class role::file_store (
  Optional[Hash]  $nfs_mounts = {},
  Optional[String] $mountpoint = "/fichiers1",
) {
  include "base_installation"

  include "profile::fstab"
  include "profile::tools"
  include "profile::monitoring"
  include "profile::wireguard"

  unless empty($mountpoint) {
    class { "::nfs":
      server_enabled             => true,
      nfs_v4                     => true,
      nfs_v4_export_root         => '/exports',
      nfs_v4_export_root_clients => 'localhost(rw)',
      require                    => Mount[$mountpoint],
    }

    $nfs_mounts.each |$nfs_mount, $hosts| {
      file { "$mountpoint/$nfs_mount":
        ensure  => "directory",
        mode    => "0755",
        owner   => "nobody",
        group   => "nobody",
        require => Mount[$mountpoint],
      }

      $hosts.each |$host_cn| {
        $host = find_host($facts["ldapvar"]["other"], $host_cn)
        if empty($host) {
          fail("No host found for nfs")
        } elsif has_key($host["vars"], "wireguard_ip") {
          $clients = sprintf("%s%s",
            join($host["vars"]["wireguard_ip"], "(rw,secure,sync,all_squash) "),
            "(rw,secure,sync,all_squash)")
          nfs::server::export { "$mountpoint/$nfs_mount":
            owner   => "nobody",
            group   => "nobody",
            ensure  => "present",
            clients => $clients,
          }
        } elsif has_key($host["vars"], "host") {
          nfs::server::export { "$mountpoint/$nfs_mount":
            owner   => "nobody",
            group   => "nobody",
            ensure  => "present",
            clients => "${host[vars][host][0]}(rw,secure,sync,all_squash)",
          }
        } else {
          nfs::server::export { "$mountpoint/$nfs_mount":
            owner   => "nobody",
            group   => "nobody",
            ensure  => "present",
            clients => "${host[vars][real_hostname][0]}(rw,secure,sync,all_squash)",
          }
        }
      }
    }
  }
}