diff --git a/flake.nix b/flake.nix
index 6ebf07e1..f34b5d14 100644
--- a/flake.nix
+++ b/flake.nix
@@ -46,6 +46,8 @@
       nixosConfigurations = {
         kharbranth = mkSystem "x86_64-linux" "kharbranth";
         kholinar = mkSystem "x86_64-linux" "kholinar";
+        lasting-integrity = mkSystem "x86_64-linux" "lasting-integrity";
+        urithiru = mkSystem "x86_64-linux" "urithiru";
       };
     };
 }
diff --git a/machines/lasting-integrity/default.nix b/machines/lasting-integrity/default.nix
new file mode 100644
index 00000000..1eb2e0cc
--- /dev/null
+++ b/machines/lasting-integrity/default.nix
@@ -0,0 +1,54 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware.nix
+    ./secret.nix
+  ];
+
+  boot.loader = {
+    grub = {
+      enable = true;
+      efiSupport = true;
+      mirroredBoots = [
+        { devices = [ "nodev" ]; path = "/boot/ESP0"; }
+        { devices = [ "nodev" ]; path = "/boot/ESP1"; }
+      ];
+    };
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot/EFI";
+    };
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  networking = {
+    hostName = "lasting-integrity";
+    hostId = "b352adfe";
+    useDHCP = false;
+    interfaces = {
+      eno1.useDHCP = false;
+      eno2.useDHCP = false;
+      eno3.useDHCP = false;
+      eno4.useDHCP = false;
+    };
+  };
+
+  users = {
+    mutableUsers = false;
+    defaultUserShell = pkgs.zsh;
+    users.charlotte = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "systemd-journal" ];
+    };
+  };
+
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "prohibit-password";
+
+  services.zfs.autoScrub.enable = true;
+  services.zfs.trim.enable = true;
+
+  system.stateVersion = "20.09";
+}
diff --git a/machines/lasting-integrity/hardware.nix b/machines/lasting-integrity/hardware.nix
new file mode 100644
index 00000000..0acf8b9e
--- /dev/null
+++ b/machines/lasting-integrity/hardware.nix
@@ -0,0 +1,62 @@
+{ lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+      kernelModules = [ ];
+      postDeviceCommands = lib.mkAfter ''
+        zfs rollback -r zroot/local/root@blank
+      '';
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    supportedFilesystems = [ "zfs" ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "zroot/local/root";
+      fsType = "zfs";
+    };
+    "/nix" = {
+      device = "zroot/local/nix";
+      fsType = "zfs";
+    };
+    "/nix/store" = {
+      device = "zroot/local/nix-store";
+      fsType = "zfs";
+    };
+    "/data" = {
+      device = "zroot/safe/data";
+      fsType = "zfs";
+    };
+    "/cache" = {
+      device = "zroot/safe/cache";
+      fsType = "zfs";
+    };
+    "/srv/data" = {
+      device = "zdata/data";
+      fsType = "zfs";
+    };
+    "/boot/ESP0" = {
+      device = "/dev/disk/by-uuid/BC0C-3065";
+      fsType = "vfat";
+    };
+    "/boot/ESP1" = {
+      device = "/dev/disk/by-uuid/BC67-2D0D";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/7b9d63e0-5525-4022-9d1a-6c62d52dfb78"; }
+    { device = "/dev/disk/by-uuid/2602f9a5-c42a-4514-bc4a-30fbb2c08ee9"; }
+    { device = "/dev/disk/by-uuid/0f98f67f-227f-4a03-892d-d2dfd37e39ad"; }
+    { device = "/dev/disk/by-uuid/c7bd8b09-45cb-42cd-b355-1a1f2ebde6d4"; }
+  ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/machines/lasting-integrity/secret.nix b/machines/lasting-integrity/secret.nix
new file mode 100644
index 00000000..fdd36868
Binary files /dev/null and b/machines/lasting-integrity/secret.nix differ
diff --git a/machines/urithiru/default.nix b/machines/urithiru/default.nix
new file mode 100644
index 00000000..9ef72d6f
--- /dev/null
+++ b/machines/urithiru/default.nix
@@ -0,0 +1,54 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ./hardware.nix
+    ./secret.nix
+  ];
+
+  boot.loader = {
+    grub = {
+      enable = true;
+      efiSupport = true;
+      mirroredBoots = [
+        { devices = [ "nodev" ]; path = "/boot/ESP0"; }
+        { devices = [ "nodev" ]; path = "/boot/ESP1"; }
+      ];
+    };
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot/EFI";
+    };
+  };
+
+  time.timeZone = "Europe/Berlin";
+
+  networking = {
+    hostName = "urithiru";
+    hostId = "079e60ba";
+    useDHCP = false;
+    interfaces = {
+      eno1.useDHCP = false;
+      eno2.useDHCP = false;
+      eno3.useDHCP = false;
+      eno4.useDHCP = false;
+    };
+  };
+
+  users = {
+    mutableUsers = false;
+    defaultUserShell = pkgs.zsh;
+    users.charlotte = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "systemd-journal" ];
+    };
+  };
+
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "prohibit-password";
+
+  services.zfs.autoScrub.enable = true;
+  services.zfs.trim.enable = true;
+
+  system.stateVersion = "20.09";
+}
diff --git a/machines/urithiru/hardware.nix b/machines/urithiru/hardware.nix
new file mode 100644
index 00000000..67436165
--- /dev/null
+++ b/machines/urithiru/hardware.nix
@@ -0,0 +1,62 @@
+{ lib, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+      kernelModules = [ ];
+      postDeviceCommands = lib.mkAfter ''
+        zfs rollback -r zroot/local/root@blank
+      '';
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    supportedFilesystems = [ "zfs" ];
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "zroot/local/root";
+      fsType = "zfs";
+    };
+    "/nix" = {
+      device = "zroot/local/nix";
+      fsType = "zfs";
+    };
+    "/nix/store" = {
+      device = "zroot/local/nix-store";
+      fsType = "zfs";
+    };
+    "/data" = {
+      device = "zroot/safe/data";
+      fsType = "zfs";
+    };
+    "/cache" = {
+      device = "zroot/safe/cache";
+      fsType = "zfs";
+    };
+    "/srv/data" = {
+      device = "zdata/data";
+      fsType = "zfs";
+    };
+    "/boot/ESP0" = {
+      device = "/dev/disk/by-uuid/6ED1-0638";
+      fsType = "vfat";
+    };
+    "/boot/ESP1" = {
+      device = "/dev/disk/by-uuid/6F25-C8B8";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/2b90207f-2d08-49aa-8a05-2c98c59224c1"; }
+    { device = "/dev/disk/by-uuid/e0c10fec-cef8-43ac-8a41-905c9d50609f"; }
+    { device = "/dev/disk/by-uuid/860a9a86-7882-479c-8be8-f51a5edbf7f7"; }
+    { device = "/dev/disk/by-uuid/088f30de-c76d-4843-ac62-8442852b372d"; }
+  ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/machines/urithiru/secret.nix b/machines/urithiru/secret.nix
new file mode 100644
index 00000000..cd6eaead
Binary files /dev/null and b/machines/urithiru/secret.nix differ
diff --git a/remote.sh b/remote.sh
new file mode 100755
index 00000000..2bd6b1d9
--- /dev/null
+++ b/remote.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+set -x
+
+nixos-rebuild --flake .#$1 --target-host root@$1 --build-host localhost $2