{ config, lib, pkgs, ... }:

{
  config = {

    boot = {
      initrd = {
        luks.devices.socrates-unlocked = {
          device = "/dev/socrates/socrates-locked";
          preLVM = false;
          allowDiscards = true;
        };
        availableKernelModules = [
          "xhci_pci"
          "ehci_pci"
          "ahci"
          "usb_storage"
          "usbhid"
          "sd_mod"
          "r8169"
        ];
        kernelModules = [ "dm-snapshot" ];
        # network = {
        #   enable = true;
        #   ssh = {
        #     enable = true;
        #     port = 22;
        #     authorizedKeys = [
        #       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0= niten@plato"
        #     ];
        #     hostKeys = [
        #       "/state/ssh/ssh_host_ed25519_key"
        #       "/state/ssh/ssh_host_rsa_key"
        #     ];
        #   };
        # };
      };

      loader = {
        grub = {
          enable = true;
          version = 2;
          device = "/dev/sda";
        };
      };

      kernelModules = [ ];
      extraModulePackages = [ ];
    };

    fileSystems = {
      "/" = {
        device = "socrates-root";
        fsType = "tmpfs";
        options = [ "mode=755" "size=12G" ];
      };

      "/boot" = {
        device = "/dev/disk/by-label/socrates-boot";
        fsType = "ext4";
        options = [ "noatime" "nodiratime" "noexec" ];
      };

      "/nix" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ];
      };

      "/var/log" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@log" "compress=zstd" "noatime" "nodiratime" "noexec" ];
        neededForBoot = true;
      };

      "/state" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      };

      "/home" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@home" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      };
    };

    swapDevices = [{
      device = "/dev/socrates/socrates-swap";
      randomEncryption.enable = true;
    }];

    networking = {
      macvlans = {
        intif0 = {
          interface = "enp1s0";
          mode = "bridge";
        };
      };

      interfaces = {
        enp1s0.useDHCP = false;
        intif0 = {
          macAddress = "02:f2:30:b8:71:42";
        };
      };
    };
  };
}