{ config, lib, ... }:

let
  device = config.disk.device;
in
{
  options.disk.device = lib.mkOption {
    type        = lib.types.str;
    description = "Block device to partition, e.g. /dev/nvme0n1";
  };

  config = {
    disko.devices = {
      disk.main = {
        inherit device;
        type    = "disk";
        content = {
          type = "gpt";
          partitions = {
            esp = {
              size    = "2G";
              type    = "EF00";
              label   = "esp";
              content = {
                type         = "filesystem";
                format       = "vfat";
                mountpoint   = "/boot";
                mountOptions = [ "umask=0077" ];
              };
            };
            luks = {
              size  = "100%";
              label = "disk-main-luks";
              content = {
                type           = "luks";
                name           = "cryptroot";
                # initrd unlock managed manually in configuration.nix to include
                # YubiKey challenge-response settings.
                initrdUnlock   = false;
                extraFormatArgs = [ "--type" "luks2" "--pbkdf" "argon2id" ];
                content = {
                  type      = "btrfs";
                  extraArgs = [ "-f" ];
                  subvolumes = {
                    "@" = {
                      mountpoint   = "/";
                      mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" ];
                    };
                    "@home" = {
                      mountpoint   = "/home";
                      mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" ];
                    };
                    "@nix" = {
                      mountpoint   = "/nix";
                      mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" ];
                    };
                    "@log" = {
                      mountpoint   = "/var/log";
                      mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" ];
                    };
                    "@snapshots" = {
                      mountpoint   = "/.snapshots";
                      mountOptions = [ "compress=zstd:3" "noatime" "space_cache=v2" ];
                    };
                  };
                };
              };
            };
          };
        };
      };
    };
  };
}