{
  pkgs,
  lib,
  config,
  clanLib,
  ...
}:
let
  zerotierSetup = ''
    export NWID=${config.clan.core.facts.services.zerotier.public."zerotier-network-id".value}
    export TOKEN=$(cat /var/lib/zerotier-one/authtoken.secret)
  '';
  zerotierCommand =
    name: command:
    pkgs.writers.writeBashBin name ''
      set -e
      set -o pipefail
        export PATH=${pkgs.curl}/bin:${pkgs.gojq}/bin:${pkgs.zerotierone}/bin:$PATH
        ${zerotierSetup}
        ${command}
    '';
in
{

  environment.systemPackages = [
    (zerotierCommand "zerotier-script-members" ''
      curl "http://localhost:9993/controller/network/''${NWID}/member" -H "X-ZT1-AUTH: ''${TOKEN}" | gojq
    '')
    (zerotierCommand "zerotier-script-delete-member" ''
      if [ "$#" -ne 1 ]; then
          echo "Memid is missing."
          exit 1
      fi
      export MEMID=$1
      echo "deauthorized $MEMID"
      curl -X POST "http://localhost:9993/controller/network/''${NWID}/member/''${MEMID}" -H "X-ZT1-AUTH: ''${TOKEN}" -d '{"authorized": false}' | gojq
      echo "delete $MEMID"
      curl -X DELETE "http://localhost:9993/controller/network/''${NWID}/member/''${MEMID}" -H "X-ZT1-AUTH: ''${TOKEN}" | gojq
    '')
  ];
}