{ zentralwerk, config, lib, pkgs, ... }:
{
  options.c3d2 = with lib; {
    mountCeph = mkOption {
      type = with types; nullOr str;
      default = null;
      description = "If set, mountpoint of ceph storage";
    };
  };

  config = lib.mkIf (config.c3d2.mountCeph != null) {
    sops.secrets."ceph/secret" = {};

    services.ceph = {
      global.fsid = "d7c5c9c7-a227-4e33-ab43-3f4aa1eb0630";
      client.enable = true;
    };

    fileSystems."${config.c3d2.mountCeph}" =
      let
        monHosts = lib.concatMapStringsSep "," (host:
          zentralwerk.lib.config.site.net.cluster.hosts4.${host}
        ) [ "server5" "server6" "server8" ];
      in {
        fsType = "ceph";
        device = "${monHosts}:/";
        options = [
          "_netdev"
          "name=c3d2"
          "secretfile=${config.sops.secrets."ceph/secret".path}"
          "noatime"
          "x-systemd.automount"
          "x-systemd.device-timeout=5"
        ];
      };

    environment.systemPackages = with pkgs; [
      ceph
    ];

    warnings = lib.optionals config.boot.isContainer [ ''
      Mounting CephFS on containers (on the same kernel that
      runs the servers) is discouraged! Ask Poelzi why.
    '' ];
  };
}