diff --git a/configuration.nix b/configuration.nix
index 260f14e..f3b9b23 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -196,7 +196,6 @@
     pfetch-rs
 
     sbctl
-
   ];
 
   services.zfs = {
@@ -288,7 +287,6 @@
       "render"
       "postgres"
       "owntracks"
-      "immich"
     ];
     hashedPasswordFile = "/etc/nixos/secrets/hashedPass";
 
diff --git a/disk-config.nix b/disk-config.nix
new file mode 100644
index 0000000..2782928
--- /dev/null
+++ b/disk-config.nix
@@ -0,0 +1,33 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        # When using disko-install, we will overwrite this value from the commandline
+        device = "/dev/disk/by-id/some-disk-id";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              type = "EF00";
+              size = "500M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "f2fs";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/flake.nix b/flake.nix
index 8a93b37..5cf9db4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,11 @@
       url = "github:nix-community/home-manager/release-24.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
@@ -35,6 +40,7 @@
       nixpkgs-qbt,
       home-manager,
       lanzaboote,
+      disko,
       ...
     }@inputs:
     let
@@ -54,6 +60,7 @@
           ollama = 11434;
           bitmagnet = 3333;
           owntracks = 3825;
+          gitea = 2283;
         };
 
         https = {
@@ -108,6 +115,8 @@
         };
         modules =
           [
+            ./disk-config.nix
+            disko.nixosModules.disko
             ./configuration.nix
 
             vpn-confinement.nixosModules.default
diff --git a/services/caddy.nix b/services/caddy.nix
index 0c89c18..1ded345 100644
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -52,7 +52,7 @@ in
       "torrent.${service_configs.https.domain}".extraConfig = ''
         # tls internal
         ${import ../secrets/caddy_auth.nix}
-        reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString service_configs.ports.torrent}
+        reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString config.services.qbittorrent.webuiPort}
       '';
 
       "map.${service_configs.https.domain}".extraConfig = ''
diff --git a/services/gitea.nix b/services/gitea.nix
index 8c14677..013c2b4 100644
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -18,7 +18,7 @@
       server = {
         DOMAIN = service_configs.gitea.domain;
         ROOT_URL = "https://" + config.services.gitea.settings.server.DOMAIN;
-        HTTP_PORT = 3281;
+        HTTP_PORT = service_configs.ports.gitea;
         LANDING_PAGE = "/explore/repos";
       };
       session = {
diff --git a/services/immich.nix b/services/immich.nix
index 98226ed..9228ed5 100644
--- a/services/immich.nix
+++ b/services/immich.nix
@@ -2,6 +2,7 @@
   service_configs,
   pkgs,
   config,
+  username,
   ...
 }:
 {
@@ -28,4 +29,8 @@
     "video"
     "render"
   ];
+
+  users.users.${username}.extraGroups = [
+    config.services.immich.group
+  ];
 }