diff --git a/flake.lock b/flake.lock
index 809264b..e43e407 100644
--- a/flake.lock
+++ b/flake.lock
@@ -116,11 +116,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1686392259,
-        "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
+        "lastModified": 1686929285,
+        "narHash": "sha256-WGtVzn+vGMPTXDO0DMNKVFtf+zUSqeW+KKk4Y/Ae99I=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88",
+        "rev": "93fddcf640ceca0be331210ba3101cee9d91c13d",
         "type": "github"
       },
       "original": {
@@ -148,11 +148,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1686442132,
-        "narHash": "sha256-0mG8PhyOIYAl4uZBBL2hU50ZLeh8Y3iKX5+o5xHEQIo=",
+        "lastModified": 1686979235,
+        "narHash": "sha256-gBlBtk+KrezFkfMrZw6uwTuA7YWtbFciiS14mEoTCo0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "30a6ecff17bc023b5f894d3a11866495e6d8c17a",
+        "rev": "7cc30fd5372ddafb3373c318507d9932bd74aafe",
         "type": "github"
       },
       "original": {
@@ -164,11 +164,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1686442132,
-        "narHash": "sha256-0mG8PhyOIYAl4uZBBL2hU50ZLeh8Y3iKX5+o5xHEQIo=",
+        "lastModified": 1686979235,
+        "narHash": "sha256-gBlBtk+KrezFkfMrZw6uwTuA7YWtbFciiS14mEoTCo0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "30a6ecff17bc023b5f894d3a11866495e6d8c17a",
+        "rev": "7cc30fd5372ddafb3373c318507d9932bd74aafe",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 38d91b8..503a66c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -64,6 +64,28 @@
         ];
       };
 
+      hemera = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./hosts/hemera/configuration.nix
+          private.nixosModules.hemera
+
+          ({ config, pkgs, ...}: {
+            services.nix-serve = {
+              enable = true;
+              secretKeyFile = "/etc/tempest/bincache/key-priv.pem";
+            };
+
+            services.nginx = {
+              enable = true;
+              recommendedProxySettings = true;
+              virtualHosts."hemera.tempest.local" = {
+                locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+              };
+            };
+          })
+        ];
+      };
     };
   };
 }
diff --git a/hosts/hemera/configuration.nix b/hosts/hemera/configuration.nix
new file mode 100644
index 0000000..00fc4d0
--- /dev/null
+++ b/hosts/hemera/configuration.nix
@@ -0,0 +1,45 @@
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../../common/tailscale.nix
+    ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.sandbox = "relaxed";
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "hemera";
+  networking.networkmanager.enable = true;
+  time.timeZone = "America/Denver";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  users.users.rose = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    packages = with pkgs; [
+      zsh
+    ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  environment.systemPackages = with pkgs; [
+    vim
+    neovim
+    wget
+    htop
+    git
+  ];
+
+  services.openssh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 80 ];
+  system.stateVersion = "22.11"; # Did you read the comment?
+}
+
diff --git a/hosts/hemera/hardware-configuration.nix b/hosts/hemera/hardware-configuration.nix
new file mode 100644
index 0000000..7a6c490
--- /dev/null
+++ b/hosts/hemera/hardware-configuration.nix
@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  virtualisation.hypervGuest.enable = true;
+}
diff --git a/hosts/nyx/configuration.nix b/hosts/nyx/configuration.nix
index 534ae27..c402db5 100644
--- a/hosts/nyx/configuration.nix
+++ b/hosts/nyx/configuration.nix
@@ -2,7 +2,8 @@
 let
   home-manager = builtins.fetchTarball {
     url = "https://github.com/nix-community/home-manager/archive/release-22.11.tar.gz";
-    sha256 = "1cp2rpprcfl4mjsrsrpfg6278nf05a0mpl3m0snksvdalfmc5si5";
+    # sha256 = "1cp2rpprcfl4mjsrsrpfg6278nf05a0mpl3m0snksvdalfmc5si5";
+    sha256 = "1kx7rzi8ycm5hsldihr7a2h19402qw454zgpc16m6y8ghcnfbsxm";
   };
 
 in {