fix(installer): resolve multi-disk LUKS/BTRFS boot hang

- Move temporary LUKS keyfile to /tmp/ so Disko omits it from runtime config
- Explicitly add x-systemd.requires and x-systemd.device-timeout=0 to BTRFS mount options
- Ensures all LUKS devices are decrypted before BTRFS attempts to mount

installer/disko-config.nix

@@ -44,7 +44,7 @@ let
           content = {
             type = "luks";
             name = extraLuks drive;
-            passwordFile = "/dev/shm/nomarchy-luks.key";
+            passwordFile = "/tmp/nomarchy-luks.key";
             settings.allowDiscards = true;
             content.type = "btrfs";
           };
@@ -70,16 +70,24 @@ let
   # snapshot) targets the right /dev/mapper entry.
   mainLuksName = if hasExtras then "crypted_main" else "crypted";
 
+  # Multi-device BTRFS on LUKS requires that we explicitly tell systemd-initrd
+  # to wait for ALL LUKS devices to be decrypted before attempting to mount
+  # the filesystem, otherwise it might try to mount as soon as the first one
+  # appears and then hang or fail.
+  allLuksNames = [ mainLuksName ] ++ map extraLuks extraDrives;
+  btrfsMountOptions = [ "compress=zstd" "noatime" "x-systemd.device-timeout=0" ]
+    ++ map (n: "x-systemd.requires=/dev/mapper/" + n) allLuksNames;
+
   rootBtrfs = {
     type = "btrfs";
     extraArgs = btrfsExtraArgs;
     subvolumes = {
-      "@"          = { mountpoint = "/";           mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@persist"   = { mountpoint = "/persist";    mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@home"      = { mountpoint = "/home";       mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@nix"       = { mountpoint = "/nix";        mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@log"       = { mountpoint = "/var/log";    mountOptions = [ "compress=zstd" "noatime" ]; };
-      "@snapshots" = { mountpoint = "/.snapshots"; mountOptions = [ "compress=zstd" "noatime" ]; };
+      "@"          = { mountpoint = "/";           mountOptions = btrfsMountOptions; };
+      "@persist"   = { mountpoint = "/persist";    mountOptions = btrfsMountOptions; };
+      "@home"      = { mountpoint = "/home";       mountOptions = btrfsMountOptions; };
+      "@nix"       = { mountpoint = "/nix";        mountOptions = btrfsMountOptions; };
+      "@log"       = { mountpoint = "/var/log";    mountOptions = btrfsMountOptions; };
+      "@snapshots" = { mountpoint = "/.snapshots"; mountOptions = btrfsMountOptions; };
     };
     postCreateHook = ''
       MNTPOINT=$(mktemp -d)
@@ -116,7 +124,7 @@ in {
             content = {
               type = "luks";
               name = mainLuksName;
-              passwordFile = "/dev/shm/nomarchy-luks.key";
+              passwordFile = "/tmp/nomarchy-luks.key";
               settings.allowDiscards = true;
               content = rootBtrfs;
             };

installer/install.sh

@@ -1089,7 +1089,7 @@ prewipe_target_drive() {
     success "Pre-wipe complete"
 }
 
-_LUKS_KEY_PATH="/dev/shm/nomarchy-luks.key"
+_LUKS_KEY_PATH="/tmp/nomarchy-luks.key"
 
 # Wrap the disko invocation so a failure surfaces the last few lines of
 # output and offers Retry / View full log / Abort. set -e is suspended for