diff --git a/.gitignore b/.gitignore
index 40c71083..13b101b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 configuration.nix
+local
diff --git a/hosts/apollo/hardware-configuration.nix b/hosts/apollo/hardware-configuration.nix
index 71cd4d14..28d44602 100644
--- a/hosts/apollo/hardware-configuration.nix
+++ b/hosts/apollo/hardware-configuration.nix
@@ -28,4 +28,5 @@
 
   nix.maxJobs = lib.mkDefault 4;
   powerManagement.cpuFreqGovernor = "ondemand";
+  security.rngd.enable = true;
 }
diff --git a/hosts/hera/hardware-configuration.nix b/hosts/hera/hardware-configuration.nix
index a983a1cd..84cc7587 100644
--- a/hosts/hera/hardware-configuration.nix
+++ b/hosts/hera/hardware-configuration.nix
@@ -4,9 +4,11 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [ ];
+  imports = [
+  	<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+  ];
 
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
@@ -16,7 +18,7 @@
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/A8E7-3962";
+    { device = "/dev/disk/by-uuid/3D8A-20F0";
       fsType = "vfat";
     };
 
diff --git a/hosts/hera/home.nix b/hosts/hera/home.nix
index bc89426b..90042d61 100644
--- a/hosts/hera/home.nix
+++ b/hosts/hera/home.nix
@@ -5,8 +5,4 @@ imports = [
   ../../home-manager
 ];
 
-m-0.rustdev.enable = true;
-m-0.taskwarrior.enable = true;
-m-0.eventd.enable = true;
-
 }
diff --git a/hosts/hera/secret/boot_rsa b/hosts/hera/secret/boot_rsa
new file mode 100644
index 00000000..040cd798
Binary files /dev/null and b/hosts/hera/secret/boot_rsa differ
diff --git a/system/default.nix b/system/default.nix
index 2bf6f477..4a4c6d45 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -7,6 +7,7 @@
     ../common/secret
     ../common/private-options.nix
     ./modules/laptop.nix
+    ./modules/server.nix
     ./admin.nix
     ./syncthing.nix
     ./modules/cdarknet
@@ -18,8 +19,6 @@
 
   time.timeZone = "Europe/Berlin";
 
-  security.rngd.enable = true;
-
   # So that boot does not fill up with old kernels
   boot.loader.grub.configurationLimit = 5;
 
@@ -32,7 +31,10 @@
     Defaults timestamp_type=global, timestamp_timeout=15
   ";
 
-  networking.firewall.allowPing = true;
+  networking = {
+    firewall.allowPing = true;
+    useDHCP = false;
+  };
 
   services = {
     sshd.enable = true;
diff --git a/system/init_ssh.nix b/system/init_ssh.nix
deleted file mode 100644
index 4e031b43..00000000
--- a/system/init_ssh.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  boot.initrd.network = {
-    enable = true;
-    ssh = {
-      enable = true;
-      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-
-      # generate file with
-      # dropbearkey -t rsa -f /etc/nixos/boot_rsa
-      # nix-env -iA nixos.dropbear
-      hostRSAKey = /etc/nixos/local/boot_rsa;
-    };
-  };
-}
diff --git a/system/modules/init_ssh.nix b/system/modules/init_ssh.nix
new file mode 100644
index 00000000..6e6ca773
--- /dev/null
+++ b/system/modules/init_ssh.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+
+config = mkIf config.m-0.server.enable {
+  boot.initrd = {
+    network = {
+      enable = true;
+      ssh = {
+        enable = true;
+        authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
+
+        # generate file with
+        # dropbearkey -t rsa -f /etc/nixos/boot_rsa
+        # nix-env -iA nixos.dropbear
+        hostRSAKey = ../../local/secret/boot_rsa;
+      };
+    };
+    postMountCommands = "ip link set eth0 down";
+  };
+};
+
+}
diff --git a/system/modules/laptop.nix b/system/modules/laptop.nix
index a3a3ca79..4583c97c 100644
--- a/system/modules/laptop.nix
+++ b/system/modules/laptop.nix
@@ -4,6 +4,7 @@ with lib;
   options = {
     m-0.laptop.enable = mkOption {
       type = types.bool;
+      default = false;
     };
   };
   config = mkIf config.m-0.laptop.enable {
diff --git a/system/modules/server.nix b/system/modules/server.nix
index 241ff8cd..9945b609 100644
--- a/system/modules/server.nix
+++ b/system/modules/server.nix
@@ -1,21 +1,26 @@
-{ config, pkgs, ... }:
-
+{ config, pkgs, lib, ... }:
+with lib;
 {
-  options = {
-    m-0.server.enable = mkOption {
-      type = types.bool;
-    };
-  };
 
-  config = mkIf config.m-0.server.enable {
-    nix = {
-      gc = {
-         automatic = true;
-         options = "--delete-older-than 5d";
-      };
-      optimise.automatic = true;
-    };
-    system.autoUpgrade.enable = true;
-    system.autoUpgrade.dates = "22:00";
+imports = [ ./init_ssh.nix ];
+
+options = {
+  m-0.server.enable = mkOption {
+    type = types.bool;
+    default = false;
   };
+};
+
+config = mkIf config.m-0.server.enable {
+  nix = {
+    gc = {
+       automatic = true;
+       options = "--delete-older-than 5d";
+    };
+    optimise.automatic = true;
+  };
+  system.autoUpgrade.enable = true;
+  system.autoUpgrade.dates = "22:00";
+};
+
 }