diff --git a/flake.nix b/flake.nix
index 8638820..4fbdfce 100644
--- a/flake.nix
+++ b/flake.nix
@@ -161,6 +161,10 @@
           inherit system specialArgs;
           modules = [ ./hosts/ghost ];
         };
+        phantom = lib.nixosSystem {
+          inherit system specialArgs;
+          modules = [ ./hosts/phantom ];
+        };
       };
 
       homeConfigurations.lelgenio = inputs.home-manager.lib.homeManagerConfiguration {
diff --git a/hosts/phantom/default.nix b/hosts/phantom/default.nix
new file mode 100644
index 0000000..b56ff10
--- /dev/null
+++ b/hosts/phantom/default.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, inputs, ... }: {
+  imports = [
+    ./vpsadminos.nix
+    inputs.agenix.nixosModules.default
+    ../../system/nix.nix
+    ./hardware-config.nix
+    ./mastodon.nix
+    ./nextcloud.nix
+    ./nginx.nix
+    ./syncthing.nix
+    ./users.nix
+    ./writefreely.nix
+    ./renawiki.nix
+    ./email.nix
+  ];
+
+  # # Enable networking
+  # networking.networkmanager.enable = true;
+  # Set your time zone.
+  time.timeZone = "America/Sao_Paulo";
+  # Select internationalisation properties.
+  i18n.defaultLocale = "pt_BR.utf8";
+
+  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
+
+  age = {
+    identityPaths = [ "/root/.ssh/id_rsa" ];
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    dates = "04:40";
+    allowReboot = true;
+    operation = "switch";
+    flags = [ "--update-input" "nixpkgs" "--no-write-lock-file" "-L" ];
+    flake = "github:lelgenio/nixos-config#phantom";
+  };
+
+  system.stateVersion = "23.05"; # Never change this
+}
+
diff --git a/hosts/phantom/email.nix b/hosts/phantom/email.nix
new file mode 100644
index 0000000..8d3021b
--- /dev/null
+++ b/hosts/phantom/email.nix
@@ -0,0 +1,35 @@
+{ pkgs, inputs, ... }: {
+  # It's important to let Digital Ocean set the hostname so we get rDNS to work
+  networking.hostName = "";
+
+  imports = [
+    inputs.nixos-mailserver.nixosModules.mailserver
+  ];
+
+  mailserver = {
+    enable = true;
+    fqdn = "mail.lelgenio.xyz";
+    domains = [ "lelgenio.xyz" ];
+    certificateScheme = "acme-nginx";
+    loginAccounts = {
+      "lelgenio@lelgenio.xyz" = {
+        hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
+        aliases = [ "postmaster@lelgenio.xyz" ];
+      };
+    };
+  };
+
+  # Webmail
+  services.roundcube = rec {
+    enable = true;
+    package = pkgs.roundcube.withPlugins (p: [ p.carddav ]);
+    hostName = "mail.lelgenio.xyz";
+    extraConfig = ''
+      $config['smtp_host'] = "tls://${hostName}:587";
+      $config['smtp_user'] = "%u";
+      $config['smtp_pass'] = "%p";
+      $config['plugins'] = [ "carddav" ];
+    '';
+  };
+
+}
diff --git a/hosts/phantom/hardware-config.nix b/hosts/phantom/hardware-config.nix
new file mode 100644
index 0000000..1a89a15
--- /dev/null
+++ b/hosts/phantom/hardware-config.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, inputs, ... }: {
+  swapDevices = [{
+    device = "/swap/swapfile";
+    size = (1024 * 2); # 2 GB
+  }];
+}
+
diff --git a/hosts/phantom/mastodon.nix b/hosts/phantom/mastodon.nix
new file mode 100644
index 0000000..3e629d7
--- /dev/null
+++ b/hosts/phantom/mastodon.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, inputs, ... }: {
+  services.mastodon = {
+    enable = true;
+    configureNginx = true;
+    localDomain = "social.lelgenio.xyz";
+    smtp.fromAddress = "lelgenio@disroot.org";
+    streamingProcesses = 2;
+    extraConfig.SINGLE_USER_MODE = "true";
+  };
+}
diff --git a/hosts/phantom/nextcloud.nix b/hosts/phantom/nextcloud.nix
new file mode 100644
index 0000000..db6b04c
--- /dev/null
+++ b/hosts/phantom/nextcloud.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, inputs, ... }: {
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud27;
+    hostName = "cloud.lelgenio.xyz";
+    https = true;
+    config = {
+      adminpassFile = config.age.secrets.ghost-nextcloud.path;
+    };
+  };
+
+  age = {
+    secrets.ghost-nextcloud = {
+      file = ../../secrets/ghost-nextcloud.age;
+      mode = "400";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+  };
+
+}
+
diff --git a/hosts/phantom/nginx.nix b/hosts/phantom/nginx.nix
new file mode 100644
index 0000000..08ece70
--- /dev/null
+++ b/hosts/phantom/nginx.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, inputs, ... }: {
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "lelgenio@disroot.org";
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
+
diff --git a/hosts/phantom/renawiki.nix b/hosts/phantom/renawiki.nix
new file mode 100644
index 0000000..009e06e
--- /dev/null
+++ b/hosts/phantom/renawiki.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, inputs, ... }: {
+  services.mediawiki = {
+    enable = true;
+    name = "Rena Wiki";
+
+    webserver = "nginx";
+    nginx.hostName = "renawiki.lelgenio.xyz";
+    passwordFile = config.age.secrets.ghost-renawiki.path;
+
+    extensions.VisualEditor = null;
+  };
+  services.nginx.virtualHosts."renawiki.lelgenio.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  age.secrets.ghost-renawiki = {
+    file = ../../secrets/ghost-renawiki.age;
+    mode = "400";
+    owner = "mediawiki";
+  };
+}
+
diff --git a/hosts/phantom/syncthing.nix b/hosts/phantom/syncthing.nix
new file mode 100644
index 0000000..a971b86
--- /dev/null
+++ b/hosts/phantom/syncthing.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, inputs, ... }: {
+
+  services.syncthing = {
+    enable = true;
+    dataDir = "/var/lib/syncthing-data";
+    guiAddress = "0.0.0.0:8384";
+    openDefaultPorts = true;
+  };
+
+  services.nginx.virtualHosts."syncthing.lelgenio.xyz" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8384";
+      extraConfig =
+        # required when the target is also TLS server with multiple hosts
+        "proxy_ssl_server_name on;" +
+        # required when the server wants to use HTTP Authentication
+        "proxy_pass_header Authorization;"
+      ;
+    };
+  };
+}
+
diff --git a/hosts/phantom/users.nix b/hosts/phantom/users.nix
new file mode 100644
index 0000000..5cc853a
--- /dev/null
+++ b/hosts/phantom/users.nix
@@ -0,0 +1,38 @@
+{ pkgs, ... }: {
+  security.rtkit.enable = true;
+  services.openssh = {
+    enable = true;
+    ports = [ 9022 ];
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.mutableUsers = false;
+  users.users.lelgenio = {
+    isNormalUser = true;
+    description = "Leonardo Eugênio";
+    hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
+    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "bluetooth" "corectrl" "vboxusers" ];
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
+    ];
+  };
+  users.users.root = {
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
+    ];
+    initialHashedPassword = "$y$j9T$E3aBBSSq0Gma8hZD9L7ov0$iCGDW4fqrXWfHO0qodBYYgMFA9CpIraoklHcPbJJrM3";
+  };
+  security.sudo.wheelNeedsPassword = false;
+
+  programs.fish.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+}
diff --git a/hosts/phantom/vpsadminos.nix b/hosts/phantom/vpsadminos.nix
new file mode 100644
index 0000000..070017e
--- /dev/null
+++ b/hosts/phantom/vpsadminos.nix
@@ -0,0 +1,67 @@
+# This file provides compatibility for NixOS to run in a container on vpsAdminOS
+# hosts.
+#
+# If you're experiencing issues, try updating this file to the latest version
+# from vpsAdminOS repository:
+#
+#   https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix
+
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  nameservers = [
+    "1.1.1.1"
+    "2606:4700:4700::1111"
+  ];
+in {
+  networking.nameservers = mkDefault nameservers;
+  services.resolved = mkDefault { fallbackDns = nameservers; };
+  networking.dhcpcd.extraConfig = "noipv4ll";
+
+  systemd.services.systemd-sysctl.enable = false;
+  systemd.services.systemd-oomd.enable = false;
+  systemd.sockets."systemd-journald-audit".enable = false;
+  systemd.mounts = [ {where = "/sys/kernel/debug"; enable = false;} ];
+  systemd.services.rpc-gssd.enable = false;
+
+  # Due to our restrictions in /sys, the default systemd-udev-trigger fails
+  # on accessing PCI devices, etc. Override it to match only network devices.
+  # In addition, boot.isContainer prevents systemd-udev-trigger.service from
+  # being enabled at all, so add it explicitly.
+  systemd.additionalUpstreamSystemUnits = [
+    "systemd-udev-trigger.service"
+  ];
+  systemd.services.systemd-udev-trigger.serviceConfig.ExecStart = [
+    ""
+    "-udevadm trigger --subsystem-match=net --action=add"
+  ];
+
+  boot.isContainer = true;
+  boot.enableContainers = mkDefault true;
+  boot.loader.initScript.enable = true;
+  boot.specialFileSystems."/run/keys".fsType = mkForce "tmpfs";
+  boot.systemdExecutable = mkDefault "/run/current-system/systemd/lib/systemd/systemd systemd.unified_cgroup_hierarchy=0";
+
+  # Overrides for <nixpkgs/nixos/modules/virtualisation/container-config.nix>
+  documentation.enable = mkOverride 500 true;
+  documentation.nixos.enable = mkOverride 500 true;
+  networking.useHostResolvConf = mkOverride 500 false;
+  services.openssh.startWhenNeeded = mkOverride 500 false;
+
+  # Bring up the network, /ifcfg.{add,del} are supplied by the vpsAdminOS host
+  systemd.services.networking-setup = {
+    description = "Load network configuration provided by the vpsAdminOS host";
+    before = [ "network.target" ];
+    wantedBy = [ "network.target" ];
+    after = [ "network-pre.target" ];
+    path = [ pkgs.iproute2 ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = "${pkgs.bash}/bin/bash /ifcfg.add";
+      ExecStop = "${pkgs.bash}/bin/bash /ifcfg.del";
+    };
+    unitConfig.ConditionPathExists = "/ifcfg.add";
+    restartIfChanged = false;
+  };
+}
diff --git a/hosts/phantom/writefreely.nix b/hosts/phantom/writefreely.nix
new file mode 100644
index 0000000..b5cee3b
--- /dev/null
+++ b/hosts/phantom/writefreely.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, inputs, ... }: {
+  services.writefreely = {
+    enable = true;
+    acme.enable = true;
+    nginx.enable = true;
+    nginx.forceSSL = true;
+    host = "blog.lelgenio.xyz";
+    admin.name = "lelgenio";
+    admin.initialPasswordFile = config.age.secrets.ghost-writefreely.path;
+    settings.app = {
+      site_name = "Leo's blog";
+      single_user = true;
+    };
+  };
+
+  age = {
+    secrets.ghost-writefreely = {
+      file = ../../secrets/ghost-writefreely.age;
+      mode = "400";
+      owner = "writefreely";
+      group = "writefreely";
+    };
+  };
+}
+