diff --git a/flake.lock b/flake.lock
new file mode 100644
index 000000000..b172642
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1614380263,
+        "narHash": "sha256-qAg3SnuWF7fHqrRtBuVrMeSGLO0Q+uHzZotXtT96P2A=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "8629446fc15c0ea71b0bdeb60b35acd843560116",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 000000000..ce0af21
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,48 @@
+{
+  description = "Zentralwerk network";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs";
+  };
+
+  outputs = { self, nixpkgs }:
+    let
+      system = "x86_64-linux";
+      systems = [ system ];
+      forAllSystems = nixpkgs.lib.genAttrs systems;
+    in
+    rec {
+
+      packages = forAllSystems (system: {
+        test_vm = nixpkgs.legacyPackages.${system}.runCommandLocal "test_vm" {
+          src = nixosConfigurations.test_vm.config.system.build.toplevel;
+        } ''
+          set -x
+          mkdir -p $out/{bin,dev,etc,home,mnt,nix/store,nix/var,proc,root,run,sys,tmp,var,usr}
+          ln -s $src/init $out/
+          ln -s $src/etc $out/etc/static
+        '';
+      });
+
+      #defaultPackage.x86_64-linux = self.packages.x86_64-linux.hello;
+
+      nixosModule = { ... }: {
+        imports = nixpkgs.lib.filesystem.listFilesRecursive ./nix/nixos-modules;
+      };
+
+      nixosConfigurations.test_vm =
+        nixpkgs.lib.nixosSystem {
+          inherit system;
+          modules = [ nixosModule ];
+          extraModules = [ ({ ... }: {
+            networking.hostName = "test_vm";
+          }) ];
+        };
+
+      nixosConfigurations.server1 =
+        nixpkgs.lib.nixosSystem {
+          inherit system;
+          modules = [];
+        };
+    };
+}
diff --git a/nix/nixos-modules/container.nix b/nix/nixos-modules/container.nix
new file mode 100644
index 000000000..dff64ee
--- /dev/null
+++ b/nix/nixos-modules/container.nix
@@ -0,0 +1,36 @@
+{ config, lib, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/minimal.nix")
+    (modulesPath + "/virtualisation/lxc-container.nix")
+  ];
+
+  boot = {
+    isContainer = true;
+    loader = {
+      initScript.enable = true;
+    };
+  };
+
+  environment.etc."machine-id".text =
+    builtins.substring 0 8 (
+      builtins.hashString "sha256" config.networking.hostName
+    );
+  
+  nix = {
+    useSandbox = false;
+    maxJobs = lib.mkDefault 1;
+    buildCores = lib.mkDefault 1;
+  };
+
+  systemd.services =
+    let
+      noNestOpts.serviceConfig = {
+        PrivateTmp = lib.mkOverride 0 false;
+      };
+    in {
+      nscd = noNestOpts;
+      systemdLogind = noNestOpts;
+    };
+}
diff --git a/nix/nixos-modules/defaults.nix b/nix/nixos-modules/defaults.nix
new file mode 100644
index 000000000..99d47af
--- /dev/null
+++ b/nix/nixos-modules/defaults.nix
@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+
+{
+  nix = {
+    package = pkgs.nixFlakes;
+    extraOptions = "experimental-features = nix-command flakes";
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim tcpdump iputils mtr traceroute
+  ];
+}