diff --git a/config/default.nix b/config/default.nix
index 43312436..3ffed333 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -63,9 +63,7 @@
       git
       htop
       iotop
-      lshw
       mtr
-      pciutils # lscpi
       pv
       ripgrep
       screen
diff --git a/flake.nix b/flake.nix
index a6393d98..1db634f4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -744,6 +744,7 @@
             ./modules/audio-server.nix
             ./modules/autoupdate.nix
             ./modules/backup.nix
+            ./modules/baremetal.nix
             ./modules/c3d2.nix
             ./modules/disko.nix
             ./modules/nncp.nix
diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix
index 45677bed..e7fb288a 100644
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, libS, pkgs, ssh-public-keys, ... }:
+{ config, lib, libS, pkgs, ... }:
 
 let
   cachePort = 5000;
@@ -8,10 +8,12 @@ in
     ./hardware-configuration.nix
     ./network.nix
     ./updater.nix
-    ../../modules/c3d2.nix
   ];
 
-  c3d2.hq.statistics.enable = true;
+  c3d2 = {
+    baremetal = true;
+    hq.statistics.enable = true;
+  };
 
   boot = {
     tmpOnTmpfs = true;
@@ -241,8 +243,6 @@ in
 
     resolved.enable = false;
 
-    smartd.enable = true;
-
     zfs.trim.enable = true;
   };
 
diff --git a/hosts/server10/default.nix b/hosts/server10/default.nix
index bda4b9b8..68dd6002 100644
--- a/hosts/server10/default.nix
+++ b/hosts/server10/default.nix
@@ -8,6 +8,7 @@
   ];
 
   c3d2 = {
+    baremetal = true;
     deployment.microvmBaseZfsDataset = "server10/vm";
     hq.statistics.enable = true;
   };
@@ -37,16 +38,11 @@
     hostId = "10101010";
   };
 
-  services = {
-    openssh.enable = true;
-    smartd.enable = true;
-
-    # reserve resources for legacy MicroVMs
-    nomad.settings.client.reserved = {
-      cpu = 4200;
-      # see /sys/fs/cgroup/system.slice/system-microvm.slice/memory.current
-      memory = 28 * 1024;
-    };
+  # reserve resources for legacy MicroVMs
+  services.nomad.settings.client.reserved = {
+    cpu = 4200;
+    # see /sys/fs/cgroup/system.slice/system-microvm.slice/memory.current
+    memory = 28 * 1024;
   };
 
   simd.arch = "ivybridge";
diff --git a/hosts/server7/default.nix b/hosts/server7/default.nix
index 712a31ff..b33322b2 100644
--- a/hosts/server7/default.nix
+++ b/hosts/server7/default.nix
@@ -6,6 +6,7 @@
   ];
 
   c3d2 = {
+    baremetal = true;
     # deployment.microvmBaseZfsDataset = "tank/storage";
     hq.statistics.enable = true;
   };
@@ -26,10 +27,6 @@
     hostId = "07070707";
   };
 
-  services = {
-    smartd.enable = true;
-  };
-
   simd.arch = "ivybridge"; # E5-2690 v2
 
   sops = {
diff --git a/hosts/server8/default.nix b/hosts/server8/default.nix
index e3c25da6..203eedfb 100644
--- a/hosts/server8/default.nix
+++ b/hosts/server8/default.nix
@@ -6,6 +6,7 @@
   ];
 
   c3d2 = {
+    baremetal = true;
     # deployment.microvmBaseZfsDataset = "tank/storage";
     hq.statistics.enable = true;
   };
@@ -48,15 +49,11 @@
       };
     };
 
-    openssh.enable = true;
-
     restic.server = {
       enable = true;
       listenAddress = "127.0.0.1:8080";
       privateRepos = true;
     };
-
-    smartd.enable = true;
   };
 
   simd.arch = "westmere";
diff --git a/hosts/server9/default.nix b/hosts/server9/default.nix
index f4ebc33d..0baa94cf 100644
--- a/hosts/server9/default.nix
+++ b/hosts/server9/default.nix
@@ -6,6 +6,7 @@
   ];
 
   c3d2 = {
+    baremetal = true;
     deployment.microvmBaseZfsDataset = "tank/storage";
     hq.statistics.enable = true;
   };
@@ -33,15 +34,10 @@
   # required by libvirtd
   security.polkit.enable = true;
 
-  services = {
-    openssh.enable = true;
-    smartd.enable = true;
-
-    # reserve resources for libvirt VMs
-    nomad.settings.client.reserved = {
-      cpu = 2300;
-      memory = 16 * 1024;
-    };
+  # reserve resources for libvirt VMs
+  services.nomad.settings.client.reserved = {
+    cpu = 2300;
+    memory = 16 * 1024;
   };
 
   simd.arch = "westmere";
@@ -66,7 +62,7 @@
 
   system.stateVersion = "21.11";
 
-  # XXX: enable for zw-ev and poelzi-ha until we find a better solution
+  # TODO: enable for zw-ev and poelzi-ha until we find a better solution
   virtualisation.libvirtd = {
     enable = true;
     onShutdown = "shutdown";
diff --git a/modules/baremetal.nix b/modules/baremetal.nix
new file mode 100644
index 00000000..cea5c7cc
--- /dev/null
+++ b/modules/baremetal.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+{
+  options.c3d2.baremetal = lib.mkEnableOption "baremetal";
+
+  config = lib.mkIf config.c3d2.baremetal {
+    environment.systemPackages = with pkgs; [
+      lshw
+      pciutils # lscpi
+      smartmontools # for smartctl
+    ];
+
+    services.smartd.enable = true;
+  };
+}