fix(installer): resolve multi-disk LUKS/BTRFS boot hang

- Move temporary LUKS keyfile to /tmp/ so Disko omits it from runtime config
- Explicitly add x-systemd.requires and x-systemd.device-timeout=0 to BTRFS mount options
- Ensures all LUKS devices are decrypted before BTRFS attempts to mount

docs/ROADMAP.md

@@ -136,6 +136,7 @@ Nomarchy is moving away from being a "flavor" of Omarchy to its own distinct ide
 
 (Move items here when they land — keep them brief, link the commit/PR.)
 
+- _2026-05-03_ — Fixed multi-disk LUKS/BTRFS boot hang. (1) Moved temporary LUKS keyfile to `/tmp/` so Disko correctly omits it from the runtime configuration; (2) Injected `x-systemd.requires` and `x-systemd.device-timeout=0` into BTRFS mount options to ensure all LUKS drives are decrypted before mounting.
 - _2026-05-03_ — Fixed CLI wrappers and removed obsolete code. (1) Updated `nomarchy-font`, `nomarchy-theme`, and `nomarchy-wallpaper` CLI wrappers to use modern Walker menus; (2) Removed the obsolete and broken `themes/engine/switcher.nix` and its associated Nix-inlined scripts; (3) Cleaned up remaining `$NOMARCHY_PATH` references from the Omarchy era.
 - _2026-05-03_ — Fixed `/etc/nixos` ownership after installation. Added a `chown -R $USERNAME:users /etc/nixos` step via `nixos-enter` at the end of `installer/install.sh` so the main user owns their configuration and can run `home-manager` commands without `sudo`.
 - _2026-05-01_ — Installer & Script Audit Polish. (1) Fixed a critical bash dynamic scoping bug in `installer/install.sh` where `rc=0` assignments inside functions (Impermanence, Form Factor) were clobbering the main loop's return code, causing the installer to abort when "No" was selected; (2) Polished `hosts/nomarchy-live.nix` with auto-login for the `nixos` user and passwordless sudo for the `wheel` group; (3) Repurposed `nomarchy-toggle-suspend` to execute `systemctl suspend` directly and updated `nomarchy-menu` to reflect this; (4) Updated `nomarchy-launch-wifi` to use `nmtui` in Alacritty; (5) Regenerated `docs/SCRIPTS.md` to reflect the updated script mappings.

installer/disko-config.nix

@@ -44,7 +44,7 @@ let
           content = {
             type = "luks";
             name = extraLuks drive;
-            passwordFile = "/dev/shm/nomarchy-luks.key";
+            passwordFile = "/tmp/nomarchy-luks.key";
             settings.allowDiscards = true;
             content.type = "btrfs";
           };
@@ -70,16 +70,24 @@ let
   # snapshot) targets the right /dev/mapper entry.
   mainLuksName = if hasExtras then "crypted_main" else "crypted";
 
+  # Multi-device BTRFS on LUKS requires that we explicitly tell systemd-initrd
+  # to wait for ALL LUKS devices to be decrypted before attempting to mount
+  # the filesystem, otherwise it might try to mount as soon as the first one
+  # appears and then hang or fail.
+  allLuksNames = [ mainLuksName ] ++ map extraLuks extraDrives;
+  btrfsMountOptions = [ "compress=zstd" "noatime" "x-systemd.device-timeout=0" ]
+    ++ map (n: "x-systemd.requires=/dev/mapper/" + n) allLuksNames;
+
   rootBtrfs = {
     type = "btrfs";
     extraArgs = btrfsExtraArgs;
     subvolumes = {
-      "@"          = { mountpoint = "/";           mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@persist"   = { mountpoint = "/persist";    mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@home"      = { mountpoint = "/home";       mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@nix"       = { mountpoint = "/nix";        mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@log"       = { mountpoint = "/var/log";    mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@snapshots" = { mountpoint = "/.snapshots"; mountOptions = [ "compress=zstd" "noatime" ]; };
+      "@"          = { mountpoint = "/";           mountOptions = btrfsMountOptions; };
+      "@persist"   = { mountpoint = "/persist";    mountOptions = btrfsMountOptions; };
+      "@home"      = { mountpoint = "/home";       mountOptions = btrfsMountOptions; };
+      "@nix"       = { mountpoint = "/nix";        mountOptions = btrfsMountOptions; };
+      "@log"       = { mountpoint = "/var/log";    mountOptions = btrfsMountOptions; };
+      "@snapshots" = { mountpoint = "/.snapshots"; mountOptions = btrfsMountOptions; };
     };
     postCreateHook = ''
       MNTPOINT=$(mktemp -d)
@@ -116,7 +124,7 @@ in {
             content = {
               type = "luks";
               name = mainLuksName;
-              passwordFile = "/dev/shm/nomarchy-luks.key";
+              passwordFile = "/tmp/nomarchy-luks.key";
               settings.allowDiscards = true;
               content = rootBtrfs;
             };

installer/install.sh

@@ -1089,7 +1089,7 @@ prewipe_target_drive() {
     success "Pre-wipe complete"
 }
 
-_LUKS_KEY_PATH="/dev/shm/nomarchy-luks.key"
+_LUKS_KEY_PATH="/tmp/nomarchy-luks.key"
 
 # Wrap the disko invocation so a failure surfaces the last few lines of
 # output and offers Retry / View full log / Abort. set -e is suspended for