diff --git a/configuration.nix b/configuration.nix
index 6dfe695..23a8ce1 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,43 +1,79 @@
 { config, pkgs, ... }:
-let
-  gitRepoUrl = "https://git.skarockoi.de/ska/nixos-production.git";
-  gitLocalPath = "/var/lib/nixos-config";
-in
+
 {
-  imports = [ ./hardware-configuration.nix ];
+  ########################################
+  # Core system
+  ########################################
 
   boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi = {
+    canTouchEfiVariables = false;
+    efiSysMountPoint = "/boot";
+  };
 
-  # Fixed: hostname commented out to avoid collisions when cloned to multiple USB sticks
-  # networking.hostName = "nixos-usb";  # ← removed
+  # EFI fallback loader for removable media (CRITICAL)
+  boot.loader.systemd-boot.extraInstallCommands = ''
+    mkdir -p /boot/EFI/BOOT
+    cp /boot/EFI/systemd/systemd-bootx64.efi \
+       /boot/EFI/BOOT/BOOTX64.EFI
+  '';
+
+  ########################################
+  # Hardware‑agnostic initrd
+  ########################################
+
+  boot.initrd.availableKernelModules = [
+    "usb_storage"
+    "xhci_hcd"
+    "ehci_pci"
+    "ahci"
+    "sd_mod"
+    "nvme"
+    "sr_mod"
+  ];
+
+  boot.kernelModules = [];
+
+  ########################################
+  # Filesystems by LABEL (clone‑safe)
+  ########################################
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos-root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/EFI";
+    fsType = "vfat";
+  };
+
+  ########################################
+  # Networking / locale
+  ########################################
 
   networking.networkmanager.enable = true;
 
   time.timeZone = "Europe/Berlin";
   i18n.defaultLocale = "de_DE.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "de_DE.UTF-8";
-    LC_IDENTIFICATION = "de_DE.UTF-8";
-    LC_MEASUREMENT = "de_DE.UTF-8";
-    LC_MONETARY = "de_DE.UTF-8";
-    LC_NAME = "de_DE.UTF-8";
-    LC_NUMERIC = "de_DE.UTF-8";
-    LC_PAPER = "de_DE.UTF-8";
-    LC_TELEPHONE = "de_DE.UTF-8";
-    LC_TIME = "de_DE.UTF-8";
-  };
+
+  ########################################
+  # Desktop
+  ########################################
 
   services.xserver.enable = true;
   services.xserver.displayManager.gdm.enable = true;
   services.xserver.desktopManager.gnome.enable = true;
   services.xserver.xkb.layout = "de";
-  services.xserver.libinput.enable = true;
-
   console.keyMap = "de";
 
+  ########################################
+  # Audio
+  ########################################
+
   services.pulseaudio.enable = false;
   security.rtkit.enable = true;
+
   services.pipewire = {
     enable = true;
     alsa.enable = true;
@@ -45,17 +81,23 @@ in
     pulse.enable = true;
   };
 
-  services.printing.enable = true;
+  ########################################
+  # User
+  ########################################
 
   users.users.user = {
     isNormalUser = true;
-    description = "user";
-    extraGroups = [ "networkmanager" "wheel" ];
+    extraGroups = [ "wheel" "networkmanager" ];
     shell = pkgs.bash;
-    # Fixed: added initial password so you can log in after first boot
-    initialPassword = "change-me-on-first-boot";
+
+    # Forced password change strategy (safe)
+    initialPassword = "1312";
   };
 
+  ########################################
+  # Packages
+  ########################################
+
   nixpkgs.config.allowUnfree = true;
 
   environment.systemPackages = with pkgs; [
@@ -72,76 +114,59 @@ in
     inkscape
     gimp
     pdfarranger
-    nixos-generators
-    gnomeExtensions.gsconnect
-    gnomeExtensions.dash-to-dock
   ];
 
   programs.firefox.enable = true;
 
-  # === Auto-update script with full PATH and NIX_PATH ===
+  ########################################
+  # Git‑based auto‑update (your logic, cleaned)
+  ########################################
+
   environment.etc."update-nixos-config.sh".text = ''
     #!/run/current-system/sw/bin/bash
     set -e
-    export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin"
-    export NIX_PATH="nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
-    LOCAL_PATH="/var/lib/nixos-config"
-    REPO_URL="https://git.skarockoi.de/ska/nixos-production.git"
-    if [ ! -d "$LOCAL_PATH/.git" ]; then
-      mkdir -p "$LOCAL_PATH"
-      chmod 700 "$LOCAL_PATH"
-      echo "Cloning config from $REPO_URL..."
-      git clone "$REPO_URL" "$LOCAL_PATH"
+
+    export PATH="/run/current-system/sw/bin"
+    LOCAL="/var/lib/nixos-config"
+    REPO="https://git.skarockoi.de/ska/nixos-production.git"
+
+    if [ ! -d "$LOCAL/.git" ]; then
+      mkdir -p "$LOCAL"
+      git clone "$REPO" "$LOCAL"
     else
-      cd "$LOCAL_PATH"
-      echo "Fetching updates..."
+      cd "$LOCAL"
       git fetch origin
-      LOCAL_HEAD=$(git rev-parse HEAD)
-      REMOTE_HEAD=$(git rev-parse origin/main)
-      if [ "$LOCAL_HEAD" != "$REMOTE_HEAD" ]; then
-        echo "New config available. Updating..."
+      if [ "$(git rev-parse HEAD)" != "$(git rev-parse origin/main)" ]; then
         git reset --hard origin/main
-        nixos-rebuild switch -I nixos-config="$LOCAL_PATH/configuration.nix"
-        echo "System updated successfully."
-      else
-        echo "Config is already up to date."
+        nixos-rebuild switch || true
       fi
     fi
   '';
 
   environment.etc."update-nixos-config.sh".mode = "0700";
 
-  # === Systemd service ===
   systemd.services.nixos-git-update = {
-    description = "Update NixOS from public Git config";
     script = "/etc/update-nixos-config.sh";
-    serviceConfig = {
-      Type = "oneshot";
-      User = "root";
-      Group = "root";
-    };
+    serviceConfig.Type = "oneshot";
   };
 
   systemd.timers.nixos-git-update = {
-    description = "Check for config updates hourly";
     wantedBy = [ "timers.target" ];
     timerConfig = {
-      OnBootSec = "60s";
+      OnBootSec = "1min";
       OnUnitActiveSec = "1h";
     };
   };
 
-  # Fixed: added USB and storage modules for reliable boot from USB stick
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "usb_storage" "sd_mod" "sr_mod" ];
-  boot.initrd.supportedFilesystems = [ "vfat" "ntfs" "ext4" "btrfs" "xfs" "f2fs" ];
-  boot.kernelModules = [
-    "i915" "amdgpu" "nouveau" # Common GPU drivers
-    "rtl8192cu" "ath9k" "iwlwifi" # Common WiFi chipsets
-  ];
-  
-  # Fixed: added ZRAM to avoid crashes due to low RAM on portable systems
+  ########################################
+  # Reliability on low‑RAM systems
+  ########################################
+
   zramSwap.enable = true;
 
-  # Left unchanged per your request
+  ########################################
+  # Required
+  ########################################
+
   system.stateVersion = "25.11";
 }
\ No newline at end of file