diff --git a/flake.nix b/flake.nix
index e4fa9f8d..8d08311e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -179,7 +179,7 @@
             use-iwd = false;
           };
           graphical = mkNixOsGraphical {
-            inherit pkgs;
+            inherit pkgs pkgs-unstable;
             background = "pan-wire-3.png";
             use-display-manager = true;
           };
@@ -219,6 +219,7 @@
               nixos-apple-silicon.nixosModules.apple-silicon-support
               ./nixos/machines/foxhut/hardware.nix
               (import ./nixos/machines/foxhut/boot.nix { inherit pkgs pkgs-unstable asahi-firmware; })
+              (import ./nixos/machines/foxhut/machine.nix { inherit pkgs pkgs-unstable asahi-firmware; })
               base
               networking
               graphical
diff --git a/nixos/graphical.nix b/nixos/graphical.nix
index 0244e9c0..d2246446 100644
--- a/nixos/graphical.nix
+++ b/nixos/graphical.nix
@@ -1,5 +1,6 @@
 {
   pkgs,
+  pkgs-unstable,
   background-image ? "pan-wire-3.png",
   use-display-manager,
   ...
@@ -53,15 +54,16 @@ in
     uid = 1002;
   };
 
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = (with pkgs; [
     stilo-themes
 
-    firefox
     thunderbird
     glxinfo
     start-plasma-shortcut
     remmina
     libreoffice
     kicad-small
-  ];
+  ]) ++ (with pkgs-unstable; [
+    firefox
+  ]);
 }
diff --git a/nixos/machines/foxhut/boot.nix b/nixos/machines/foxhut/boot.nix
index 0a8cc3e1..71936606 100644
--- a/nixos/machines/foxhut/boot.nix
+++ b/nixos/machines/foxhut/boot.nix
@@ -1,8 +1,4 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-{ pkgs, pkgs-unstable, asahi-firmware, ... }:
+{ pkgs, asahi-firmware, ... }:
 { config, ... }:
 
 {
@@ -27,12 +23,5 @@
     device = "/swap";
     size = 16 * 1024; # 16GB
   }];
-
-  environment.systemPackages = (with pkgs-unstable; [
-    renoise
-    signal-desktop
-  ]) ++ (with pkgs; [
-    prismlauncher
-  ]);
 }
 
diff --git a/nixos/machines/foxhut/machine.nix b/nixos/machines/foxhut/machine.nix
new file mode 100644
index 00000000..0bf64f72
--- /dev/null
+++ b/nixos/machines/foxhut/machine.nix
@@ -0,0 +1,52 @@
+{ pkgs, pkgs-unstable, asahi-firmware, ... }:
+{ config, ... }:
+
+{
+  environment.systemPackages = (with pkgs-unstable; [
+    renoise
+    signal-desktop
+    wireguard-tools
+    cifs-utils
+  ]) ++ (with pkgs; [
+    prismlauncher
+  ]);
+
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    dataDir = "/var/lib/mysql";
+    settings = {
+      mysqld = {
+        bind_address = "127.0.0.1";
+        # socket = "/tmp/mariadb.sock";
+      };
+    };
+    ensureDatabases = [
+      "bnuybase"
+    ];
+    ensureUsers = [
+      {
+        name = "xenia";
+        ensurePermissions = {
+          "bnuybase.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+  };
+
+  networking.firewall.allowedUDPPorts = [ 51821 ];
+  networking.wireguard = {
+    enable = true;
+    interfaces.wg0 = {
+      ips = [ "192.168.69.254/32" ];
+      listenPort = 51821;
+      privateKeyFile = "/home/xenia/wireguard-keys/private";
+      peers = [ {
+        publicKey = "XfHU29ij76y4TB8P/QJyn1JnTl9tvxO77IGVmM6p+ic=";
+        allowedIPs = [ "10.30.0.0/16" "10.250.0.0/16" "10.254.0.0/16" "192.168.30.0/24" "192.168.40.0/24" "192.168.50.0/24" "192.168.51.0/24" "192.168.250.0/24" ];
+        endpoint = "129.16.13.37:13231";
+        persistentKeepalive = 25;
+      } ];
+    };
+  };
+}