diff --git a/hosts/configuration_desktop.nix b/hosts/configuration_desktop.nix
index dabfd52..941b733 100644
--- a/hosts/configuration_desktop.nix
+++ b/hosts/configuration_desktop.nix
@@ -100,6 +100,7 @@
       agenix.defaultPackage.x86_64-linux
       age-plugin-yubikey
       pwgen
+      cryptsetup
     ];
   };
 
diff --git a/hosts/nas/hardware-configuration.nix b/hosts/nas/hardware-configuration.nix
index 2d06d96..51ad249 100644
--- a/hosts/nas/hardware-configuration.nix
+++ b/hosts/nas/hardware-configuration.nix
@@ -19,6 +19,21 @@
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" "vfio_virqfd" ];
+  boot.initrd.secrets = {
+    "/root/NASKeyfile" =
+        /root/NASKeyfile;
+  };
+  boot.initrd.luks.devices = {
+    NAS-RAID1 = {
+      device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
+      keyFile = "/root/NASKeyfile";
+    };
+    NAS-RAID2 = {
+      device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
+      keyFile = "/root/NASKeyfile";
+    };
+  };
+
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
   boot.tmpOnTmpfs = true;