diff --git a/lib/default.nix b/lib/default.nix
new file mode 100644
index 0000000..490c652
--- /dev/null
+++ b/lib/default.nix
@@ -0,0 +1,38 @@
+{ nixpkgs, home-manager, sops-nix, nixpkgs-unstable, inputs }:
+with builtins;
+
+let
+  overlay-unstable = final: prev: {
+    unstable = nixpkgs-unstable.legacyPackages.x86_64-linux;
+  };
+in
+{
+
+  mkMachine = host: host-config: modules: nixpkgs.lib.nixosSystem {
+    system = "x86_64-linux";
+    specialArgs = {
+      inherit inputs;
+    };
+    modules = builtins.attrValues modules ++ [
+      ./base.nix
+      sops-nix.nixosModules.sops
+      host-config
+      home-manager.nixosModules.home-manager
+      {
+        home-manager.useUserPackages = true;
+        nixpkgs.overlays = [
+          inputs.neovim-nightly-overlay.overlay
+          overlay-unstable
+          (final: prev:
+            {
+              tinystatus = prev.pkgs.callPackage ./packages/tinystatus {};
+              mosh = prev.pkgs.callPackage ./packages/mosh {};
+            })
+        ];
+      }
+    ];
+  };
+
+  importConfig = with builtins; path: (mapAttrs (name: value: import (path + "/${name}/default.nix")) (readDir path));
+
+}
diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix
index c827364..8172cc0 100644
--- a/machines/lisa/default.nix
+++ b/machines/lisa/default.nix
@@ -34,6 +34,8 @@
 
   nix.maxJobs = lib.mkDefault 4;
 
+  services.fail2ban.enable = true;
+
   networking.hostName = "lisa";
   networking.interfaces.ens18.useDHCP = true;
   networking.interfaces.ens19.useDHCP = false;
diff --git a/machines/newton/default.nix b/machines/newton/default.nix
index 5e77c2c..22692ff 100644
--- a/machines/newton/default.nix
+++ b/machines/newton/default.nix
@@ -21,6 +21,8 @@ in
   networking.interfaces.enp2s0f0.useDHCP = true;
   networking.interfaces.enp2s0f1.useDHCP = true;
 
+  services.fail2ban.enable = true;
+
   services.zfs.autoSnapshot.enable = true;
   services.zfs.autoScrub.enable = true;