{ config, lib, pkgs, ... }:

with lib; {
  boot = {
    initrd = {
      availableKernelModules = [ "ahci" "usbhid" ];
      kernelModules = [ "dm-snapshot" ];
    };
    kernelModules = [ ];
    extraModulePackages = [ ];
    loader.grub = {
      enable = true;
      device = "/dev/sda";
    };

    supportedFilesystems = [ "btrfs" ];
  };

  system.stateVersion = "22.05";

  fileSystems = {
    "/" = {
      device = "root-tmpfs";
      fsType = "tmpfs";
      options = [ "mode=755" "noexec" "size=20G" ];
    };

    "/boot" = {
      device = "/dev/disk/by-label/legatus-boot";
      fsType = "ext4";
      options = [ "noexec" "noatime" "nodiratime" ];
    };

    "/nix" = {
      device = "/dev/disk/by-label/legatus-data";
      fsType = "btrfs";
      options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ];
    };

    "/var/log" = {
      device = "/dev/disk/by-label/legatus-data";
      fsType = "btrfs";
      options =
        [ "subvol=@log" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      neededForBoot = true;
    };

    "/state" = {
      device = "/dev/disk/by-label/legatus-data";
      fsType = "btrfs";
      options =
        [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ];
    };

    "/var/lib/containers/storage" = {
      device = "/dev/disk/by-label/legatus-data";
      fsType = "btrfs";
      options = [ "subvol=@container-data" "noatime" "compress=zstd" "noexec" ];
    };

    "/var/lib/tailscale" = {
      device = "/dev/disk/by-label/legatus-data";
      fsType = "btrfs";
      options = [ "subvol=@tailscale" "noatime" "compress=zstd" "noexec" ];
    };
  };

  swapDevices = [{ device = "/dev/disk/by-label/legatus-swap"; }];

  networking = {
    macvlans = {
      extif0 = {
        interface = "eno1";
        mode = "bridge";
      };
    };

    useDHCP = false;

    interfaces = {
      extif0 = {
        macAddress = pkgs.lib.network.generate-mac-address "legatus" "extif0";
      };
    };
  };
}