diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.gitignore b/.gitignore
index 146575e..b1c8210 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,8 +11,8 @@ crash.log
 crash.*.log
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
@@ -37,3 +37,5 @@ override.tf.json
 .terraformrc
 terraform.rc
 
+# nix
+.direnv
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..257344b
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,23 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/lxc/incus" {
+  version     = "0.3.1"
+  constraints = "0.3.1"
+  hashes = [
+    "h1:OKdDao225lPcaL+Ib2hLLV8w8mWrx0BbEifMtFVwSJc=",
+    "zh:32b1c9dbd31e3ebf78994f19646feb10e304c3f40035de3d7c75afd08bfbd9d9",
+    "zh:39f74690d6c012f66fd14ffd2606e342c9ae693ff73e81c3d06a0867ffbbc8ab",
+    "zh:45cbe9cbfae44d9ef04d96ac717bf3e0b9493bf46da14c0c561f1518802ea040",
+    "zh:610d3da892aadfe5c03b1bb2cf76fea7645c8bde7a06543611cb165b56a73608",
+    "zh:6cef7658a5fd58bf0e88d8e5f335ca1f96aa96f9f77ea0b9fc17d314b204413a",
+    "zh:a26789474e406dc0e68a38cbb0defcbb832d7ffff659c29f6a5098c545ea9651",
+    "zh:b6beaffb4525b26a9deb64cff94fd248ab9b654a7e57610e36666823b499ea40",
+    "zh:d11fcee90dbe7a45d081a522b28adf7712c6bd41a96ca90b30195acdae973c2c",
+    "zh:dc992f89ae4cdb59a27d5867837bb725b24103b228e84714bbb8e900004377ef",
+    "zh:dcb731680196bad03101d2f9cd93911906b7c82ab182166ed437db7d6f97f590",
+    "zh:eb06fdccfa9f7842e3c40712fde6ffed0e39a3e2d46fe110dae071553f3324d1",
+    "zh:f10f0e4bd197ac35ced4d195eb78d22af9bb558082616e403fc009447417e34e",
+    "zh:fc330285c55cc5f3dbba306534adddc0e9922b1903932d34c2085412d41a38df",
+  ]
+}
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..d890469
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,40 @@
+{
+  "nodes": {
+    "flake-schemas": {
+      "locked": {
+        "lastModified": 1721999734,
+        "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=",
+        "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982",
+        "revCount": 75,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%2A"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1749494155,
+        "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=",
+        "rev": "88331c17ba434359491e8d5889cce872464052c2",
+        "revCount": 803751,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.803751%2Brev-88331c17ba434359491e8d5889cce872464052c2/01975aed-3cf2-75cb-ae5a-3b3ba077bb2e/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/%2A"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-schemas": "flake-schemas",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..64fb56e
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,49 @@
+# This flake was initially generated by fh, the CLI for FlakeHub (version 0.1.22)
+{
+
+  # Flake inputs
+  inputs = {
+    flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/*";
+
+    nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*";
+  };
+
+  # Flake outputs that other flakes can use
+  outputs =
+    {
+      self,
+      flake-schemas,
+      nixpkgs,
+    }:
+    let
+      # Helpers for producing system-specific outputs
+      supportedSystems = [ "x86_64-linux" ];
+      forEachSupportedSystem =
+        f:
+        nixpkgs.lib.genAttrs supportedSystems (
+          system:
+          f {
+            pkgs = import nixpkgs { inherit system; };
+          }
+        );
+    in
+    {
+      # Schemas tell Nix about the structure of your flake's outputs
+      schemas = flake-schemas.schemas;
+
+      # Development environments
+      devShells = forEachSupportedSystem (
+        { pkgs }:
+        {
+          default = pkgs.mkShell {
+            # Pinned packages available in the environment
+            packages = with pkgs; [
+              jq
+              opentofu
+              nixpkgs-fmt
+            ];
+          };
+        }
+      );
+    };
+}
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..a88de5f
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,18 @@
+locals {
+  default_remote = "lappy"
+  instances = {
+    "tofu-example" = {
+
+    },
+  }
+}
+
+resource "incus_instance" "demo" {
+  name = "demo"
+  image  = "images:fedora/42"
+  config = {
+    "boot.autostart" = true
+    "limits.cpu"     = 2
+    "limits.memory"  = "4GiB"
+  }
+}
diff --git a/providers.tf b/providers.tf
new file mode 100644
index 0000000..3761dcc
--- /dev/null
+++ b/providers.tf
@@ -0,0 +1,23 @@
+terraform {
+  required_providers {
+    incus = {
+      source = "lxc/incus"
+      version = "0.3.1"
+    }
+  }
+}
+
+
+provider "incus" {
+  generate_client_certificates = true
+  accept_remote_certificate    = true
+
+  remote {
+    default = true
+    name    = "lappy"
+    scheme  = "https"
+    address = "olympus.tailfc9f5.ts.net"
+    token   = "token"
+  }
+}
+