diff --git a/flake.nix b/flake.nix
index 60e7f47..f844e93 100644
--- a/flake.nix
+++ b/flake.nix
@@ -22,6 +22,12 @@
       pkgs = inputs.nixpkgs.legacyPackages.${system};
       pkgs-unstable = inputs.unstable.legacyPackages.${system};
       nixgl = inputs.nixgl.packages.${system};
+      osConfig = name: nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./os/${name}/configuration.nix
+        ];
+      };
     in
     {
       homeConfigurations."anvaure@Allegro23-12" = inputs.home-manager.lib.homeManagerConfiguration {
@@ -90,24 +96,10 @@
         ];
       };
 
-      nixosConfigurations.basado = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./os/basado/configuration.nix
-        ];
-      };
-
-      nixosConfigurations.moon = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [
-          ./os/moon/configuration.nix
-        ];
-      };
-
-      nixosConfigurations.hs = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = [ ./os/hs/configuration.nix ];
-      };
+      nixosConfigurations.basado = osConfig "basado";
+      nixosConfigurations.moon = osConfig "moon";
+      nixosConfigurations.hs = osConfig "hs";
+      nixosConfigurations.ks = osConfig "ks";
 
       build-all = pkgs.runCommandNoCC "build-all" {
         buildInputs = 
@@ -121,6 +113,7 @@
           (homeDerivation "ant@hs")
           (homeDerivation "ant@basado")
           (homeDerivation "ant@moon")
+          (homeDerivation "ant@ks")
         ];
       } ''
         echo Build all derivations
diff --git a/os/ks/configuration.nix b/os/ks/configuration.nix
new file mode 100644
index 0000000..b0ae193
--- /dev/null
+++ b/os/ks/configuration.nix
@@ -0,0 +1,176 @@
+{ config, lib, pkgs, ... }:
+
+let
+  domain = "antoinevaure.fr";
+  domainAlex = "pulsewidth.ovh";
+  sshKeys = with (import ../../sshKeys.nix); [
+    basado
+    hs
+    moon
+  ];
+in {
+  imports = [
+    ./hardware-configuration.nix
+    ../common.nix
+  ]; 
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.domain = domain;
+  networking.hostName = "ks";
+
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+  };
+
+  users.users.ant = {
+    isNormalUser = true;
+    description = "ant";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "jellyfin"
+    ];
+    openssh.authorizedKeys.keys = sshKeys;
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "antoinev.freeboxos.fr"
+    ];
+  };
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.${domain}";
+    domains = [ domain domainAlex ];
+
+    # A list of all login accounts. To create the password hashes, use
+    # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+    loginAccounts = {
+      "contact@${domain}" = {
+        hashedPasswordFile = "/var/mail_passwd";
+        # aliases = [ "me@${domain}" ];
+      };
+      "news@${domain}" = { hashedPasswordFile = "/var/mail_passwd"; };
+      "me@${domain}" = { hashedPasswordFile = "/var/mail_passwd"; };
+      "microsoft@${domain}" = { hashedPasswordFile = "/var/mail_passwd"; };
+    };
+
+    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
+    # down nginx and opens port 80.
+    certificateScheme = "acme-nginx";
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "contact@antoinevaure.fr";
+  };
+  services.qbittorrent = {
+    enable = true;
+    serverConfig = {
+      Preferences = {
+        WebUI = {
+          Username = "ant";
+          Password_PBKDF2 = "HWKPqI96WHoQOR46XaKm6Q==:CybDN9tU8rH0aYcgo1X0m5R/6XiNtx9i5JBgLJlYlpv8oXejAYoJ7SqYjZInMbR2WJIQv76RlfAwJ/PepNtevg==";
+        };
+      };
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = let
+      reverseProxy = port: {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${builtins.toString port}";
+          proxyWebsockets = true;
+        };
+      };
+    in {
+      "qbittorrent.${domain}" = (reverseProxy config.services.qbittorrent.webuiPort);
+    };
+  };
+
+  nix.optimise.automatic = true;
+  programs.git = { enable = true; };
+
+  networking.firewall.allowedTCPPorts = [
+    22 # ssh
+    80 # http
+    443 # ssl
+    9418 # git
+    38774 # qbittorrent
+    9191
+    (9191 + 1) # jus
+  ];
+  
+  services = {
+    syncthing = {
+      enable = true;
+      openDefaultPorts = true;
+      group = "syncthing";
+      user = "syncthing";
+      dataDir = "/home/syncthing/shares";
+      configDir = "/home/syncthing/config";
+      overrideDevices =
+        true; # overrides any devices added or deleted through the WebUI
+      overrideFolders =
+        true; # overrides any folders added or deleted through the WebUI
+      settings = {
+        devices = {
+          "home" = {
+            id =
+              "FRCTEHB-WI3Q3CH-6MPKKRX-FTJMOCK-44K2D32-ORM52ZI-S2GTX2X-IRUSAQ5";
+          };
+          "android" = {
+            id =
+              "4Z7HDYB-C56BONH-JRBN5D7-LDFNHQJ-5BQDLVU-O3SMBPI-3VZTL7V-ERGU2Q5";
+          };
+          "allegro" = {
+            id =
+              "CLANFN6-Q26KKQL-S6OZ4JW-75CM2JC-R47DIWM-G7RBX7T-B4TJPTS-5U3ZRQH";
+          };
+        };
+        folders = {
+          "notes" = {
+            id = "njhxw-6wmte";
+            type = "receiveencrypted";
+            path =
+              "/home/syncthing/shares/notes"; # Which folder to add to Syncthing
+            devices = [
+              "home"
+              "android"
+              "allegro"
+            ]; # Which devices to share the folder with
+          };
+
+          "passdb" = {
+            id = "eo3io-kbitv";
+            type = "receiveencrypted";
+            path = "~/passdb";
+            devices = [
+              "home"
+              "android"
+              "allegro"
+            ]; # Which devices to share the folder with
+          };
+        };
+      };
+    };
+  };
+
+  system.stateVersion = "23.11";
+}
+
diff --git a/os/ks/hardware-configuration.nix b/os/ks/hardware-configuration.nix
new file mode 100644
index 0000000..3169acc
--- /dev/null
+++ b/os/ks/hardware-configuration.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/cce1fbc8-61ae-4efe-bcb7-007216abadbd";
+      fsType = "ext4";
+    };
+
+  fileSystems."/disk2" =
+    { device = "/dev/disk/by-uuid/34b2e8b1-a1e9-430a-9e0a-96e3386ab536";
+      fsType = "ext4";
+    };
+
+  fileSystems."/disk3" =
+    { device = "/dev/disk/by-uuid/312ff291-c648-4b62-a1f2-790ec8d41374";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.vethfd677c7.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}