{ ... }:
{
  # Don't make the nix store read-only, as this would prevent the overlay FS
  # from being able to mount it.
  boot.readOnlyNixStore = false;

  # Mount the hut nix store via NFS in read-only mode.
  fileSystems."/mnt/hut-nix-store" = {
    device = "hut:/nix/store";
    fsType = "nfs";
    options = [ "ro" ];
  };

  # A workdir is also needed, so setup a permanent dir using tmpfiles.
  systemd.tmpfiles.rules = [
    "d /mnt/nix-work 0700 root root -"
  ];

  # Mount an overlay in /nix/store using as lower layer the NFS store and upper
  # layer the disk nix store. The destination is still the nix store in
  # /nix/store (confusing). We need rw access, as the daemon need to write the
  # lock files to build derivations locally.
  # HACK: Use /nix//store to prevent the overlay to be mounted on boot, see:
  # https://github.com/NixOS/nixpkgs/blob/17a46d09ac123d0da3a26855bf3af7db01f9c751/nixos/lib/utils.nix#L14
  fileSystems."/nix//store" = {
    device = "overlay";
    fsType = "overlay";
    options = [
      # We need the local-fs.target to be ready, so the network interfaces can
      # be configured to the network.target is reached. So make this a netdev
      # mount.
      "_netdev"
      "lowerdir=/mnt/hut-nix-store,upperdir=/nix/store,workdir=/mnt/nix-work"
      "x-systemd.requires-mounts-for=/nix/store"
      # We need to wait for the NFS mount
      "x-systemd.requires-mounts-for=/mnt/hut-nix-store"
    ];
    depends = [ "/nix/store" "/mnt/hut-nix-store" "/mnt/nix-work" ];
  };

  # Maybe we should move it to a systemd mount, so we avoid the /nix//store
  # hack. Example (not tested):
  # systemd.mounts = [
  #   {
  #     what = "overlay";
  #     type = "overlay";
  #     where = "/nix/store";
  #     options = "lowerdir=/mnt/hut-nix-store,upperdir=/nix/store,workdir=/mnt/nix-work";
  #     description = "Overlay nix store mount";
  #     requires = [ "hut-nix-store.mount" ];
  #     after = [ "mnt-hut\\x2dnix\\x2dstore.mount" ];
  #     before = [ "nix-daemon.service" ];
  #   }
  # ];
}