diff --git a/hosts/i001/hardware-mounts.nix b/hosts/i001/hardware-mounts.nix
index 12cd1423..1d6bf6fd 100644
--- a/hosts/i001/hardware-mounts.nix
+++ b/hosts/i001/hardware-mounts.nix
@@ -34,6 +34,8 @@ lib.mkMerge [
       fsType = "bcachefs";
       options = [
         "X-mount.subdir=@root"
+        # "x-systemd.requires=unlock-bcachefs-custom.service"
+        # "x-systemd.after=unlock-bcachefs-custom.service"
       ];
     };
     fileSystems."/nix" = {
@@ -62,6 +64,8 @@ lib.mkMerge [
         "X-mount.mkdir"
         "X-mount.subdir=@persist"
       ];
+      # NOTE for impermanence
+      # neededForBoot = true;
     };
   }
   # SWAP (optional)
@@ -226,19 +230,23 @@ lib.mkMerge [
     boot.initrd.systemd.services.bcachefs-reset-root = {
       description = "Reset bcachefs root subvolume before pivot";
 
+      # We want this to run after we've ATTEMPTED to unlock,
+      # but strictly BEFORE the real root is mounted at /sysroot
       after = [
         "initrd-root-device.target"
         "cryptsetup.target"
         "unlock-bcachefs-custom.service"
       ];
+
+      # This is the most important part: prevent sysroot from mounting until we are done resetting it
+      before = [
+        "sysroot.mount"
+      ];
+
       requires = [
         primaryDeviceUnit
         "unlock-bcachefs-custom.service"
       ];
-
-      before = [
-        "sysroot.mount"
-      ];
       wantedBy = [
         "initrd-root-fs.target"
         "sysroot.mount"
@@ -247,7 +255,6 @@ lib.mkMerge [
 
       serviceConfig = {
         Type = "oneshot";
-        RemainAfterExit = true;
         KeyringMode = "shared";
         # Environment = "PATH=${
         #   lib.makeBinPath [
@@ -258,10 +265,10 @@ lib.mkMerge [
 
       script = ''
         cleanup() {
-            if [[ ! -e /primary_tmp/@root ]]; then
-                echo "Cleanup: Creating new @root"
-                bcachefs subvolume create /primary_tmp/@root
-            fi
+            # if [[ ! -e /primary_tmp/@root ]]; then
+            #     echo "Cleanup: Creating new @root"
+            #     bcachefs subvolume create /primary_tmp/@root
+            # fi
             echo "Cleanup: Unmounting /primary_tmp"
             umount /primary_tmp || true
         }
@@ -273,20 +280,21 @@ lib.mkMerge [
         echo "Mounting ${PRIMARY}..."
         if ! mount "${PRIMARY}" /primary_tmp; then
             echo "Mount failed. Cannot reset root."
-            exit 1
+            # TODO change to exit 1
+            exit 0
         fi
 
         if [[ -e /primary_tmp/@root ]]; then
             mkdir -p /primary_tmp/@snapshots/old_roots
             
             # Use safe timestamp format (dashes instead of colons)
-            timestamp=$(date "+%Y-%m-%d_%H-%M-%S")
-            snap="/primary_tmp/@snapshots/old_roots/$timestamp"
-            echo "Snapshotting @root to $snap"
-            bcachefs subvolume snapshot /primary_tmp/@root "$snap"
+            timestamp=$(date --date="@$(stat -c %Y /primary_tmp/@root)" "+%Y-%m-%d_%H-%M-%S")
             
-            echo "Deleting current @root"
-            bcachefs subvolume delete /primary_tmp/@root
+            echo "Snapshotting @root to .../$timestamp"
+            bcachefs subvolume snapshot /primary_tmp/@root "/primary_tmp/@snapshots/old_roots/$timestamp"
+            
+            # echo "Deleting current @root"
+            # bcachefs subvolume delete /primary_tmp/@root
         fi
 
         # Trap handles creating new root and unmount