{
  pkgs,
  lib,
  config,
  ...
}:
{
  services.kubo = {
    enable = true;
    defaultMode = "online";
    autoMount = true;
    enableGC = true;
    localDiscovery = false;
    settings = {
      Datastore.StorageMax = "10GB";
      Discovery.MDNS.Enabled = false;
      #Bootstrap = [
      #];
      #Swarm.AddrFilters = null;
    };
    startWhenNeeded = true;
  };
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-net {
        meta l4proto { udp, tcp } th sport 4001 counter accept comment "kubo: IPFS libp2p swarm"
      }
      chain output-net {
        meta l4proto { udp, tcp } th dport 4001 skuid ${toString config.services.kubo.user} counter accept comment "kubo: IPFS libp2p swarm"
      }
    }
  '';
}