diff --git a/machines/default.nix b/machines/default.nix
index ee274f7..4572e25 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -76,6 +76,15 @@ inputs: {
       substituteOnTarget = true;
     };
   };
+  unifi = {
+    config = import ./unifi/configuration.nix inputs;
+    deploy = {
+      host = "10.0.0.207";
+      sshUser = "erwin";
+      buildOn = "local";
+      substituteOnTarget = true;
+    };
+  };
   valkyrie = {
     config = import ./valkyrie/configuration.nix inputs;
     deploy = {
diff --git a/machines/unifi/.terraform.lock.hcl b/machines/unifi/.terraform.lock.hcl
new file mode 100644
index 0000000..370188d
--- /dev/null
+++ b/machines/unifi/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/telmate/proxmox" {
+  version     = "2.9.14"
+  constraints = "2.9.14"
+  hashes = [
+    "h1:H/f+LbVyPOLslHLAYnGuMMRqWFZ65K6E3V+MCYgfAyk=",
+    "zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
+    "zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
+    "zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
+    "zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
+    "zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
+    "zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
+    "zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
+    "zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
+    "zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
+    "zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
+    "zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
+    "zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
+    "zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
+    "zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
+  ]
+}
diff --git a/machines/unifi/configuration.nix b/machines/unifi/configuration.nix
new file mode 100644
index 0000000..22576a8
--- /dev/null
+++ b/machines/unifi/configuration.nix
@@ -0,0 +1,56 @@
+{ self, ... }:
+{ modulesPath, pkgs, ... }: {
+  imports = [
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+    ../../users/root
+    ../../users/erwin
+  ];
+
+  eboskma = {
+    users.erwin = {
+      enable = true;
+      server = true;
+    };
+    nix-common = {
+      enable = true;
+      remote-builders = true;
+    };
+  };
+
+  services.unifi = {
+    enable = true;
+    unifiPackage = pkgs.unifi.overrideAttrs (_oldAttrs: {
+      version = "7.4.162";
+      src = builtins.fetchurl {
+        url = "https://dl.ubnt.com/unifi/7.4.162/unifi_sysvinit_all.deb";
+        sha256 = "sha256-BpZS95NJgSRGjJhVN6Vp8/4djdQEvj+2nfay0YsVPEw=";
+      };
+    });
+    openFirewall = true;
+  };
+
+  networking.firewall = {
+    allowPing = true;
+    trustedInterfaces = [ "tailscale0" ];
+    allowedTCPPorts = [ 8443 ];
+  };
+
+  boot.isContainer = true;
+
+  time.timeZone = "Europe/Amsterdam";
+
+  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
+
+  proxmoxLXC = {
+    privileged = true;
+  };
+
+  services.tailscale.enable = true;
+
+  security.sudo.execWheelOnly = true;
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets = { };
+
+  system.stateVersion = "23.11";
+}
diff --git a/machines/unifi/main.tf b/machines/unifi/main.tf
new file mode 100644
index 0000000..e2c8a14
--- /dev/null
+++ b/machines/unifi/main.tf
@@ -0,0 +1,38 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "Telmate/proxmox"
+      version = "2.9.14"
+    }
+  }
+}
+
+provider "proxmox" {
+  pm_api_url          = var.proxmox_api_url
+  pm_api_token_id     = var.proxmox_token_id
+  pm_api_token_secret = var.proxmox_token_secret
+  pm_tls_insecure     = true
+}
+
+resource "proxmox_lxc" "unifi" {
+  target_node  = "pve"
+  hostname     = "unifi"
+  ostemplate   = "loki:vztmpl/nixos-23.11-default_20230606_amd64.tar.xz"
+  unprivileged = false
+  onboot       = true
+
+  memory = 2048
+  swap   = 2048
+
+  rootfs {
+    storage = "local-lvm"
+    size    = "32G"
+  }
+
+  network {
+    name   = "eth0"
+    bridge = "vmbr0"
+    ip     = "10.0.0.207/24"
+    gw     = "10.0.0.1"
+  }
+}
diff --git a/machines/unifi/variables.tf b/machines/unifi/variables.tf
new file mode 100644
index 0000000..e974186
--- /dev/null
+++ b/machines/unifi/variables.tf
@@ -0,0 +1,17 @@
+variable "proxmox_token_id" {
+  description = "Proxmox API token ID"
+  type        = string
+  sensitive   = true
+}
+
+variable "proxmox_token_secret" {
+  description = "Proxmox API token secret"
+  type        = string
+  sensitive   = true
+}
+
+variable "proxmox_api_url" {
+  description = "Proxmox API URL"
+  type        = string
+  sensitive   = true
+}