{
  config,
  lib,
  inputs,
  ...
}:
let
  hostAddress = "10.42.99.1";
  hostAddress6 = "fc00::1";
in
{
  networking.nat = {
    enable = true;
    internalInterfaces = [ "ve-+" ];
    externalInterface = "ens18";
    # Lazy IPv6 connectivity for the container
    enableIPv6 = true;
  };

  networking.firewall.allowedTCPPorts = [
    8384
    22000
  ];
  networking.firewall.allowedUDPPorts = [
    22000
    21027
  ];

  # Containers network is
  # * 10.42.99.0/24
  # * fc00:x

  users.groups.backup = {
    gid = 10000;
    members = [ "vivian" ];
  };

  containers = {
    syncthing = {
      autoStart = true;
      inherit hostAddress hostAddress6;
      localAddress = "10.42.99.2";
      localAddress6 = "fc00::2";

      forwardPorts = [
        {
          containerPort = 8384;
          hostPort = 8384;
          protocol = "tcp";
        }
      ];

      bindMounts = {
        "/data" = {
          hostPath = "/mnt/backup";
          isReadOnly = false;
        };
      };

      specialArgs = {
        inherit inputs;
      };

      config =
        { pkgs, ... }:
        {
          users.groups.backup = {
            gid = 10000;
            members = [ "syncthing" ];
          };

          imports = [
            ./common.nix
            ./syncthing.nix
            inputs.home-manager.nixosModules.home-manager
            inputs.gnome-autounlock-keyring.nixosModules.default
            inputs.catppuccin.nixosModules.catppuccin
          ];
        };
    };
  };
}