update

configuration.nix

@@ -36,7 +36,7 @@
   # ─── Bootloader: Limine with Secure Boot ───
   boot.loader.systemd-boot.enable = false; # Disabled - using Limine
   boot.loader.limine.enable = true;
-  boot.loader.limine.secureBoot.enable = true;
+  boot.loader.limine.secureBoot.enable = false;
   boot.loader.efi.canTouchEfiVariables = true;
 
   # ─── Kernel ───
@@ -48,14 +48,10 @@
     "amdgpu.ppfeaturemask=0xffffffff" # Full AMD GPU power features (from gpu-amd.nix)
   ];
 
-  # ─── Full Disk Encryption (LUKS) ───
+ # ─── Full Disk Encryption (LUKS) ───
   boot.initrd.luks.devices = {
-    "cryptroot" = {
-      device = "/dev/disk/by-label/cryptroot";
-      allowDiscards = true; # Enable TRIM for SSD performance
-    };
     "cryptswap" = {
-      device = "/dev/disk/by-label/cryptswap";
+      device = "/dev/mapper/cryptswap";
       allowDiscards = true;
       keyFile = "/swap.key"; # Auto-unlock with keyfile after root is decrypted
     };

hardware-configuration.nix

@@ -14,17 +14,21 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2db125bf-6f56-4299-9dec-f1dca95213c7";
+    { device = "/dev/mapper/cryptroot";
-      fsType = "ext4";
+      fsType = "xfs";
     };
 
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/ecb02db3-6fe8-499e-9a31-38a8143aa092";
+
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/F3DA-C028";
+    { device = "/dev/disk/by-uuid/614D-6CCA";
       fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
+      options = [ "fmask=0022" "dmask=0022" ];
     };
 
-  swapDevices = [ ];
+  swapDevices =
+    [ { device = "/dev/mapper/cryptswap"; }
+    ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;