{ pkgs, ... }:
let
  usb_data = import ./hardware/usb_data.nix {};
  ssd_data = import ./hardware/ssd_data.nix {};
in {
  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    initrd.availableKernelModules = [
      "xhci_pci"
      "ahci"
      "nvme"
      "usb_storage"
      "sd_mod"
      "rtsx_pci_sdmmc"
      "uas"
      "usbcore"
      "usb_storage"
      "vfat"
      "nls_cp437"
      "nls_iso8859_1"
      "aesni_intel"
      "cryptd"
    ];
    kernelModules = [ "kvm-intel" ];
  

  initrd.postDeviceCommands = pkgs.lib.mkBefore ''
    mkdir -m 0755 -p ${usb_data.mountpoint}

    while !(test -b ${usb_data.encrypted_path})
    do
      echo "Please Plug In USB"
      sleep 1
    done

    echo "Please Decrypt USB"

    cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}

    mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint}
  '';

  initrd.luks.devices = {
    "${ssd_data.root_mapper_name}" = {
      device = "${ssd_data.encrypted_root_path}";
      keyFile = "${usb_data.lappy_encryption_key_path}";
      preLVM = false;
      allowDiscards = true;
    };
  };
};

  fileSystems = {
    "/" = {
      device = "${ssd_data.decrypted_root_path}";
      fsType = "${ssd_data.unencrypted_root_fs_type}";
    };
    "/boot" = {
      device = "${ssd_data.boot_path}";
      fsType = "${ssd_data.boot_fs_type}";
    };
  };

}