diff --git a/doc/test-environment.md b/doc/test-environment.md
new file mode 100644
index 000000000..db2f15b
--- /dev/null
+++ b/doc/test-environment.md
@@ -0,0 +1,20 @@
+# Create a Virtual Machine
+
+```shell
+dd if=/dev/zero of=salt.hda bs=1M count=1 seek=10239
+wget http://cdimage.debian.org/debian-cd/8.6.0/amd64/iso-cd/debian-8.6.0-amd64-netinst.iso
+kvm -hda salt.hda -m 1024 -smp 2 -net nic,model=e1000 -net user -cdrom
+```
+
+Now run the Debian installation. Hostname: `server1`
+
+# Bootstrap
+
+Configure a recent version, eg. *stretch*
+
+```shell
+apt-get install salt-master salt-minion
+```
+
+Set `master` to `localhost` in `/etc/salt/minion`, restart the
+minion. `salt-key -A` to accept the minion in the master.
diff --git a/salt/lxc-containers-1/config b/salt/lxc-containers-1/config
new file mode 100644
index 000000000..c012cd3
--- /dev/null
+++ b/salt/lxc-containers-1/config
@@ -0,0 +1,30 @@
+lxc.utsname = {{ id }}
+# Handled by lxc@.service
+lxc.start.auto = 0
+lxc.rootfs = /var/lib/lxc/{{ id }}/rootfs
+lxc.rootfs.backend = dir
+
+lxc.autodev = 1
+lxc.kmsg = 0
+
+{% for interface in container.interfaces %}
+lxc.network.type={{ interface['type'] }}
+lxc.network.flags=up
+{% if interface['type'] == 'veth' %}
+lxc.network.veth.pair={{ id }}-{{ interface['type'] }}
+{% endif %}
+{% if interface.get('v4') %}
+lxc.network.ipv4={{ interface['v4'] }}
+{% endif %}
+{% if interface.get('bridge') %}
+lxc.network.link={{ interface['bridge'] }}
+{% endif %}
+{% if interface.get('name') %}
+lxc.network.name={{ interface['name'] }}
+{% endif %}
+#lxc.network.ipv4.gateway=
+#lxc.network.ipv6=
+#lxc.network.ipv6.gateway=fe80::1
+{% endfor %}
+
+## TODO: limits + caps
diff --git a/salt/lxc-containers-1/containers.yaml b/salt/lxc-containers-1/containers.yaml
new file mode 100644
index 000000000..1ffcbb2
--- /dev/null
+++ b/salt/lxc-containers-1/containers.yaml
@@ -0,0 +1,38 @@
+public:
+  interfaces:
+    - type: veth
+      bridge: br-core
+      name: core
+      v4: 172.20.72.1/26
+    - type: phys
+      bridge: bond0.2
+      name: public
+      v4: 172.20.76.1/23
+
+servers:
+  interfaces:
+    - type: veth
+      bridge: br-core
+      name: core
+      v4: 172.20.72.2/26
+
+priv1:
+  interfaces:
+    - type: veth
+      bridge: br-core
+      name: core
+      v4: 172.20.72.3/26
+
+priv2:
+  interfaces:
+    - type: veth
+      bridge: br-core
+      name: core
+      v4: 172.20.72.4/26
+
+upstream1:
+  interfaces:
+    - type: veth
+      bridge: br-core
+      name: core
+      v4: 172.20.72.5/26
diff --git a/salt/lxc-containers-1/init.sls b/salt/lxc-containers-1/init.sls
new file mode 100644
index 000000000..44df67e
--- /dev/null
+++ b/salt/lxc-containers-1/init.sls
@@ -0,0 +1,35 @@
+{%- import_yaml "lxc-containers-1/containers.yaml" as containers -%}
+
+lxc:
+  pkg.installed: []
+
+{% for id, container in containers.items() %}
+
+/var/lib/lxc/{{ id }}:
+  cmd.run:
+    - name: lxc-create -n {{ id }} -B dir -t download -- -d debian -r jessie -a amd64 --  --packages salt-minion
+    - require:
+        - pkg: lxc
+    - creates: /var/lib/lxc/{{ id }}
+
+/var/lib/lxc/{{ id }}/config:
+  file.managed:
+    - source: salt://lxc-containers-1/config
+    - template: 'jinja'
+    - context:
+        id: {{ id }}
+        container: {{ container }}
+
+autostart-{{ id }}:
+  service.enabled:
+      - name: lxc@{{ id }}
+        require_in:
+          file: /var/lib/lxc/{{ id }}/config
+
+start-{{ id }}:
+  service.running:
+      - name: lxc@{{ id }}
+        require:
+          - service: autostart-{{ id }}
+        
+{% endfor %}
diff --git a/salt/lxc.sls b/salt/lxc.sls
new file mode 100644
index 000000000..8714a26
--- /dev/null
+++ b/salt/lxc.sls
@@ -0,0 +1,2 @@
+lxc:
+  pkg.installed: []
diff --git a/salt/salt-master.sls b/salt/salt-master.sls
new file mode 100644
index 000000000..b71c6c0
--- /dev/null
+++ b/salt/salt-master.sls
@@ -0,0 +1,6 @@
+salt-master:
+  pkg.installed: []
+  service.running:
+    - require:
+        - pkg: salt-master
+          
diff --git a/salt/server1-network.sls b/salt/server1-network.sls
new file mode 100644
index 000000000..2c1135e
--- /dev/null
+++ b/salt/server1-network.sls
@@ -0,0 +1,52 @@
+{% set bond_slaves = ['eth1', 'eth2'] %}
+
+{% for slave in bond_slaves %}
+{{ slave }}:
+  network.managed:
+    - enabled: True
+      type: slave
+      master: bond0
+{% endfor %}
+
+bond0:
+  network.managed:
+    - name: bond0
+      proto: manual
+      type: bond
+      mode: 802.3ad
+      slaves: {{ ' '.join(bond_slaves) }}
+      miimon: 100
+
+{% for vlan in range(1, 15) %}
+bond0.{{ vlan }}:
+  network.managed:
+    - type: vlan
+      use:
+        - network: bond0
+      require:
+        - network: bond0
+{% endfor %}
+
+br-core:
+  network.managed:
+    - type: bridge
+      ports: bond0.1
+      proto: manual
+      bypassfirewall: True
+      use:
+        - network: bond0.1
+      require:
+        - network: bond0.1
+    
+
+br-public:
+  network.managed:
+    - type: bridge
+      ports: bond0.2
+      proto: manual
+      bypassfirewall: True
+      use:
+        - network: bond0.2
+      require:
+        - network: bond0.2
+    
diff --git a/salt/top.sls b/salt/top.sls
new file mode 100644
index 000000000..e5ed8c4
--- /dev/null
+++ b/salt/top.sls
@@ -0,0 +1,5 @@
+base:
+  'server1':
+    - salt-master
+    - server1-network
+    - lxc-containers-1