diff --git a/flake.lock b/flake.lock
index 7eed0e9..4457021 100755
--- a/flake.lock
+++ b/flake.lock
@@ -449,11 +449,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706385404,
-        "narHash": "sha256-Q7yUQBCH5J0xiWlH7w2Vux1QD2KCuWvshnA4rkz+HXI=",
+        "lastModified": 1706391650,
+        "narHash": "sha256-k2698eTOVfHN6LFpttmiuboW0LUP+FeL3N6+yXBl5NM=",
         "owner": "iofq",
         "repo": "nvim.nix",
-        "rev": "8bd50ae3b2f028dccdd586bbedaa96361b301cca",
+        "rev": "1d10de72aa4c26b9963357ba57b55881e4cf88e6",
         "type": "github"
       },
       "original": {
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index f79835e..ef8af96 100755
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -1,4 +1,4 @@
-{ packages, host, system, ... }:
+{ host, ... }:
 {
   users.groups.plugdev = {}; # Create plugdev group
   networking.hostName = host.hostName;
diff --git a/nixos/default.nix b/nixos/default.nix
index c65bd7e..4dcce83 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -1,5 +1,4 @@
-{ inputs, pkgs, attrs, system, ... }:
-{
+{ inputs, pkgs, attrs, system, ... }: {
   t14 = inputs.nixpkgs.lib.nixosSystem {
     specialArgs = {
       inherit inputs system pkgs;
@@ -16,7 +15,6 @@
   };
   rknrd = inputs.nixpkgs.lib.nixosSystem {
     specialArgs = {
-      inherit inputs system pkgs;
       host = {
         hostName = "rknrd";
         username = attrs.username;
@@ -30,6 +28,13 @@
   htz = inputs.nixpkgs.lib.nixosSystem {
     specialArgs = {
       inherit inputs system pkgs;
+      addressList = {
+        vm-test = {
+          ipv4 = "10.0.0.2";
+          subnet = "/24";
+          mac = "02:00:00:00:00:01";
+        };
+      };
       host = {
         hostName = "htz";
         username = attrs.username;
diff --git a/nixos/htz/configuration.nix b/nixos/htz/configuration.nix
index 5aa8202..6a7a46f 100644
--- a/nixos/htz/configuration.nix
+++ b/nixos/htz/configuration.nix
@@ -1,22 +1,30 @@
-{ pkgs, ... }: {
+{ pkgs, addressList, ... }: {
   imports = [
     ./hardware-configuration.nix
-    ./vms.nix
-    #./eth.nix
+    ./vms
+#./eth.nix
   ];
   environment.systemPackages = with pkgs; [
     nfs-utils
     vim
   ];
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = false;
-  networking.hostName = "htz";
-  networking.domain = "";
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [22];
-    allowedUDPPorts = [];
-    logRefusedConnections = true;
+  networking = {
+    hostName = "htz";
+    domain = "";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [22];
+      allowedUDPPorts = [];
+      logRefusedConnections = true;
+    };
+    nat = {
+      enable = true;
+      forwardPorts = [ {
+        proto = "tcp";
+        sourcePort = 80;
+        destination = addressList.vm-test.ipv4;
+      } ];
+    };
   };
   services.openssh.enable = true;
   users.users = {
@@ -37,4 +45,5 @@
   };
   security.sudo.wheelNeedsPassword = false;
   nix.settings.trusted-users = ["e"];
+  system.stateVersion = "23.11"; 
 }
diff --git a/nixos/htz/hardware-configuration.nix b/nixos/htz/hardware-configuration.nix
index fc4d5b4..b3ddafb 100755
--- a/nixos/htz/hardware-configuration.nix
+++ b/nixos/htz/hardware-configuration.nix
@@ -1,9 +1,9 @@
 { modulesPath, lib, ... }:
 {
-  system.stateVersion = "23.11"; 
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   boot = {
+    tmp.cleanOnBoot = true;
     loader.grub = {
       efiSupport = true;
       efiInstallAsRemovable = true;
@@ -30,11 +30,14 @@
   swapDevices = [{
     device = "/dev/dm-1";
   }];
-  networking.useNetworkd = true;
-  networking.nat = {
-    enable = true;
-    externalInterface = "enp0s31f6";
-    internalInterfaces = [ "microvm" ];
+  zramSwap.enable = false;
+  networking = {
+    useNetworkd = true;
+    nat = {
+      enable = true;
+      externalInterface = "enp0s31f6";
+      internalInterfaces = [ "microvm" ];
+    };
   };
   systemd.network = {
     enable = true;
diff --git a/nixos/htz/vms.nix b/nixos/htz/vms.nix
deleted file mode 100644
index 3aa56f2..0000000
--- a/nixos/htz/vms.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ self, ... }: {
-  microvm.vms = {
-    vm-test = {
-      flake = self;
-      updateFlake = "github:iofq/nix";
-      config = {
-        microvm.shares = [{
-          source = "/nix/store";
-          mountPoint = "/nix/.ro-store";
-          tag = "ro-store";
-          proto = "virtiofs";
-        }];
-        microvm.interfaces = [
-        {
-          type = "tap";
-          id = "vm-test";
-          mac = "02:00:00:00:00:01";
-        }
-        ];
-        system.stateVersion = "23.11"; 
-      };
-    };
-  };
-}
diff --git a/nixos/htz/vms/default.nix b/nixos/htz/vms/default.nix
new file mode 100644
index 0000000..24bf866
--- /dev/null
+++ b/nixos/htz/vms/default.nix
@@ -0,0 +1,30 @@
+{ lib, pkgs, addressList, ... }:
+let genVMConfig = { name, config ? {}, ro-store ? true }: {
+  restartIfChanged = true;
+  pkgs = pkgs;
+  config = config // {
+    microvm = {
+      shares = lib.mkIf (ro-store == true) [{
+        source = "/nix/store";
+        mountPoint = "/nix/.ro-store";
+        tag = "ro-store";
+        proto = "virtiofs";
+      }];
+      interfaces = [
+        {
+          type = "tap";
+          id = name;
+          mac = addressList.${name}.mac;
+        }
+      ];
+    };
+  } // import ./vmDefaults.nix { inherit name addressList; };
+};
+in {
+  microvm.vms = {
+    vm-test = genVMConfig {
+      name = "vm-test";
+      config = import ./vm-test.nix { inherit pkgs addressList; };
+    };
+  };
+}
diff --git a/nixos/htz/vms/vm-test.nix b/nixos/htz/vms/vm-test.nix
new file mode 100644
index 0000000..ca86b51
--- /dev/null
+++ b/nixos/htz/vms/vm-test.nix
@@ -0,0 +1,14 @@
+{ addressList, ... }: {
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [80];
+    allowedUDPPorts = [];
+    logRefusedConnections = true;
+  };
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."default_server" = {
+    addSSL = false;
+    enableACME = false;
+  };
+  system.stateVersion = "23.11";
+}
diff --git a/nixos/htz/vms/vmDefaults.nix b/nixos/htz/vms/vmDefaults.nix
new file mode 100644
index 0000000..15e6831
--- /dev/null
+++ b/nixos/htz/vms/vmDefaults.nix
@@ -0,0 +1,37 @@
+{ name, addressList, ...}: {
+  systemd.network = {
+    enable = true;
+    networks."20-lan" = {
+      matchConfig.Type = "ether";
+      networkConfig = {
+        Address = [(addressList.${name}.ipv4 + addressList.${name}.subnet)];
+        Gateway = "10.0.0.1";
+        DNS = ["1.1.1.1"];
+        IPv6AcceptRA = true;
+        DHCP = "no";
+      };
+    };
+  };
+  services.openssh.enable = true;
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [22];
+    allowedUDPPorts = [];
+    logRefusedConnections = true;
+  };
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEV8yjC8g68hoIi5021A6MR0ggMy++8KjmtXMzyOir2c root@htz''
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14'' ];
+    };
+    e = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      openssh.authorizedKeys.keys = [
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEV8yjC8g68hoIi5021A6MR0ggMy++8KjmtXMzyOir2c root@htz''
+        ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''
+      ];
+    };
+  };
+}