{
  inputs,
  config,
  lib,
  pkgs,
  system,
  ...
}:
let
  cfg = config.suites.nas;
in
{
  # imports = [
  # ];

  ###########
  # Options #
  ###########
  options.suites.nas.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = false;
    description = "Enable Preconfigured NAS Config";
  };
  options.suites.nas.domain = lib.mkOption {
    type = with lib.types; string;
    default = "localhost";
    description = "NAS Reachable Domain Name";
  };
  options.suites.nas.media.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = true;
    description = "Enable Media Servers";
  };
  options.suites.nas.media.folder = lib.mkOption {
    type = with lib.types; str;
    default = "/home/media";
    description = "Media Root Directory";
  };
  options.suites.nas.media.servers.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = true;
    description = "Enable Preconfigured Media Servers";
  };


  # NAS Config
  config = lib.mkIf (cfg.enable) {

    #########
    # Users #
    #########
    users.groups.media = {};
    users.users.media = {
      isSystemUser = true;
      createHome = true;
      description = "Media User";
      group = "media";
      home = "/home/media";
    };

    ##################
    # Network Drives #
    ##################
    services.samba = {
      enable = true;
      openFirewall = true;
      settings = {
        global = {
          # Discorvery
          "workgroup" = "WORKGROUP";
          "netbios name" = "mow0m";
          "netbios aliases" = "";
          "server string" = "mow0m Server";
          # Guest Access
          #"restrict anonymous" = "0"; # Default 0
          "guest account" = "nobody";
          "map to guest" = "Bad User";
          # Security
          "local master" = "True";
          "create mask" = "0664";
          "directory mask" = "0775";
          #"ntlm auth" = "False";
          security = "user";
          "invalid users" = [ "root" ];
          "passwd program" = "/run/wrappers/bin/passwd %u";
          # Networking
          "winbind request timeout" = "2";
        };
        media = {
          comment = "Public Media Share";
          browsable = "yes";
          "guest ok" = "yes"; # same as public = true
          "writable" = "yes";
          path = "/laowu/media";
          "create mask" = "0644";
          "directory mask" = "0755";
          "force user" = "media";
          "force group" = "media";
        };
      };
    };
    services.samba-wsdd = { # Web Service Discorvery Daemon
      enable = true;
      openFirewall = true;
    };
    networking.firewall.allowPing = true;


    #################
    # Media Servers #
    #################
    # Jellyfin
    services.jellyfin.enable = cfg.media.servers.enable;
    services.jellyfin.user = "media";
    services.traefik.dynamicConfigOptions = {
      http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
      http.routers.jellyfin.entrypoints = "websecure";
      http.routers.jellyfin.tls = true;
      #http.routers.jellyfin.tls.certresolver = "letsencrypt";
      http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
      http.routers.jellyfin.service = "jellyfin";
    };


  };

}