{pkgs, ...}: {
  environment.etc."crypttab" = {
    text = ''
      ssh-keys UUID=da31e270-80d4-4a89-9633-87dd4d736ca2 none noauto,x-systemd.device-timeout=0
    '';
  };

  fileSystems."/mnt/ssh-keys" = {
    device = "/dev/mapper/ssh-keys";
    fsType = "ext4";
    options = ["noauto" "nofail" "users" "exec"];
  };

  # define the scripts as system commands
  environment.systemPackages = with pkgs; [
    cryptsetup
    (writeShellScriptBin "keys-mount" ''
      sudo systemctl start systemd-cryptsetup@ssh\\x2dkeys.service
      sudo mount /mnt/ssh-keys
      ssh-add /mnt/ssh-keys/id_ed25519
    '')
    (writeShellScriptBin "keys-umount" ''
      ssh-add -d /mnt/ssh-keys/id_ed25519
      sudo umount /mnt/ssh-keys
      sudo systemctl stop systemd-cryptsetup@ssh\\x2dkeys.service
    '')
  ];
}