diff --git a/nixos/server/containers.nix b/nixos/server/containers.nix
new file mode 100644
index 0000000000000000000000000000000000000000..66462ea14de84588cbfbd60c1c3d77c099f0f589
--- /dev/null
+++ b/nixos/server/containers.nix
@@ -0,0 +1,32 @@
+{ ... }:
+
+{
+  systemd.network = {
+    netdevs."09-test".netdevConfig = {
+      Kind = "bridge";
+      Name = "br-test";
+    };
+    networks."09-test" = {
+      matchConfig.Name = "br-test";
+      DHCP = "no";
+      address = [ "10.77.0.1/16" ];
+    };
+  };
+
+  containers.test = {
+    privateNetwork = true;
+    localAddress = "10.77.1.1/16";
+    #localAddress6 = "";
+    #hostAddress = "";
+    #hostAddress6 = "";
+    #interfaces = "";
+    hostBridge = "br-test";
+    # forwardPorts
+    # extraVeths
+
+    autoStart = true;
+    ephemeral = true;  # journal not linked?
+
+    config = {};
+  };
+}
diff --git a/nixos/server/default.nix b/nixos/server/default.nix
index 161624206b8a556dcba22ddc1e04c0b21cd2421e..a7adcb3e8a2b555a5e41358d2ba341e2d24e32ac 100644
--- a/nixos/server/default.nix
+++ b/nixos/server/default.nix
@@ -10,6 +10,7 @@ modules for my services, only used on sapphire, my homeserver
     ./auth.nix
     ./away.nix
     ./cloud.nix
+    ./containers.nix
     ./dashboard.nix
     ./days.nix
     ./data.nix
@@ -96,6 +97,6 @@ modules for my services, only used on sapphire, my homeserver
     enable = true;
     enableIPv6 = true;
     externalInterface = "wired0";
-    internalInterfaces = [ "br-microvm" ];
+    internalInterfaces = [ "br-microvm" "br-test" ];
   };
 }