diff --git a/flake.lock b/flake.lock
index 2124742..50881ba 100644
--- a/flake.lock
+++ b/flake.lock
@@ -669,6 +669,42 @@
         "type": "github"
       }
     },
+    "nixlib": {
+      "locked": {
+        "lastModified": 1736643958,
+        "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixos-generators": {
+      "inputs": {
+        "nixlib": "nixlib",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1769813415,
+        "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "rev": "8946737ff703382fda7623b9fab071d037e897d5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-generators",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1775423009,
@@ -771,6 +807,7 @@
         "hyprland-plugins": "hyprland-plugins",
         "nix-homebrew": "nix-homebrew",
         "nixcord": "nixcord",
+        "nixos-generators": "nixos-generators",
         "nixpkgs": "nixpkgs",
         "nixvim": "nixvim",
         "sops-nix": "sops-nix",
diff --git a/flake.nix b/flake.nix
index d58e4e4..8f807bb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,6 +5,11 @@
     # monorepo w/ recipes ("derivations")
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 
+    nixos-generators = {
+      url = "github:nix-community/nixos-generators";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     # declarative Configs
     home-manager = {
       url = "github:nix-community/home-manager/master";
@@ -79,6 +84,7 @@
       nixvim,
       hyprland,
       sops-nix,
+      nixos-generators,
       ...
     }@inputs:
     let
@@ -169,5 +175,37 @@
         system = "x86_64-darwin";
         isDarwin = true;
       };
+
+      # NEW: flashable image for cyper-controller
+      packages.x86_64-linux.cyper-controller-image = nixos-generators.nixosGenerate {
+        system = "x86_64-linux";
+        format = "raw-efi";
+        specialArgs = {
+          inherit inputs primaryUser self;
+          hostName = "cyper-controller";
+          isDarwin = false;
+          isServer = true;
+        };
+        modules = [
+          { nixpkgs.hostPlatform = "x86_64-linux"; }
+          { networking.hostName = "cyper-controller"; }
+          ./hosts/cyper-controller/configuration.nix
+          ./nixos
+          inputs.sops-nix.nixosModules.sops
+          inputs.home-manager.nixosModules.home-manager
+          {
+            home-manager = {
+              extraSpecialArgs = {
+                inherit inputs primaryUser self;
+                hostName = "cyper-controller";
+                isDarwin = false;
+                isServer = true;
+              };
+              users.${primaryUser} = import ./home;
+              backupFileExtension = "backup";
+            };
+          }
+        ];
+      };
     };
 }
diff --git a/hosts/cyper-controller/hardware-configuration.nix b/hosts/cyper-controller/hardware-configuration.nix
index 8b4ed8d..5f0926f 100644
--- a/hosts/cyper-controller/hardware-configuration.nix
+++ b/hosts/cyper-controller/hardware-configuration.nix
@@ -22,12 +22,12 @@
     extraModulePackages = [ ];
   };
   fileSystems = {
-    "/" = {
+    "/" = lib.mkForce {
       device = "/dev/disk/by-label/NIXROOT";
       fsType = "ext4";
     };
 
-    "/boot" = {
+    "/boot" = lib.mkForce {
       device = "/dev/disk/by-label/NIXBOOT";
       fsType = "vfat";
       options = [
diff --git a/hosts/cyper-desktop/configuration.nix b/hosts/cyper-desktop/configuration.nix
index 0abe6a7..0bfe984 100644
--- a/hosts/cyper-desktop/configuration.nix
+++ b/hosts/cyper-desktop/configuration.nix
@@ -14,7 +14,10 @@
       networkConfig = {
         Address = "192.168.2.40/24";
         Gateway = "192.168.2.1";
-        DNS = "192.168.2.2";
+        DNS = [
+          "192.168.2.2"
+          "1.1.1.1"
+        ];
         DHCP = "no";
       };
     };
diff --git a/nixos/default.nix b/nixos/default.nix
index fe0b97e..f8a62c5 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -51,6 +51,34 @@
     };
   };
 
+  virtualisation = lib.mkIf isServer {
+    vmVariant = {
+      virtualisation = {
+        forwardPorts = [
+          {
+            from = "host";
+            host.port = 2222;
+            guest.port = 22;
+          }
+        ];
+        qemu.networkingOptions = [
+          "-device virtio-net-pci,netdev=net0"
+          "-netdev user,id=net0,net=10.0.2.0/24,dhcpstart=10.0.2.15"
+        ];
+      };
+
+      systemd.network.networks."10-ethernet" = lib.mkForce {
+        matchConfig.Name = "ens*";
+        networkConfig = {
+          Address = "10.0.2.15/24";
+          Gateway = "10.0.2.2";
+          DNS = "8.8.8.8";
+          DHCP = "no";
+        };
+      };
+    };
+  };
+
   documentation = {
     enable = true;
     doc.enable = false;
diff --git a/nixos/roles/filebrowser.nix b/nixos/roles/filebrowser.nix
index ff3ae5d..e4159f4 100644
--- a/nixos/roles/filebrowser.nix
+++ b/nixos/roles/filebrowser.nix
@@ -4,7 +4,7 @@
     enable = true;
 
     settings = {
-      port = 8080;
+      port = 10000;
       address = "0.0.0.0";
       baseURL = "/filebrowser";
       root = "/storage";