{ config, pkgs, ... }:

{
  boot = {
    loader = {
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot/efi";
      };
      grub = {
        enable = true;
        device = "nodev";
        enableCryptodisk = true;
        efiSupport = true;
      };
    };
    initrd = {
      luks = {
        #yubikeySupport = true;
        devices = {
          "system" = {
            device = "/dev/disk/by-uuid/b9778e01-a86c-4c6b-beb3-f97888d4a6eb";
            keyFile = "/system_keyfile.bin";
            allowDiscards = true;
            # yubikey = {
            #   slot = 2;
            #   twoFactor = false;
            #   gracePeriod = 30;
            #   keyLength = 64;
            #   saltLength = 16;
            #   storage = {
            #     device = "/dev/nvme0n1p1";
            #     fsType = "vfat";
            #     path = "/crypt-storage/default";
            #   };
            # };
          };
          "user" = {
            device = "/dev/disk/by-uuid/d8e9b35d-704a-4f66-bc19-0dd3e158de36";
            keyFile = "/user_keyfile.bin";
          };
        };
      };
      secrets = {
        "/system_keyfile.bin" = "/etc/luks-keys/system.bin";
        "/user_keyfile.bin" = "/etc/luks-keys/user.bin";
      };
    };
  };

  fileSystems = {

    "/" = {
      device = "tmpfs";
      fsType = "tmpfs";
      options = [ "defaults" "size=2G" "mode=755" ];
    };

    "/boot/efi" = {
      device = "/dev/disk/by-uuid/0BFA-9A66";
      fsType = "vfat";
    };

    "/mnt/btr_system" = {
      device = "/dev/mapper/system";
      fsType = "btrfs";
      options = [ "subvolid=5" "compress=zstd" ];
    };

    "/mnt/btr_user" = {
      device = "/dev/mapper/user";
      fsType = "btrfs";
      options = [ "subvolid=5" "compress=zstd" ];
    };

    "/mnt/persist" = {
      device = "/dev/mapper/user";
      fsType = "btrfs";
      options = [ "subvol=persist" "compress=zstd" ];
      neededForBoot = true;
    };

    "/mnt/data" = {
      device = "/dev/mapper/user";
      fsType = "btrfs";
      options = [ "subvol=data" "compress=zstd" ];
      neededForBoot = true;
    };

    "/mnt/vfs_share" = {
      device = "/dev/mapper/user";
      fsType = "btrfs";
      options = [ "subvol=vfs_share" "compress=zstd" ];
      neededForBoot = true;
    };

    "/nix" = {
      device = "/dev/mapper/system";
      fsType = "btrfs";
      options = [ "subvol=nix" "compress=zstd" ];
    };

    "/mnt/logs" = {
      device = "/dev/mapper/system";
      fsType = "btrfs";
      options = [ "subvol=logs" "compress=zstd" ];
      neededForBoot = true;
    };

    "/boot" = {
      device = "/dev/mapper/system";
      fsType = "btrfs";
      options = [ "subvol=boot" "compress=zstd" ];
    };

    "/swap" = {
      device = "/dev/mapper/system";
      fsType = "btrfs";
      options = [ "subvol=swap" ];
    };

    "/mnt/narwhal" = {
      device = "narwhal:/";
      fsType = "nfs";
    };

    "/mnt/backups/0" = {
      device = "/dev/mapper/backups0";
      fsType = "btrfs";
      options = [ "noauto" "subvolid=5" "compress=zstd" ];
    };

    "/mnt/backups/1" = {
      device = "/dev/mapper/backups1";
      fsType = "btrfs";
      options = [ "noauto" "subvolid=5" "compress=zstd" ];
    };

    "/mnt/backups/2" = {
      device = "/dev/mapper/backups2";
      fsType = "btrfs";
      options = [ "noauto" "subvolid=5" "compress=zstd" ];
    };

  };

  swapDevices = [{ device = "/swap/swapfile"; }];

  environment.etc.crypttab.text = ''
    backups0 UUID="e45232d5-f46f-46f3-a150-be26374b3357" /etc/luks-keys/backups.bin noauto
    backups1 UUID="5b3da928-4862-4451-89cd-5bd6a95466d0" /etc/luks-keys/backups.bin noauto
    backups2 UUID="cbfa9cba-dee2-4d0b-8cde-2f1d1849b22c" /etc/luks-keys/backups.bin noauto
  '';
}