diff --git a/nix/homelab/flake.lock b/nix/homelab/flake.lock
index 479be5a..b506081 100644
--- a/nix/homelab/flake.lock
+++ b/nix/homelab/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743598667,
-        "narHash": "sha256-ViE7NoFWytYO2uJONTAX35eGsvTYXNHjWALeHAg8OQY=",
+        "lastModified": 1766150702,
+        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "329d3d7e8bc63dd30c39e14e6076db590a6eabe6",
+        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
         "type": "github"
       },
       "original": {
@@ -22,16 +22,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1743964447,
-        "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=",
+        "lastModified": 1766201043,
+        "narHash": "sha256-eplAP+rorKKd0gNjV3rA6+0WMzb1X1i16F5m5pASnjA=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8",
+        "rev": "b3aad468604d3e488d627c0b43984eb60e75e782",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-unstable",
+        "ref": "nixos-25.11",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/nix/homelab/flake.nix b/nix/homelab/flake.nix
index df4fcdc..6dfd511 100644
--- a/nix/homelab/flake.nix
+++ b/nix/homelab/flake.nix
@@ -11,6 +11,7 @@
     inputs@{
       nixpkgs,
       disko,
+      ...
     }:
     let
       nodes = [
@@ -33,11 +34,17 @@
               inherit inputs;
             };
             modules = [
+              {
+                networking.firewall.enable = false;
+                nix.settings.experimental-features = [
+                  "nix-command"
+                  "flakes"
+                ];
+              }
               disko.nixosModules.disko
               ../modules/keys.nix
               ./nodes/${node.name}/configuration.nix
               ./nodes/${node.name}/hardware-configuration.nix
-              ./nodes/${node.name}/disk-config.nix
             ];
           };
         }) nodes
diff --git a/nix/homelab/helm/helmfile.yaml b/nix/homelab/helm/helmfile.yaml
index 300a705..c7213b6 100644
--- a/nix/homelab/helm/helmfile.yaml
+++ b/nix/homelab/helm/helmfile.yaml
@@ -5,15 +5,9 @@ repositories:
     url: https://jellyfin.github.io/jellyfin-helm
 
 releases:
-  - name: longhorn
-    namespace: longhorn-system
-    chart: longhorn/longhorn
-    version: 1.8.1
-    values:
-      - values/longhorn-values.yaml
   - name: jellyfin
     namespace: media
     chart: jellyfin/jellyfin
-    version: 2.3.0
+    version: 2.7.0
     values:
       - values/jellyfin.yaml
diff --git a/nix/homelab/helm/values/jellyfin.yaml b/nix/homelab/helm/values/jellyfin.yaml
index 186e762..f79cd1a 100644
--- a/nix/homelab/helm/values/jellyfin.yaml
+++ b/nix/homelab/helm/values/jellyfin.yaml
@@ -1,13 +1,5 @@
-ingress:
-  enabled: true
-  anontations:
-    traefik.ingress.kubernetes.io/router.entrypoints: web
-  hosts:
-    - host: jellyfin.local
-      paths:
-      - path: /
-        pathType: ImplementationSpecific
-
 persistence:
+  config:
+    size: 5gi
   media:
-    size: 10Gi
+    size: 5Gi
diff --git a/nix/homelab/helm/values/longhorn-values.yaml b/nix/homelab/helm/values/longhorn-values.yaml
deleted file mode 100644
index 8e13b4d..0000000
--- a/nix/homelab/helm/values/longhorn-values.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-ingress:
-  enabled: true
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: "web"
-  host: longhorn.local
-  path: /
diff --git a/nix/homelab/helm/kustomize/kustomization.yaml b/nix/homelab/kustomize/kustomization.yaml
similarity index 100%
rename from nix/homelab/helm/kustomize/kustomization.yaml
rename to nix/homelab/kustomize/kustomization.yaml
diff --git a/nix/homelab/helm/kustomize/longhorn/ingress.yaml b/nix/homelab/kustomize/longhorn/ingress.yaml
similarity index 100%
rename from nix/homelab/helm/kustomize/longhorn/ingress.yaml
rename to nix/homelab/kustomize/longhorn/ingress.yaml
diff --git a/nix/homelab/nodes/kube/configuration.nix b/nix/homelab/nodes/kube/configuration.nix
index cd2d451..abedf71 100644
--- a/nix/homelab/nodes/kube/configuration.nix
+++ b/nix/homelab/nodes/kube/configuration.nix
@@ -8,13 +8,14 @@
 
 {
   imports = [
+    ./disk-config.nix
   ];
 
   boot.loader.grub = {
     enable = true;
     efiSupport = true;
     efiInstallAsRemovable = true;
-    device = "/dev/nvme0n1";
+    device = "/dev/vda";
   };
 
   networking.hostName = meta.hostname;
@@ -31,10 +32,10 @@
     role = "server";
     tokenFile = /var/lib/rancher/k3s/server/token;
     clusterInit = true;
-    extraFlags = toString ([
+    extraFlags = toString [
       "--write-kubeconfig-mode \"0644\""
-      "--disable local-storage"
-    ]);
+      # "--disable local-storage"
+    ];
   };
 
   services.openiscsi = {
diff --git a/nix/homelab/nodes/kube/disk-config.nix b/nix/homelab/nodes/kube/disk-config.nix
index 703357f..0e7793f 100644
--- a/nix/homelab/nodes/kube/disk-config.nix
+++ b/nix/homelab/nodes/kube/disk-config.nix
@@ -2,11 +2,15 @@
   disko.devices = {
     disk = {
       disk1 = {
-        device = "/dev/nvme0n1";
+        device = "/dev/vda";
         type = "disk";
         content = {
           type = "gpt";
           partitions = {
+            boot = {
+              type = "EF02";
+              size = "1M";
+            };
             ESP = {
               type = "EF00";
               size = "1G";
diff --git a/nix/homelab/nodes/kube/hardware-configuration.nix b/nix/homelab/nodes/kube/hardware-configuration.nix
index e128e8b..0b8a25b 100644
--- a/nix/homelab/nodes/kube/hardware-configuration.nix
+++ b/nix/homelab/nodes/kube/hardware-configuration.nix
@@ -1,34 +1,17 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [ ];
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
 
-  boot.initrd.availableKernelModules = [
-    "ata_piix"
-    "uhci_hcd"
-    "ehci_pci"
-    "nvme"
-    "sr_mod"
-  ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ ];
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens33.useDHCP = lib.mkDefault true;
-
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
diff --git a/nix/modules/commonPackages.nix b/nix/modules/commonPackages.nix
index a7f5f64..da7138f 100644
--- a/nix/modules/commonPackages.nix
+++ b/nix/modules/commonPackages.nix
@@ -73,6 +73,7 @@
       alsa-lib
       waypipe
       tea
+      kubectl
     ];
     programs.nix-ld.enable = lib.mkDefault true;
     programs.zsh.enable = lib.mkDefault true;
diff --git a/nix/users/luca/zsh.nix b/nix/users/luca/zsh.nix
index e06eac3..c1c4ff4 100644
--- a/nix/users/luca/zsh.nix
+++ b/nix/users/luca/zsh.nix
@@ -23,6 +23,7 @@ in
     export PATH="$GOBIN:$PATH"
     export PATH="$HOME/.cache/.bun/bin:$PATH"
     alias cat="bat"
+    alias k="kubectl"
   ''
   + "\n"
   + aliases;