{secret, ...}: let nfsOptions = [ "noauto" "X-mount.mkdir" "x-systemd.device-timeout=10" "timeo=14" "soft" "noatime" "x-systemd.after=wireguard-wg0.target" "x-systemd.wants=wireguard-wg0.target" ]; blowholeAddress = secret.network.ips.blowhole.dns or ""; in { boot.zfs.requestEncryptionCredentials = []; systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp"; boot.initrd.luks.devices."cryptroot-2" = { device = "/dev/disk/by-uuid/48e4fe52-9785-42cb-adfc-16776492944e"; allowDiscards = true; crypttabExtraOpts = [ "cipher=xchacha20\\,aes-adiantum-plain64" ]; }; fileSystems = { "/" = { device = "none"; fsType = "tmpfs"; options = ["defaults" "size=512M" "mode=755" "noexec"]; }; "/tmp" = { device = "none"; fsType = "tmpfs"; options = ["defaults" "size=512M" "mode=755"]; }; "/nix/persist" = { device = "omen-ssd/persist"; fsType = "zfs"; neededForBoot = true; }; "/old/root" = { device = "omen-ssd/local/root"; fsType = "zfs"; neededForBoot = true; }; "/old/home" = { device = "omen-ssd/safe/home"; fsType = "zfs"; neededForBoot = true; }; "/nix" = { device = "omen-ssd/local/nix"; fsType = "zfs"; }; "/home" = { device = "omen-ssd/ephemeral/home"; fsType = "zfs"; neededForBoot = true; }; "/root" = { device = "omen-ssd/ephemeral/root"; fsType = "zfs"; neededForBoot = true; }; "/nix/tmp" = { device = "omen-ssd/ephemeral/nix-tmp"; fsType = "zfs"; neededForBoot = true; }; "/boot/1" = { device = "/dev/disk/by-uuid/14647e24-3421-4398-b30e-537de6472433"; fsType = "ext4"; }; "/boot/1/EFI" = { device = "/dev/disk/by-uuid/C58B-3BF8"; fsType = "vfat"; }; "/boot/2" = { device = "/dev/disk/by-uuid/7DB2-70BB"; fsType = "vfat"; }; "/var/secrets" = { device = "omen-ssd/local/secrets"; fsType = "zfs"; }; "/mnt/net/kyle" = { fsType = "nfs"; device = "${blowholeAddress}:/mnt/kyle"; options = nfsOptions; }; "/mnt/net/cartman" = { fsType = "nfs"; device = "${blowholeAddress}:/mnt/cartman"; options = nfsOptions; }; "/mnt/net/stan" = { fsType = "nfs"; device = "${blowholeAddress}:/mnt/stan"; options = nfsOptions; }; "/mnt/net/getmail.d" = { fsType = "nfs"; device = "${blowholeAddress}:/var/nfs/getmail/getmail.d"; options = nfsOptions; }; "/mnt/net/mail-configuration" = { fsType = "nfs"; device = "${blowholeAddress}:/var/nfs/mail-configuration"; options = nfsOptions; }; }; }