diff --git a/nixos/disko-cloud.nix b/nixos/disko-cloud.nix
index dc0a33d..9caa26d 100644
--- a/nixos/disko-cloud.nix
+++ b/nixos/disko-cloud.nix
@@ -1,4 +1,5 @@
 # Disko layout for cloud VPS installs (e.g. Hetzner Cloud).
+# GPT with a 1MB BIOS boot partition (for GRUB on a BIOS system) + root.
 # No LUKS — the provider has physical disk access anyway and there's
 # no operator present at boot to enter a passphrase.
 {
@@ -9,15 +10,11 @@
       content = {
         type = "gpt";
         partitions = {
-          ESP = {
-            size = "512M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-              mountOptions = [ "fmask=0022" "dmask=0022" ];
-            };
+          # GRUB BIOS boot partition — holds stage-1.5 bootloader code.
+          # Type EF02. No filesystem.
+          BIOSBOOT = {
+            size = "1M";
+            type = "EF02";
           };
           root = {
             size = "100%";
diff --git a/nixos/hosts/vps-relay.nix b/nixos/hosts/vps-relay.nix
index d589cee..00ee58a 100644
--- a/nixos/hosts/vps-relay.nix
+++ b/nixos/hosts/vps-relay.nix
@@ -9,9 +9,14 @@
 
   nixpkgs.hostPlatform = "x86_64-linux";
 
-  # Hetzner Cloud boots EFI with systemd-boot.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  # Hetzner Cloud vServers boot in BIOS mode (confirmed via rescue:
+  # /sys/firmware/efi doesn't exist, product_name=vServer). systemd-boot
+  # is UEFI-only, so use GRUB with BIOS MBR support instead.
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sda";
+    efiSupport = false;
+  };
 
   # Hetzner Cloud cx23 uses QEMU virtio-scsi for the disk and virtio-net
   # for the NIC. Without these modules in initrd, the kernel can't find