From 3510a51492d31bb61be7447aaf5a8dca5ca269b1 Mon Sep 17 00:00:00 2001
From: Bernardo Magri <bernardo@bernardomagri.eu>
Date: Sun, 3 May 2026 09:13:02 +0100
Subject: [PATCH] fix(installer): resolve multi-disk LUKS/BTRFS boot hang

- Move temporary LUKS keyfile to /tmp/ so Disko omits it from runtime config
- Explicitly add x-systemd.requires and x-systemd.device-timeout=0 to BTRFS mount options
- Ensures all LUKS devices are decrypted before BTRFS attempts to mount
---
 docs/ROADMAP.md            |  1 +
 installer/disko-config.nix | 24 ++++++++++++++++--------
 installer/install.sh       |  2 +-
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md
index 9b89eaa..5cf86ee 100644
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -136,6 +136,7 @@ Nomarchy is moving away from being a "flavor" of Omarchy to its own distinct ide
 
 (Move items here when they land — keep them brief, link the commit/PR.)
 
+- _2026-05-03_ — Fixed multi-disk LUKS/BTRFS boot hang. (1) Moved temporary LUKS keyfile to `/tmp/` so Disko correctly omits it from the runtime configuration; (2) Injected `x-systemd.requires` and `x-systemd.device-timeout=0` into BTRFS mount options to ensure all LUKS drives are decrypted before mounting.
 - _2026-05-03_ — Fixed CLI wrappers and removed obsolete code. (1) Updated `nomarchy-font`, `nomarchy-theme`, and `nomarchy-wallpaper` CLI wrappers to use modern Walker menus; (2) Removed the obsolete and broken `themes/engine/switcher.nix` and its associated Nix-inlined scripts; (3) Cleaned up remaining `$NOMARCHY_PATH` references from the Omarchy era.
 - _2026-05-03_ — Fixed `/etc/nixos` ownership after installation. Added a `chown -R $USERNAME:users /etc/nixos` step via `nixos-enter` at the end of `installer/install.sh` so the main user owns their configuration and can run `home-manager` commands without `sudo`.
 - _2026-05-01_ — Installer & Script Audit Polish. (1) Fixed a critical bash dynamic scoping bug in `installer/install.sh` where `rc=0` assignments inside functions (Impermanence, Form Factor) were clobbering the main loop's return code, causing the installer to abort when "No" was selected; (2) Polished `hosts/nomarchy-live.nix` with auto-login for the `nixos` user and passwordless sudo for the `wheel` group; (3) Repurposed `nomarchy-toggle-suspend` to execute `systemctl suspend` directly and updated `nomarchy-menu` to reflect this; (4) Updated `nomarchy-launch-wifi` to use `nmtui` in Alacritty; (5) Regenerated `docs/SCRIPTS.md` to reflect the updated script mappings.
diff --git a/installer/disko-config.nix b/installer/disko-config.nix
index bcab696..f74421d 100644
--- a/installer/disko-config.nix
+++ b/installer/disko-config.nix
@@ -44,7 +44,7 @@ let
           content = {
             type = "luks";
             name = extraLuks drive;
-            passwordFile = "/dev/shm/nomarchy-luks.key";
+            passwordFile = "/tmp/nomarchy-luks.key";
             settings.allowDiscards = true;
             content.type = "btrfs";
           };
@@ -70,16 +70,24 @@ let
   # snapshot) targets the right /dev/mapper entry.
   mainLuksName = if hasExtras then "crypted_main" else "crypted";
 
+  # Multi-device BTRFS on LUKS requires that we explicitly tell systemd-initrd
+  # to wait for ALL LUKS devices to be decrypted before attempting to mount
+  # the filesystem, otherwise it might try to mount as soon as the first one
+  # appears and then hang or fail.
+  allLuksNames = [ mainLuksName ] ++ map extraLuks extraDrives;
+  btrfsMountOptions = [ "compress=zstd" "noatime" "x-systemd.device-timeout=0" ]
+    ++ map (n: "x-systemd.requires=/dev/mapper/" + n) allLuksNames;
+
   rootBtrfs = {
     type = "btrfs";
     extraArgs = btrfsExtraArgs;
     subvolumes = {
-      "@"          = { mountpoint = "/";           mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@persist"   = { mountpoint = "/persist";    mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@home"      = { mountpoint = "/home";       mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@nix"       = { mountpoint = "/nix";        mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@log"       = { mountpoint = "/var/log";    mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@snapshots" = { mountpoint = "/.snapshots"; mountOptions = [ "compress=zstd" "noatime" ]; };
+      "@"          = { mountpoint = "/";           mountOptions = btrfsMountOptions; };
+      "@persist"   = { mountpoint = "/persist";    mountOptions = btrfsMountOptions; };
+      "@home"      = { mountpoint = "/home";       mountOptions = btrfsMountOptions; };
+      "@nix"       = { mountpoint = "/nix";        mountOptions = btrfsMountOptions; };
+      "@log"       = { mountpoint = "/var/log";    mountOptions = btrfsMountOptions; };
+      "@snapshots" = { mountpoint = "/.snapshots"; mountOptions = btrfsMountOptions; };
     };
     postCreateHook = ''
       MNTPOINT=$(mktemp -d)
@@ -116,7 +124,7 @@ in {
             content = {
               type = "luks";
               name = mainLuksName;
-              passwordFile = "/dev/shm/nomarchy-luks.key";
+              passwordFile = "/tmp/nomarchy-luks.key";
               settings.allowDiscards = true;
               content = rootBtrfs;
             };
diff --git a/installer/install.sh b/installer/install.sh
index 46db20b..64dbde7 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -1089,7 +1089,7 @@ prewipe_target_drive() {
     success "Pre-wipe complete"
 }
 
-_LUKS_KEY_PATH="/dev/shm/nomarchy-luks.key"
+_LUKS_KEY_PATH="/tmp/nomarchy-luks.key"
 
 # Wrap the disko invocation so a failure surfaces the last few lines of
 # output and offers Retry / View full log / Abort. set -e is suspended for