diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix
index ae384c1..95446fb 100644
--- a/machines/loki/configuration.nix
+++ b/machines/loki/configuration.nix
@@ -33,6 +33,7 @@ in
     #   inherit (users) users;
     #   enable = true;
     # };
+    libvirtd.enable = true;
     livebook = {
       enable = true;
       dataDir = "/home/erwin/workspace/livebook";
@@ -40,10 +41,6 @@ in
     };
     networking = {
       enable = true;
-      dhcpInterfaces = [ "enp4s0" ];
-      hosts = {
-        "10.0.0.252" = [ "pve.datarift.nl" ];
-      };
     };
     nix-common = {
       enable = true;
@@ -66,8 +63,37 @@ in
   networking = {
     hostName = "loki";
     useDHCP = false;
+    networkmanager.enable = true;
+    useNetworkd = true;
+
+    hosts = {
+      "10.0.0.252" = [ "pve.datarift.nl" ];
+    };
+
+    firewall = {
+      trustedInterfaces = [ "lo" ];
+      interfaces."enp4s0" = {
+        allowedTCPPorts = [
+          # Horus System V2
+          12345
+          5555
+          5556
+          # Elixir/Phoenix dev environment
+          4000
+        ];
+      };
+    };
   };
 
+  systemd.network = {
+    enable = true;
+
+    networks = {
+      "40-enp4s0" = {
+        DHCP = "yes";
+      };
+    };
+  };
   # nix = {
   #   package = pkgs.nixUnstable;
   #   extraOptions = ''
@@ -77,6 +103,55 @@ in
 
   services.openssh.enable = true;
 
+  # TODO: Add to LXD module
+  # virtualisation.lxd = {
+  #   enable = true;
+  #   recommendedSysctlSettings = true;
+  # };
+  # virtualisation.lxc.lxcfs.enable = true;
+
+  # networking.bridges = {
+  #   lxdbr0.interfaces = [ ];
+  # };
+  # networking.localCommands = ''
+  #   ip address add 10.2.0.1/24 dev lxdbr0
+  # '';
+
+  # networking.firewall.extraCommands = ''
+  #   iptables -A INPUT -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+  #   # Technically not necessary because FORWARD and OUTPUT by default have an ACCEPT policy,
+  #   # but just to be explicit I'll add them anyway
+  #   iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+  #   iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+  #   iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
+
+  #   iptables -t nat -A POSTROUTING -s 10.2.0.0/24 ! -d 10.2.0.0/24 -m comment --comment "LXD rules for lxdbr0" -j MASQUERADE
+  # '';
+
+  # boot.kernel.sysctl = {
+  #   "net.ipv4.conf.all.forwarding" = true;
+  #   "net.ipv4.conf.default.forwarding" = true;
+  # };
+
+  # users.users.erwin.extraGroups = [ "lxd" ];
+
+  # End TODO: Add to LXD module
+
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /home/erwin/proxmox-backup 10.0.0.0/24(rw,sync,no_subtree_check,anonuid=1000,anongid=100,all_squash)
+    '';
+    lockdPort = 4001;
+    mountdPort = 4002;
+    statdPort = 4000;
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
+    allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
+  };
+
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets = {
     ha_now_playing_token = {
diff --git a/machines/loki/hardware-configuration.nix b/machines/loki/hardware-configuration.nix
index 1e33203..9328aff 100644
--- a/machines/loki/hardware-configuration.nix
+++ b/machines/loki/hardware-configuration.nix
@@ -13,7 +13,7 @@
 
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" ];
+  boot.kernelModules = [ "kvm-amd" "apple-mfi-fastcharge" "zenpower" "nf_nat_ftp" ];
   boot.extraModulePackages = [ ] ++
     (with config.boot.kernelPackages; [ rtl88x2bu zenpower ]);
 
diff --git a/modules/libvirtd/default.nix b/modules/libvirtd/default.nix
new file mode 100644
index 0000000..ba0b7b6
--- /dev/null
+++ b/modules/libvirtd/default.nix
@@ -0,0 +1,31 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  cfg = config.eboskma.libvirtd;
+in
+{
+  options.eboskma.libvirtd = { enable = mkEnableOption "libvirtd"; };
+
+  config = mkIf (cfg.enable) {
+    virtualisation.libvirtd = {
+      enable = true;
+    };
+    networking = {
+      interfaces = {
+        br0 = {
+          useDHCP = true;
+          macAddress = "04:d9:f5:f9:c2:c6";
+        };
+      };
+
+      bridges = {
+        "br0" = {
+          interfaces = [ "enp4s0" ];
+          # rstp = true;
+        };
+      };
+    };
+
+    users.users.${config.eboskma.var.mainUser}.extraGroups = [ "libvirtd" ];
+  };
+}
diff --git a/modules/networking/default.nix b/modules/networking/default.nix
index 0c755e1..a565b94 100644
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@@ -9,48 +9,9 @@ in
 {
   options.eboskma.networking = {
     enable = mkEnableOption "activate networing settings";
-
-    dhcpInterfaces = mkOption {
-      description = "list of interfaces to enable DHCP on";
-      type = types.listOf types.nonEmptyStr;
-    };
-
-    hosts = mkOption {
-      description = "Additional entries to the hosts file";
-      type = types.attrsOf (types.listOf types.str);
-    };
   };
 
   config = mkIf cfg.enable {
-    networking = {
-      networkmanager.enable = true;
-      interfaces = listToAttrs (builtins.map
-        (iface: {
-          name = iface;
-          value = { useDHCP = true; };
-        })
-        cfg.dhcpInterfaces);
-      hosts = cfg.hosts;
-
-      firewall = {
-        trustedInterfaces = [ "lo" ];
-        interfaces = listToAttrs (builtins.map
-          (iface: {
-            name = iface;
-            value = {
-              allowedTCPPorts = [
-                # Horus System V2
-                12345
-                5555
-                5556
-                # Elixir/Phoenix dev environment
-                4000
-              ];
-            };
-          })
-          cfg.dhcpInterfaces);
-      };
-    };
     users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "networkmanager" ];
 
     environment.systemPackages = with pkgs; [