-01'  AND ip = '172.16.1.10';
 INSERT OR IGNORE INTO host_ports (host_id, port_number) SELECT id, 22 FROM hosts WHERE name = 'vpn-client-02'  AND ip = '172.16.1.11';
+
+-- ── Applications ──────────────────────────────────────────────────────────────
+-- applications has no UNIQUE constraint on name, so we use WHERE NOT EXISTS.
+
+INSERT INTO applications (name) SELECT 'Nginx'          WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Nginx');
+INSERT INTO applications (name) SELECT 'Pi-hole'        WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Pi-hole');
+INSERT INTO applications (name) SELECT 'WireGuard'      WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'WireGuard');
+INSERT INTO applications (name) SELECT 'OpenVPN'        WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'OpenVPN');
+INSERT INTO applications (name) SELECT 'PostgreSQL'     WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'PostgreSQL');
+INSERT INTO applications (name) SELECT 'MariaDB'        WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'MariaDB');
+INSERT INTO applications (name) SELECT 'Redis'          WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Redis');
+INSERT INTO applications (name) SELECT 'Grafana'        WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Grafana');
+INSERT INTO applications (name) SELECT 'Prometheus'     WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Prometheus');
+INSERT INTO applications (name) SELECT 'Elasticsearch'  WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Elasticsearch');
+INSERT INTO applications (name) SELECT 'Kibana'         WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Kibana');
+INSERT INTO applications (name) SELECT 'Portainer'      WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Portainer');
+INSERT INTO applications (name) SELECT 'Jellyfin'       WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Jellyfin');
+INSERT INTO applications (name) SELECT 'Home Assistant' WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Home Assistant');
+INSERT INTO applications (name) SELECT 'Syncthing'      WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Syncthing');
+INSERT INTO applications (name) SELECT 'Vaultwarden'    WHERE NOT EXISTS (SELECT 1 FROM applications WHERE name = 'Vaultwarden');
+
+-- ── Application ports ─────────────────────────────────────────────────────────
+-- application_ports has a composite PRIMARY KEY, so INSERT OR IGNORE is safe.
+
+-- Nginx: HTTP, HTTPS
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 80  FROM applications WHERE name = 'Nginx';
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 443 FROM applications WHERE name = 'Nginx';
+
+-- Pi-hole: DNS, HTTP (admin UI), HTTPS
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 53  FROM applications WHERE name = 'Pi-hole';
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 80  FROM applications WHERE name = 'Pi-hole';
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 443 FROM applications WHERE name = 'Pi-hole';
+
+-- WireGuard
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 51820 FROM applications WHERE name = 'WireGuard';
+
+-- OpenVPN
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 1194 FROM applications WHERE name = 'OpenVPN';
+
+-- PostgreSQL
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 5432 FROM applications WHERE name = 'PostgreSQL';
+
+-- MariaDB
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 3306 FROM applications WHERE name = 'MariaDB';
+
+-- Redis
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 6379 FROM applications WHERE name = 'Redis';
+
+-- Grafana
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 3000 FROM applications WHERE name = 'Grafana';
+
+-- Prometheus
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 9090 FROM applications WHERE name = 'Prometheus';
+
+-- Elasticsearch
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 9200 FROM applications WHERE name = 'Elasticsearch';
+
+-- Kibana
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 5601 FROM applications WHERE name = 'Kibana';
+
+-- Portainer: HTTP, HTTPS
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 9000 FROM applications WHERE name = 'Portainer';
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 9443 FROM applications WHERE name = 'Portainer';
+
+-- Jellyfin: HTTP, HTTPS
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 8096 FROM applications WHERE name = 'Jellyfin';
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 8920 FROM applications WHERE name = 'Jellyfin';
+
+-- Home Assistant
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 8123 FROM applications WHERE name = 'Home Assistant';
+
+-- Syncthing: UI, data sync
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 8384  FROM applications WHERE name = 'Syncthing';
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 22000 FROM applications WHERE name = 'Syncthing';
+
+-- Vaultwarden: HTTP, HTTPS
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 80  FROM applications WHERE name = 'Vaultwarden';
+INSERT OR IGNORE INTO application_ports (application_id, port_number) SELECT id, 443 FROM applications WHERE name = 'Vaultwarden';
diff --git a/src/bin/seed.rs b/src/bin/seed.rs
index 5b9cf09..2a3d02a 100644
--- a/src/bin/seed.rs
+++ b/src/bin/seed.rs
@@ -85,5 +85,13 @@ async fn main() {
         .await
         .unwrap_or(0);
 
-    tracing::info!("Database now contains {} network(s) and {} host(s).", network_count, host_count);
+    let application_count: i64 = sqlx::query_scalar("SELECT COUNT(*) FROM applications")
+        .fetch_one(&pool)
+        .await
+        .unwrap_or(0);
+
+    tracing::info!(
+        "Database now contains {} network(s), {} host(s) and {} application(s).",
+        network_count, host_count, application_count
+    );
 }