diff --git a/nix/configuration.nix b/nix/configuration.nix
index e582626..183ae28 100644
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -11,8 +11,22 @@
   # nix settings
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-  # Bootloader.
-  boot.loader.grub.enable = true;
+  # Bootloader to work with LUKS
+  boot.loader.grub = {
+    enable = true;
+    # https://github.com/NixOS/nixpkgs/issues/55332
+    device = "nodev";                    # Don't install to MBR
+    efiSupport = true;                   # Enable EFI support
+    enableCryptodisk = true;             # Enable LUKS support
+  };
+  
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # LUKS configuration
+  boot.initrd.luks.devices."crypted" = {
+    device = "/dev/disk/by-partlabel/luks";
+    allowDiscards = true;
+  };
 
   
   boot.initrd.kernelModules = [ "virtio_gpu" ];
diff --git a/nix/disko.nix b/nix/disko.nix
index cddefa0..aa53c5b 100644
--- a/nix/disko.nix
+++ b/nix/disko.nix
@@ -11,6 +11,7 @@
             ESP = {
               size = "500M";
               type = "EF00";
+              label = "boot";
               content = {
                 type = "filesystem";
                 format = "vfat";
@@ -20,12 +21,11 @@
             };
             luks = {
               size = "100%";
+              label = "luks";
               content = {
                 type = "luks";
                 name = "crypted";
                 settings.allowDiscards = true; # Enable SSD TRIM support
-                passwordFile = "/tmp/secret.key"; # install time key file location
-                # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                 content = {
                   type = "filesystem";
                   format = "ext4";