{ zentralwerk, config, lib, pkgs, ... }:
let
  netConfig = zentralwerk.lib.config.site.net.serv;

  nfsExports = [
    "var/lib/nfsroot/dacbert"
    "var/lib/nfsroot/riscbert"
    "var/lib/dump-dvb/whoopsie"
  ];
in {
  imports = [
    ./tftp.nix
  ];

  microvm = {
    hypervisor = "cloud-hypervisor";
    mem = 2048;

    volumes = map (export: {
      mountPoint = "/${export}";
      image = "/dev/zvol/server10/vm/nfsroot/${builtins.baseNameOf export}";
      autoCreate = false;
    }) nfsExports;
  };
  c3d2.deployment = {
    server = "server10";
    mounts = [ "etc" "home" "var"];
  };

  fileSystems = builtins.foldl' (fileSystems: export: fileSystems // {
    "/${export}".options = [ "relatime" "discard" ];
  }) {} nfsExports;

  networking = {
    hostName = "nfsroot";

    firewall.enable = false;
  };

  system.stateVersion = "22.05";


  services.nfs.server = {
    enable = true;
    exports =
      let
        allowed = [
          "172.22.99.0/24"
          "172.20.72.0/21"
          "30c:c3d2:b946:76d0::/64"
          "2a00:8180:2c00:200::/56"
          "fd23:42:c3d2:500::/56"
        ];
        opts = o: fsid:
          lib.concatStringsSep "," [
            o "async"
            "no_subtree_check" "no_root_squash"
            "fsid=${toString fsid}"
          ];
      in ''
        /var/lib/nfsroot/dacbert ${
          lib.concatMapStringsSep " " (subnet:
            "${subnet}(${opts "rw" 1})"
          ) allowed
        }
        /var/lib/nfsroot/riscbert ${
          lib.concatMapStringsSep " " (subnet:
            "${subnet}(${opts "rw" 2})"
          ) allowed
        }
        /var/lib/dump-dvb/whoopsie ${
          lib.concatMapStringsSep " " (subnet:
            "${subnet}(${opts "rw" 3})"
          ) allowed
        }
    '';
  };
}