diff --git a/README.md b/README.md
index 7e9db00..3a811e4 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,19 @@ All services below are running under Docker, except NSD and Borg.
 - RSS feed reader using [FreshRSS](https://miniflux.app/)
 - Metrics using [Prometheus](https://prometheus.io/)
 
+## Virtualization
+
+Currently this repository is ran as a physical server, but we intend to virtualize it.
+First, the whole server should be virtualized on a single virtual machine.
+After that, it will be split up into several virtual machines.
+The services on each virtual machine should have similar services/security properties.
+
+Provisional split of services on virtual machines:
+- "public web" VM: Mastodon, static HTML server, cyberchef, jitsi meet, inbucket
+- "data" VM: seafile, radicale, syncthing, freshrss
+- "management" VM: reverse proxy, prometheus, kms
+- "git" VM: forgejo. Because forgejo is a somewhat single point of failure, it should have its own VM.
+
 ## Possible future services
 
 - matrix