{
  self,
  hostPath,
  tree,
  inputs,
  pkgs,
  config,
  ...
}: let
  containerName = "owncast";

  containerAddresses = import "${hostPath}/data/containerAddresses.nix";

  hostIP = containerAddresses.host;
  containerIP = containerAddresses.containers.${containerName};
in {
  containers.owncast = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = hostIP;
    localAddress = containerIP;

    specialArgs = {
      inherit inputs;
      inherit tree;
      inherit self;
      inherit hostPath;
    };

    config = {...}: {
      nixpkgs.pkgs = pkgs;

      imports = with tree;
        [
          presets.nixos.containerBase
          ./secrets.nix
        ]
        ++ (with hosts.hetzner-arm.containers.owncast.profiles; [
          owncast
          restic
        ]);

      networking.firewall.allowedTCPPorts = [
        1935
        8080
      ];

      home-manager.users.root.home.stateVersion = "23.05";
      system.stateVersion = "23.05";
    };
  };

  services.nginx.virtualHosts."stream.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${containerIP}:8080";
      proxyWebsockets = true;
    };
  };

  networking = {
    nat.forwardPorts = [
      {
        sourcePort = 1935;
        destination = "${containerIP}\:1935";
      }
    ];

    firewall.allowedTCPPorts = [
      1935
    ];
  };
}