diff --git a/machines/polysaa/default.nix b/machines/polysaa/default.nix
index aa2c412..bd12eb3 100644
--- a/machines/polysaa/default.nix
+++ b/machines/polysaa/default.nix
@@ -21,9 +21,17 @@
     "usb_storage"
     "sd_mod"
   ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.initrd.luks.devices.cryptroot.device =
-    "/dev/disk/by-uuid/c75f2769-d32f-4eed-9237-ece7e783fec3";
+  boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "ext4" "nls_cp437" "nls_iso8859_1"];
+  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
+    mkdir -m 0755 -p /key/
+    sleep 2
+    mount -n -t ext4 -o ro `findfs UUID=545bfd15-0973-4395-9d05-6c4c78a9e45c` /run/secrets/
+  '';
+  boot.initrd.luks.devices.cryptroot = {
+    device = "/dev/disk/by-uuid/c75f2769-d32f-4eed-9237-ece7e783fec3";
+    keyFile = "/run/secrets/polysaa-drive.key";
+    preLVM = false;
+  };
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
   boot.loader.systemd-boot.enable = true;
diff --git a/profiles/basic/default.nix b/profiles/basic/default.nix
index b00c4ac..8319baf 100644
--- a/profiles/basic/default.nix
+++ b/profiles/basic/default.nix
@@ -9,6 +9,7 @@
 }:
 {
   imports = [
+    ./secrets.nix
     ./locale.nix
     ./ssh.nix
   ];
diff --git a/profiles/basic/secrets.nix b/profiles/basic/secrets.nix
new file mode 100644
index 0000000..682d7a4
--- /dev/null
+++ b/profiles/basic/secrets.nix
@@ -0,0 +1,9 @@
+{config, lib, pkgs, ...}: {
+
+  fileSystems."/run/secrets" = {
+    device = "/dev/disk/by-uuid/545bfd15-0973-4395-9d05-6c4c78a9e45c";
+    fsType = "ext4";
+    options = ["nofail" "noauto" "ro" "x-systemd.automount"];
+  };
+
+}