diff --git a/modules/server/README.md b/modules/server/README.md
new file mode 100644
index 0000000..add9f25
--- /dev/null
+++ b/modules/server/README.md
@@ -0,0 +1,9 @@
+- `baba` : Nextcloud (`cloud.lyes.eu`)
+- `biggoron` : Forgejo (`git.lyes.eu`)
+- `giovanni` : Vaultwarden (`vault.lyes.eu`)
+- `kaepora` : PostgreSQL
+- `kalif` : Factorio (`factorio.lyes.eu`)
+- `link` : Kanidm (`auth.lyes.eu`)
+- `maistro` : Incus
+- `nayru` : Komga/Manga (`manga.lyes.eu`)
+- `taf` : Mail (`taf.lyes.eu`/`mail.lyes.eu`)
diff --git a/modules/server/maistro/default.nix b/modules/server/maistro/default.nix
new file mode 100644
index 0000000..a3a70a7
--- /dev/null
+++ b/modules/server/maistro/default.nix
@@ -0,0 +1,50 @@
+{ ... }:
+
+{
+  virtualisation.incus.enable = true;
+  virtualisation.incus.ui.enable = true;
+  networking.nftables.enable = true;
+  networking.firewall.trustedInterfaces = [ "incusbr0" ];
+  virtualisation.incus.preseed = {
+    networks = [
+      {
+        config = {
+          "ipv4.address" = "10.0.100.1/24";
+          "ipv4.nat" = "true";
+        };
+        name = "incusbr0";
+        type = "bridge";
+      }
+    ];
+    profiles = [
+      {
+        devices = {
+          eth0 = {
+            name = "eth0";
+            network = "incusbr0";
+            type = "nic";
+          };
+          root = {
+            path = "/";
+            pool = "default";
+            size = "32GiB";
+            type = "disk";
+          };
+        };
+        name = "default";
+      }
+    ];
+    storage_pools = [
+      {
+        config = {
+          source = "/var/data/incus/storage-pools/default";
+        };
+        driver = "dir";
+        name = "default";
+      }
+    ];
+  };
+
+  # Dirty hack, should be done through kanidm when setting up unix things
+  users.users.lyes.extraGroups = ["incus-admin"];
+}