{ flake, ... }:
let
  inherit (import ../helpers.nix { inherit flake; }) labHelpers nasUsers;
  inherit (labHelpers)
    guestPath
    mediaPath
    docsPath
    homePath
    miscPath
    userPath
    groupPath
    mntPath
    ;

  nasDirs = user: [
    "d ${userPath user} 0751 microvm wheel - -"
    "d ${homePath user} 0751 microvm wheel - -"
    "d ${guestPath user} 0751 microvm wheel - -"
    "d ${docsPath user} 0751 microvm wheel - -"
    "d ${mediaPath user} 0751 microvm wheel - -"
    "d ${miscPath user} 0751 microvm wheel - -"
  ];

  nasUserList = [
    nasUsers.nasUser0
    nasUsers.nasUser1
    nasUsers.nasUser2
  ];

  nasDirBuilder = builtins.concatLists (builtins.map (user: nasDirs user) nasUserList);

  defaultDirs = [
    "d ${mntPath} 0751 microvm wheel - -"
    "d ${groupPath} 0751 microvm wheel - -"
  ];
in
{
  systemd.tmpfiles.rules = defaultDirs ++ nasDirBuilder;
}

# /storage/					  	  # restic backup for entire dir
# ├── users/
# │	├──	nick/
# │	│	├── home/			  	  # mountable over samba/sshfs
# │	│	│	├── docs/ 			  # paperless user datadir
# │	│	│	├── media/ 			  # photoprism user datadir
# │	│	│	└── misc/		  	  # files not used by any guests
# │	│	└── guests/				  # guest dirs (users should never have to see this)
# │	│		├── firefly-iii/
# │	│		│	├── config/		  # app config
# │	│		│	└── data/		    # app data
# │	│		├── glance/
# │	│		├── photoprism/
# │	│		├── syncthing/
# │	│		└── vaultwarden/
# │	├──	stacie/
# │	│	├── home/
# │	│	│	├── docs/
# │	│	│	└── media/
# │	│	└── guests/
# │	│		├── paperless/
# │	│		├── photoprism/
# │	│		├── syncthing/
# │	│		└── vaultwarden/
# │	└──	garnet/
# │		├── home/
# │		│	├── docs/
# │		│	├── media/
# │		│	└── minecraft/
# │		└── guests/
# │			├── paperless/
# │			├── photoprism/
# │			├── syncthing/
# │			└── vaultwarden/
# └── shared/
# 	├── frigate/
# 	└── home-assistant/