{
  # https://github.com/nix-community/disko/blob/master/docs/quickstart.md
  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/nvme1n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "2G";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [
                  "defaults"
                ];
              };
            };
            luks = {
              size = "2004G";
              content = {
                type = "luks";
                name = "crypted_root";
                settings = {
                  allowDiscards = true;
                  bypassWorkqueues = true;
                  keyFile = "/tmp/yk/yk_mini.key";
                };
                additionalKeyFiles = [
                  "/tmp/yk/yk_the_big_one.key"
                  "/tmp/yk/yk_on_key.key"
                  "/tmp/yk/yk_round.key"
                ];
                # https://github.com/sgillespie/nixos-yubikey-luks
                extraFormatArgs = [
                  "--cipher=aes-xts-plain64"
                  "--key-size=512"
                  "--hash=sha512"
                ];
                initrdUnlock = false; # we have to add it manually because of the yubikeys
                content = {
                  type = "btrfs";
                  extraArgs = [ "-f" ];
                  subvolumes = {
                    "/root" = {
                      mountpoint = "/";
                      # https://unix.stackexchange.com/questions/752741/what-is-the-mount-option-space-cache-v2
                      mountOptions = [
                        "compress=zstd"
                        "noatime"
                        "space_cache=v2"
                        "commit=120"
                      ];
                    };
                    "/home" = {
                      mountpoint = "/home";
                      mountOptions = [
                        "compress=zstd"
                        "noatime"
                        "space_cache=v2"
                        "commit=120"
                      ];
                    };
                    "/nix" = {
                      mountpoint = "/nix";
                      mountOptions = [
                        "compress=zstd"
                        "noatime"
                        "space_cache=v2"
                        "commit=120"
                      ];
                    };
                    "/var" = {
                      mountpoint = "/var";
                      mountOptions = [
                        "compress=zstd"
                        "noatime"
                        "space_cache=v2"
                        "commit=120"
                      ];
                    };
                    "/docker-btrfs" = {
                      mountpoint = "/var/lib/docker/btrfs";
                      mountOptions = [
                        "compress=zstd"
                        "noatime"
                        "space_cache=v2"
                        "commit=120"
                      ];
                    };
                  };
                };
              };
            };
          };
        };
      };
      backup = {
        type = "disk";
        device = "/dev/nvme0n1";
        content = {
          type = "gpt";
          partitions = {
            ESP = {
              size = "40M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
              };
            };
            luks = {
              size = "1024G";
              content = {
                type = "luks";
                name = "crypted_backup";

                settings = {
                  allowDiscards = true;
                  bypassWorkqueues = true;
                  keyFile = "/tmp/yk/yk_mini.key";
                };
                additionalKeyFiles = [
                  "/tmp/yk/yk_the_big_one.key"
                  "/tmp/yk/yk_on_key.key"
                  "/tmp/yk/yk_round.key"
                ];
                extraFormatArgs = [
                  "--cipher=aes-xts-plain64"
                  "--key-size=512"
                  "--hash=sha512"
                ];
                initrdUnlock = false; # we have to add it manually because of the yubikeys
                content = {
                  type = "btrfs";
                  extraArgs = [ "-f" ];
                  subvolumes = {
                    "/backup" = {
                      mountpoint = "/backup";
                      mountOptions = [
                        "compress=zstd"
                        "noatime"
                        "space_cache=v2"
                        "commit=120"
                      ];
                    };
                  };
                };
              };
            };
          };
        };
      };
    };
  };
}