diff --git a/flake.lock b/flake.lock
index 2df0d7c..01cf86d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -56,6 +56,26 @@
         "type": "github"
       }
     },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1773889306,
+        "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems"
@@ -244,6 +264,7 @@
       "inputs": {
         "agentcomputer-cli": "agentcomputer-cli",
         "claudeCode": "claudeCode",
+        "disko": "disko",
         "googleworkspace-cli": "googleworkspace-cli",
         "home-manager": "home-manager",
         "nix-darwin": "nix-darwin",
diff --git a/flake.nix b/flake.nix
index 286cf57..4c38604 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "Rathi's macOS nix-darwin + Linux Home Manager config";
+  description = "Rathi's macOS nix-darwin + NixOS + Home Manager config";
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
@@ -36,6 +36,11 @@
     nix-homebrew = {
       url = "github:zhaofengli-wip/nix-homebrew";
     };
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = inputs @ {
@@ -53,6 +58,7 @@
     darwinConfigName = "darwin";
     darwinMachineHostname = "hari-macbook-pro";
     linuxConfigName = "linux";
+    linuxHostname = "rathi-vps";
     darwinPkgs = import nixpkgs {system = darwinSystem;};
     linuxPkgs = import nixpkgs {
       system = linuxSystem;
@@ -94,6 +100,30 @@
       ];
     };
 
+    nixosConfigurations.${linuxConfigName} = nixpkgs.lib.nixosSystem {
+      system = linuxSystem;
+      specialArgs = {
+        inherit inputs self username;
+        hostname = linuxHostname;
+      };
+      modules = [
+        inputs.disko.nixosModules.disko
+        ./hosts/${linuxConfigName}/configuration.nix
+        home-manager.nixosModules.home-manager
+        {
+          home-manager.useGlobalPkgs = true;
+          home-manager.useUserPackages = true;
+          home-manager.extraSpecialArgs = {
+            inherit inputs self username;
+            hostname = linuxHostname;
+          };
+          home-manager.backupFileExtension = "hm-bak";
+          home-manager.users.${username} = import ./home/linux.nix;
+        }
+      ];
+    };
+
+    # Standalone Home Manager config (fallback for non-NixOS Linux)
     homeConfigurations.${linuxConfigName} = home-manager.lib.homeManagerConfiguration {
       pkgs = linuxPkgs;
       extraSpecialArgs = {
diff --git a/home/zsh.nix b/home/zsh.nix
index bfad832..d3012de 100644
--- a/home/zsh.nix
+++ b/home/zsh.nix
@@ -39,20 +39,9 @@
         lg = "lazygit";
         nim = "nvim .";
         net = "rathiharivansh@152.53.195.59";
-
-        # nix helpers
-        nr = "nix profile remove"; # nr <index> - remove from profile
-        ns = "nix search nixpkgs"; # ns <query> - search packages
-        nls = "nix profile list"; # nls - list installed profile packages
     }
     // lib.optionalAttrs pkgs.stdenv.isDarwin {
       tailscale = "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
-      nrb = "sudo darwin-rebuild switch --flake path:$HOME/Documents/GitHub/nix#darwin"; # nrb - rebuild declarative config
-      nup = "nix flake update $HOME/Documents/GitHub/nix && sudo darwin-rebuild switch --flake path:$HOME/Documents/GitHub/nix#darwin"; # nup - update flake + rebuild
-    }
-    // lib.optionalAttrs pkgs.stdenv.isLinux {
-      nrb = "nix run github:nix-community/home-manager -- switch --flake path:$HOME/Documents/GitHub/nix#linux -b hm-bak"; # nrb - rebuild declarative config
-      nup = "nix flake update $HOME/Documents/GitHub/nix && nix run github:nix-community/home-manager -- switch --flake path:$HOME/Documents/GitHub/nix#linux -b hm-bak"; # nup - update flake + rebuild
     };
 
     envExtra =
diff --git a/hosts/linux/configuration.nix b/hosts/linux/configuration.nix
new file mode 100644
index 0000000..6096b72
--- /dev/null
+++ b/hosts/linux/configuration.nix
@@ -0,0 +1,85 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  username,
+  self,
+  ...
+}: let
+  packageSets = import ../../lib/package-sets.nix {inherit inputs lib pkgs;};
+in {
+  imports = [
+    ./hardware-configuration.nix
+    ./disk-config.nix
+  ];
+
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    device = "nodev";
+    configurationLimit = 5;
+  };
+
+  networking = {
+    hostName = "rathi-vps";
+    useDHCP = true;
+    firewall.allowedTCPPorts = [22 80 443];
+  };
+
+  services.qemuGuest.enable = true;
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "prohibit-password";
+      PasswordAuthentication = false;
+    };
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6tzq33IQcurWoQ7vhXOTLjv8YkdTGb7NoNsul3Sbfu rathi@mac"
+  ];
+
+  users.users.${username} = {
+    isNormalUser = true;
+    extraGroups = ["wheel"];
+    shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6tzq33IQcurWoQ7vhXOTLjv8YkdTGb7NoNsul3Sbfu rathi@mac"
+    ];
+  };
+
+  programs.zsh.enable = true;
+  environment.shells = [pkgs.zsh];
+
+  environment.variables = {
+    EDITOR = "nvim";
+    VISUAL = "nvim";
+  };
+
+  nix.settings = {
+    auto-optimise-store = true;
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    trusted-users = [
+      "root"
+      username
+    ];
+  };
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 14d";
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = packageSets.core ++ packageSets.extras;
+
+  system.configurationRevision = self.rev or self.dirtyRev or null;
+  system.stateVersion = "24.11";
+}
diff --git a/hosts/linux/disk-config.nix b/hosts/linux/disk-config.nix
new file mode 100644
index 0000000..b99297e
--- /dev/null
+++ b/hosts/linux/disk-config.nix
@@ -0,0 +1,32 @@
+{
+  disko.devices.disk.main = {
+    type = "disk";
+    device = "/dev/vda";
+    content = {
+      type = "gpt";
+      partitions = {
+        boot = {
+          size = "1M";
+          type = "EF02";
+        };
+        esp = {
+          size = "512M";
+          type = "EF00";
+          content = {
+            type = "filesystem";
+            format = "vfat";
+            mountpoint = "/boot";
+          };
+        };
+        root = {
+          size = "100%";
+          content = {
+            type = "filesystem";
+            format = "ext4";
+            mountpoint = "/";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/linux/hardware-configuration.nix b/hosts/linux/hardware-configuration.nix
new file mode 100644
index 0000000..c4f3529
--- /dev/null
+++ b/hosts/linux/hardware-configuration.nix
@@ -0,0 +1,26 @@
+# Generated placeholder for netcup KVM VPS.
+# Regenerate on the actual machine with: nixos-generate-config --show-hardware-config
+{
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "virtio_pci"
+    "virtio_scsi"
+    "ahci"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  virtualisation.hypervGuest.enable = false;
+
+  networking.useDHCP = lib.mkDefault true;
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}