{
  pkgs,
  ...
}:
let
  openfortivpn-addroute = pkgs.writeShellScript "openfortivpn-addroute.sh" ''

    sleep 2
    ${pkgs.iproute2}/bin/ip route add 172.16.0.0/12 dev ppp0
    ${pkgs.iproute2}/bin/ip route del default
    ${pkgs.iproute2}/bin/ip route add default via 192.168.0.254
    ${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
    search ville.besancon
    nameserver 172.18.96.1
    nameserver 172.18.96.2
    EOF
  '';
  openfortivpn-delroute = pkgs.writeShellScript "openfortivpn-delroute.sh" ''

    sleep 2
    ${pkgs.coreutils-full}/bin/cat << EOF > /etc/resolv.conf
    nameserver 10.0.0.1
    nameserver 2001:41d0:303:20da::1
    nameserver 217.182.138.218
    nameserver 9.9.9.9
    EOF
  '';

  myMount = description: what: where: {
    inherit description what where;
    type = "cifs";
    options = "credentials=/etc/nixos/smb-secrets,uid=beastie,gid=users";
  };
  myAutoMount = description: where: {
    inherit description where;
    requires = [ "network-online.target" ];
    after = [ "network-online.service" ];
    wantedBy = [ "multi-user.target" ];
    automountConfig = {
      TimeoutIdleSec = 30;
    };
  };
in
{
  environment.systemPackages = [
    pkgs.openfortivpn
    pkgs.cifs-utils
  ];
  systemd.services."openfortivpn" = {
    enable = true;
    #wantedBy = lib.mkForce [ ];
    unitConfig = {
      Description = "OpenFortiVPN";
      After = "network-online.target";
      Wants = "network-online.target systemd-networkd-wait-online.service";
      Documentation = [
        "man:openfortivpn(1) https://github.com/adrienverge/openfortivpn#readme https://github.com/adrienverge/openfortivpn/wiki"
      ];
    };
    serviceConfig = {
      Type = "notify";
      PrivateTmp = "true";
      ExecStart = "${pkgs.openfortivpn}/bin/openfortivpn --no-dns";
      ExecStartPost = "${openfortivpn-addroute}";
      ExecStopPost = "${openfortivpn-delroute}";
      Restart = "on-failure";
      #OOMScoreAdjust = "-100";
    };
  };

  systemd.mounts = [
    (myMount "GBM Perso" "//vf-mc2-sfic06.ville.besancon/usr_s$/SALVIJER/Mes Documents"
      "/gbmshares/perso"
    )
    (myMount "GBM Services" "//vf-mc2-sfic06.ville.besancon/08TIC" "/gbmshares/services")
  ];
  systemd.automounts = [
    (myAutoMount "GBM Perso automount" "/gbmshares/perso")
    (myAutoMount "GBM Services automount" "/gbmshares/services")
  ];
}