diff --git a/docs/por/T036-vm-cluster-deployment/node01/configuration.nix b/docs/por/T036-vm-cluster-deployment/node01/configuration.nix
index 81ce7ad..7b29adb 100644
--- a/docs/por/T036-vm-cluster-deployment/node01/configuration.nix
+++ b/docs/por/T036-vm-cluster-deployment/node01/configuration.nix
@@ -41,7 +41,7 @@
       2381    # Chainfire Gossip
       2479    # FlareDB API
       2480    # FlareDB Raft
-      8080    # IAM API
+      3080    # IAM API
       8081    # PlasmaVMC API
       8082    # PrismNET API
       8053    # FlashDNS API
@@ -50,6 +50,7 @@
       8086    # K8sHost API
       9090    # Prometheus
       3000    # Grafana
+      3010    # CreditService API
     ];
   };
 
@@ -57,8 +58,20 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  # LVM support in initrd (systemd-based stage 1)
+  boot.initrd.systemd.enable = true;
+  boot.initrd.kernelModules = [ "dm-snapshot" "dm-mod" "dm-crypt" ];
+  boot.initrd.services.lvm.enable = true;
+
+  # Ensure LVM is available
+  services.lvm.enable = true;
+  services.lvm.boot.thin.enable = true;
+
+  # Additional LVM device waiting
+  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_blk" "virtio_scsi" "sd_mod" ];
+
   # Use traditional interface names (eth0, eth1) for QEMU compatibility
-  boot.kernelParams = [ "net.ifnames=0" "biosdevname=0" "console=ttyS0,115200n8" ];
+  boot.kernelParams = [ "net.ifnames=0" "biosdevname=0" "console=ttyS0,115200n8" "loglevel=4" ];
 
   # Haveged for entropy in VMs
   services.haveged.enable = true;
@@ -66,7 +79,10 @@
   # Enable PlasmaCloud services (control-plane profile)
   services.chainfire.enable = true;
   services.flaredb.enable = true;
-  services.iam.enable = true;
+  services.iam = {
+    enable = true;
+    port = 3080;  # Avoid conflict with Grafana on 3000
+  };
   services.plasmavmc.enable = true;
   services.prismnet.enable = true;
   services.flashdns.enable = true;
@@ -74,6 +90,7 @@
   services.lightningstor.enable = true;
   services.k8shost.enable = true;
   services.nightlight.enable = true;
+  services.creditservice.enable = true;
   services.cloud-observability.enable = true;
 
   # First-boot automation
diff --git a/docs/por/T036-vm-cluster-deployment/node02/configuration.nix b/docs/por/T036-vm-cluster-deployment/node02/configuration.nix
index edf0774..4548d18 100644
--- a/docs/por/T036-vm-cluster-deployment/node02/configuration.nix
+++ b/docs/por/T036-vm-cluster-deployment/node02/configuration.nix
@@ -41,7 +41,7 @@
       2381    # Chainfire Gossip
       2479    # FlareDB API
       2480    # FlareDB Raft
-      8080    # IAM API
+      3080    # IAM API
       8081    # PlasmaVMC API
       8082    # PrismNET API
       8053    # FlashDNS API
@@ -50,6 +50,7 @@
       8086    # K8sHost API
       9090    # Prometheus
       3000    # Grafana
+      3010    # CreditService API
     ];
   };
 
@@ -57,8 +58,20 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  # LVM support in initrd (systemd-based stage 1)
+  boot.initrd.systemd.enable = true;
+  boot.initrd.kernelModules = [ "dm-snapshot" "dm-mod" "dm-crypt" ];
+  boot.initrd.services.lvm.enable = true;
+
+  # Ensure LVM is available
+  services.lvm.enable = true;
+  services.lvm.boot.thin.enable = true;
+
+  # Additional LVM device waiting
+  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_blk" "virtio_scsi" "sd_mod" ];
+
   # Use traditional interface names (eth0, eth1) for QEMU compatibility
-  boot.kernelParams = [ "net.ifnames=0" "biosdevname=0" "console=ttyS0,115200n8" ];
+  boot.kernelParams = [ "net.ifnames=0" "biosdevname=0" "console=ttyS0,115200n8" "loglevel=4" ];
 
   # Haveged for entropy in VMs
   services.haveged.enable = true;
@@ -66,7 +79,10 @@
   # Enable PlasmaCloud services (control-plane profile)
   services.chainfire.enable = true;
   services.flaredb.enable = true;
-  services.iam.enable = true;
+  services.iam = {
+    enable = true;
+    port = 3080;  # Avoid conflict with Grafana on 3000
+  };
   services.plasmavmc.enable = true;
   services.prismnet.enable = true;
   services.flashdns.enable = true;
@@ -74,6 +90,7 @@
   services.lightningstor.enable = true;
   services.k8shost.enable = true;
   services.nightlight.enable = true;
+  services.creditservice.enable = true;
   services.cloud-observability.enable = true;
 
   # First-boot automation
diff --git a/docs/por/T036-vm-cluster-deployment/node03/configuration.nix b/docs/por/T036-vm-cluster-deployment/node03/configuration.nix
index ae38507..1c83c6d 100644
--- a/docs/por/T036-vm-cluster-deployment/node03/configuration.nix
+++ b/docs/por/T036-vm-cluster-deployment/node03/configuration.nix
@@ -41,7 +41,7 @@
       2381    # Chainfire Gossip
       2479    # FlareDB API
       2480    # FlareDB Raft
-      8080    # IAM API
+      3080    # IAM API
       8081    # PlasmaVMC API
       8082    # PrismNET API
       8053    # FlashDNS API
@@ -50,6 +50,7 @@
       8086    # K8sHost API
       9090    # Prometheus
       3000    # Grafana
+      3010    # CreditService API
     ];
   };
 
@@ -57,8 +58,20 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  # LVM support in initrd (systemd-based stage 1)
+  boot.initrd.systemd.enable = true;
+  boot.initrd.kernelModules = [ "dm-snapshot" "dm-mod" "dm-crypt" ];
+  boot.initrd.services.lvm.enable = true;
+
+  # Ensure LVM is available
+  services.lvm.enable = true;
+  services.lvm.boot.thin.enable = true;
+
+  # Additional LVM device waiting
+  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_blk" "virtio_scsi" "sd_mod" ];
+
   # Use traditional interface names (eth0, eth1) for QEMU compatibility
-  boot.kernelParams = [ "net.ifnames=0" "biosdevname=0" "console=ttyS0,115200n8" ];
+  boot.kernelParams = [ "net.ifnames=0" "biosdevname=0" "console=ttyS0,115200n8" "loglevel=4" ];
 
   # Haveged for entropy in VMs
   services.haveged.enable = true;
@@ -66,7 +79,10 @@
   # Enable PlasmaCloud services (control-plane profile)
   services.chainfire.enable = true;
   services.flaredb.enable = true;
-  services.iam.enable = true;
+  services.iam = {
+    enable = true;
+    port = 3080;  # Avoid conflict with Grafana on 3000
+  };
   services.plasmavmc.enable = true;
   services.prismnet.enable = true;
   services.flashdns.enable = true;
@@ -74,6 +90,7 @@
   services.lightningstor.enable = true;
   services.k8shost.enable = true;
   services.nightlight.enable = true;
+  services.creditservice.enable = true;
   services.cloud-observability.enable = true;
 
   # First-boot automation
diff --git a/nix/modules/creditservice.nix b/nix/modules/creditservice.nix
index fcb8174..9d23887 100644
--- a/nix/modules/creditservice.nix
+++ b/nix/modules/creditservice.nix
@@ -2,27 +2,22 @@
 
 let
   cfg = config.services.creditservice;
+  chainfireCfg = config.services.chainfire;
 in
 {
   options.services.creditservice = {
     enable = lib.mkEnableOption "creditservice service";
 
-    port = lib.mkOption {
+    grpcPort = lib.mkOption {
       type = lib.types.port;
       default = 3010;
       description = "Port for creditservice gRPC API";
     };
 
-    dataDir = lib.mkOption {
-      type = lib.types.path;
-      default = "/var/lib/creditservice";
-      description = "Data directory for creditservice";
-    };
-
-    settings = lib.mkOption {
-      type = lib.types.attrs;
-      default = {};
-      description = "Additional configuration settings";
+    httpPort = lib.mkOption {
+      type = lib.types.port;
+      default = 3011;
+      description = "Port for creditservice HTTP REST API";
     };
 
     package = lib.mkOption {
@@ -38,7 +33,6 @@ in
       isSystemUser = true;
       group = "creditservice";
       description = "CreditService quota/billing user";
-      home = cfg.dataDir;
     };
 
     users.groups.creditservice = {};
@@ -47,8 +41,12 @@ in
     systemd.services.creditservice = {
       description = "CreditService Quota and Billing Management";
       wantedBy = [ "multi-user.target" ];
-      after = [ "network.target" "chainfire.service" "nightlight.service" ];
-      wants = [ "chainfire.service" "nightlight.service" ];
+      after = [ "network.target" "chainfire.service" ];
+      wants = [ "chainfire.service" ];
+
+      environment = {
+        CREDITSERVICE_CHAINFIRE_ENDPOINT = "http://127.0.0.1:${toString chainfireCfg.port}";
+      };
 
       serviceConfig = {
         Type = "simple";
@@ -57,19 +55,14 @@ in
         Restart = "on-failure";
         RestartSec = "10s";
 
-        # State directory management
-        StateDirectory = "creditservice";
-        StateDirectoryMode = "0750";
-
         # Security hardening
         NoNewPrivileges = true;
         PrivateTmp = true;
         ProtectSystem = "strict";
         ProtectHome = true;
-        ReadWritePaths = [ cfg.dataDir ];
 
         # Start command
-        ExecStart = "${cfg.package}/bin/creditservice-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}";
+        ExecStart = "${cfg.package}/bin/creditservice-server --listen-addr 0.0.0.0:${toString cfg.grpcPort} --http-addr 127.0.0.1:${toString cfg.httpPort}";
       };
     };
   };