{ lib, ... }:
{
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512F_S1K5NYBF736152";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "256M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
              };
            };
            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "rpool";
              };
            };
          };
        };
      };
    };
    zpool = {
      rpool = {
        type = "zpool";
        options = {
          ashift = "12";
        };
        rootFsOptions = {
          canmount = "off";
          mountpoint = "none";
          dnodesize = "auto";
          xattr = "sa";
        };
        postCreateHook = "zfs snapshot rpool@blank";
        datasets = {
          local = {
            type = "zfs_fs";
            options = {
              mountpoint = "none";
            };
          };
          "local/nix" = {
            type = "zfs_fs";
            mountpoint = "/nix";
            options = {
              atime = "off";
              mountpoint = "legacy";
            };
          };
          "local/tmp" = {
            type = "zfs_fs";
            mountpoint = "/tmp";
            options = {
              setuid = "off";
              devices = "off";
              mountpoint = "legacy";
            };
          };
          system = {
            type = "zfs_fs";
            mountpoint = "/";
            options = {
              mountpoint = "legacy";
            };
          };
          "system/var" = {
            type = "zfs_fs";
            mountpoint = "/var";
            options = {
              mountpoint = "legacy";
            };
          };
          "system/var/tmp" = {
            type = "zfs_fs";
            mountpoint = "/var/tmp";
            options = {
              devices = "off";
              mountpoint = "legacy";
            };
          };
          "system/var/log" = {
            type = "zfs_fs";
            mountpoint = "/var/log";
            options = {
              compression = "on";
              acltype = "posix";
              mountpoint = "legacy";
            };
          };
          user = {
            type = "zfs_fs";
            options = {
              mountpoint = "none";
              encryption = "aes-256-gcm";
              keyformat = "passphrase";
              keylocation = "file:///tmp/secret.key";
            };
            # use this to read the key during boot
            postCreateHook = ''
              zfs set keylocation="prompt" "rpool/$name";
            '';
          };
          "user/home" = {
            type = "zfs_fs";
            mountpoint = "/home";
            options = {
              setuid = "off";
              devices = "off";
              mountpoint = "legacy";
            };
          };
        };
      };
    };
  };
}