{ pkgs, config, lib, ...}: let
  mkLocalMinio = {
    path, n
  }: {
    autoStart = true;

    privateNetwork = true;
    hostBridge = "br0";
    localAddress = "10.0.0.${toString (10+n)}/24";
    
    # If true it registers a new node very time
    # need to find where it stores the state
    ephemeral = false;

    bindMounts = {
      "/mnt/disk1/minio" = {
        hostPath = path;
        isReadOnly = false;
      };
      "/rootCreds" = {
        hostPath = config.sops.secrets.minioRoot.path;
        isReadOnly = true;
      };
    };
    
    config = {pkgs, config, ...}: {
      system.stateVersion = "22.11";

      networking.defaultGateway = "10.0.0.1";
      
      networking.firewall = {
        allowedTCPPorts = [
          9000
          7501
        ];
      };

      environment.systemPackages = with pkgs; [
        minio
        minio-client
      ];
      
      services.minio = {
        enable = true;
        listenAddress = ":9000";
        consoleAddress = ":7501";
        
        dataDir = [
        ];
        
        rootCredentialsFile = "/rootCreds";
      };
      systemd.services.minio.after = ["tailscale_autologin.service"];
      systemd.services.minio.preStart = ''
        sleep 2s
      '';
      systemd.services.minio.environment = {
        MINIO_VOLUMES = "/mnt/disk1/minio";
        # Expandable later, but each pool must have more than 1 disk.
        # https://github.com/minio/minio/issues/16711
        MINIO_SERVER_URL = "http://minio1.minio1.tailnet:9000";
        MINIO_PROMETHEUS_URL = "http://100.64.0.5:9999";
        MINIO_PROMETHEUS_JOB_ID = "minio-job";
      };
    };
  };
in {
  imports = [
    ../../modules/containerHeadscale.nix
  ];

  sops.secrets.minioRoot = {
    owner = "root";
    mode = "0444";
  };
  
  containers = {
    minio1 = mkLocalMinio {
      path = "/mass/minio";
      n = 1;
    };
  };
  services.headscale.containers = {
    minio1 = {
      
    };
  };
}