diff --git a/install/install.sh b/install/install.sh
index de6ee87..021d6e1 100644
--- a/install/install.sh
+++ b/install/install.sh
@@ -3,27 +3,35 @@ DEVICE=/dev/nvme0n1
 BOOT_PARTITION=/dev/nvme0n1p1
 SWAP_PARTITION=/dev/nvme0n1p2
 ROOT_PARTITION=/dev/nvme0n1p3
+SWAP_NAME=cryptswap
+ROOT_NAME=cryptnixos
 
 gdisk $DEVICE
 
 mkfs.vfat -n BOOT $BOOT_PARTITION
-mkfs.btrfs -f -L root $ROOT_PARTITION
-mkswap -L swap $SWAP_PARTITION
-
-mount -t btrfs $ROOT_PARTITION /mnt/
-btrfs subvolume create /mnt/nixos
-umount /mnt/
-mount -t btrfs -o subvol=nixos,compress=zstd,noatime,discard,ssd $ROOT_PARTITION /mnt/
-btrfs subvolume create /mnt/var
-btrfs subvolume create /mnt/home
+cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
+cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
+mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
+mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt
+btrfs subvolume create /mnt/@nixos
+btrfs subvolume create /mnt/@nix-store
+btrfs subvolume create /mnt/@home
+btrfs subvolume create /mnt/@snapshots
+umount /mnt
+mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/
+mkdir -p /mnt/.snapshots
+mkdir -p /mnt/home
+mkdir -p /mnt/nix/store
+mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/.snapshots
+mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/home
+mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store
 btrfs subvolume create /mnt/tmp
-
+btrfs subvolume create /mnt/var
 mkdir /mnt/boot
 mount $BOOT_PARTITION /mnt/boot
-
+# create swap
+mkfs.ext2 -L $SWAP_NAME $SWAP_PARTITION 1M
 nixos-generate-config --root /mnt/
-
 cp ./min-config.nix /mnt/etc/nixos/configuration.nix
-
 nano /mnt/etc/nixos/configuration.nix
-nixos-install -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
+nixos-install -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
\ No newline at end of file
diff --git a/install/min-config.nix b/install/min-config.nix
index 54b9e4f..6fa6726 100644
--- a/install/min-config.nix
+++ b/install/min-config.nix
@@ -12,20 +12,40 @@
 
   fileSystems = {
     "/" = {
-      options = [ "noatime" "ssd" "discard" "compress=zstd" ];
+      options = [ "noatime" "ssd" "compress=zstd" ];
+    };
+    "/.snapshots" = {
+      options = [ "noatime" "ssd" "compress=zstd" ];
+    };
+    "/home" = {
+      options = [ "noatime" "ssd" "compress=zstd" ];
+    };
+    "/nix-store" = {
+      options = [ "noatime" "ssd" "compress=zstd" ];
     };
   };
 
-  swapDevices = [
-    { label = "swap"; }
-  ];
-
   networking = {
     hostName = "nixos";
     firewall.enable = false;
     networkmanager.enable = false;
-    wireless.enable = true;
-    wireless.userControlled.enable = true;
+    wireless = {
+      enable = true;
+      userControlled.enable = true;
+      networks.Alukard_5GHz = {
+        pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4";
+        priority = 1;
+      };
+    };
+  };
+
+  nixpkgs.config = {
+    allowUnfree = true;
+  };
+  nix = {
+    useSandbox = true;
+    autoOptimiseStore = true;
+    optimise.automatic = true;
   };
 
   i18n = {
@@ -40,9 +60,12 @@
     wget vim git
   ];
 
+  users.mutableUsers = false;
   users.users.alukard = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
+    uid = 1000;
+    hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
   };
 
   system.stateVersion = "19.03";
diff --git a/modules/filesystems.nix b/modules/filesystems.nix
index 35f1003..1155c4d 100644
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@@ -10,6 +10,25 @@ with deviceSpecific; {
       else
         [ "noatime" "compress=zstd" ];
     };
+    "/.snapshots" = {
+      options = if isSSD then
+        [ "ssd" "noatime" "compress=zstd" ]
+      else
+        [ "noatime" "compress=zstd" ];
+    };
+    "/home" = {
+      options = if isSSD then
+        [ "ssd" "noatime" "compress=zstd" ]
+      else
+        [ "noatime" "compress=zstd" ];
+    };
+    "/nix-store" = {
+      options = if isSSD then
+        [ "ssd" "noatime" "compress=zstd" ]
+      else
+        [ "noatime" "compress=zstd" ];
+    };
+
     "/shared/nixos" = lib.mkIf isVM {
       fsType = "vboxsf";
       device = "shared";
@@ -48,9 +67,4 @@ with deviceSpecific; {
       ];
     };
   };
-
-  # mount swap
-  swapDevices = [
-    { label = "swap"; }
-  ];
 }
\ No newline at end of file