{
  config,
  lib,
  nixhelm,
  system,
  globals,
  ...
}: {
  options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default";

  config = lib.mkIf config.bootstrap-default.enable {
    kubernetes = {
      helm.releases = {
        metallb = {
          chart = nixhelm.chartsDerivations.${system}.metallb.metallb;
          includeCRDs = true;
        };
      };

      resources = {
        namespaces = {
          static-websites = {};
          freshrss = {};
          radicale = {};
          kms = {};
          atuin = {};
          nextcloud = {};
          hedgedoc = {};
          kitchenowl = {};
          forgejo = {};
          paperless = {};
          syncthing = {};
          immich = {};
          attic = {};
          inbucket = {};
          dns = {};
          media = {};
          tailscale = {};
          ntfy = {};
          authentik = {};
          mealie = {};
        };

        nodes =
          builtins.mapAttrs
          (_name: labels: {
            metadata.labels = labels;
          })
          globals.nodeLabels;

        ipAddressPools.main.spec.addresses = ["192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe"];
        l2Advertisements.main.metadata = {};
      };
    };
  };
}