{ config, pkgs, lib, ... }:
{
  #boot.kernelParams = [ "nfs.nfs4_disable_idmapping=0" "nfsd.nfs4_disable_idmapping=0" ];

  # TODO: wg-common.nix

  #wireguard fyrkat client
  # https://nixos.wiki/wiki/WireGuard
  networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces."wg0".listenPort ];
  networking.wireguard.interfaces."wg0" = {
    #ips = [ "172.22.48.3/24" ]; # set per host!
    listenPort = 51820; # (random is default)
    generatePrivateKeyFile = true;
    privateKeyFile = "/var/lib/wg/wireguard_key";

    peers = [
      {
        # get your pubkey to give to fyrkat with `wg pubkey </var/lib/wg/wireguard_key`
        endpoint = "fridge.fyrkat.no:51820";
        publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";

        # Forward all the traffic via VPN.
        # (ips you're allow to claim?)
        allowedIPs = [
          "172.22.48.0/24" # fyrkat wg subnet
          "10.48.100.0/22" # fyrkat subnet
        ];

        # Send keepalives every 25 seconds. Important to keep NAT tables alive.
        persistentKeepalive = 25;
      }
    ];
  };
  users.users.wireguard.group = "writeguard";
  users.groups.writeguard = {};
  users.users.wireguard.isSystemUser = true;
  users.users.wireguard.createHome = true;
  users.users.wireguard.home = "/var/lib/wg";

  fileSystems = let
    mkMount = mountpoint: server: subdir: {
      "${mountpoint}${subdir}" = {
        device = "${server}${subdir}";
        fsType = "nfs";
        #options = [ "nfsvers=4.2" ];
      };
    };
    # TODO: combine nameValuePair and listToAttrs
    joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
  in joinSets (
    # TODO: space in dirname is not supported
    (map (mkMount "/mnt/fridgepool" "10.48.101.252:/pub") [
      # zfs list -rHo mountpoint,sharenfs fridpool/pub  |  grep ro= | cut -f1
      ""
      "/ebook"
      #"/games" # not mounted server side
      "/games/3ds"
      "/games/dos"
      "/games/ds"
      "/games/flash"
      "/games/macos"
      "/games/nes"
      "/games/snes"
      "/games/wii"
      "/games/windows"
      "/incoming"
      "/manga"
      #"/media" # not mounted server side
      "/media/anime"
      "/media/documentary"
      #"/media/franchise" # not mounted server side
      "/media/franchise/avatar"
      "/media/franchise/doraemon"
      "/media/franchise/lego"
      "/media/franchise/masterclass"
      "/media/franchise/star.trek"
      "/media/movies"
      "/media/movies-old"
      "/media/music"
      "/media/music-old"
      #"/media/series" # not mounted server side
      "/media/series-old"
      "/media/series/cn"
      "/media/series/en"
      "/media/series/fr"
      "/media/series/jp"
      "/media/series/kr"
      "/media/series/nl"
      "/media/series/no"
      "/media/shorts"
      "/media/soundtrack"
      #"/media/standup" # not mounted server side
      "/media/standup/en"
      "/media/standup/nl"
      "/media/webvid"
      #"/old"
      #"/oses" # not mounted server side
      "/oses/apple"
      "/oses/diagnostic"
      "/oses/freebsd"
      "/oses/linux"
      "/oses/netbsd"
      "/oses/openindiana"
      "/oses/philips-tv"
      "/oses/reactos"
      "/oses/smartos"
      "/oses/vmware"
      "/oses/windows"
      "/password"
      #"/software" # not mounted server side
      "/software/esx"
      "/software/jvm"
      "/software/mac"
      "/software/win"
      "/wallpapers"
      "/webcomics"
    ])
  );

}