{
  config,
  lib,
  nixhelm,
  system,
  ...
}: {
  options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system";

  config = lib.mkIf config.bootstrap-kube-system.enable {
    kubernetes = {
      # TODO: These were copied from https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
      # See https://cert-manager.io/docs/installation/helm/
      # Seems kubenix cannot import a list of resources, only individual resources.
      # Might be good to create a PR for this.
      imports = [
        ./manifests/certificaterequest.yaml
        ./manifests/certificate.yaml
        ./manifests/challenge.yaml
        ./manifests/clusterissuer.yaml
        ./manifests/issuer.yaml
        ./manifests/order.yaml
      ];

      helm.releases = {
        cert-manager = {
          chart = nixhelm.chartsDerivations.${system}.jetstack.cert-manager;
          includeCRDs = false;
          namespace = "kube-system";
        };
      };

      resources.clusterIssuers.letsencrypt = {
        spec.acme = {
          server = "https://acme-v02.api.letsencrypt.org/directory";
          email = "pim@kunis.nl";
          privateKeySecretRef.name = "letsencrypt-private-key";
          solvers = [
            {
              selector = {};
              http01.ingress.class = "traefik";
            }
          ];
        };
      };
    };
  };
}