{
  pkgs,
  lib,
  config,
  pkgs-unstable,
  ...
}:
{
  services.kubo = {
    enable = true;
    package = pkgs-unstable.kubo;
    defaultMode = "online";
    autoMount = true;
    enableGC = true;
    localDiscovery = false;
    settings = {
      Addresses.API = [ "/ip4/127.0.0.1/tcp/5001" ];
      Datastore.StorageMax = "10GB";
      Discovery.MDNS.Enabled = false;
      API.HTTPHeaders.Access-Control-Allow-Origin = [
        "http://localhost:3000"
        "http://127.0.0.1:5001"
        "https://webui.ipfs.io"
      ];
      API.HTTPHeaders.Access-Control-Allow-Methods = [
        "PUT"
        "POST"
      ];
      #Bootstrap = [
      #];
      #Swarm.AddrFilters = null;
    };
    startWhenNeeded = true;
  };
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-net {
        meta l4proto { udp, tcp } th sport 4001 counter accept comment "kubo: IPFS libp2p swarm"
      }
      chain output-net {
        meta l4proto { udp, tcp } th dport 4001 skuid ${toString config.services.kubo.user} counter accept comment "kubo: IPFS libp2p swarm"
      }
    }
  '';
}