{ lib, nixhelm, system, machines, myLib, ... }: {
  kubernetes = {
    helm.releases = {
      metallb = {
        chart = nixhelm.chartsDerivations.${system}.metallb.metallb;
        includeCRDs = true;
      };

      # argo-workflows = {
      #   chart = nixhelm.chartsDerivations.${system}.argoproj.argo-workflows;
      #   includeCRDs = true;
      # };

      longhorn = {
        chart = nixhelm.chartsDerivations.${system}.longhorn.longhorn;
        includeCRDs = true;

        values = {
          persistence.defaultClassReplicaCount = 2;
          service.ui.type = "LoadBalancer";

          defaultSettings = {
            defaultDataPath = "/mnt/longhorn";
            storageMinimalAvailablePercentage = 0;
            allowRecurringJobWhileVolumeDetached = true;
            backupTarget = "nfs://lewis.dmz:/mnt/longhorn/persistent/longhorn-backup";
          };
        };
      };
    };

    resources = {
      services.longhorn-frontend.spec.loadBalancerIP = myLib.globals.longhornIPv4;

      namespaces = {
        static-websites = { };
        freshrss = { };
        radicale = { };
        kms = { };
        atuin = { };
        nextcloud = { };
        hedgedoc = { };
        kitchenowl = { };
        forgejo = { };
        paperless = { };
        syncthing = { };
        immich = { };
        attic = { };
        inbucket = { };
        dns = { };
        media = { };
        minecraft = { };
        tailscale = { };
        ntfy = { };
      };

      nodes =
        let
          machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines;
        in
        builtins.mapAttrs
          (name: machine: {
            metadata.labels = machine.kubernetesNodeLabels;
          })
          machinesWithKubernetesLabels;

      recurringJobs.backup-nfs.spec = {
        cron = "0 1 * * *"; # One o'clock at night
        task = "backup";
        retain = 2; # We don't need many, as we also make Borg backups.
        concurrency = 1;
      };

      ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe" ];
      l2Advertisements.main.metadata = { };

      persistentVolumes = {
        music-syncthing.spec = {
          capacity.storage = "1Gi";
          accessModes = [ "ReadWriteMany" ];

          nfs = {
            server = "lewis.dmz";
            path = "/mnt/longhorn/persistent/media/music";
          };
        };

        media-media.spec = {
          capacity.storage = "1Gi";
          accessModes = [ "ReadWriteMany" ];

          nfs = {
            server = "lewis.dmz";
            path = "/mnt/longhorn/persistent/media";
          };
        };
      };
    };
  };

  lab = {
    longhorn.persistentVolume = {
      freshrss.storage = "1Gi";
      radicale.storage = "200Mi";
      atuin.storage = "300Mi";
      atuin-db.storage = "300Mi";
      nextcloud.storage = "50Gi";
      nextcloud-db.storage = "400Mi";
      hedgedoc-uploads.storage = "50Mi";
      hedgedoc-db.storage = "100Mi";
      kitchenowl.storage = "100Mi";
      forgejo.storage = "20Gi";
      paperless-data.storage = "10Gi";
      paperless-redisdata.storage = "20Mi";
      paperless-db.storage = "150Mi";
      syncthing.storage = "400Mi";
      pihole-data.storage = "750Mi";
      pihole-dnsmasq.storage = "16Mi";
      immich.storage = "50Gi";
      immich-db.storage = "5Gi";
      attic.storage = "15Gi";
      attic-db.storage = "150Mi";
      jellyfin.storage = "5Gi";
      transmission.storage = "25Mi";
      jellyseerr.storage = "75Mi";
      radarr.storage = "300Mi";
      prowlarr.storage = "150Mi";
      sonarr.storage = "150Mi";
      bazarr.storage = "25Mi";
      minecraft.storage = "1Gi";
      ntfy.storage = "300Mi";
    };

    tailscaleIngresses.tailscale-longhorn = {
      host = "longhorn";

      service = {
        name = "longhorn-frontend";
        portName = "http";
      };
    };
  };
}