{ config, pkgs, inputs, lib, ... } @ args:
{
  # Containers
  containers = {
    im = {
      ephemeral = true;
      # privateNetwork = true;
      localAddress = "10.23.45.2";
      hostAddress = "10.23.45.1";

      bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
      bindMounts."/per".isReadOnly = false;

      extraFlags = [
        "--property='MemoryMax=60M'"
        "--property='MemoryHigh=50M'"
        "--property='CPUQuota=4%'"
      ];

      config = { config, pkgs, ... }: {
        imports = [ inputs.impermanence.nixosModules.impermanence ];

        environment.persistence."/per" = {
          directories = [
            "/var/log"
            "/var/lib"
            { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
          ];
          files = [];
        };
        environment.systemPackages = with pkgs; [ helix python312 deno ];

        users.users.ps = { isNormalUser = true; };

        networking.firewall.allowedTCPPorts = [ 80 8080 ];

        system.stateVersion = "25.05";
      };
    };
  };
  networking.nat.enable = true;
  networking.nat.internalInterfaces = ["ve-+"];
  networking.nat.externalInterface = "eth0";
  networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
}