diff --git a/.sops.yaml b/.sops.yaml
index 9ad1fd3..c85cd92 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,9 +9,9 @@ keys:
   - &users:
     - &dev age14d55nfxlzm8t2yzplxpprygxmt99javafz9a8dh5llu87aww4qlswf6g0c
   - &hosts:
-      - &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
-      - &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
-      - &blobercraft age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
+    - &dev-vm age1rjtqzmywfr3zuzz0cn8eqnwp3x8ypzya9gcv6kvtplhudar5eayqq83ey4
+    - &crayon age1pnu4tkdxfcnefntdw262k4m8wuv3qe2894s4e6w5j8yshg8vlu6q9uq5tv
+    - &blobercraft age167gn88rldpmqmjhm9nl0gv05ms4tn37jx2nxwklfvs3xymfp9y7sa8vurh
 creation_rules:
   - path_regex: secrets.yaml$
     key_groups:
diff --git a/Makefile b/Makefile
index 45bd70b..5b88ecc 100644
--- a/Makefile
+++ b/Makefile
@@ -1,25 +1,35 @@
 IP ?=
 HOST ?=
-deploy:
-	# push flake config to a remote server
+init:
 ifeq ($(IP),)
 	$(error IP not set)
 endif
 ifeq ($(HOST),)
 	$(error HOST not set)
 endif
+	nix run github:nix-community/nixos-anywhere -- --flake .#$(HOST) --generate-hardware-config nixos-generate-config ./hosts/$(HOST)/hardware-configuration.nix --target-host nixos@$(IP)
+
+deploy:
+	# no impurity allowed
 ifneq ($(shell git diff),)
 	git add .
 	git commit -m "auto commit on build" -m "`PAGER=cat git diff --name-only --cached`"
 endif
-	rsync -azr ./ crown@$(IP):~/flake-config
-	ssh crown@$(IP) "sudo NIX_CONFIG='experimental-features = flakes pipe-operators' nixos-rebuild switch --flake ~/flake-config#$(HOST)"
+	# push flake config to a remote server(s)
+	nix run github:serokell/deploy-rs .
 
 sops:
-	# update sops keys
+	# For setting up a new host: to generate a sops key from an existing ssh key
+	# just run `cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age` and then add
+	# that to the .sops.yaml file
 	sops updatekeys secrets.yaml
 
 .DEFAULT_GOAL := default
-.PHONY: default deploy sops
+.PHONY: default deploy init sops
 default:
-	# noop
+	# This is my tiny makefile to create new machines and update existing ones
+	# it requires you to have nix and sops installed to correctly setup a new
+	# system and nix to deploy to an existing one.
+	#
+	# I'm not using just cause I've already got make installed everywhere and I
+	# know how to use it.
diff --git a/flake.lock b/flake.lock
index 16d09e0..a294fa1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -22,6 +22,64 @@
         "type": "github"
       }
     },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1762286984,
+        "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1764017209,
+        "narHash": "sha256-RoJGCtKExXXkNCZUmmxezG3eOczEOTBw38DaZGSYJC0=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "ec8eabe00c4ee9a2ddc50162c125f0ec2a7099e1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "nid": {
       "inputs": {
         "nixpkgs": [
@@ -60,6 +118,8 @@
     "root": {
       "inputs": {
         "declarative-jellyfin": "declarative-jellyfin",
+        "deploy-rs": "deploy-rs",
+        "disko": "disko",
         "nid": "nid",
         "nixpkgs": "nixpkgs",
         "sops-nix": "sops-nix",
@@ -100,6 +160,21 @@
         "type": "indirect"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
@@ -135,6 +210,24 @@
         "ref": "nixos-unstable",
         "type": "indirect"
       }
+    },
+    "utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 074a76f..c04931b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,6 +12,12 @@
 
     declarative-jellyfin.url = "github:Sveske-Juice/declarative-jellyfin";
     declarative-jellyfin.inputs.nixpkgs.follows = "nixpkgs";
+
+    deploy-rs.url = "github:serokell/deploy-rs";
+    deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
+
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
   };
   outputs = { self, nixpkgs, unstable, ... }@inputs: let
     base = [
@@ -34,6 +40,8 @@
       # use comma just in case I need to do some sysadmin stuff
       inputs.nid.nixosModules.nix-index
       { programs.nix-index-database.comma.enable = true; }
+      # disko for completly declarative machines
+      inputs.disko.nixosModules.disko
     ];
 
     # ts so DRY it makes me wanna cry
@@ -47,11 +55,30 @@
           ] ++ modules;
         }
       )) <| hosts;
+
+    mkNodes = nodes:
+      (builtins.mapAttrs (name: options:
+        nixpkgs.lib.attrsets.recursiveUpdate {
+          hostname = name;
+          profiles.system = {
+            user = "root";
+            sshUser = "crown";
+            path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${name};
+          };
+        } options
+      )) <| nodes;
   in {
     # define all of my machines
     nixosConfigurations = mkHosts {
       blobercraft = [];
       crayon = [];
     };
+
+    # and where they get deployed to
+    deploy.nodes = mkNodes {
+      crayon = { hostname = "squi.bid"; };
+    };
+
+    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;
   };
 }
diff --git a/hosts/blobercraft/default.nix b/hosts/blobercraft/default.nix
index 07474e3..5c2ca18 100644
--- a/hosts/blobercraft/default.nix
+++ b/hosts/blobercraft/default.nix
@@ -1,6 +1,10 @@
-{ ... }:
+{ modulesPath, ... }:
 {
   imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disko.nix
+
     ./hardware-configuration.nix # Include the results of the hardware scan.
     ./jellyfin.nix
     ./minecraft.nix
diff --git a/hosts/blobercraft/disko.nix b/hosts/blobercraft/disko.nix
new file mode 100644
index 0000000..b6dd767
--- /dev/null
+++ b/hosts/blobercraft/disko.nix
@@ -0,0 +1,36 @@
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.main = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            size = "1M";
+            type = "EF02"; # for grub MBR
+          };
+          ESP = {
+            size = "1G";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = [ "umask=0077" ];
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/blobercraft/hardware-configuration.nix b/hosts/blobercraft/hardware-configuration.nix
index 1e3ab01..87a58d7 100644
--- a/hosts/blobercraft/hardware-configuration.nix
+++ b/hosts/blobercraft/hardware-configuration.nix
@@ -13,19 +13,6 @@
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/59b4c37b-b8c6-4b95-96af-e343161381bb";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/E8A3-780D";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
diff --git a/modules/os.nix b/modules/os.nix
index 5b49310..e30e6df 100644
--- a/modules/os.nix
+++ b/modules/os.nix
@@ -4,6 +4,7 @@
     settings = {
       experimental-features = [ "nix-command" "flakes" "pipe-operators" ];
       auto-optimise-store = true;
+      trusted-users = [ "@wheel" ];
     };
     gc = {
       dates = "weekly";