diff --git a/flake.lock b/flake.lock
index e99da67..82c51d6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -143,11 +143,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1770082062,
-        "narHash": "sha256-9hyE4UN84VjBKsTxw0nO23crBGtEtnT72g33+YETfvE=",
+        "lastModified": 1770085102,
+        "narHash": "sha256-QsjniU+xcK04BQvPxdu0UTkXq2+Fh7FwFgvdG6b32hE=",
         "owner": "noctalia-dev",
         "repo": "noctalia-shell",
-        "rev": "feb65ad8b247c16311181cc420f54bcae4f629fe",
+        "rev": "cdf0a5dd44af63b5530fad595ac650d5d899a848",
         "type": "github"
       },
       "original": {
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
index 721b5e9..17065d2 100644
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -1,34 +1,62 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
 
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usb_storage"
+    "usbhid"
+    "uas"
+    "sd_mod"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/mapper/cryptroot";
-      fsType = "xfs";
-    };
+  fileSystems."/" = {
+    device = "/dev/mapper/cryptroot";
+    fsType = "xfs";
+  };
 
-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092";
+  boot.initrd.luks.devices."cryptroot".device =
+    "/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092";
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/614D-6CCA";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
+  # ─── Encrypted Swap ───
+  # Include swap keyfile in initramfs (so it's available before root is mounted)
+  boot.initrd.secrets."/var/lib/secrets/swap.key" = /var/lib/secrets/swap.key;
 
-  swapDevices =
-    [ { device = "/dev/mapper/cryptswap"; }
+  boot.initrd.luks.devices."cryptswap" = {
+    device = "/dev/disk/by-uuid/0e51324d-5929-4b4c-bd6e-a3130cf8adc2";
+    keyFile = "/var/lib/secrets/swap.key";
+    allowDiscards = true; # Enable TRIM for NVMe SSD
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/614D-6CCA";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
     ];
+  };
+
+  swapDevices = [
+    { device = "/dev/mapper/cryptswap"; }
+  ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;