{
  lib,
  config,
  ...
}: let
  cfg = config.pim.data-sharing;
  nfsShares = ["/mnt/longhorn/persistent/longhorn-backup"];

  nfsExports = lib.strings.concatLines (
    builtins.map
    (
      share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
    )
    nfsShares
  );
in {
  options.pim.data-sharing = {
    enable = lib.mkOption {
      default = false;
      type = lib.types.bool;
      description = ''
        Configure this server to serve our data using NFS.
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [
      2049 # NFS
      111 # NFS
      20048 # NFS
    ];

    services.nfs.server = {
      enable = true;
      exports = nfsExports;
    };
  };
}