{ pkgs, lib, config, ... }:
with lib;
let
  cfg = config.cluster.fs;

  cert = cfg.cert;

  pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; };

  common = {
    boot.kernelModules = [
      "dm_snapshot"
      "dm_mirror"
      "dm_thin_pool"
    ];

    networking = {
      firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
      firewall.allowedTCPPorts = [ 111 2049 ];
      firewall.allowedUDPPorts = [ 111 2049 24007 24008 ];
    };

    environment.systemPackages = [ pkgs.lvm2 ];
  };

  glusterfs = {
    services.glusterfs = {
      enable = true;
      tlsSettings = {
        caCert = pki.ca.cert;
        tlsKeyPath = cert.key;
        tlsPem = cert.cert;
      };
    };
  };

  nfs = {
    services.nfs.server = {
      enable = true;
      exports = cfg.nfs.exports;
    };
  };
in {
  options.cluster.fs = {
    enable = mkEnableOption "Enable nfs fileserver";

    nfs = {
      enable = mkEnableOption "Enable nfs fileserver";
      exports = mkOption {
        type = types.str;
        default = "";
      };
    };

    glusterfs.enable = mkEnableOption "Enable glusterfs fileserver";
  };

  config = mkIf cfg.enable (
    mkMerge [
      common
      (mkIf cfg.nfs.enable nfs)
      (mkIf cfg.glusterfs.enable glusterfs)
    ]
  );

  imports = [ ./os.nix ];
}