{
  inputs,
  ...
}:
{
  mkSystem =
    { hostConfig }:
    {
      deployment = {
        targetHost = hostConfig.ip;
        targetUser = "maintenance";
      };

      imports = [
        inputs.impermanence.nixosModules.impermanence
        inputs.sops-nix.nixosModules.sops

        ./systems/base/configuration.nix
        (
          { ... }:
          {
            sops.defaultSopsFile = ./secrets + "/${hostConfig.hostname}.yaml";
            sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
            # Disable automatic pgp key generation based on ssh keys
            sops.gnupg.sshKeyPaths = [ ];

            networking = {
              hostName = hostConfig.hostname;
              interfaces.eth0.ipv4.addresses = [
                {
                  address = hostConfig.ip;
                  prefixLength = 24;
                }
              ];
              nameservers = [ "192.168.10.1" ];
              defaultGateway = {
                address = "192.168.10.1";
                interface = "eth0";
              };
            };
            system.stateVersion = hostConfig.stateVersion;
          }
        )
        ({ ... }: hostConfig.config)
      ] ++ builtins.map (role: role.nixosModule) hostConfig.roles;
    };

  mkRole = cfg: {
    inherit (cfg) name description nixosModule;
    traefikRoutes = cfg.traefikRoutes or ({ ... }: [ ]);
  };
}