{
  pkgs,
  inputs,
  config,
  lib,
  ...
}: let
  cfg = config.system.cifs_mounts;
  sec = config.sops.secrets;
in {
  options.system.cifs_mounts = {
    enable = lib.mkEnableOption "enables mounting holocron fileshare on the client side";
  };


  config = lib.mkIf cfg.enable {

    environment.systemPackages = with pkgs; [
      cifs-utils
    ];

    fileSystems."/media/holocron/blake" = {
      device = "//10.10.0.10/users/blake";
      fsType = "cifs";
      options = [
        "x-systemd.automount"
        "noauto"
        "_netdev"
        "credentials=${sec."holocron_creds".path}"
        "uid=1000"
        "gid=1000"
        "file_mode=0664"
        "dir_mode=0775"
      ];
    };
    fileSystems."/media/holocron/archives" = {
      device = "//10.10.0.10/archives";
      fsType = "cifs";
      options = [
        "x-systemd.automount"
        "noauto"
        "_netdev"
        "credentials=${sec."holocron_creds".path}"
        "uid=1000"
        "gid=1000"
        "file_mode=0664"
        "dir_mode=0775"
      ];
    };
    fileSystems."/media/holocron/media" = {
      device = "//10.10.0.10/media";
      fsType = "cifs";
      options = [
        "x-systemd.automount"
        "noauto"
        "_netdev"
        "credentials=${sec."holocron_creds".path}"
        "uid=1000"
        "gid=1000"
        "file_mode=0664"
        "dir_mode=0775"
      ];
    };
    # manage secrets with sops
    sops.secrets = {
      "holocron_creds" = {
        owner = "blake";
        group = "blake";
      };
    };
  };
}