{ lib, config, ... }: {
  nixpkgs.hostPlatform = "x86_64-linux";
  hardware.enableRedistributableFirmware = true;
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];

  age.secrets.phoenix_user_password = {
    rekeyFile = ./secrets/password.age;
    owner = "user";
    group = "users";
    mode = "0400";
  };
  
  n.host = {
    hardware.cpu = "amd";
    bootloader = "lanzaboote";

    hostId = "053c9578";
    users."user" = lib.mkUser config.age.secrets.phoenix_user_password.path true;
    defaultUser = "user";
    types = [ "desktop" ];
  };

  imports = [
    (lib.fs.zfs "/nix" "rpool/nix" null)
    (lib.fs.luks "crypted"
      "/dev/disk/by-partuuid/0f262ab8-0aad-5f42-8ee5-493f68465aff"
      { header = "/dev/disk/by-partuuid/11ca2df8-17c3-47a2-8ba0-49976273008f";
        allowDiscards = true; # Used if primary device is a SSD
        preLVM = true; })

    (lib.fs.tmpfs "/" "none" [ "mode=755" "size=40%" ])
    (lib.fs.vfat "/boot" "/dev/disk/by-uuid/6D12-D841" null)
    (lib.fs.swap "/dev/disk/by-uuid/391c74f2-8703-4d17-af3b-1f8087f8ad0a")
  ];
}