{ lib
, config
, ... }:
with lib;                     

let
  cfg = config.hardware.encryptedDisk;
  ownLib = import ../lib/default.nix { };
in {
  options.hardware.encryptedDisk = {
    enable = mkEnableOption "Enable encrypted filesystem layout";
    diskId = mkOption {
      type = types.string;
    };
  };

  config = lib.mkIf cfg.enable {
    fileSystems."/boot" = {
      device = (ownLib.disk.bootFsDevice cfg.diskId);
      fsType = "vfat";
    };

    fileSystems."/" = {
      device = (ownLib.disk.rootFsDevice cfg.diskId);
      fsType = "btrfs";
      options = [ "subvol=nixos" ];
    };

    fileSystems."/home" = {
      device = (ownLib.disk.rootFsDevice cfg.diskId);
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };

    swapDevices = [ { device = (ownLib.disk.swapFsDevice cfg.diskId); } ];

    boot.loader.grub = {
      device = (ownLib.disk.bootGrubDevice cfg.diskId);
      enableCryptodisk = true;
    };

    boot.initrd.luks.devices = [
      {
        name =
          let
            splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
            lastelem = (builtins.length splitstring)-1;
          in
            builtins.elemAt splitstring lastelem;
        device = (ownLib.disk.bootLuksDevice cfg.diskId);
        preLVM = true;
        allowDiscards = true;
      }
    ];
  };
}