{
  config,
  pkgs,
  ...
}: let
  usb_data = import ../../data/usb_data.nix {};
  drive_data = import ../../data/dual_drive_data.nix {};
in {
  config.boot = {
    initrd.availableKernelModules = [
      # For USB w/ Encryption Key
      "usb_storage"
      "usbcore"
      "uas"
      "sd_mod"
      # For USB Keyboards
      "usbhid"
      # For Cryptography
      "aesni_intel"
      "cryptd"
    ];
    initrd.postDeviceCommands = pkgs.lib.mkBefore ''
      mkdir -m 0755 -p /keys
      mkdir -m 0755 -p ${usb_data.mountpoint}

      while !(test -b ${usb_data.encrypted_path})
      do
        echo "Please Plug In USB"
        sleep 1
      done

      echo "Please Decrypt USB"

      cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}

      mount -n -t ${usb_data.unencrypted_fs_type} -o ro ${usb_data.mapper_path} ${usb_data.mountpoint}

      cp ${usb_data.encryption_keys_path}/${config.networking.hostName}.key /keys

      umount -f ${usb_data.mountpoint}

      cryptsetup close ${usb_data.mapper_name}
    '';

    initrd.luks.devices = {
      "${drive_data.root_mapper_name}" = {
        device = "${drive_data.encrypted_root_path}";
        keyFile = "/keys/${config.networking.hostName}.key";
        preLVM = false;
        allowDiscards = true;
      };
    };
  };
  config.fileSystems = {
    "/" = {
      device = "${drive_data.decrypted_root_path}";
      fsType = "${drive_data.unencrypted_root_fs_type}";
    };
    "/boot" = {
      device = "${drive_data.boot_path}";
      fsType = "${drive_data.boot_fs_type}";
    };
  };
}