diff --git a/modules/nixos/boot/common/default.nix b/modules/nixos/boot/common/default.nix
index fc04318..434c5ce 100644
--- a/modules/nixos/boot/common/default.nix
+++ b/modules/nixos/boot/common/default.nix
@@ -45,30 +45,30 @@ in
 
       initrd = {
         secrets = {
-	  "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
-	};
+          "/etc/clevis/nuc-nixos.jwe" = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
+        };
 
-	systemd.services."unlock-disk" = {
-	  enable = true;
-	  path = [
-	    pkgs.clevis
-	    pkgs.bcachefs-tools
-	  ];
-	  script = ''
-	    clevis decrypt < "/etc/clevis/nuc-nixos.jwe" | bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
-	  '';
-	  serviceConfig = {
-	    Type = "oneshot";
-	    TimeoutSec = "10s"; # Limit how long we wait for network
-  	  };
-	};
+        systemd.services."unlock-disk" = {
+          enable = true;
+          path = [
+            pkgs.clevis
+            pkgs.bcachefs-tools
+          ];
+          script = ''
+            clevis decrypt < "/etc/clevis/nuc-nixos.jwe" | bcachefs unlock -k session /dev/disk/by-label/disk-main-nuc-nixos-bcachefs-root
+          '';
+          wantedBy = [ "initrd-root-device.target" ];
+          requiredBy = [ "initrd-root-fs.target" ];
+          serviceConfig = {
+            Type = "oneshot";
+            TimeoutSec = "10s";
+          };
+        };
 
         clevis = mkIf (config.${namespace}.hardware.disko.filesystem == "bcachefs"){
           enable = true;
-#        	devices = {
- #       		"/dev/disk/by-partlabel/${config.disko.devices.disk.main.content.partitions.root.name}".secretFile = (lib.snowfall.fs.get-file "secrets/nuc-nixos.jwe");
-  #      	};
         };
+
         luks = mkIf cfg.yubikeyEncryption {
           devices = {
             "${config.disko.devices.disk.main.content.partitions.root.name}" = {