{...}:
let
  sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in
{
  disko.devices = {
    disk = {
      vdb = {
        type = "disk";
        inherit device;
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [
                  "defaults"
                ];
              };
            };
            luks = {
              size = "100%";
              content = {
                type = "luks";
                name = "crypted";
                # disable settings.keyFile if you want to use interactive password entry
                #passwordFile = "/tmp/secret.key"; # Interactive
                settings = {
                  allowDiscards = true;
                  keyFile = "${sopsHashedPasswordFile}";
                };
                  content = {
                    type = "btrfs";
                    extraArgs = ["-f"];
                      subvolumes = {
                        "/root" = {
                          mountpoint = "/";
                        };

                        "/persist" = {
                          mountOptions = [ "subvol=persist" ];
                          mountpoint = "/persist";
                        };

                        "/nix" = {
                          mountOptions = [ "subvol=nix" "noatime" ];
                          mountpoint = "/nix";
                        };

                        "/swap" = {
                          mountOptions = [ "noatime" ];
                          mountpoint = "/.swapvol";
                          swap.swapfile.size = "8192M";
                        };
                      };
                  };
                };
              };
          };
        };
      };
    };
  };
}