Try to get sea-store working

config/host-config/nostromo.nix

@@ -37,6 +37,21 @@ in {
   #   };
   # };
 
+  fudo.hosts.nostromo.encrypted-filesystems.sea-store = {
+    encrypted-device = "/dev/nostromo-store/locked";
+    key-path = "/run/keys/sea-store";
+    filesystem-type = "btrfs";
+    options = [ "noatime" "nodiratime" "compress=zstd" "noexec" ];
+    mountpoints = {
+      "/share/downloads" = {
+        options = [ "subvol=@downloads" ];
+      };
+      "/share/documents" = {
+        options = [ "subvol=@documents" ];
+      };
+    };
+  };
+
   fudo.ipfs = {
     enable = true;
     users = [ "niten" ];

lib/fudo/host-filesystems.nix

@@ -6,15 +6,6 @@ let
   host-filesystems = config.fudo.hosts.${hostname}.encrypted-filesystems;
 in {
   config = {
-    fileSystems = mapAttrs' (filesystem-name: opts:
-      nameValuePair opts.target-path
-        {
-          device = "/dev/mapper/${filesystem-name}";
-          fsType = opts.filesystem-type;
-          options = opts.filesystem-options;
-        })
-      host-filesystems;
-
     systemd = {
       mounts = let
         filesystems = mapAttrsToList
@@ -45,7 +36,7 @@ in {
             path = with pkgs; [ cryptsetup ];
             serviceConfig = {
               ExecStart = pkgs.writeShellScript "decrypt-${filesystem-name}.sh" ''
-                cryptsetup open --type luks --key-file ${opts.key-path} ${opts.device} ${filesystem-name}
+                cryptsetup open --type luks --key-file ${opts.key-path} ${opts.encrypted-device} ${filesystem-name}
               '';
               ExecStop = pkgs.writeShellScript "close-${filesystem-name}.sh" ''
                 cryptsetup close /dev/mapper/${filesystem-name}

lib/types/host.nix

@@ -19,7 +19,7 @@ rec {
     };
   in {
     options = with types; {
-      device = mkOption {
+      encrypted-device = mkOption {
         type = str;
         description = "Path to the encrypted device.";
       };