{
  tree,
  lib,
  pkgs,
  config,
  ...
}: {
  imports = with tree; [
    users.root

    hosts.hetzner-vm.modules.mailserver

    profiles.base
    profiles.sshd
    profiles.nginx
    profiles.nix-gc

    ./containers/storage/storage.nix
    ./containers/social/social.nix
    ./containers/music/music.nix
    ./containers/quassel/quassel.nix
    ./containers/piped/piped.nix
    ./containers/mail/mail.nix

    #hosts.hetzner-vm.profiles.restic
    #hosts.hetzner-vm.profiles.mailserver
    hosts.hetzner-vm.profiles.gitlab-static-sites
    hosts.hetzner-vm.profiles.wireguard
    hosts.hetzner-vm.profiles.nginx-misc

    ./networking.nix
    ./hardware.nix
    ./secrets.nix
  ];

  environment.systemPackages = with pkgs; [
    (pkgs.writeShellScriptBin "journalctl-vaccum-all" ''
      journalctl --vacuum-size=100M
      ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
        journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name}
      ''))}
    '')
  ];

  # For Containers
  networking.nat = {
    enable = true;
    internalInterfaces = ["ve-+"];
    externalInterface = "eth0";
  };

  networking.firewall.allowedTCPPorts = [80 443];
  networking.firewall.allowedUDPPorts = [443];

  home-manager.users.root = {
    imports = with tree; [home.base home.dev.small];
    home.stateVersion = "22.05";
  };

  networking.hostName = "hetzner-vm";
  time.timeZone = "Europe/London";

  system.stateVersion = "22.05";
}