{
  flake,
  config,
  lib,
  ...
}:
let
  inherit (flake.config.people) user0;
  inherit (flake.config.machines.devices) eris;
  erisSecrets = config.sops.secrets."network/server".path;

  rootDevice = "/dev/disk/by-label/root";
  bootDevice = "/dev/disk/by-label/BOOT";

  sambaDrives = [
    "samba0"
  ];

  sambaFolders = [
    "raid0"
  ];

  sambaMounts = sambaDrive: folder: {
    name = "${eris.${sambaDrive}.mount}/${folder}";
    value = {
      device = "${eris.${sambaDrive}.device}/${folder}";
      fsType = "cifs";
      options = eris.${sambaDrive}.options ++ [
        "credentials=${erisSecrets}"
      ];
    };
  };

in
{
  fileSystems = {
    "/" = {
      device = rootDevice;
      fsType = "btrfs";
      options = [
        "subvol=root"
      ];
    };

    "/nix" = {
      device = rootDevice;
      fsType = "btrfs";
      options = [
        "subvol=nix"
      ];
    };

    "/persist" = {
      device = rootDevice;
      fsType = "btrfs";
      neededForBoot = true;
      options = [
        "subvol=persist"
      ];
    };

    "/boot" = {
      device = bootDevice;
      fsType = "vfat";
      options = [
        "fmask=0077"
        "dmask=0077"
      ];
    };

    "/mnt/storage" = {
      device = "/dev/disk/by-label/storage";
      fsType = "ext4";
    };

    "/etc/ssh" = {
      neededForBoot = true;
    };
  }
  // (builtins.listToAttrs (
    builtins.concatMap (drive: map (folder: sambaMounts drive folder) sambaFolders) sambaDrives
  ));

  boot.initrd.postResumeCommands = lib.mkAfter ''
    mkdir /btrfs_tmp
    mount -o subvolid=5 ${rootDevice} /btrfs_tmp

    if [[ -e /btrfs_tmp/root ]]; then
        mkdir -p /btrfs_tmp/old_roots
        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
    fi

    delete_subvolume_recursively() {
        IFS=$'\n'
        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
            delete_subvolume_recursively "/btrfs_tmp/$i"
        done
        btrfs subvolume delete "$1"
    }

    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
        delete_subvolume_recursively "$i"
    done

    btrfs subvolume create /btrfs_tmp/root
    umount /btrfs_tmp
  '';

  environment.persistence."/persist" = {
    directories = [
      "/var/cache"
      "/var/lib"
      {
        directory = "/etc/ssh";
        mode = "u=rwx,g=rx,o=rx";
        user = "root";
      }
    ];
    hideMounts = true;
    users.${user0} = {
      directories = [
        ".cache"
        ".config"
        ".local/share/direnv"
        ".local/state/nix"
        {
          directory = ".ssh";
          mode = "u=rwx,g=,o=";
        }
      ];
    };
  };

  systemd.tmpfiles.rules = [
    "Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
    "Z /mnt/storage 2775 root root -"
  ];

  services.udisks2.enable = true;
}