diff --git a/config/btrfs-disko.nix b/config/btrfs-disko.nix
new file mode 100644
index 0000000..66331b6
--- /dev/null
+++ b/config/btrfs-disko.nix
@@ -0,0 +1,78 @@
+{
+  disko.devices = {
+    disk = {
+      nvme0n1 = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              label = "boot";
+              name = "ESP";
+              type = "EF00";
+              size = "512M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+
+            luks = {
+              size = "100%";
+              label = "luks";
+              content = {
+                type = "luks";
+                name = "cryptroot";
+                extraOpenArgs = [
+                  "--allow-discards"
+                  "--perf-no_read_workqueue"
+                  "--perf-no_write_workqueue"
+                ];
+                # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
+                settings = {crypttabExtraOpts = ["tpm2-device=auto" "token-timeout=10"];};
+                content = {
+                  type = "btrfs";
+                  extraArgs = ["-L" "nixos" "-f"];
+                  subvolumes = {
+                    "@root" = {
+                      mountpoint = "/";
+                      mountOptions = ["subvol=@root" "compress=zstd" "noatime"];
+                    };
+                    "@home" = {
+                      mountpoint = "/home";
+                      mountOptions = ["subvol=@home" "compress=zstd" "noatime"];
+                    };
+                    "@nix" = {
+                      mountpoint = "/nix";
+                      mountOptions = ["subvol=@nix" "compress=zstd" "noatime"];
+                    };
+                    "@persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = ["subvol=@persist" "compress=zstd" "noatime"];
+                    };
+                    "@log" = {
+                      mountpoint = "/var/log";
+                      mountOptions = ["subvol=@log" "compress=zstd" "noatime"];
+                    };
+                    "@snapshots" = {
+                    };
+                    "@swap" = {
+                      mountpoint = "/swap";
+                      swap.swapfile.size = "32G";
+                    };
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}
diff --git a/config/flake.nix b/config/flake.nix
index 51d663d..9e0f27e 100644
--- a/config/flake.nix
+++ b/config/flake.nix
@@ -20,7 +20,7 @@
     #   inputs.nixpkgs.follows = "nixpkgs"; # Use the same nixpkgs as the system
     # };
   };
-  outputs = inputs @ { self, nixpkgs, home-manager, ... }:
+  outputs = inputs @ { self, disko, nixpkgs, home-manager, ... }:
     let
       system = "x86_64-linux"; # Default system architecture
     in {
@@ -33,6 +33,7 @@
         modules = [
           ./configuration.nix
           home-manager.nixosModules.home-manager
+          disko.nixosModules.disko
           {
             home-manager.useGlobalPkgs = true; # Use global packages in home-manager
             home-manager.useUserPackages = true; # Use user packages in home-manager