{ config, lib, pkgs, ... }:

with lib;
let generateMac = pkgs.lib.network.generate-mac-address;

in {
  boot = {
    initrd = {
      availableKernelModules = [
        "uhci_hcd"
        "ehci_pci"
        "ata_piix"
        "ahci"
        "usb_storage"
        "floppy"
        "sd_mod"
        "sr_mod"
      ];
      kernelModules = [ "dm-snapshot" ];
    };

    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
    kernelPackages = pkgs.linuxPackages_latest;

    supportedFilesystems = [ "bcachefs" ];

    loader.grub = {
      enable = true;
      devices = [
        "/dev/disk/by-id/ata-Samsung_SSD_870_QVO_2TB_S6R4NJ0W702893V"
        "/dev/disk/by-id/ata-Crucial_CT525MX300SSD1_171516B3CB40"
      ];
    };
  };

  fileSystems = {
    "/boot" = {
      device = "/dev/disk/by-label/germany-boot";
      fsType = "ext4";
      options = [ "noatime" "noexec" ];
    };

    "/" = {
      device = "root-tmpfs";
      fsType = "tmpfs";
      options = [ "mode=755" "noexec" ];
    };

    "/nix" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@nix" "compress=zstd" "noatime" ];
    };

    "/state" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@state" "compress=zstd" "noatime" "noexec" ];
    };

    "/var/log" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@logs" "compress=zstd" "noatime" "noexec" ];
    };

    "/home" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@home" "compress=zstd" "noatime" "noexec" ];
    };

    "/var/lib/acme" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@acme" "compress=zstd" "noatime" "noexec" ];
    };

    "/state/services/mail/mail" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@mail" "compress=zstd" "noatime" "noexec" ];
    };

    "/var/lib/containers/storage" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@container-data" "noatime" "compress=zstd" "noexec" ];
    };

    ## BROKEN!
    # "/store" = {
    #   device = lib.concatStringsSep ":" [
    #     "/dev/disk/by-id/ata-Crucial_CT525MX300SSD1_171516B3CB40"
    #     "/dev/disk/by-id/ata-ST8000DM004-2U9188_ZR153N5H"
    #     "/dev/disk/by-id/ata-ST8000DM004-2U9188_ZR153CDK"
    #   ];
    #   fsType = "bcachefs";
    #   options = [ "noexec" "compression=zstd" ];
    # };
  };

  systemd.services.mount-bcachefs-store = let
    mountpoint = "/store";
    deviceString = concatStringsSep ":" [
      "/dev/disk/by-id/ata-Crucial_CT525MX300SSD1_171516B3CB40"
      "/dev/disk/by-id/ata-ST8000DM004-2U9188_ZR153N5H"
      "/dev/disk/by-id/ata-ST8000DM004-2U9188_ZR153CDK"
    ];
    options = concatStringsSep "," [ "noexec" "compression=zstd" ];
  in {
    description =
      "Mount ${mountpoint} filesystem (can't use fileSystems with multiple devices).";
    wantedBy = [ "local-fs.target" ];
    script = ''
      [ -d ${mountpoint} ] || mkdir ${mountpoint}
      if ${pkgs.util-linux}/bin/findmnt ${mountpoint}; then
        echo "already mounted: ${mountpoint}"
      else
        echo "mounting filesystem: ${mountpoint}"
        ${pkgs.bcachefs-tools}/bin/mount.bcachefs ${deviceString} -o ${options} ${mountpoint}
      fi
    '';
  };

  swapDevices = [{ device = "/dev/disk/by-label/germany-swap"; }];

  nix.settings.max-jobs = mkDefault 24;

  hardware.bluetooth.enable = false;

  nixpkgs.hostPlatform = "x86_64-linux";

  hardware = {
    cpu.intel.updateMicrocode = true;
    enableAllFirmware = true;
  };
}