diff --git a/modules/system/extern/files.nix b/modules/system/extern/files.nix
new file mode 100644
index 00000000..2af33c41
--- /dev/null
+++ b/modules/system/extern/files.nix
@@ -0,0 +1,33 @@
+{config, lib, ...}: let
+  inherit (lib.options) mkOption;
+  fileModule = {config, name, ...}: {
+    options = with lib.types; {
+      path = mkOption {
+        type = str;
+        default = name;
+      };
+      owner = mkOption {
+        type = str;
+        default = "root";
+      };
+      group = mkOption {
+        type = str;
+        default = "root";
+      };
+      mode = mkOption {
+        type = str;
+        default = "0644";
+      };
+      source = mkOption {
+        type = path;
+      };
+    };
+  };
+in {
+  options.extern = with lib.types; {
+    files = mkOption {
+      type = attrsOf (submodule fileModule);
+      default = { };
+    };
+  };
+}
diff --git a/modules/system/host.nix b/modules/system/host.nix
index cf7050dd..65bfd6a9 100644
--- a/modules/system/host.nix
+++ b/modules/system/host.nix
@@ -7,11 +7,12 @@
   inputs,
   ...
 }: let
-  inherit (lib.modules) mkOptionDefault;
+  inherit (lib.modules) mkIf mkOptionDefault;
+  inherit (lib.trivial) mapNullable;
   inherit (std) string;
 in {
   options = let
-    inherit (lib.types) str listOf attrs unspecified enum nullOr;
+    inherit (lib.types) str listOf attrs unspecified enum;
     inherit (lib.options) mkOption;
   in {
     arch = mkOption {
@@ -21,7 +22,7 @@ in {
     };
     type = mkOption {
       description = "Operating system type of the host";
-      type = nullOr (enum ["NixOS" "MacOS" "Darwin" "Linux"]);
+      type = enum ["NixOS" "MacOS" "Darwin" "Linux"];
       default = "NixOS";
     };
     folder = mkOption {
@@ -34,6 +35,7 @@ in {
     };
     modules = mkOption {
       type = listOf unspecified;
+      default = [ ];
     };
     specialArgs = mkOption {
       type = attrs;
@@ -67,7 +69,7 @@ in {
         linux = "linux";
       }
       .${string.toLower config.type};
-    modules = [
+    modules = mkIf (config.folder != "linux") [
       # per-OS modules
       meta.modules.${config.folder}
       # per-OS configuration
@@ -92,10 +94,10 @@ in {
         darwin = inputs.darwin.lib.darwinSystem;
         macos = inputs.darwin.lib.darwinSystem;
       }
-      .${string.toLower config.type};
-    built = mkOptionDefault (config.builder {
+      .${string.toLower config.type} or null;
+    built = mkOptionDefault (mapNullable (builder: builder {
       inherit (config) system modules specialArgs;
-    });
+    }) config.builder);
     specialArgs = {
       inherit name inputs std meta;
       systemType = config.folder;
diff --git a/systems/freeipa/default.nix b/systems/freeipa/default.nix
index 995bc7ba..9e4a72c3 100644
--- a/systems/freeipa/default.nix
+++ b/systems/freeipa/default.nix
@@ -1,5 +1,5 @@
 _: {
-  type = null;
+  type = "Linux";
   proxmox = {
     vm = {
       id = 202;
@@ -15,4 +15,14 @@ _: {
       net1.internal.enable = true;
     };
   };
+  extern.files = {
+    "/etc/NetworkManager/system-connections/ens18.nmconnection" = {
+      source = ./ens18.nmconnection;
+      mode = "0600";
+    };
+    "/etc/NetworkManager/system-connections/int.nmconnection" = {
+      source = ./int.nmconnection;
+      mode = "0600";
+    };
+  };
 }
diff --git a/systems/freeipa/ens18.nmconnection b/systems/freeipa/ens18.nmconnection
new file mode 100644
index 00000000..3ae17a73
--- /dev/null
+++ b/systems/freeipa/ens18.nmconnection
@@ -0,0 +1,20 @@
+[connection]
+id=ens18
+uuid=ee7fba03-49fa-3474-acf6-a9c2c591c098
+type=ethernet
+autoconnect-priority=-999
+interface-name=ens18
+timestamp=1706677871
+
+[ethernet]
+
+[ipv4]
+address1=10.1.1.46/24,10.1.1.1
+dns=1.1.1.1;
+method=manual
+
+[ipv6]
+addr-gen-mode=eui64
+method=auto
+
+[proxy]
diff --git a/systems/freeipa/int.nmconnection b/systems/freeipa/int.nmconnection
new file mode 100644
index 00000000..b47d6dc3
--- /dev/null
+++ b/systems/freeipa/int.nmconnection
@@ -0,0 +1,12 @@
+[connection]
+id=int
+type=ethernet
+interface-name=ens19
+[ipv4]
+address1=10.9.1.170/24
+may-fail=true
+method=manual
+[ipv6]
+address1=fd0c::aa/64
+may-fail=true
+method=manual
diff --git a/systems/freepbx/default.nix b/systems/freepbx/default.nix
index 1209b1da..e2dd7067 100644
--- a/systems/freepbx/default.nix
+++ b/systems/freepbx/default.nix
@@ -1,5 +1,5 @@
 _: {
-  type = null;
+  type = "Linux";
   proxmox = {
     vm = {
       id = 203;
diff --git a/systems/kitchencam/default.nix b/systems/kitchencam/default.nix
new file mode 100644
index 00000000..91c40195
--- /dev/null
+++ b/systems/kitchencam/default.nix
@@ -0,0 +1,11 @@
+_: {
+  type = "Linux";
+  extern.files = {
+    "/etc/dhcpcd.conf" = {
+      source = ./dhcpcd.conf;
+    };
+    "/etc/motion/motion.conf" = {
+      source = ./motion.conf;
+    };
+  };
+}
diff --git a/systems/kitchencam/dhcpcd.conf b/systems/kitchencam/dhcpcd.conf
new file mode 100644
index 00000000..2790f578
--- /dev/null
+++ b/systems/kitchencam/dhcpcd.conf
@@ -0,0 +1,9 @@
+hostname
+clientid
+persistent
+option rapid_commit
+option domain_name_servers, domain_name, domain_search, host_name
+option classless_static_routes
+option interface_mtu
+require dhcp_server_identifier
+slaac hwaddr
diff --git a/systems/kitchencam/motion.conf b/systems/kitchencam/motion.conf
new file mode 100644
index 00000000..89e6fffe
--- /dev/null
+++ b/systems/kitchencam/motion.conf
@@ -0,0 +1,37 @@
+log_file /tmp/motion
+daemon off
+setup_mode off
+log_level 6
+target_dir /var/lib/motion
+
+videodevice /dev/video0
+v4l2_palette 8
+width 640
+height 480
+framerate 5
+
+text_left kitchen
+text_right %Y-%m-%d\n%T-%q
+emulate_motion off
+threshold 1500
+despeckle_filter EedDl
+minimum_motion_frames 1
+event_gap 60
+pre_capture 3
+post_capture 0
+
+picture_output off
+picture_filename %Y%m%d%H%M%S-%q
+
+movie_output off
+movie_max_time 60
+movie_quality 45
+movie_codec mkv
+movie_filename %t-%v-%Y%m%d%H%M%S
+
+webcontrol_port 8080
+webcontrol_localhost off
+webcontrol_parms 0
+stream_port 41081
+stream_localhost off
+ipv6_enabled on
diff --git a/systems/reisen/default.nix b/systems/reisen/default.nix
index 60e5f5c2..2fc11e1a 100644
--- a/systems/reisen/default.nix
+++ b/systems/reisen/default.nix
@@ -1,3 +1,3 @@
 _: {
-  type = null;
+  type = "Linux";
 }
diff --git a/tree.nix b/tree.nix
index 5e902185..30300ad3 100644
--- a/tree.nix
+++ b/tree.nix
@@ -61,6 +61,7 @@
     "modules/meta".functor.enable = true;
     "modules/system".functor.enable = true;
     "modules/system/proxmox".functor.enable = true;
+    "modules/system/extern".functor.enable = true;
     "modules/home".functor.enable = true;
     "modules/type".functor.enable = true;
     "nixos/*".functor = {