diff --git a/flake.nix b/flake.nix
index a81ac57b..bb5d0f00 100644
--- a/flake.nix
+++ b/flake.nix
@@ -289,8 +289,11 @@
 										"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
 									};
 								};
-								decrypt.auto."/dev/disk/by-uuid/cc0c27bb-15b3-4932-98a9-583b426002be" =
-									{ mapper = "root"; ssd = true; };
+								decrypt =
+								{
+									auto."/dev/disk/by-uuid/cc0c27bb-15b3-4932-98a9-583b426002be" = { mapper = "root"; ssd = true; };
+									manual.enable = true;
+								};
 								rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
 							};
 							packages =
@@ -307,6 +310,7 @@
 							boot =
 							{
 								grub.installDevice = "/dev/disk/by-path/pci-0000:05:00.0";
+								network.enable = true;
 								sshd.enable = true;
 							};
 							system.hostname = "vps6";
diff --git a/modules/boot/default.nix b/modules/boot/default.nix
index f5465a96..d7291bf3 100644
--- a/modules/boot/default.nix
+++ b/modules/boot/default.nix
@@ -8,6 +8,7 @@ inputs:
 			windowsEntries = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
 			installDevice = mkOption { type = types.str; }; # "efi" using efi, or dev path like "/dev/sda" using bios
 		};
+		network.enable = mkOption { type = types.bool; default = false; };
 		sshd.enable = mkOption { type = types.bool; default = false; };
 	};
 	config =
@@ -54,24 +55,26 @@ inputs:
 					}
 					{ boot.loader.grub.device = boot.grub.installDevice; }
 			)
+			# network
+			(
+				mkIf inputs.config.nixos.boot.network.enable
+				{
+					boot =
+					{
+						initrd.network.enable = true;
+						kernelParams = [ "ip=dhcp" ];
+					};
+				}
+			)
 			# sshd
 			(
 				mkIf inputs.config.nixos.boot.sshd.enable
 				{
-					boot.initrd =
+					boot.initrd.network.ssh =
 					{
-						network =
-						{
-							enable = true;
-							ssh =
-							{
-								enable = true;
-								hostKeys = [ "/etc/ssh/initrd_ssh_host_ed25519_key" ];
-							};
-						};
-						luks.forceLuksSupportInInitrd = true;
+						enable = true;
+						hostKeys = [ "/etc/ssh/initrd_ssh_host_ed25519_key" ];
 					};
-					networking.useDHCP = true;
 				}
 			)
 		];
diff --git a/modules/fileSystems/default.nix b/modules/fileSystems/default.nix
index 3a3d743e..79109346 100644
--- a/modules/fileSystems/default.nix
+++ b/modules/fileSystems/default.nix
@@ -9,12 +9,23 @@ inputs:
 			# device.subvol = mountPoint;
 			btrfs = mkOption { type = types.attrsOf (types.attrsOf types.nonEmptyStr); default = {}; };
 		};
-		decrypt.auto = mkOption { type = types.attrsOf (types.submodule { options =
+		decrypt =
 		{
-			mapper = mkOption { type = types.nonEmptyStr; };
-			ssd = mkOption { type = types.bool; default = false; };
-			before = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
-		}; }); default = {}; };
+			auto = mkOption
+			{
+				type = types.attrsOf (types.submodule
+				{
+					options =
+					{
+						mapper = mkOption { type = types.nonEmptyStr; };
+						ssd = mkOption { type = types.bool; default = false; };
+						before = mkOption { type = types.nullOr (types.listOf types.nonEmptyStr); default = null; };
+					};
+				});
+				default = {};
+			};
+			manual.enable = mkOption { type = types.bool; default = false; };
+		};
 		mdadm = mkOption { type = types.nullOr types.str; default = null; };
 		swap = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
 		resume = mkOption
@@ -112,6 +123,10 @@ inputs:
 					};
 				}
 			)
+			# decrypt.manual
+			(
+				mkIf (fileSystems.decrypt.manual.enable) { boot.initrd.luks.forceLuksSupportInInitrd = true; }
+			)
 			# mdadm
 			(
 				mkIf (fileSystems.mdadm != null)