diff --git a/hosts/server10/default.nix b/hosts/server10/default.nix
index 9f36b3da..bd6e1c5c 100644
--- a/hosts/server10/default.nix
+++ b/hosts/server10/default.nix
@@ -13,6 +13,7 @@
   };
 
   boot = {
+    initrd.availableKernelModules = [ "e1000e" ];
     loader.grub = lib.mkIf (!options?isoImage) {
       enable = true;
       device = "/dev/sda";
diff --git a/modules/baremetal.nix b/modules/baremetal.nix
index ccf950b5..0d9f80b4 100644
--- a/modules/baremetal.nix
+++ b/modules/baremetal.nix
@@ -15,22 +15,33 @@
     ];
 
     boot = {
-      initrd.network = {
-        enable = true;
-        ssh = {
+      initrd = {
+        # make sure to set availableKernelModules otherwise it won't work!
+        # the module can be found in a booted system by running `dmesg | rg "Link"` and looking at the first word after the date
+        network = {
           enable = true;
-          authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-          hostKeys = [
-            initrdEd2219Key
-            initrdRsaKey
-          ];
-          port = 4748;
+          ssh = {
+            enable = true;
+            authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
+            hostKeys = [
+              initrdEd2219Key
+              initrdRsaKey
+            ];
+            port = 4748;
+          };
+          postCommands = lib.mkIf (!config.boot.initrd.systemd.enable) ''
+            cat <<EOF > /root/.profile
+            cryptsetup-askpass
+            EOF
+          '';
+        };
+        systemd = {
+          enable = true;
+          inherit (config.systemd) network;
+          contents."/etc/profile".text = ''
+            systemd-tty-ask-password-agent
+          '';
         };
-        postCommands = ''
-          cat <<EOF > /root/.profile
-          cryptsetup-askpass
-          EOF
-        '';
       };
       kernelParams = [
         # "boot.shell_on_fail"