diff --git a/hosts/common/optional/lxd.nix b/hosts/common/optional/lxd.nix
deleted file mode 100644
index 5df8a9b..0000000
--- a/hosts/common/optional/lxd.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  virtualisation.lxc = {
-    enable = true;
-    lxcfs.enable = true;
-  };
-}
-
diff --git a/hosts/common/optional/lxd/default.nix b/hosts/common/optional/lxd/default.nix
new file mode 100644
index 0000000..6a42ca5
--- /dev/null
+++ b/hosts/common/optional/lxd/default.nix
@@ -0,0 +1,18 @@
+{
+  imports = [
+    ./lxd-preseed.nix
+    ./lxd-networking.nix
+  ];
+
+  virtualisation = {
+    lxd = {
+      enable = true;
+
+      recommendedSysctlSettings = true;
+    };
+
+    lxc = {
+      lxcfs.enable = true;
+    };
+  };
+}
diff --git a/hosts/common/optional/lxd/lxd-networking.nix b/hosts/common/optional/lxd/lxd-networking.nix
new file mode 100644
index 0000000..e22a18a
--- /dev/null
+++ b/hosts/common/optional/lxd/lxd-networking.nix
@@ -0,0 +1,21 @@
+{ ... }:
+let
+  lxd_profiles = {
+    "default" = (import ./profiles/default.nix);
+  };
+in
+{
+  boot = {
+    kernelModules = [ "nf_nat_ftp" ];
+
+    kernel.sysctl = {
+      "net.ipv4.conf.all.forwarding" = true;
+      "net.ipv4.conf.default.forwarding" = true;
+    };
+  };
+
+  # allow static ipv4 for containers
+  networking.firewall.extraCommands = ''
+    iptables -a input -i ${lxd_profiles.default.network.name} -m comment --comment "lxd rule for ${lxd_profiles.default.network.name}" -j accept
+  '';
+}
diff --git a/hosts/common/optional/lxd/lxd-preseed.nix b/hosts/common/optional/lxd/lxd-preseed.nix
new file mode 100644
index 0000000..3b971de
--- /dev/null
+++ b/hosts/common/optional/lxd/lxd-preseed.nix
@@ -0,0 +1,26 @@
+{ ... }:
+
+let
+  lxd_profiles = {
+    "default" = (import ./profiles/default.nix);
+  };
+in
+{
+  virtualisation = {
+    lxd = {
+      preseed =  {
+        networks = [
+          lxd_profiles.default.network
+        ];
+
+        profiles = [
+          lxd_profiles.default.profile
+        ];
+
+        storage_pools = [
+          lxd_profiles.default.storage_pool
+        ];  
+      };
+    };
+  };
+}
diff --git a/hosts/common/optional/lxd/profiles/default.nix b/hosts/common/optional/lxd/profiles/default.nix
new file mode 100644
index 0000000..98e3ba4
--- /dev/null
+++ b/hosts/common/optional/lxd/profiles/default.nix
@@ -0,0 +1,35 @@
+{
+  network = {
+    name = "lxdBrDefault";
+    type = "bridge";
+
+    config = {
+      "ipv4.address" = "10.100.1.1/8";
+      "ipv4.nat" = "true";
+    };
+  };
+
+  storage_pool = {
+    name = "test";
+    driver = "zfs";
+    config.source = "zspeed/test";
+  };
+
+  profile = {
+    name = "default";
+    devices = {
+      "eth0" = {
+        name = "eth0";
+        nictype = "bridged";
+        parent = "lxdBrDefault";
+        type = "nic";
+      };
+      "root" = {
+        path = "/";
+        pool = "default";
+        size = "8GiB";
+        type = "disk";
+      };
+    };
+  };
+}
diff --git a/hosts/nebula/default.nix b/hosts/nebula/default.nix
index e146d9f..f57a197 100644
--- a/hosts/nebula/default.nix
+++ b/hosts/nebula/default.nix
@@ -23,8 +23,7 @@ in
 
       # Import optional options
       ../common/optional/openssh.nix
-      ../common/optional/lxd.nix
-
+      ../common/optional/lxd
 
     ];