diff --git a/extras/disk-config.nix b/extras/disk-config.nix
new file mode 100644
index 0000000..300be8a
--- /dev/null
+++ b/extras/disk-config.nix
@@ -0,0 +1,38 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          esp = {
+            name = "ESP";
+            start = "1M";
+            end = "128M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              mountpoint = "/";
+              mountOptions = ["noatime" "compress-force=zstd:3" "discard=async"];
+              subvolumes = {
+                "/home" = {
+                  mountpoint = "/home";
+                  mountOptions = ["noatime" "compress-force=zstd:3" "discard=async"];
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/extras/gaming.nix b/extras/gaming.nix
index b41c42c..d244fb7 100644
--- a/extras/gaming.nix
+++ b/extras/gaming.nix
@@ -22,8 +22,11 @@ in {
     protonup-qt
     r2modman
     wine
+    temurin-jre-bin-17
   ];
 
+  networking.firewall.allowedTCPPorts = [25565];
+
   programs.steam = {
     enable = true;
     # remotePlay.openFirewall = true;
diff --git a/extras/minecraft-server.nix b/extras/minecraft-server.nix
new file mode 100644
index 0000000..31931ee
--- /dev/null
+++ b/extras/minecraft-server.nix
@@ -0,0 +1,6 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    temurin-jre-bin-17
+  ];
+  networking.firewall.allowedTCPPorts = [25565];
+}
diff --git a/flake.lock b/flake.lock
index 0463c62..34cb6ac 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,26 @@
         "type": "github"
       }
     },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1717378144,
+        "narHash": "sha256-gwx3rVXnt2jNxl8L2DybYv41fA8QhWVGebe932pa2nw=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "39cd5a1fcd6d7a476eac2894b09122ead99f6efc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -206,6 +226,7 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "disko": "disko",
         "home-manager": "home-manager_2",
         "nixos-cosmic": "nixos-cosmic",
         "nixos-hardware": "nixos-hardware",
diff --git a/flake.nix b/flake.nix
index aee2923..c4769ca 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,6 +8,10 @@
       url = "github:ryantm/agenix";
       inputs.darwin.follows = "";
     };
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     home-manager = {
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -44,6 +48,7 @@
     nixpkgs,
     nixos-hardware,
     agenix,
+    disko,
     home-manager,
     plasma-manager,
     # helix,
@@ -103,6 +108,18 @@
           ./extras/uwuraid.nix
         ];
       };
+      NOserver-minecraft = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = {inherit inputs;};
+        modules = [
+          agenix.nixosModules.default
+          disko.nixosModules.disko
+          {disko.devices.disk.disk1.device = "/dev/vda";}
+          ./systems/NOserver.nix
+          ./extras/disk-config.nix
+          ./extras/minecraft-server.nix
+        ];
+      };
     };
   };
 }
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index cdadc48..39c2f85 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,4 +1,5 @@
 let
+  # get these from /etc/ssh
   NOcomputer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPv53GM1uDDOdRxIlHmpf6x2y13yT5bFDNyrgDGLAR1l";
   NOlaptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFACYTHNr0dgtTe8cb6q+NwI1KaKJmNsUrnz5/8ZDvH";
   NOmom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdPvIo0P00I27i9XQFngsklw/dSyoFs7EgRt7RvkbSq";
diff --git a/systems/NOserver.nix b/systems/NOserver.nix
new file mode 100644
index 0000000..a63cbb0
--- /dev/null
+++ b/systems/NOserver.nix
@@ -0,0 +1,80 @@
+{
+  config,
+  inputs,
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [
+    bat
+    bottom
+    cifs-utils
+    du-dust
+    exfatprogs
+    fastfetch
+    git
+    helix
+    inputs.agenix.packages.${pkgs.system}.default
+    ouch
+    pueue
+    ripgrep
+    rustdesk
+    skim
+    tree
+    # wezterm
+    wget
+    zstd
+    zellij
+  ];
+
+  services.openssh.enable = true;
+  networking.networkmanager.enable = true;
+  services.tailscale.enable = true;
+  services.resolved.enable = true;
+
+  security.sudo-rs.enable = true;
+  security.sudo.enable = false;
+  users.users.mc = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+    shell = pkgs.nushell;
+  };
+
+  environment.variables = {
+    EDITOR = "hx";
+    VISUAL = "hx";
+    PAGER = "bat";
+    SKIM_DEFAULT_COMMAND = "rg --files";
+  };
+
+  time.timeZone = lib.mkDefault "US/Pacific";
+
+  zramSwap = {
+    enable = true;
+    algorithm = "zstd";
+  };
+
+  boot.loader.systemd-boot.enable = lib.mkDefault true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkDefault true;
+  boot.loader.timeout = lib.mkForce 1;
+  boot.supportedFilesystems = ["btrfs"];
+  boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.kernelModules = ["kvm-intel"];
+
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  nix.settings = {
+    experimental-features = "nix-command flakes";
+    auto-optimise-store = true;
+    trusted-users = ["root" "@wheel"];
+  };
+  nixpkgs.config = {allowUnfree = true;};
+
+  networking.hostName = "NOserver-minecraft";
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  system.stateVersion = lib.mkDefault "23.05";
+}
diff --git a/users/tao.nix b/users/tao.nix
index 9088fcf..2bcb7ef 100644
--- a/users/tao.nix
+++ b/users/tao.nix
@@ -135,7 +135,6 @@
     KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
   '';
 
-  # obs virtual camera
   boot.extraModulePackages = with config.boot.kernelPackages; [
     v4l2loopback
   ];
diff --git a/users/tao/nushell/stuff.nu b/users/tao/nushell/stuff.nu
index bed2d8a..fa099e0 100644
--- a/users/tao/nushell/stuff.nu
+++ b/users/tao/nushell/stuff.nu
@@ -74,6 +74,7 @@ def tse [exit_node: string = ""] {
   } else {
     tailscale set --exit-node $exit_node
   }
+  sleep 5sec
   http get https://am.i.mullvad.net/json
 }
 def tsp [] {
diff --git a/users/vy.nix b/users/vy.nix
index 3ce9f53..7b5c480 100644
--- a/users/vy.nix
+++ b/users/vy.nix
@@ -35,4 +35,8 @@
     isNormalUser = true;
     extraGroups = ["wheel" "audio" "video"];
   };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKLOGhoTauV+yBide0qYQzZ/0rRw7ImfrOTvuZxjIFl"
+  ];
 }