{
  atlas = {
    type = "physical";

    nixosModule.lab = {
      storage = {
        osDisk = "/dev/sda";
        dataPartition = "/dev/nvme0n1p1";
      };

      ssh = {
        useCertificates = true;
        hostCert = builtins.readFile ./certificates/atlas/host_ed25519.crt;
        userCert = builtins.readFile ./certificates/atlas/user_ed25519.crt;
      };
    };
  };

  jefke = {
    type = "physical";

    nixosModule = {
      lab = {
        storage = {
          osDisk = "/dev/sda";
          dataPartition = "/dev/nvme0n1p1";
        };

        ssh = {
          useCertificates = true;
          hostCert = builtins.readFile ./certificates/jefke/host_ed25519.crt;
          userCert = builtins.readFile ./certificates/jefke/user_ed25519.crt;
        };
      };
    };
  };

  lewis = {
    type = "physical";

    nixosModule.lab = {
      backups.enable = true;
      data-sharing.enable = true;
      networking.dmz.allowConnectivity = true;

      storage = {
        osDisk = "/dev/sda";
        dataPartition = "/dev/nvme0n1p1";
      };

      ssh = {
        useCertificates = true;
        hostCert = builtins.readFile ./certificates/lewis/host_ed25519.crt;
        userCert = builtins.readFile ./certificates/lewis/user_ed25519.crt;
      };
    };
  };

  hermes = {
    type = "virtual";
    hypervisorName = "lewis";

    nixosModule = { config, ... }: {
      lab = {
        networking.dmz.services.enable = true;

        vm = {
          # TODO: would be cool to create a check that a mac address is only ever assigned to one VM.
          # TODO: idea: what if we generated these IDs by hashing the host name and reducing that to the amount of hosts possible?
          id = 7;
          staticNetworking = true;
          staticIPv4 = config.lab.networking.dmz.ipv4.services;
          staticIPv6 = config.lab.networking.dmz.ipv6.services;

          shares = [{
            name = "dnsmasq";
            mountPoint = "/var/lib/dnsmasq";
          }];
        };
      };
    };
  };

  maestro = {
    type = "virtual";
    hypervisorName = "atlas";

    nixosModule = { config, ... }: {
      microvm.balloonMem = 7680;

      lab = {
        dockerSwarm.enable = true;

        vm = {
          id = 1;
        };
      };
    };
  };

  bancomart = {
    type = "virtual";
    hypervisorName = "jefke";

    nixosModule = {
      microvm.balloonMem = 7680;

      lab = {
        dockerSwarm.enable = true;
        vm.id = 2;
      };
    };
  };

  vpay = {
    type = "virtual";
    hypervisorName = "lewis";

    nixosModule = {
      microvm.balloonMem = 5632;

      lab = {
        dockerSwarm.enable = true;
        vm.id = 3;
      };
    };
  };

  k3s = {
    type = "virtual";
    hypervisorName = "atlas";

    nixosModule = {
      microvm.balloonMem = 7680;

      lab = {
        k3s.enable = true;

        vm = {
          id = 4;

          shares = [{
            name = "k3s";
            mountPoint = "/var/lib/rancher/k3s";
          }];
        };
      };
    };
  };
}