diff --git a/modules/services/network-filesystems/nfsd.nix b/modules/services/network-filesystems/nfsd.nix
index fe939d34d3f..d1c280cf000 100644
--- a/modules/services/network-filesystems/nfsd.nix
+++ b/modules/services/network-filesystems/nfsd.nix
@@ -69,7 +69,7 @@ in
 
     services.portmap.enable = true;
 
-    services.nfs.client.enable = true; # needed for statd
+    services.nfs.client.enable = true; # needed for statd and idmapd
 
     environment.systemPackages = [ pkgs.nfsUtils ];
 
@@ -105,6 +105,7 @@ in
         postStart =
           ''
             ensure statd
+            ensure idmapd
           '';
       };
 
diff --git a/modules/tasks/filesystems.nix b/modules/tasks/filesystems.nix
index 383035bba83..57a020a4a25 100644
--- a/modules/tasks/filesystems.nix
+++ b/modules/tasks/filesystems.nix
@@ -187,6 +187,7 @@ in
             
             ${optionalString config.services.nfs.client.enable ''
               ensure statd || true
+              ensure idmapd || true
             ''}
 
             echo "mounting filesystems..."
diff --git a/modules/tasks/filesystems/nfs.nix b/modules/tasks/filesystems/nfs.nix
index 2426a52ee51..ceb21c873ca 100644
--- a/modules/tasks/filesystems/nfs.nix
+++ b/modules/tasks/filesystems/nfs.nix
@@ -6,6 +6,27 @@ let
 
   inInitrd = any (fs: fs == "nfs") config.boot.initrd.supportedFilesystems;
 
+  nfsStateDir = "/var/lib/nfs";
+
+  rpcMountpoint = "${nfsStateDir}/rpc_pipefs";
+
+  idmapdConfFile = {
+    target = "idmapd.conf";
+    source = pkgs.writeText "idmapd.conf" ''
+      [General]
+      Pipefs-Directory = ${rpcMountpoint}
+      ${optionalString (config.networking.domain != "")
+        "Domain = ${config.networking.domain}"}
+
+      [Mapping]
+      Nobody-User = nobody
+      Nobody-Group = nogroup
+
+      [Translation]
+      Method = nsswitch
+    '';
+  };
+
 in
 
 {
@@ -40,6 +61,8 @@ in
         cp -v ${pkgs.klibc}/lib/klibc/bin.static/nfsmount $out/bin
       '';
 
+    environment.etc = singleton idmapdConfFile;
+
     jobs.statd =
       { description = "Kernel NFS server - Network Status Monitor";
 
@@ -50,9 +73,8 @@ in
         preStart =
           ''
             ensure portmap
-            mkdir -p /var/lib/nfs
-            mkdir -p /var/lib/nfs/sm
-            mkdir -p /var/lib/nfs/sm.bak
+            mkdir -p ${nfsStateDir}/sm
+            mkdir -p ${nfsStateDir}/sm.bak
             sm-notify -d
           '';
 
@@ -61,5 +83,29 @@ in
         exec = "rpc.statd --no-notify";
       };
 
+    jobs.idmapd =
+      { description = "Kernel NFS server - ID Map Daemon";
+
+        path = [ pkgs.nfsUtils pkgs.sysvtools pkgs.utillinux ];
+
+        stopOn = "starting shutdown";
+
+        preStart =
+          ''
+            ensure portmap
+            mkdir -p ${rpcMountpoint}
+            mount -t rpc_pipefs rpc_pipefs ${rpcMountpoint}
+          '';
+
+        postStop =
+          ''
+            umount ${rpcMountpoint}
+          '';
+
+        daemonType = "fork";
+
+        exec = "rpc.idmapd";
+      };
+
   };
 }