diff --git a/hosts/c1/default.nix b/hosts/c1/default.nix
index 31af965..445f5ff 100644
--- a/hosts/c1/default.nix
+++ b/hosts/c1/default.nix
@@ -3,10 +3,16 @@
   imports = [ 
     ../../common/global
     ../../common/compute-node.nix
+    ../../common/encrypted-btrfs-layout.nix
     ./hardware.nix
   ];
 
+  diskLayout = {
+    mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW256HEHP-000H1_S340NX0K910298";
+    #keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777640496-0:0";
+    keyDiskDevice = "/dev/sdb";
+  };
+
   networking.hostName = "c1";
-  boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
   services.tailscaleAutoconnect.authkey = "tskey-auth-kmFvBT3CNTRL-wUbELKSd5yhuuTwTcgJZxhPUTxKgcYKF";
 }
diff --git a/hosts/c1/hardware.nix b/hosts/c1/hardware.nix
index d60c905..e81435b 100644
--- a/hosts/c1/hardware.nix
+++ b/hosts/c1/hardware.nix
@@ -10,43 +10,6 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/7fa539a0-6c91-49ec-9df2-e81708a07662";
-
-  fileSystems."/persist" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=persist" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=log" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/D8C2-9216";
-      fsType = "vfat";
-      options = [ "umask=0077" ]; # to avoid the random seed being world readable
-    };
-
-  swapDevices = [ {
-    device = "/dev/disk/by-id/nvme-eui.002538b981b03d98-part2";
-    randomEncryption.enable = true;
-  }];
-
   nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = true;
 }
diff --git a/nixos-setup/keys/c1.key b/hosts/c1/key.bin
similarity index 100%
rename from nixos-setup/keys/c1.key
rename to hosts/c1/key.bin
diff --git a/hosts/c2/default.nix b/hosts/c2/default.nix
index 9a796aa..e787530 100644
--- a/hosts/c2/default.nix
+++ b/hosts/c2/default.nix
@@ -3,10 +3,16 @@
   imports = [ 
     ../../common/global
     ../../common/compute-node.nix
+    ../../common/encrypted-btrfs-layout.nix
     ./hardware.nix
   ];
 
+  diskLayout = {
+    mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB256HAHQ-000H1_S425NA1M132963";
+    #keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777650675-0:0";
+    keyDiskDevice = "/dev/sda";
+  };
+
   networking.hostName = "c2";
-  boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
   services.tailscaleAutoconnect.authkey = "tskey-auth-kbYnZK2CNTRL-SpUVCuzS6P3ApJiDaB6RM3M4b8M9TXgS";
 }
diff --git a/hosts/c2/hardware.nix b/hosts/c2/hardware.nix
index bed4683..e81435b 100644
--- a/hosts/c2/hardware.nix
+++ b/hosts/c2/hardware.nix
@@ -10,43 +10,6 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/03ee7c3b-19d5-491d-bc2e-3b0681e6506f";
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/persist" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=persist" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=log" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B543-374F";
-      fsType = "vfat";
-      options = [ "umask=0077" ]; # to avoid the random seed being world readable
-    };
-
-  swapDevices = pkgs.lib.mkForce [ {
-    device = "/dev/disk/by-id/nvme-eui.002538819102bebe-part2";
-    randomEncryption.enable = true;
-  }];
-
   nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = true;
 }
diff --git a/nixos-setup/keys/c2.key b/hosts/c2/key.bin
similarity index 100%
rename from nixos-setup/keys/c2.key
rename to hosts/c2/key.bin
diff --git a/nixos-setup/keys/c3.key b/nixos-setup/keys/c3.key
deleted file mode 100644
index 14eec7c..0000000
Binary files a/nixos-setup/keys/c3.key and /dev/null differ
diff --git a/nixos-setup/keys/zippy.key b/nixos-setup/keys/zippy.key
deleted file mode 100644
index ec0095c..0000000
Binary files a/nixos-setup/keys/zippy.key and /dev/null differ