{ config, lib, pkgs, ... }:

# Add encrypted drives to argon

{
  # copy keyfiles into initrd to make them available during early boot
  boot.initrd.secrets = {
    "/etc/nixos/keys/data1.key" = "/etc/nixos/keys/data1.key";
    "/etc/nixos/keys/data2.key" = "/etc/nixos/keys/data2.key";
    "/etc/nixos/keys/nvmecache.key" = "/etc/nixos/keys/nvmecache.key";
  };

  # decrypt data drives with keyfiles for argon
  boot.initrd.luks.devices = {
    "data1" = {
      device = "/dev/disk/by-uuid/dfae62cc-bad1-4879-bf9a-461bde833625";
      keyFile = "/etc/nixos/keys/data1.key";
    };
    "data2" = {
      device = "/dev/disk/by-uuid/8312edae-9247-481b-a313-52a7f848f027";
      keyFile = "/etc/nixos/keys/data2.key";
    };
    "nvmecache" = {
      device = "/dev/disk/by-uuid/2352250e-4ebe-4f9a-bf66-0d4aaa961bd8";
      keyFile = "/etc/nixos/keys/nvmecache.key";
    };
  };

  # mount decrypted filesystems
  fileSystems."/mnt/data1" = {
    device = "/dev/mapper/data1";
    fsType = "ext4";
    options = [ "nofail" ];
  };

  fileSystems."/mnt/data2" = {
    device = "/dev/mapper/data2";
    fsType = "ext4";
    options = [ "nofail" ];
  };

  fileSystems."/mnt/nvmecache" = {
    device = "/dev/mapper/nvmecache";
    fsType = "ext4";
    options = [ "nofail" ];
  };
}