diff --git a/.gitignore b/.gitignore
index a2fa571..8bea5d2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ result
 .direnv/
 book/
 fanny-efi-vars.fd
+nix-store-overlay.img
diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 1d16e76..e94896b 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -20,6 +20,13 @@ in
       inputs.self.nixosModules.malobeo.metrics
     ];
 
+    virtualisation.vmVariantWithDisko = {
+      virtualisation = {
+        memorySize =  4096; 
+        cores = 3;
+      };
+    };
+
   malobeo.metrics = {
     enable = true;
     enablePromtail = true;
@@ -56,6 +63,11 @@ in
     };
   };
 
+  systemd.tmpfiles.rules = [ 
+    "L /var/lib/microvms/data - - - - /data/microvms"
+    "d /data/microvms 0755 root root" #not needed for real host?
+    ];
+
   malobeo.initssh = {
     enable = true;
     authorizedKeys = sshKeys.admins;
diff --git a/machines/modules/disko/default.nix b/machines/modules/disko/default.nix
index 6174bf3..e8770f6 100644
--- a/machines/modules/disko/default.nix
+++ b/machines/modules/disko/default.nix
@@ -102,7 +102,7 @@ in
                     mountOptions = [ "umask=0077" ];
                   };
                 };
-                encryptedSwap = {
+                encryptedSwap = lib.mkIf cfg.encryption {
                   size = cfg.root.swap;
                   content =  {
                     type = "swap";
@@ -252,6 +252,10 @@ in
               type = "zfs_fs";
               mountpoint = "/data";
             };
+            "encrypted/data/microvm" = {
+              type = "zfs_fs";
+              mountpoint = "/data/microvm";
+            };
             reserved = {
               # for cow delete if pool is full
               options = {
diff --git a/machines/modules/host_builder.nix b/machines/modules/host_builder.nix
index 772ce49..c75f6f0 100644
--- a/machines/modules/host_builder.nix
+++ b/machines/modules/host_builder.nix
@@ -70,6 +70,13 @@ rec {
             proto = "virtiofs";
             socket = "var.socket";
           }
+          {
+            source = "/var/lib/microvms/data/${hostName}";
+            mountPoint = "/data";
+            tag = "data";
+            proto = "virtiofs";
+            socket = "microdata.socket";
+          }
         ];
 
         interfaces = [
diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix
index eea2e2d..a2cacdf 100644
--- a/machines/nextcloud/configuration.nix
+++ b/machines/nextcloud/configuration.nix
@@ -37,6 +37,7 @@ with lib;
     hostName = "cloud.malobeo.org";
     config.adminpassFile = config.sops.secrets.nextcloudAdminPass.path;
     #https = true; #disable for testing
+    datadir = "/data/services/nextcloud/";
     database.createLocally = true;
     config.dbtype = "pgsql";
     configureRedis = true;
@@ -55,6 +56,12 @@ with lib;
     };
     settings = {
       trusted_domains = ["10.0.0.13"];
+      "maintenance_window_start" = "1";
+      "default_phone_region" = "DE";
+    };
+    phpOptions = {
+      "realpath_cache_size" = "0";
+      "opcache.interned_strings_buffer" = "23";
     };
   };