diff --git a/machines/hosts.nix b/machines/hosts.nix
new file mode 100644
index 0000000..46f961a
--- /dev/null
+++ b/machines/hosts.nix
@@ -0,0 +1,71 @@
+{ ... }:
+
+{
+  malobeo = {
+    hosts = {
+      louise = {
+        type = "host";
+      };
+
+      bakunin = {
+        type = "host";
+      };
+
+      fanny = {
+        type = "host";
+      };
+
+      lucia = {
+        type = "rpi";
+      };
+
+      durruti = {
+        type = "microvm";
+        network = {
+          address = "10.0.0.5";
+          mac = "52:DA:0D:F9:EF:F9";
+        };
+      };
+
+      vpn = {
+        type = "microvm";
+        network = {
+          address = "10.0.0.10";
+          mac = "D0:E5:CA:F0:D7:E6";
+        };
+      };
+
+      infradocs = {
+        type = "microvm";
+        network = {
+          address = "10.0.0.11";
+          mac = "D0:E5:CA:F0:D7:E7";
+        };
+      };
+
+      uptimekuma = {
+        type = "microvm";
+        network = {
+          address = "10.0.0.12";
+          mac = "D0:E5:CA:F0:D7:E8";
+        };
+      };
+
+      nextcloud = {
+        type = "microvm";
+        network = {
+          address = "10.0.0.13";
+          mac = "D0:E5:CA:F0:D7:E9";
+        };
+      };
+
+      overwatch = {
+        type = "microvm";
+        network = {
+          address = "10.0.0.14";
+          mac = "D0:E5:CA:F0:D7:E0";
+        };
+      };
+    };
+  };
+}
diff --git a/machines/modules/host_builer.nix b/machines/modules/host_builer.nix
index 46f961a..e65e198 100644
--- a/machines/modules/host_builer.nix
+++ b/machines/modules/host_builer.nix
@@ -1,71 +1,110 @@
-{ ... }:
+{ self
+, nixpkgs-unstable
+, nixpkgs
+, sops-nix
+, inputs
+, nixos-hardware
+, home-manager
+, ...
+}:
 
-{
-  malobeo = {
-    hosts = {
-      louise = {
-        type = "host";
+rec {
+  nixosSystem = nixpkgs.lib.makeOverridable nixpkgs.lib.nixosSystem;
+  nixosSystemUnstable = nixpkgs-unstable.lib.makeOverridable nixpkgs-unstable.lib.nixosSystem;
+
+  baseModules = [
+    # make flake inputs accessiable in NixOS
+    { _module.args.inputs = inputs; }
+    {
+      imports = [
+        ({ pkgs, ... }: {
+          nix = {
+            extraOptions = ''
+              experimental-features = nix-command flakes
+            '';
+
+            settings = {
+              substituters = [
+                "https://cache.dynamicdiscord.de"
+                "https://cache.nixos.org/"
+              ];
+              trusted-public-keys = [
+                "cache.dynamicdiscord.de:DKueZicqi2NhJJXz9MYgUbiyobMs10fTyHCgAUibRP4="
+              ];
+              trusted-users = [ "root" "@wheel" ];
+            };
+          };
+        })
+
+        sops-nix.nixosModules.sops
+      ];
+    }
+  ];
+  defaultModules = baseModules;
+
+  makeMicroVM = hostName: ipv4Addr: macAddr: modules: [
+    inputs.microvm.nixosModules.microvm
+    {
+      microvm = {
+        hypervisor = "cloud-hypervisor";
+        mem = 2560;
+        shares = [
+          {
+            source = "/nix/store";
+            mountPoint = "/nix/.ro-store";
+            tag = "store";
+            proto = "virtiofs";
+            socket = "store.socket";
+          }
+          {
+            source = "/var/lib/microvms/${hostName}/etc";
+            mountPoint = "/etc";
+            tag = "etc";
+            proto = "virtiofs";
+            socket = "etc.socket";
+          }
+          {
+            source = "/var/lib/microvms/${hostName}/var";
+            mountPoint = "/var";
+            tag = "var";
+            proto = "virtiofs";
+            socket = "var.socket";
+          }
+        ];
+
+        interfaces = [
+          {
+            type = "tap";
+            id = "vm-${hostName}";
+            mac = "${macAddr}";
+          }
+        ];
       };
 
-      bakunin = {
-        type = "host";
-      };
-
-      fanny = {
-        type = "host";
-      };
-
-      lucia = {
-        type = "rpi";
-      };
-
-      durruti = {
-        type = "microvm";
-        network = {
-          address = "10.0.0.5";
-          mac = "52:DA:0D:F9:EF:F9";
+      systemd.network.enable = true;
+      
+      systemd.network.networks."20-lan" = {
+        matchConfig.Type = "ether";
+        networkConfig = {
+          Address = [ "${ipv4Addr}/24" ];
+          Gateway = "10.0.0.1";
+          DNS = ["1.1.1.1"];
+          DHCP = "no";
         };
       };
+    }
+  ] ++ defaultModules ++ modules;
 
-      vpn = {
-        type = "microvm";
-        network = {
-          address = "10.0.0.10";
-          mac = "D0:E5:CA:F0:D7:E6";
-        };
-      };
+  inputsMod = inputs // { malobeo = self; };
 
-      infradocs = {
-        type = "microvm";
-        network = {
-          address = "10.0.0.11";
-          mac = "D0:E5:CA:F0:D7:E7";
-        };
-      };
-
-      uptimekuma = {
-        type = "microvm";
-        network = {
-          address = "10.0.0.12";
-          mac = "D0:E5:CA:F0:D7:E8";
-        };
-      };
-
-      nextcloud = {
-        type = "microvm";
-        network = {
-          address = "10.0.0.13";
-          mac = "D0:E5:CA:F0:D7:E9";
-        };
-      };
-
-      overwatch = {
-        type = "microvm";
-        network = {
-          address = "10.0.0.14";
-          mac = "D0:E5:CA:F0:D7:E0";
-        };
-      };
-    };
-  };
+  buildHost = hosts: (builtins.mapAttrs (host: settings: nixosSystem {
+    system = if (settings.type == "rpi") then "aarch64-linux" else "x86_64-linux";
+    specialArgs.inputs = inputsMod;
+    modules = (if (settings.type != "microvm") then
+      defaultModules ++ [ ../${host}/configuration.nix ]
+      else
+      makeMicroVM "${host}" "${settings.network.address}" "${settings.network.mac}" [
+        ./${host}/configuration.nix
+      ]);
+  }) hosts);
 }