diff --git a/hosts/glotzbert/default.nix b/hosts/glotzbert/default.nix
index fc33363b..73a395d8 100644
--- a/hosts/glotzbert/default.nix
+++ b/hosts/glotzbert/default.nix
@@ -19,6 +19,13 @@
     systemd-boot.enable = true;
   };
 
+  disko.disks = [ {
+    device = "/dev/disk/by-id/ata-SSD0240S00_20201124BC41037";
+    name = "glotzbert";
+    withCeph = false;
+    withLuks = false;
+  } ];
+
   networking = {
     domain = "hq.c3d2.de";
     firewall = {
diff --git a/hosts/server10/default.nix b/hosts/server10/default.nix
index eb592e8b..8d1669fe 100644
--- a/hosts/server10/default.nix
+++ b/hosts/server10/default.nix
@@ -28,6 +28,14 @@
     };
   };
 
+  disko.disks = [ {
+    device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_1TB_S3Z9NB0M203733F";
+    name = "server10";
+    partitionTableFormat = "msdos";
+    withBoot = true;
+    withLuks = true;
+  } ];
+
   networking = {
     hostName = "server10";
     # TODO: change that to something more random
diff --git a/modules/disko.nix b/modules/disko.nix
index 915d7f95..66b8b791 100644
--- a/modules/disko.nix
+++ b/modules/disko.nix
@@ -1,7 +1,7 @@
 { config, lib, ... }:
 
 let
-  cfg = config.disko;
+  cfg = config.disko.disks;
 in
 {
   options.disko.disks = lib.mkOption {
@@ -22,6 +22,12 @@ in
           description = "Name of the disk.";
         };
 
+        partitionTableFormat = lib.mkOption {
+          type = lib.types.enum [ "gpt" "msdos" ];
+          default = "gpt";
+          description = "Which parition table format to use.";
+        };
+
         withBoot = lib.mkOption {
           type = lib.types.bool;
           default = true;
@@ -30,7 +36,7 @@ in
 
         withCeph = lib.mkOption {
           type = lib.types.bool;
-          default = true;
+          default = false;
           description = "Wether to include a ceph partition.";
         };
 
@@ -51,7 +57,7 @@ in
   };
 
   config = {
-    assertions = lib.mkIf (cfg.disks != [ ]) (lib.head (map
+    assertions = lib.mkIf (cfg != [ ]) (lib.head (map
       (disk: [
         {
           assertion = disk.withCeph || disk.withZfs;
@@ -62,118 +68,122 @@ in
           message = "Ceph requires Luks!";
         }
       ])
-      cfg.disks));
+      cfg));
 
-    disko.devices = lib.mkIf (cfg.disks != [ ]) (lib.head (map
-      (disk:
-        let
-          diskName = if disk.name != "" then "-${disk.name}" else "";
-          luksName = "crypt-${config.networking.hostName}${diskName}";
-          zfs = {
-            size = "100%FREE";
-            content = {
-              pool = zfsName;
-              type = "zfs";
-            };
-          };
-          zfsName = "${config.networking.hostName}${diskName}";
-        in
-        {
-          disk.${disk.device} = {
-            inherit (disk) device;
-            type = "disk";
-            content = {
-              type = "table";
-              format = "gpt";
-              partitions = lib.optional disk.withZfs {
-                name = "ESP";
-                start = "1MiB";
-                end = "512MiB";
-                bootable = true;
-                content = {
-                  type = "filesystem";
-                  format = "vfat";
-                  mountpoint = "/boot";
-                };
-              } ++ [
-                {
-                  name = "root";
-                  start = if disk.withZfs then "512MiB" else "1MiB";
-                  end = "100%";
-                  part-type = "primary";
-                  content = lib.optionalAttrs disk.withLuks {
-                    type = "luks";
-                    name = luksName;
-                    # trim potential new lines to not have them in the password
-                    keyFile = "tr -d '\n' </$PWD/keyFile";
-                    inherit (zfs) content;
-                  } // lib.optionalAttrs (!disk.withLuks) zfs.content;
-                }
-              ];
-            };
-          };
-        } // {
-          zpool.${zfsName} = {
-            type = "zpool";
-            # -O
-            rootFsOptions = {
-              acltype = "posixacl";
-              compression = "zstd";
-              dnodesize = "auto";
-              normalization = "formD";
-              xattr = "sa";
-            };
-            # -o
-            options = {
-              ashift = "12";
-              autotrim = "on";
-            };
-            datasets =
-              let
-                dataset = mountpoint: {
-                  inherit mountpoint;
-                  options = {
-                    canmount = "on";
-                    inherit mountpoint;
-                  };
-                  type = "zfs_fs";
-                };
-
-                datasetNoMount = {
-                  mountpoint = null;
-                  options = {
-                    canmount = "off";
-                    mountpoint = "none";
-                  };
-                  type = "zfs_fs";
-                };
-              in
-              {
-                "root" = dataset "/";
-                "data" = datasetNoMount;
-                # used by services.postgresqlBackup and later by restic
-                "data/backup" = dataset "/var/backup";
-                "data/etc" = dataset "/etc";
-                "data/lib" = dataset "/var/lib";
-                "home" = dataset "/home";
-                "nix" = lib.recursiveUpdate (dataset "/nix") {
-                  options.atime = "off";
-                };
-                "nix/store" = dataset "/nix/store";
-                "nix/var" = dataset "/nix/var";
-                # zfs uses copy on write and requires some free space to delete files when the disk is completely filled
-                "reserved" = lib.recursiveUpdate (dataset "reserved") {
-                  mountpoint = null;
-                  options = {
-                    canmount = "off";
-                    mountpoint = "none";
-                    reservation = "5GiB";
-                  };
-                  type = "zfs_fs";
-                };
+    disko = {
+      devices = lib.mkIf (cfg != [ ]) (lib.head (map
+        (disk:
+          let
+            diskName = if disk.name != "" then "-${disk.name}" else "";
+            luksName = "crypt-${config.networking.hostName}${diskName}";
+            zfs = {
+              size = "100%FREE";
+              content = {
+                pool = zfsName;
+                type = "zfs";
               };
-          };
-        })
-      cfg.disks));
+            };
+            zfsName = "${config.networking.hostName}${diskName}";
+          in
+          {
+            disk.${disk.device} = {
+              inherit (disk) device;
+              type = "disk";
+              content = {
+                type = "table";
+                format = disk.partitionTableFormat;
+                partitions = lib.optional disk.withZfs {
+                  name = "ESP";
+                  start = "1MiB";
+                  end = "512MiB";
+                  bootable = true;
+                  content = {
+                    type = "filesystem";
+                    format = "vfat";
+                    mountpoint = "/boot";
+                  };
+                } ++ [
+                  {
+                    name = "root";
+                    start = if disk.withZfs then "512MiB" else "1MiB";
+                    end = "100%";
+                    part-type = "primary";
+                    content = lib.optionalAttrs disk.withLuks {
+                      type = "luks";
+                      name = luksName;
+                      askPassword = true;
+                      inherit (zfs) content;
+                    } // lib.optionalAttrs (!disk.withLuks) zfs.content;
+                  }
+                ];
+              };
+            };
+          } // {
+            zpool.${zfsName} = {
+              type = "zpool";
+              # -O
+              rootFsOptions = {
+                acltype = "posixacl";
+                compression = "zstd";
+                dnodesize = "auto";
+                normalization = "formD";
+                xattr = "sa";
+              };
+              # -o
+              options = {
+                ashift = "12";
+                autotrim = "on";
+              };
+              datasets =
+                let
+                  dataset = mountpoint: {
+                    inherit mountpoint;
+                    options = {
+                      canmount = "on";
+                      inherit mountpoint;
+                    };
+                    type = "zfs_fs";
+                  };
+
+                  datasetNoMount = {
+                    mountpoint = null;
+                    options = {
+                      canmount = "off";
+                      mountpoint = "none";
+                    };
+                    type = "zfs_fs";
+                  };
+                in
+                {
+                  "root" = dataset "/";
+                  "data" = datasetNoMount;
+                  # used by services.postgresqlBackup and later by restic
+                  "data/backup" = dataset "/var/backup";
+                  "data/etc" = dataset "/etc";
+                  "data/lib" = dataset "/var/lib";
+                  "home" = dataset "/home";
+                  "nix" = lib.recursiveUpdate (dataset "/nix") {
+                    options.atime = "off";
+                  };
+                  "nix/store" = dataset "/nix/store";
+                  "nix/var" = dataset "/nix/var";
+                  # zfs uses copy on write and requires some free space to delete files when the disk is completely filled
+                  "reserved" = lib.recursiveUpdate (dataset "reserved") {
+                    mountpoint = null;
+                    options = {
+                      canmount = "off";
+                      mountpoint = "none";
+                      reservation = "5GiB";
+                    };
+                    type = "zfs_fs";
+                  };
+                };
+            };
+          })
+        cfg));
+
+      # we do not want changes to this module render machines unbootable
+      enableConfig = false;
+    };
   };
 }