diff --git a/hosts/phoenix.lewd.wtf/services/zfs.nix b/hosts/phoenix.lewd.wtf/services/zfs.nix
index 3d6b800..53ea239 100644
--- a/hosts/phoenix.lewd.wtf/services/zfs.nix
+++ b/hosts/phoenix.lewd.wtf/services/zfs.nix
@@ -6,23 +6,21 @@ let
 in
 {
   # ZFS remote unlocking
-  boot.initrd.systemd.enable = true;
   boot.initrd.availableKernelModules = [ "igb" ];
   boot.kernelParams = [
     "ip=192.168.0.42::192.168.0.1:255.255.252.0:phoenix-initrd:eno2:off:192.168.0.1"
   ];
-  boot.initrd.network = {
-    enable = true;
-    ssh = {
-       enable = true;
-       port = 2222;
-       hostKeys = [
-         /boot-1/initrd-ssh-key
-         /boot-2/initrd-ssh-key
-       ];
-       authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-    };
-    postCommands = ''
+  boot.initrd.systemd.services.zfsunlock = {
+    description = "Unlock ZFS pools";
+    wantedBy = [
+      "initrd.target"
+    ];
+    before = [
+      "zfs-import-zroot.service"
+    ];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
       cat <<EOF > /root/.profile
       if pgrep -x "zfs" > /dev/null
       then
@@ -38,6 +36,18 @@ in
       EOF
     '';
   };
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+       enable = true;
+       port = 2222;
+       hostKeys = [
+         /boot-1/initrd-ssh-key
+         /boot-2/initrd-ssh-key
+       ];
+       authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
+    };
+  };
 
   # ZFS options from https://nixos.wiki/wiki/NixOS_on_ZFS
   networking.hostId = "42069420";