{ lib
, config
, ... }:
with lib;                      

let
  cfg = config.hardware.encryptedDisk;

  volumeGroup = cfg.diskId;
  bootGrubDevice = lib.concatStrings [ "/dev/disk/by-id/" cfg.diskId ];
  bootFsDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part2" ];
  bootLuksDevice = lib.concatStrings [ "/dev/disk/by-partlabel/" cfg.diskId "-part3" ];
  rootFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/root" ];
  swapFsDevice = lib.concatStrings [ "/dev/" volumeGroup "/swap" ];

in {
  options.hardware.encryptedDisk = {
    enable = mkEnableOption "Enable encrypted filesystem layout";
    diskId = mkOption {
      type = types.string;
    };
  };

  config = lib.mkIf cfg.enable {
    fileSystems."/boot" = { 
      device = bootFsDevice;
      fsType = "vfat";
    };

    fileSystems."/" = {
      device = rootFsDevice;
      fsType = "btrfs";
      options = [ "subvol=nixos" ];
    };

    fileSystems."/home" = {
      device = rootFsDevice;
      fsType = "btrfs";
      options = [ "subvol=home" ];
    };

    swapDevices = [ { device = swapFsDevice; } ];

    boot.loader.grub = {
      device = bootGrubDevice;
      efiSupport = true;
      efiInstallAsRemovable = true;
    };

    boot.initrd.luks.devices = [ 
      {
        name = 
          let 
            splitstring = builtins.split "/" bootLuksDevice;
            lastelem = (builtins.length splitstring)-1;
          in 
            builtins.elemAt splitstring lastelem; 
        device = bootLuksDevice;
        preLVM = true;
        allowDiscards = true;
      }
    ];
  };
}