{
  tree,
  lib,
  ...
}: let
  inherit (lib.lists) forEach flatten;
in {
  imports = flatten (with tree; [
    (with tree.presets.nixos; [
      serverBase
      serverHetzner
      serverEncryptedDrive
      kernelLatest
    ])

    profiles.nixos.nginx

    (forEach [
      "storage"
      "mail"
    ] (name: ./containers + "/${name}/${name}.nix"))

    (with hosts.hetzner-arm.profiles; [
      staticSites
      gotosocial
      forgejo
      mpd
      radicale
      vault
      restic
      vaultwarden
      photoprism
    ])

    ./hardware.nix
    ./secrets.nix
  ]);

  virtualisation.docker.enable = true;

  nixpkgs.overlays = [
    (_final: prev: {
      vault = prev.vault-bin;
      #mpd = prev.mpd-headless;
    })
  ];

  # For Containers
  networking.nat = {
    enable = true;
    internalInterfaces = ["ve-+"];
    externalInterface = "enp1s0";
  };

  networking.firewall = {
    allowedTCPPorts = [80 443];
    allowedUDPPorts = [80 443];
  };

  networking.hostName = "hetzner-arm";

  home-manager.users.root.home.stateVersion = "25.05";
  system.stateVersion = "25.05";
}