diff --git a/systems/artemision/configuration.nix b/systems/artemision/configuration.nix
index b436f49..910b165 100644
--- a/systems/artemision/configuration.nix
+++ b/systems/artemision/configuration.nix
@@ -73,7 +73,6 @@
     fprintd.enable = lib.mkForce false;
     openssh.enable = lib.mkForce false;
 
-    journald.storage = "volatile";
     spotifyd = {
       enable = true;
       settings = {
diff --git a/systems/artemision/hardware.nix b/systems/artemision/hardware.nix
index 2938ede..b151432 100644
--- a/systems/artemision/hardware.nix
+++ b/systems/artemision/hardware.nix
@@ -52,7 +52,6 @@
       options = [
         "noatime"
         "nodiratime"
-        "discard"
       ];
     };
 
@@ -62,7 +61,6 @@
       options = [
         "noatime"
         "nodiratime"
-        "discard"
       ];
     };
 
@@ -72,7 +70,6 @@
       options = [
         "noatime"
         "nodiratime"
-        "discard"
       ];
     };
 
@@ -82,7 +79,6 @@
       options = [
         "noatime"
         "nodiratime"
-        "discard"
       ];
     };
   };
diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index a9eeb7e..4eacd9b 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -64,7 +64,6 @@
     nfs.server.enable = true;
     openssh.ports = [ 666 ];
     smartd.enable = true;
-    journald.storage = "volatile";
 
     postgresql = {
       enable = true;
diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix
index 94b099b..0cedbe9 100644
--- a/systems/palatine-hill/hardware-changes.nix
+++ b/systems/palatine-hill/hardware-changes.nix
@@ -1,33 +1,53 @@
-{ ... }:
+{ lib, ... }:
 {
 
-  boot.initrd.services.lvm.enable = true;
+  boot.zfs.requestEncryptionCredentials = lib.mkForce false;
 
-  boot.initrd.luks.devices = {
-    "nixos-pv" = {
-      device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444";
-      preLVM = true;
-      allowDiscards = true;
+  boot.initrd = {
+    services.lvm.enable = true;
+    luks.devices = {
+      "nixos-pv" = {
+        device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444";
+        preLVM = true;
+        allowDiscards = true;
+      };
     };
+
+    postResumeCommands = ''
+      # let root mount and everything, then manually unlock stuff
+      load_zfs_nix() {
+        local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"
+        local mountPoint="/"
+        local options="x-initrd.mount,noatime,nodiratime"
+        local fsType="ext4"
+
+        echo "manually mounting key location, then unmounting"
+        udevadm settle
+
+        mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType"
+
+        zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix"
+        umount "$targetRoot/"
+      }
+
+      load_zfs_nix
+    '';
   };
 
   fileSystems = {
     "/".options = [
       "noatime"
       "nodiratime"
-      "discard"
     ];
 
     "/home".options = [
       "noatime"
       "nodiratime"
-      "discard"
     ];
 
     "/boot".options = [
       "noatime"
       "nodiratime"
-      "discard"
       "fmask=0077"
       "dmask=0077"
     ];
diff --git a/users/alice/default.nix b/users/alice/default.nix
index ff0f9b8..5c337a2 100644
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@@ -13,6 +13,6 @@ import ../default.nix {
     name
     ;
   publicKeys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvF14bwJtV3r6O4KPydaIHmeiwJAYBs17nGDQUZgd5P alice@artemision"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision"
   ];
 }