{ pkgs, ... }:

{
  imports = [
    ../secrets/machines/back.nix
    ../system/baremetal-server.nix
    ../system/ucode-intel.nix
    ../system/zfs.nix
  ];

  system.stateVersion = "23.11";

  boot.loader.systemd-boot.enable = false;
  boot.loader.grub = {
    enable = true;
    copyKernels = true;
    efiInstallAsRemovable = true;
    efiSupport = true;
    fsIdentifier = "uuid";
    enableCryptodisk = true;
    device = "nodev";
  };

  boot.initrd = {
    availableKernelModules = [ "hpsa" "sd_mod" "aesni_intel" "cryptd" ];
    kernelModules = [ "md_mod" "raid0" "raid1" ];
    luks.devices.nixos-root.device = "/dev/md1";

    # Manually start degraded arrays if needed, to still allow booting from them.
    # See https://github.com/NixOS/nixpkgs/issues/72608
    preLVMCommands = ''
      for dev in /dev/md*; do
        if [ -b "$dev" ]; then
          mdadm --run "$dev"
        fi
      done
    '';
  };

  boot.swraid = {
    enable = true;
    mdadmConf = ''
      DEVICE partitions
      ARRAY /dev/md0 level=raid1 num-devices=2 metadata=1.0 name=nixos:0 UUID=8b85ad8d:07770d93:de437327:626744b3
      ARRAY /dev/md1 level=raid1 num-devices=2 metadata=1.2 name=nixos:1 UUID=fa799b6d:76859754:7bf68be4:d184553c
      PROGRAM ${pkgs.toybox}/bin/true
    '';
  };

  fileSystems."/" = {
    device = "/dev/mapper/nixos-root";
    fsType = "btrfs";
    options = [ "noatime" "subvol=@" ];
  };

  fileSystems."/home" = {
    device = "/dev/mapper/nixos-root";
    fsType = "btrfs";
    options = [ "subvol=@home" ];
  };

  fileSystems."/nix" = {
    device = "/dev/mapper/nixos-root";
    fsType = "btrfs";
    options = [ "noatime" "subvol=@nix" ];
  };

  fileSystems."/var/log" = {
    device = "/dev/mapper/nixos-root";
    fsType = "btrfs";
    options = [ "noatime" "compress=zstd" "subvol=@log" ];
  };

  fileSystems."/boot" = {
    device = "/dev/md0";
    fsType = "vfat";
  };
}