diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index 687cd9d80d36..39b8553976eb 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -20,6 +20,7 @@
 
     # Some networking tools.
     pkgs.fuse
+    pkgs.fuse3
     pkgs.sshfs-fuse
     pkgs.socat
     pkgs.screen
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index a6dc8faaae98..1f64213accd4 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -155,7 +155,10 @@ in
   ###### implementation
   config = {
 
-    security.wrappers.fusermount.source = "${pkgs.fuse}/bin/fusermount";
+    security.wrappers = {
+      fusermount.source = "${pkgs.fuse}/bin/fusermount";
+      fusermount3.source = "${pkgs.fuse3}/bin/fusermount3";
+    };
 
     boot.specialFileSystems.${parentWrapperDir} = {
       fsType = "tmpfs";
diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix
index 1922d2924bc5..6ceb36714b28 100644
--- a/nixos/modules/tasks/filesystems.nix
+++ b/nixos/modules/tasks/filesystems.nix
@@ -217,7 +217,7 @@ in
     # Add the mount helpers to the system path so that `mount' can find them.
     system.fsPackages = [ pkgs.dosfstools ];
 
-    environment.systemPackages = [ pkgs.fuse ] ++ config.system.fsPackages;
+    environment.systemPackages = with pkgs; [ fuse3 fuse ] ++ config.system.fsPackages;
 
     environment.etc.fstab.text =
       let
diff --git a/pkgs/os-specific/linux/fuse/common.nix b/pkgs/os-specific/linux/fuse/common.nix
new file mode 100644
index 000000000000..8938eaae8183
--- /dev/null
+++ b/pkgs/os-specific/linux/fuse/common.nix
@@ -0,0 +1,72 @@
+{ version, sha256Hash, maintainers }:
+
+{ stdenv, fetchFromGitHub, fetchpatch
+, utillinux, autoconf, automake, libtool, gettext
+, fusePackages }:
+
+let
+  isFuse3 = stdenv.lib.hasPrefix "3" version;
+in stdenv.mkDerivation rec {
+  name = "fuse-${version}";
+
+  src = fetchFromGitHub {
+    owner = "libfuse";
+    repo = "libfuse";
+    rev = name;
+    sha256 = sha256Hash;
+  };
+
+  patches = stdenv.lib.optional
+    (!isFuse3 && stdenv.isAarch64)
+    (fetchpatch {
+      url = "https://github.com/libfuse/libfuse/commit/914871b20a901e3e1e981c92bc42b1c93b7ab81b.patch";
+      sha256 = "1w4j6f1awjrycycpvmlv0x5v9gprllh4dnbjxl4dyl2jgbkaw6pa";
+  });
+
+  nativeBuildInputs = [ libtool autoconf automake ];
+  buildInputs = [ gettext utillinux ];
+
+  outputs = [ "out" ] ++ stdenv.lib.optional isFuse3 "common";
+
+  preConfigure = ''
+    export MOUNT_FUSE_PATH=$out/sbin
+    export INIT_D_PATH=$TMPDIR/etc/init.d
+    export UDEV_RULES_PATH=$out/etc/udev/rules.d
+
+    # Ensure that FUSE calls the setuid wrapper, not
+    # $out/bin/fusermount. It falls back to calling fusermount in
+    # $PATH, so it should also work on non-NixOS systems.
+    export NIX_CFLAGS_COMPILE="-DFUSERMOUNT_DIR=\"/run/wrappers/bin\""
+
+    sed -e 's@/bin/@${utillinux}/bin/@g' -i lib/mount_util.c
+    sed -e 's@CONFIG_RPATH=/usr/share/gettext/config.rpath@CONFIG_RPATH=${gettext}/share/gettext/config.rpath@' -i makeconf.sh
+
+    ./makeconf.sh
+  '';
+
+  postFixup = if isFuse3 then ''
+    cd $out
+
+    mv bin/mount.fuse3 bin/mount.fuse
+    mv etc/udev/rules.d/99-fuse3.rules etc/udev/rules.d/99-fuse.rules
+
+    install -D -m555 bin/mount.fuse $common/bin/mount.fuse
+    install -D -m444 etc/udev/rules.d/99-fuse.rules $common/etc/udev/rules.d/99-fuse.rules
+    install -D -m444 share/man/man8/mount.fuse.8.gz $common/share/man/man8/mount.fuse.8.gz
+  '' else ''
+    cd $out
+
+    cp ${fusePackages.fuse_3.common}/bin/mount.fuse bin/mount.fuse
+    cp ${fusePackages.fuse_3.common}/etc/udev/rules.d/99-fuse.rules etc/udev/rules.d/99-fuse.rules
+    cp ${fusePackages.fuse_3.common}/share/man/man8/mount.fuse.8.gz share/man/man8/mount.fuse.8.gz
+  '';
+
+  enableParallelBuilding = true;
+
+  meta = {
+    inherit (src.meta) homepage;
+    description = "Kernel module and library that allows filesystems to be implemented in user space";
+    platforms = stdenv.lib.platforms.linux;
+    inherit maintainers;
+  };
+}
diff --git a/pkgs/os-specific/linux/fuse/default.nix b/pkgs/os-specific/linux/fuse/default.nix
index b36d13a0b1da..1a6c45c7cee9 100644
--- a/pkgs/os-specific/linux/fuse/default.nix
+++ b/pkgs/os-specific/linux/fuse/default.nix
@@ -1,47 +1,20 @@
-{ stdenv, fetchFromGitHub, fetchpatch, utillinux
-, autoconf, automake, libtool, gettext }:
+{ stdenv, callPackage, utillinux }:
 
-stdenv.mkDerivation rec {
-  name = "fuse-${version}";
-  version = "2.9.7";
-
-  src = fetchFromGitHub {
-    owner = "libfuse";
-    repo = "libfuse";
-    rev = name;
-    sha256 = "1wyjjfb7p4jrkk15zryzv33096a5fmsdyr2p4b00dd819wnly2n2";
+let
+  mkFuse = args: callPackage (import ./common.nix args) {
+    inherit utillinux;
   };
-
-  buildInputs = [ utillinux autoconf automake libtool gettext ];
-
-  patches = stdenv.lib.optional stdenv.isAarch64 (fetchpatch {
-    url = "https://github.com/libfuse/libfuse/commit/914871b20a901e3e1e981c92bc42b1c93b7ab81b.patch";
-    sha256 = "1w4j6f1awjrycycpvmlv0x5v9gprllh4dnbjxl4dyl2jgbkaw6pa";
-  });
-
-  preConfigure =
-    ''
-      export MOUNT_FUSE_PATH=$out/sbin
-      export INIT_D_PATH=$TMPDIR/etc/init.d
-      export UDEV_RULES_PATH=$out/etc/udev/rules.d
-
-      # Ensure that FUSE calls the setuid wrapper, not
-      # $out/bin/fusermount. It falls back to calling fusermount in
-      # $PATH, so it should also work on non-NixOS systems.
-      export NIX_CFLAGS_COMPILE="-DFUSERMOUNT_DIR=\"/run/wrappers/bin\""
-
-      sed -e 's@/bin/@${utillinux}/bin/@g' -i lib/mount_util.c
-      sed -e 's@CONFIG_RPATH=/usr/share/gettext/config.rpath@CONFIG_RPATH=${gettext}/share/gettext/config.rpath@' -i makeconf.sh
-
-      ./makeconf.sh
-    '';
-
-  enableParallelBuilding = true;
-
-  meta = with stdenv.lib; {
-    homepage = https://github.com/libfuse/libfuse;
-    description = "Kernel module and library that allows filesystems to be implemented in user space";
-    platforms = platforms.linux;
+  maintainers = stdenv.lib.maintainers;
+in {
+  fuse_2 = mkFuse {
+    version = "2.9.7";
+    sha256Hash = "1wyjjfb7p4jrkk15zryzv33096a5fmsdyr2p4b00dd819wnly2n2";
     maintainers = [ maintainers.mornfall ];
   };
+
+  fuse_3 = mkFuse {
+    version = "3.1.1";
+    sha256Hash = "14mazl2i55fp4vjphwgcmk3mp2x3mhqwh9nci0rd0jl5lhpdmpq6";
+    maintainers = [ maintainers.primeos ];
+  };
 }
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 63d30c22ff22..bf60c6c36828 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12052,9 +12052,12 @@ with pkgs;
     inherit (linuxPackages) kernel;
   };
 
-  fuse = callPackage ../os-specific/linux/fuse {
+  fusePackages = callPackage ../os-specific/linux/fuse {
     utillinux = utillinuxMinimal;
   };
+  fuse = lowPrio fusePackages.fuse_2;
+  fuse3 = fusePackages.fuse_3;
+  fuse-common = hiPrio fusePackages.fuse_3.common;
 
   fusionio-util = callPackage ../os-specific/linux/fusionio/util.nix { };