diff --git a/.gitignore b/.gitignore
index b2be92b..87a3018 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 result
+*.qcow2
diff --git a/README.md b/README.md
index 6b0ce38..d9700e2 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,7 @@ The Nix Mail setup to rule them all.
 
 ## Testing Locally
 
+Using Qemu as supervisor.
 ``
     $ nix build
 ``
diff --git a/configuration.nix b/configuration.nix
index fe28ede..3de9dc3 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,17 +1,15 @@
-{ pkgs, lib, ... }:
-{
-  boot.isContainer = true;
-  boot.loader.initScript.enable = true;
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
 
-  networking = {
-	interfaces.eth0.ipv4.addresses = [{ address = "172.20.73.42"; prefixLength = 26; }];
-    	defaultGateway = "172.20.73.1";
-    	nameservers = [ "172.20.73.8" "9.9.9.9" ];
-    	hostName = lib.mkDefault "mailtngbert";
-    	useDHCP = false;
-    	interfaces.eth0.useDHCP = false;
-  	firewall.allowedTCPPorts = [ 22 ];
-  };
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [
+      ./modules/base.nix
+      ./modules/network.nix
+    ];
 
   nix = {
     useSandbox = false;
@@ -19,6 +17,8 @@
     package = pkgs.nixFlakes;
   };
 
-  services.openssh.enable = true;
-  environment.systemPackages = with pkgs; [ neovim git ];
+  time.timeZone = "Europe/Berlin";
+  system.stateVersion = "20.11";
+
 }
+
diff --git a/flake.nix b/flake.nix
index 3110fa5..c5f9bb4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  descripton = "Testing Nix Email-Setup for C3D2";
+  description = "Testing Nix Email-Setup for C3D2";
 
   inputs = {
     nixpkgs.url = github:NixOS/nixpkgs/nixos-21.11;
@@ -14,7 +14,7 @@
       specialArgs = { inherit inputs; };
       modules = [
         simple-nixos-mailserver.nixosModule
-        ./mailbert/configuration.nix
+        ./configuration.nix
 
         (_: { _module.args.buildVM = true; })
         "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
@@ -27,7 +27,8 @@
       specialArgs = { inherit inputs; };
       modules = [
         simple-nixos-mailserver.nixosModule
-        ./mailbert/configuration.nix
+        ./configuration.nix
+        ./modules/proxmox.nix
       ];
     };
   };
diff --git a/keys/nek0.asc b/keys/sops/nek0.asc
similarity index 100%
rename from keys/nek0.asc
rename to keys/sops/nek0.asc
diff --git a/keys/revol-xut.asc b/keys/sops/revol-xut.asc
similarity index 100%
rename from keys/revol-xut.asc
rename to keys/sops/revol-xut.asc
diff --git a/modules/keys/nek0 b/keys/ssh/nek0
similarity index 100%
rename from modules/keys/nek0
rename to keys/ssh/nek0
diff --git a/modules/keys/revol-xut b/keys/ssh/revol-xut
similarity index 100%
rename from modules/keys/revol-xut
rename to keys/ssh/revol-xut
diff --git a/mailbert.qcow2 b/mailbert.qcow2
deleted file mode 100644
index b2d47ef..0000000
Binary files a/mailbert.qcow2 and /dev/null differ
diff --git a/mailbert/configuration.nix b/mailbert/configuration.nix
deleted file mode 100644
index 5f4e7f1..0000000
--- a/mailbert/configuration.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-
-{
-  imports =
-    [ # Include the results of the hardware scan.
-
-      ../modules/base.nix
-      ../modules/mail.nix
-    ];
-
-
-  boot.isContainer = true;
-  boot.loader.initScript.enable = true;
-
-  networking = {
-	interfaces.eth0.ipv4.addresses = [{ address = "172.20.73.42"; prefixLength = 26; }];
-    	defaultGateway = "172.20.73.1";
-    	nameservers = [ "172.20.73.8" "9.9.9.9" ];
-    	hostName = lib.mkDefault "mailtngbert";
-    	useDHCP = false;
-    	interfaces.eth0.useDHCP = false;
-  	firewall.allowedTCPPorts = [ 22 ];
-  };
-
-  nix = {
-    useSandbox = false;
-    extraOptions = "experimental-features = nix-command flakes";
-    package = pkgs.nixFlakes;
-  };
-
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.11"; # Did you read the comment?
-
-}
-
diff --git a/mailbert/hardware-configuration.nix b/mailbert/hardware-configuration.nix
deleted file mode 100644
index c244fc2..0000000
--- a/mailbert/hardware-configuration.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/6d8f4b96-4ccb-4a94-a9b1-bab4a28fc940";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/58C2-5A6A";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
-}
diff --git a/modules/base.nix b/modules/base.nix
index 5cb84bd..d5df899 100644
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -3,14 +3,6 @@
 {
   _module.args.buildVM = false;
 
-  # use Nix 2.4 for flakes support
-#  nix = {
-#    package = pkgs.nix_2_4;
-#    extraOptions = ''
-#      experimental-features = nix-command flakes
-#     '';
-#  };
-
   users.users.root = {
     openssh.authorizedKeys.keyFiles = [
       ./keys/revol-xut
diff --git a/modules/network.nix b/modules/network.nix
new file mode 100644
index 0000000..728f98b
--- /dev/null
+++ b/modules/network.nix
@@ -0,0 +1,20 @@
+{pkgs, lib, ...} : {
+  networking = {
+    interfaces.eth0.ipv4.addresses = [
+      { 
+        address = "172.20.73.42"; 
+        prefixLength = 26; 
+      }
+    ];
+    defaultGateway = "172.20.73.1";
+    nameservers = [ 
+      "172.20.73.8"
+      "9.9.9.9"
+    ];
+    hostName = lib.mkDefault "mailtngbert";
+    useDHCP = false;
+    interfaces.eth0.useDHCP = false;
+  	firewall.allowedTCPPorts = [ 22 ];
+  };
+}
+
diff --git a/modules/proxmox.nix b/modules/proxmox.nix
index e69de29..05349ae 100644
--- a/modules/proxmox.nix
+++ b/modules/proxmox.nix
@@ -0,0 +1,6 @@
+{pkgs, config, lib, ... }: {
+
+  # relevant configuration for running this as lxc proxmox container
+  boot.isContainer = true;
+  boot.loader.initScript.enable = true;
+}
diff --git a/modules/sops.nix b/modules/sops.nix
new file mode 100644
index 0000000..109373c
--- /dev/null
+++ b/modules/sops.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, inputs, ... }:
+
+{
+  imports = [ inputs.sops-nix.nixosModules.sops ];
+
+  sops.defaultSopsFile = ../secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+}