diff --git a/hosts/parsons/configuration.nix b/hosts/parsons/configuration.nix
index 6c858b1..a5cab21 100644
--- a/hosts/parsons/configuration.nix
+++ b/hosts/parsons/configuration.nix
@@ -18,6 +18,8 @@
     ../../services/syncthing.nix
     ../../services/gitlab.nix
     ../../services/nginx-pages.nix
+
+    ./lxc.nix
   ];
 
   hexchen.encboot = {
diff --git a/hosts/parsons/lxc.nix b/hosts/parsons/lxc.nix
new file mode 100644
index 0000000..2fdd8d7
--- /dev/null
+++ b/hosts/parsons/lxc.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.bridges.lxcbr0.interfaces = [];
+  networking.interfaces.lxcbr0.ipv4.addresses = [
+    {
+      address = "10.1.2.1";
+      prefixLength = 24;
+    }
+  ];
+  networking.nat.internalInterfaces = [ "lxcbr0" ];
+
+  virtualisation.lxc.enable = true;
+  virtualisation.lxc.systemConfig = ''
+    lxc.bdev.zfs.root = zroot/safe/containers/lxc
+    lxc.lxcpath = /persist/lxc
+  '';
+
+  users.users.root.subUidRanges = [{ count = 65536; startUid = 100000; }];
+  users.users.root.subGidRanges = [{ count = 65536; startGid = 100000; }];
+
+  environment.etc."lxc/share".source = "${pkgs.lxc}/share/lxc";
+
+
+  services.nginx.virtualHosts."onlyoffice.infra4future.de" = {
+    locations."/".proxyPass = "http://10.1.2.233:80";
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.nginx.virtualHosts."auth.infra4future.de" = {
+    locations."/".proxyPass = "http://10.1.2.104:8080";
+    enableACME = true;
+    forceSSL = true;
+  };
+}