{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.custom.settings.mounts;
in {
  options.custom.settings.mounts.enable = mkOption {default = false;};

  config = mkIf cfg.enable {
    # Enforce permissions for mountpoint directory
    systemd.tmpfiles.rules = ["d /mnt/remote 0755 root root"];

    #!! FUSE does not support remount, sometimes causing activation errors on switch
    # https://github.com/libfuse/libfuse/issues/717
    #?? sudo umount /mnt/remote && sudo mount /mnt/remote
    # https://wiki.nixos.org/wiki/SSHFS
    # https://man.archlinux.org/man/sshfs.1
    fileSystems = let
      #?? "/mnt/PATH" = remote "PATH" UID GID "UMASK"
      remote = path: uid: gid: umask: {
        # https://robot.hetzner.com/storage
        device = "u415778@u415778.your-storagebox.de:/home/${path}";
        fsType = "sshfs";

        options = [
          "noatime" # Do not modify access time
          "reconnect" # Gracefully handle network issues
          "default_permissions" # Check local permissions
          "allow_other" # Grant other users access
          "umask=${umask}" # Set permissions mask
          "uid=${toString uid}" # Set user id
          "gid=${toString gid}" # Set group id
          "idmap=user" # Map local users to remote
          "transform_symlinks" # Convert absolute symlinks to relative
          "compression=no" # Save CPU cycles at the cost of transfer speed
          "port=23"
          "IdentityFile=/etc/ssh/id_ed25519" # !! SSH key configured imperatively
          "ServerAliveInterval=15" # Prevent application hangs on reconnect
        ];
      };
    in {
      # Use umask to set sshfs permissions
      #!! Up to 10 simultaneous connections with Hetzner
      #?? docker compose exec CONTAINER cat /etc/passwd
      "/mnt/remote/conduwuit" = remote "conduwuit" 300 300 "0077"; # conduit:conduit @ 0700
      #// "/mnt/remote/nextcloud" = remote "nextcloud" 33 33 "0007"; # www-data:www-data @ 0700
      "/mnt/remote/syncthing" = remote "syncthing" 237 237 "0077"; # syncthing:syncthing @ 0700
    };

    # https://wiki.nixos.org/wiki/Rclone
    # https://docs.hetzner.com/robot/storage-box/access/access-ssh-rsync-borg/#rclone
    #!! SSH keys configured imperatively
    #!! rclone attempts to write to immutable config; need to manually merge changes
    # https://github.com/rclone/rclone/issues/3655
    # TODO: Attempt to use rclone after daemon is fixed
    # https://github.com/rclone/rclone/issues/5664
    # environment.etc."rclone.conf".text = ''
    #   [remote]
    #   type = sftp
    #   host = u415778.your-storagebox.de
    #   user = u415778
    #   port = 23
    #   key_file = /etc/ssh/id_ed25519
    #   shell_type = unix
    # '';

    # fileSystems."/mnt/remote" = {
    #   device = "remote:/home";
    #   fsType = "rclone";

    #   options = [
    #     "nodev"
    #     "nofail"
    #     "reconnect"
    #     "args2env" # Pass secrets as environment variables
    #     "default_permissions"
    #     "config=/etc/rclone.conf"
    #   ];
    # };
  };
}