diff --git a/README.md b/README.md
new file mode 100644
index 00000000..83498763
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+# Deployment
+
+Beide failen bei Activation des neuen Profils. (TODO)
+
+## Mit `nixos-switch rebuild`
+
+```shell
+nixos-rebuild switch -I nixos-config=./hosts/storage-ng/$HOST/configuration.nix --target-host "root@$HOST.hq.c3d2.de"
+```
+
+## Mit NixOps
+
+```shell
+nixops create  hq.nixops -d hq
+```
diff --git a/hosts/storage-ng/dhcp/configuration.nix b/hosts/storage-ng/dhcp/configuration.nix
new file mode 100644
index 00000000..00610794
--- /dev/null
+++ b/hosts/storage-ng/dhcp/configuration.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [ ../../../lib/lxc-container.nix
+      ../../../lib/shared.nix
+    ];
+
+  networking.hostName = "dhcp";
+  networking.defaultGateway = "172.22.99.1";
+  networking.nameservers = [ "172.20.72.6" "172.20.72.10" ];
+  networking.interfaces.eth0 = {
+    ipv4.addresses = [ {
+      address = "172.22.99.254";
+      prefixLength = 24;
+    } ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    vim
+  ];
+
+  # dhcp
+  networking.firewall.allowedUDPPorts = [ 67 68 ];
+  networking.useDHCP = false;
+
+  services.dhcpd4 = {
+    enable = true;
+    interfaces = [ "eth0" ];
+    extraConfig = builtins.readFile ../../../secrets/hosts/dhcp/config;
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "18.09"; # Did you read the comment?
+}
diff --git a/hosts/storage-ng/lxc-template.nix b/hosts/storage-ng/lxc-template.nix
index 0bffb1ff..c8ee8bf4 100644
--- a/hosts/storage-ng/lxc-template.nix
+++ b/hosts/storage-ng/lxc-template.nix
@@ -6,30 +6,12 @@
 
 {
   imports =
-    [ <nixpkgs/nixos/modules/profiles/minimal.nix>
+    [ ../../lib/lxc-container.nix
+      ../../lib/shared.nix
     ];
-  nix.useSandbox = false;
-  nix.maxJobs = lib.mkDefault 4;
-
-  boot.isContainer = true;
-  # /sbin/init
-  boot.loader.initScript.enable = true;
-  boot.loader.grub.enable = false;
-  #boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
-
-  fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
 
   networking.hostName = "nixbert"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  networking.useNetworkd = true;
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-  # Select internationalisation properties.
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
-  };
+  networking.useNetworkd = false;
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
@@ -37,16 +19,6 @@
     wget vim
   ];
 
-  # Create a few files early before packing tarball for Proxmox
-  # architecture/OS detection.
-  system.extraSystemBuilderCmds = 
-      ''
-          mkdir -m 0755 -p $out/bin
-          ln -s ${pkgs.bash}/bin/bash $out/bin/sh
-          mkdir -m 0755 -p $out/sbin
-          ln -s ../init $out/sbin/init
-      '';
-
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you
diff --git a/hosts/storage-ng/lxc-template.sh b/hosts/storage-ng/lxc-template.sh
index 2551089e..7703a382 100755
--- a/hosts/storage-ng/lxc-template.sh
+++ b/hosts/storage-ng/lxc-template.sh
@@ -1,5 +1,3 @@
 #!/usr/bin/env bash
 
-# Doesn't boot in Proxmox, use nixos-install to generate an image instead!
-
-nix-build -E '(import ../../nixpkgs/nixos/release.nix { configuration = import ./lxc-template.nix; }).containerTarball.x86_64-linux'
+nix-build -I nixos-config=./lxc-template.nix '<nixpkgs/nixos>' -A config.system.build.tarball
diff --git a/hq.nixops b/hq.nixops
new file mode 100644
index 00000000..4446c6c3
--- /dev/null
+++ b/hq.nixops
@@ -0,0 +1,21 @@
+{
+  network.description = "C3D2 HQ";
+
+  "grafana" =
+    { ... }:
+    {
+      imports = [
+        hosts/storage-ng/grafana/configuration.nix
+      ];
+      deployment.targetHost = "grafana.hq.c3d2.de";
+    };
+
+  "dhcp" =
+    { ... }:
+    {
+      imports = [
+        hosts/storage-ng/dhcp/configuration.nix
+      ];
+      deployment.targetHost = "2a02:8106:208:5201:3801:15ff:fe95:8988";
+    };
+}
diff --git a/lib/lxc-container.nix b/lib/lxc-container.nix
index 9990f523..613523c8 100644
--- a/lib/lxc-container.nix
+++ b/lib/lxc-container.nix
@@ -3,6 +3,7 @@
 {
   imports =
     [ <nixpkgs/nixos/modules/profiles/minimal.nix>
+      <nixpkgs/nixos/modules/profiles/docker-container.nix>
     ];
   nix.useSandbox = false;
   nix.maxJobs = lib.mkDefault 1;
diff --git a/secrets b/secrets
index f43e4723..57621eb0 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit f43e472380ae045952c2f5c68d6da580f7b958d0
+Subproject commit 57621eb036ccaee2ea1af85b31abe93526fd0e79