diff --git a/common/services.nix b/common/services.nix
index a1f504b..38faaa7 100644
--- a/common/services.nix
+++ b/common/services.nix
@@ -13,7 +13,7 @@
     gnumake
     parted
     zfs
-
+    nixos-generators
     sqlite
   ];
 
diff --git a/common/users.nix b/common/users.nix
index 5a40ade..b33e107 100644
--- a/common/users.nix
+++ b/common/users.nix
@@ -10,6 +10,13 @@
     ];
   };
 
+  users.users.root = {
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTESAAAAIJ0pUS@lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCS9VBRE13jojnqVjuUZWTcOK8GokDDlk2U0i61vEJizVzNowGnIAbwq0cOaFEBX4JBkOa4I8Ku2Pw7fODuoehSK/t7FrfXExk2PBT3k0mfzqQYxfq5bzae7AWr7n/sKUBTtvHSACfidxzQpV7VSgW68jqdOt6h7FHSeS2jac7wUNPobL0uCkFB4FiEQOnIqlRGSSabVemL7bC9H9lUyOODSTthiq9S3pPYknyHDRKUtSCSw4pfpasr4bxDVSW99h3GBcW0hZbpw5bwlxQlwbclxQDnn7XJhWpq6zL/2ScVGJgd94z7FshKoF5IFTk6e7a/Ouv4Ato4hRLxEe5u70CH ssh-key-2023-07-11"
+    ];
+  };
+
   programs.git = {
     enable = true;
     config = {
diff --git a/flake.lock b/flake.lock
index 3e104ae..a17db51 100644
--- a/flake.lock
+++ b/flake.lock
@@ -209,6 +209,22 @@
         "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1748942041,
+        "narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=",
+        "owner": "nixos",
+        "repo": "nixos-hardware",
+        "rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "master",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1745391562,
@@ -277,6 +293,7 @@
         "catppuccin": "catppuccin",
         "home-manager": "home-manager_2",
         "lix-module": "lix-module",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_3",
         "vscode-server": "vscode-server",
         "zen-browser": "zen-browser"
diff --git a/flake.nix b/flake.nix
index 84027ee..bbcf3d8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,6 +2,8 @@
 {
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
+    nixos-hardware.url = "github:nixos/nixos-hardware/master";
+
     lix-module = {
       url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -95,6 +97,21 @@
           ];
         };
 
+        morax = nixpkgs.lib.nixosSystem {
+          system = "aarch64-linux";
+          specialArgs = {
+            inherit inputs;
+            system = "aarch64-linux";
+          };
+          modules = [
+            ./hosts/morax
+            nixos-hardware.nixosModules.raspberry-pi-4
+            
+            agenix.nixosModules.default
+          ];
+        };
+
+
         # Easy to add more hosts
         /*
           server2 = nixpkgs.lib.nixosSystem {
diff --git a/hosts/focalor/default.nix b/hosts/focalor/default.nix
index de121ed..80f6a7a 100644
--- a/hosts/focalor/default.nix
+++ b/hosts/focalor/default.nix
@@ -28,8 +28,8 @@
 
   # pin host platform & microcode
   nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault
-    config.hardware.enableRedistributableFirmware;
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
 
   networking.hostName = "focalor";
   networking.hostId = "84bdc587";
diff --git a/hosts/morax/default.nix b/hosts/morax/default.nix
new file mode 100644
index 0000000..aa1459c
--- /dev/null
+++ b/hosts/morax/default.nix
@@ -0,0 +1,45 @@
+{ config, lib, pkgs, modulesPath, inputs, ... }:
+
+{
+  imports = [
+    ./hardware.nix
+    ./secrets.nix
+    
+    ../../common/system.nix
+    ../../common/users.nix
+    ../../common/services.nix
+    ../../host-secrets.nix
+  ];
+
+  system.stateVersion = "25.05";
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  hardware.enableRedistributableFirmware = true;
+  hardware.enableAllHardware = lib.mkForce false; #https://github.com/NixOS/nixpkgs/issues/154163#issuecomment-2868994145
+
+  networking = {
+    hostName = "morax";
+    hostId = "2631a44a";
+    firewall.enable = false;
+    defaultGateway = {
+      address = "10.0.0.1";
+      interface = "eth0";
+    };
+    nameservers = [ "1.1.1.1" ];
+    interfaces.eth0 = {
+      ipv4.addresses = [{
+        address = "10.0.0.210";
+        prefixLength = 24;
+      }];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    inputs.agenix.packages.aarch64-linux.default
+  ];
+
+  virtualisation.docker = {
+    enable = true;
+    enableOnBoot = true;
+  };
+}
\ No newline at end of file
diff --git a/hosts/morax/hardware.nix b/hosts/morax/hardware.nix
new file mode 100644
index 0000000..077404a
--- /dev/null
+++ b/hosts/morax/hardware.nix
@@ -0,0 +1,3 @@
+{
+  
+}
\ No newline at end of file
diff --git a/hosts/morax/secrets.nix b/hosts/morax/secrets.nix
new file mode 100644
index 0000000..077404a
--- /dev/null
+++ b/hosts/morax/secrets.nix
@@ -0,0 +1,3 @@
+{
+  
+}
\ No newline at end of file