diff --git a/hosts/zippy/default.nix b/hosts/zippy/default.nix
index 8d47d17..a26b773 100644
--- a/hosts/zippy/default.nix
+++ b/hosts/zippy/default.nix
@@ -4,10 +4,16 @@
     ../../common/global
     ../../common/compute-node.nix
     ../../common/dev-node.nix
+    ../../common/encrypted-btrfs-layout.nix
     ./hardware.nix
   ];
 
+  diskLayout = {
+    mainDiskDevice = "/dev/disk/by-id/ata-KINGSTON_SKC600MS1024G_50026B7785AE0A92";
+    #keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777660702-0:0";
+    keyDiskDevice = "/dev/sdb";
+  };
+
   networking.hostName = "zippy";
-  boot.initrd.luks.devices."luksroot".keyFile = "/dev/sdb";
   services.tailscaleAutoconnect.authkey = "tskey-auth-ktKyQ59f2p11CNTRL-ut8E71dLWPXsVtb92hevNX9RTjmk4owBf";
 }
diff --git a/hosts/zippy/hardware.nix b/hosts/zippy/hardware.nix
index 486bb4b..8faabca 100644
--- a/hosts/zippy/hardware.nix
+++ b/hosts/zippy/hardware.nix
@@ -10,43 +10,6 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/3fb5eb41-34d3-4ef6-8f3e-5db5a788ceef";
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/persist" =
-    { device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
-      fsType = "btrfs";
-      options = [ "subvol=persist" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/e009eed5-90cd-4756-b56f-149d876ca934";
-      fsType = "btrfs";
-      options = [ "subvol=log" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/F3C9-A38F";
-      fsType = "vfat";
-      options = [ "umask=0077" ]; # to avoid the random seed being world readable
-    };
-
-  swapDevices = [ {
-    device = "/dev/disk/by-id/ata-KINGSTON_SKC600MS1024G_50026B7785AE0A92-part2";
-    randomEncryption.enable = true;
-  }];
-
   nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = true;
 }
diff --git a/hosts/zippy/key.bin b/hosts/zippy/key.bin
new file mode 100644
index 0000000..ec0095c
Binary files /dev/null and b/hosts/zippy/key.bin differ