diff --git a/flake.nix b/flake.nix
index 0269457c..85a8bad3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -107,6 +107,7 @@
             teutat3s = pubsolaros ++ [ users.teutat3s ];
             con = teutat3s ++ [ graphical ];
             dumpyourvms = teutat3s ++ [ graphical ];
+            ryzensun = teutat3s ++ [ graphical ];
           };
         };
       };
diff --git a/hosts/ryzensun/default.nix b/hosts/ryzensun/default.nix
index 56fe0a2f..3629e651 100644
--- a/hosts/ryzensun/default.nix
+++ b/hosts/ryzensun/default.nix
@@ -1,17 +1,6 @@
-{ config, pkgs, lib, ... }:
-with lib;
-let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-in
+{ suites, ... }:
 {
   imports = [
-    ./virtualisation
-  ];
-
-  config.home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
-    "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
-    "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
-    "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
-  };
+    ./ryzensun.nix
+  ] ++ suites.ryzensun;
 }
diff --git a/hosts/ryzensun/hardware-configuration.nix b/hosts/ryzensun/hardware-configuration.nix
new file mode 100644
index 00000000..53490312
--- /dev/null
+++ b/hosts/ryzensun/hardware-configuration.nix
@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/bad2e49e-c8e7-4516-a6f8-77db999d12b0";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/ef6c5bb0-0bcf-4af4-bbc9-02c849999e54";
+
+  fileSystems."/boot/efi" =
+    {
+      device = "/dev/disk/by-uuid/2C62-C8B5";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}
diff --git a/hosts/ryzensun/ryzensun.nix b/hosts/ryzensun/ryzensun.nix
new file mode 100644
index 00000000..c047774a
--- /dev/null
+++ b/hosts/ryzensun/ryzensun.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  config = {
+    pub-solar.x-os.keyfile = "/etc/nixos/hosts/con/secrets/keyfile.bin";
+    pub-solar.nextcloud.enable = mkForce false;
+    pub-solar.docker.enable = mkForce false;
+    pub-solar.virtualisation.enable = true;
+
+    home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
+      "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+      "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+      "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
+    };
+  };
+}
diff --git a/hosts/ryzensun/secrets/keyfile.bin b/hosts/ryzensun/secrets/keyfile.bin
new file mode 100644
index 00000000..d7efdbee
Binary files /dev/null and b/hosts/ryzensun/secrets/keyfile.bin differ
diff --git a/hosts/ryzensun/virtualisation/create-service.nix b/hosts/ryzensun/virtualisation/create-service.nix
deleted file mode 100644
index df7453f1..00000000
--- a/hosts/ryzensun/virtualisation/create-service.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ config, pkgs, lib, vm, ... }:
-let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-  varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
-  generateXML = import ./generate-xml.nix;
-in
-{
-  serviceConfig = {
-    Type = "oneshot";
-    RemainAfterExit = "yes";
-    Restart = "no";
-  };
-
-  script =
-    let
-      networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
-      machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
-    in
-    ''
-      echo "Checking if ${vm.name} is already running"
-      if [[ $(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' ) != 'shut off' ]]; then
-        echo "Domain ${vm.name} is already running or in an inconsistent state:"
-        ${pkgs.libvirt}/bin/virsh list --all
-        exit 0
-      fi
-
-      NET_TMP_FILE="/tmp/network.xml"
-
-      NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
-      (sed "s/UUID/$NETUUID/" '${networkXML}') > $NET_TMP_FILE
-
-      ${pkgs.libvirt}/bin/virsh net-define $NET_TMP_FILE
-      ${pkgs.libvirt}/bin/virsh net-start 'default' || true
-
-      VARS_FILE=${varsFile}
-      if [ ! -f "$VARS_FILE" ]; then
-        cp /run/libvirt/nix-ovmf/OVMF_VARS.fd $VARS_FILE
-      fi
-
-      TMP_FILE="/tmp/${vm.name}.xml"
-
-      UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
-      (sed "s/UUID/$UUID/" '${machineXML}') > $TMP_FILE
-
-      USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 001' | cut -b 18)
-      LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
-      sed -i "''${LINE_NUMBER}s/\(.\{33\}\)./\1''${USB_DEV}/" $TMP_FILE
-
-      USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
-      USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
-      LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
-      sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" $TMP_FILE
-
-      # TODO: Set correct pci address too
-
-      ${pkgs.libvirt}/bin/virsh define $TMP_FILE
-      ${pkgs.libvirt}/bin/virsh start '${vm.name}'
-    '';
-
-  preStop =
-    ''
-      ${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
-      let "timeout = $(date +%s) + 10"
-      while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
-        if [ "$(date +%s)" -ge "$timeout" ]; then
-          # Meh, we warned it...
-          ${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
-        else
-          # The machine is still running, let's give it some time to shut down
-          sleep 0.5
-        fi
-      done
-
-      ${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
-    '';
-}
diff --git a/hosts/ryzensun/virtualisation/default.nix b/hosts/ryzensun/virtualisation/default.nix
deleted file mode 100644
index e44fdb08..00000000
--- a/hosts/ryzensun/virtualisation/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-  createService = import ./create-service.nix;
-in
-{
-  options.pub-solar.virtualisation.rx5700xt = mkEnableOption "Use the bigger GPU for guests";
-
-  config = mkIf psCfg.virtualisation.enable {
-    boot.extraModprobeConfig = "softdep amdgpu pre: vfio vfio_pci" + (if psCfg.virtualisation.rx5700xt
-    then "\noptions vfio-pci ids=1002:731f,1002:ab38"
-    else "\noptions vfio-pci ids=1002:699f,1002:aae0");
-
-    systemd.user.services = {
-      vm-windows = createService {
-        inherit config;
-        inherit pkgs;
-        inherit lib;
-        vm = {
-          name = "windows";
-          disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
-          id = "http://microsoft.com/win/10";
-          gpu = true;
-          mountHome = false;
-        };
-      };
-      vm-manjaro = createService {
-        inherit config;
-        inherit pkgs;
-        inherit lib;
-        vm = {
-          name = "manjaro";
-          disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
-          id = "https://manjaro.org/download/#i3";
-          gpu = true;
-          mountHome = true;
-        };
-      };
-    };
-  };
-}
diff --git a/hosts/ryzensun/virtualisation/generate-xml.nix b/hosts/ryzensun/virtualisation/generate-xml.nix
deleted file mode 100644
index 6ec49bc5..00000000
--- a/hosts/ryzensun/virtualisation/generate-xml.nix
+++ /dev/null
@@ -1,246 +0,0 @@
-{ config, pkgs, lib, vm, varsFile, ... }:
-let
-  psCfg = config.pub-solar;
-  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
-  home = config.home-manager.users."${psCfg.user.name}".home;
-in
-''
-  <domain type='kvm'>
-    <name>${vm.name}</name>
-    <uuid>UUID</uuid>
-    <metadata>
-      <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
-        <libosinfo:os id="${vm.id}"/>
-      </libosinfo:libosinfo>
-    </metadata>
-    <memory unit='KiB'>33554432</memory>
-    <currentMemory unit='KiB'>33554432</currentMemory>
-    <vcpu placement='static'>12</vcpu>
-    <cputune>
-      <vcpupin vcpu='0' cpuset='6'/>
-      <vcpupin vcpu='1' cpuset='7'/>
-      <vcpupin vcpu='2' cpuset='8'/>
-      <vcpupin vcpu='3' cpuset='9'/>
-      <vcpupin vcpu='4' cpuset='10'/>
-      <vcpupin vcpu='5' cpuset='11'/>
-      <vcpupin vcpu='6' cpuset='18'/>
-      <vcpupin vcpu='7' cpuset='19'/>
-      <vcpupin vcpu='8' cpuset='20'/>
-      <vcpupin vcpu='9' cpuset='21'/>
-      <vcpupin vcpu='10' cpuset='22'/>
-      <vcpupin vcpu='11' cpuset='23'/>
-    </cputune>
-    <resource>
-      <partition>/machine</partition>
-    </resource>
-    <os>
-      <type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
-      <loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
-      <nvram>${varsFile}</nvram>
-      <boot dev='hd'/>
-    </os>
-    <features>
-      <acpi/>
-      <apic/>
-      <hyperv>
-        <relaxed state='on'/>
-        <vapic state='on'/>
-        <spinlocks state='on' retries='8191'/>
-        <vendor_id state='on' value='wahtever'/>
-      </hyperv>
-      <kvm>
-        <hidden state='on'/>
-      </kvm>
-      <vmport state='off'/>
-    </features>
-    <cpu mode='custom' match='exact' check='full'>
-      <model fallback='forbid'>EPYC-IBPB</model>
-      <vendor>AMD</vendor>
-      <topology sockets='1' dies='1' cores='6' threads='2'/>
-      <feature policy='require' name='x2apic'/>
-      <feature policy='require' name='tsc-deadline'/>
-      <feature policy='require' name='hypervisor'/>
-      <feature policy='require' name='tsc_adjust'/>
-      <feature policy='require' name='clwb'/>
-      <feature policy='require' name='umip'/>
-      <feature policy='require' name='stibp'/>
-      <feature policy='require' name='arch-capabilities'/>
-      <feature policy='require' name='ssbd'/>
-      <feature policy='require' name='xsaves'/>
-      <feature policy='require' name='cmp_legacy'/>
-      <feature policy='require' name='perfctr_core'/>
-      <feature policy='require' name='clzero'/>
-      <feature policy='require' name='wbnoinvd'/>
-      <feature policy='require' name='amd-ssbd'/>
-      <feature policy='require' name='virt-ssbd'/>
-      <feature policy='require' name='rdctl-no'/>
-      <feature policy='require' name='skip-l1dfl-vmentry'/>
-      <feature policy='require' name='mds-no'/>
-      <feature policy='require' name='pschange-mc-no'/>
-      <feature policy='disable' name='monitor'/>
-      <feature policy='disable' name='svm'/>
-      <feature policy='require' name='topoext'/>
-    </cpu>
-    <clock offset='utc'>
-      <timer name='rtc' tickpolicy='catchup'/>
-      <timer name='pit' tickpolicy='delay'/>
-      <timer name='hpet' present='no'/>
-    </clock>
-    <on_poweroff>destroy</on_poweroff>
-    <on_reboot>restart</on_reboot>
-    <on_crash>destroy</on_crash>
-    <pm>
-      <suspend-to-mem enabled='no'/>
-      <suspend-to-disk enabled='no'/>
-    </pm>
-    <devices>
-      <emulator>${pkgs.qemu}/bin/qemu-system-x86_64</emulator>
-      <disk type='block' device='disk'>
-        <driver name='qemu' type='raw'/>
-        <source dev='${vm.disk}'/>
-        <backingStore/>
-        <target dev='vdb' bus='virtio'/>
-        <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
-      </disk>
-      <controller type='usb' index='0' model='qemu-xhci' ports='15'>
-        <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
-      </controller>
-      <controller type='sata' index='0'>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
-      </controller>
-      <controller type='pci' index='0' model='pcie-root'/>
-      <controller type='pci' index='1' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='1' port='0x10'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
-      </controller>
-      <controller type='pci' index='2' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='2' port='0x11'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
-      </controller>
-      <controller type='pci' index='3' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='3' port='0x12'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
-      </controller>
-      <controller type='pci' index='4' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='4' port='0x13'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
-      </controller>
-      <controller type='pci' index='5' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='5' port='0x14'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
-      </controller>
-      <controller type='pci' index='6' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='6' port='0x15'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
-      </controller>
-      <controller type='pci' index='7' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='7' port='0x16'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
-      </controller>
-      <controller type='pci' index='8' model='pcie-to-pci-bridge'>
-        <model name='pcie-pci-bridge'/>
-        <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
-      </controller>
-      <controller type='pci' index='9' model='pcie-root-port'>
-        <model name='pcie-root-port'/>
-        <target chassis='9' port='0x17'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
-      </controller>
-      <controller type='virtio-serial' index='0'>
-        <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
-      </controller>
-      ${if vm.mountHome then ''
-        <filesystem type='mount' accessmode='mapped'>
-          <source dir='/home/${psCfg.user.name}'/>
-          <target dir='/media/home'/>
-          <address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
-        </filesystem>
-      '' else ""}
-      <interface type='network'>
-        <mac address='52:54:00:44:cd:ac'/>
-        <source network='default'/>
-        <model type='rtl8139'/>
-        <address type='pci' domain='0x0000' bus='0x08' slot='0x01' function='0x0'/>
-      </interface>
-      <serial type='pty'>
-        <target type='isa-serial' port='0'>
-          <model name='isa-serial'/>
-        </target>
-      </serial>
-      <console type='pty'>
-        <target type='serial' port='0'/>
-      </console>
-      <input type='tablet' bus='usb'>
-        <address type='usb' bus='0' port='1'/>
-      </input>
-      <input type='mouse' bus='ps2'/>
-      <input type='keyboard' bus='ps2'/>
-      <graphics type='spice' autoport='yes' listen='127.0.0.1'>
-        <listen type='address' address='127.0.0.1'/>
-        <image compression='off'/>
-      </graphics>
-      <video>
-        <model type='cirrus' vram='16384' heads='1' primary='yes'/>
-        <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
-      </video>
-      <hostdev mode='subsystem' type='usb' managed='yes'>
-        <source>
-          <vendor id='0x046d'/>
-          <product id='0xc328'/>
-          <address bus='1' device='2'/>
-        </source>
-        <address type='usb' bus='0' port='4'/>
-      </hostdev>
-      <hostdev mode='subsystem' type='usb' managed='yes'>
-        <source>
-          <vendor id='0x046d'/>
-          <product id='0xc52b'/>
-          <address bus='1' device='4'/>
-        </source>
-        <address type='usb' bus='0' port='5'/>
-      </hostdev>
-      ${if vm.gpu then ''
-        <hostdev mode='subsystem' type='pci' managed='yes'>
-          <driver name='vfio'/>
-          <source>
-            <address domain='0x0000' bus='0x0b' slot='0x00' function='0x0'/>
-          </source>
-          <rom bar='on' file='/etc/nixos/devices/chocolatebar/virtualisation/${
-            if psCfg.virtualisation.rx5700xt
-              then "rx5700xt"
-              else "rx550"
-          }.rom'/>
-          <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0' multifunction='on'/>
-        </hostdev>
-        <hostdev mode='subsystem' type='pci' managed='yes'>
-          <driver name='vfio'/>
-          <source>
-            <address domain='0x0000' bus='0x0b' slot='0x00' function='0x1'/>
-          </source>
-          <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x1'/>
-        </hostdev>
-      '' else ""}
-      <redirdev bus='usb' type='spicevmc'>
-        <address type='usb' bus='0' port='2'/>
-      </redirdev>
-      <redirdev bus='usb' type='spicevmc'>
-        <address type='usb' bus='0' port='3'/>
-      </redirdev>
-      <memballoon model='virtio'>
-        <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
-      </memballoon>
-      <shmem name='scream-ivshmem'>
-        <model type='ivshmem-plain'/>
-        <size unit='M'>2</size>
-        <address type='pci' domain='0x0000' bus='0x08' slot='0x02' function='0x0'/>
-      </shmem>
-    </devices>
-  </domain>
-''
diff --git a/hosts/ryzensun/virtualisation/network-xml.nix b/hosts/ryzensun/virtualisation/network-xml.nix
deleted file mode 100644
index 81882917..00000000
--- a/hosts/ryzensun/virtualisation/network-xml.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, lib, ... }:
-''
-  <network>
-    <name>default</name>
-    <uuid>UUID</uuid>
-    <forward mode='nat'>
-      <nat>
-        <port start='1024' end='65535'/>
-      </nat>
-    </forward>
-    <bridge name='virbr0' stp='on' delay='0'/>
-    <mac address='52:54:00:bd:a0:73'/>
-    <ip address='192.168.122.1' netmask='255.255.255.0'>
-      <dhcp>
-        <range start='192.168.122.2' end='192.168.122.254'/>
-      </dhcp>
-    </ip>
-  </network>
-''