{
  lib,
  config,
  kubenix,
  ...
}: {
  kubernetes.helm.releases.ingress-nginx = {
    namespace = "ingress-nginx";
    chart = kubenix.lib.helm.fetch {
      repo = "https://kubernetes.github.io/ingress-nginx";
      chart = "ingress-nginx";
      version = "4.10.1";
      sha256 = "BHRoXG5EtJdCGkzy52brAtEcMEZP+WkNtfBf+cwpNbs=";
    };
    values = {
      controller = {
        kind = "DaemonSet";
        metrics = {
          enabled = true;
          serviceMonitor.enabled = true;
          additionalLabels.release = "prometheus";
        };
        podAnnotations = {
          "prometheus.io/scrape" = "true";
          "prometheus.io/port" = "10254";
        };
        tolerations = [
          {
            key = "node-role.kubernetes.io/control-plane";
            effect = "NoSchedule";
          }
        ];
        ingressClassResource.default = true;
        publishService.enabled = true;
        service.externalTrafficPolicy = "Local";
        hostNetwork = true;
        extraArgs.default-ssl-certificate = "cert-manager/gmem-ca-wildcard";
      };
    };
  };
}