diff --git a/launch/garage.nix b/launch/garage.nix
index b79614f4..559ca37f 100644
--- a/launch/garage.nix
+++ b/launch/garage.nix
@@ -1,3 +1,4 @@
+{ pkgs, ... }:
 let
   ## NOTE: All of these secrets are publicly available in this source file
   ## and will end up in the Nix store. We don't care as they are only ever
@@ -23,15 +24,11 @@ let
       s3SecretKeyFile = pkgs.writeText "s3SecretKey" "5be6799a88ca9b9d813d1a806b64f15efa49482dbe15339ddfaf7f19cf434987";
     };
 in
-import ./shared.nix {
-  module =
-    { pkgs, ... }:
-    {
-      fediversity = {
-        garage.enable = true;
-        pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
-        mastodon = mastodonS3KeyConfig { inherit pkgs; };
-        peertube = peertubeS3KeyConfig { inherit pkgs; };
-      };
-    };
+{
+  fediversity = {
+    garage.enable = true;
+    pixelfed = pixelfedS3KeyConfig { inherit pkgs; };
+    mastodon = mastodonS3KeyConfig { inherit pkgs; };
+    peertube = peertubeS3KeyConfig { inherit pkgs; };
+  };
 }
diff --git a/launch/main.tf b/launch/main.tf
index c1ac39c8..3cdcc9e4 100644
--- a/launch/main.tf
+++ b/launch/main.tf
@@ -65,6 +65,11 @@ variable "deploy_environment" {
 }
 
 locals {
+  system = "x86_64-linux"
+  pins = data.external.pins.result
+  peripheral_services = {
+    garage = "test01"
+  }
   applications = {
     mastodon = {
       cfg = var.mastodon
@@ -79,28 +84,55 @@ locals {
       hostname = "test03"
     }
   }
+  peripheral = { for name, inst in local.peripheral_services : name => {
+      hostname = inst
+      cfg = {
+        enable = anytrue([for _, app in local.applications: app.cfg.enable])
+      }
+    }
+  }
 }
 
-# module "garage" {
-#   source = "./vm"
-#   count = var.mastodon.enable || var.pixelfed.enable || var.peertube.enable ? 1 : 0
-#   domain = var.domain
-#   hostname = "test01"
-#   config = "garage"
-#   initialUser = var.initialUser
-#   terraform-nixos = var.terraform-nixos
-#   ssh_private_key_file = var.ssh_private_key_file
-#   deploy_environment = var.deploy_environment
-# }
+data "external" "pins" {
+  program = ["nix", "eval", "--json", "-f", "${path.root}/../npins"]
+}
 
-module "nixos" {
-  source = "./vm"
-  domain = var.domain
-  initialUser = var.initialUser
-  terraform-nixos = var.terraform-nixos
+module "deploy" {
+  source = "${var.terraform-nixos}//deploy_nixos"
+  for_each = {for name, inst in merge(
+    local.peripheral,
+    local.applications,
+  ) : name => inst if inst.cfg.enable}
   ssh_private_key_file = var.ssh_private_key_file
+  target_host = "${each.value.hostname}.abundos.eu"
+  target_user= "root" # FIXME: #24
+  target_system = local.system
+  NIX_PATH = join(":", [for name, path in local.pins : "${name}=${path}"])
   deploy_environment = var.deploy_environment
-  for_each = { for name, inst in local.applications : name => inst if inst.cfg.enable }
-  config = each.key
-  hostname = each.value.hostname
+  hermetic = true
+  config_pwd = path.root
+  config = <<-EOT
+    let
+      terraform = builtins.fromJSON ''${jsonencode({
+        domain = var.domain
+        hostname = each.value.hostname
+        initialUser = var.initialUser
+      })}'';
+    in
+    import <nixpkgs/nixos/lib/eval-config.nix> {
+      system = "${local.system}";
+      specialArgs = { inherit terraform; };
+      modules = [
+        # ${path.root}/options.nix
+        ${path.root}/shared.nix
+        ${path.root}/${each.key}.nix
+        # (terraform)
+      ];
+    }
+  EOT
+  perform_gc = false
+  build_on_target = false
+  triggers = {
+    pins = jsonencode(local.pins)
+  }
 }
diff --git a/launch/shared.nix b/launch/shared.nix
index 2fe1f6a0..70d69831 100644
--- a/launch/shared.nix
+++ b/launch/shared.nix
@@ -1,7 +1,6 @@
 {
   pkgs,
   terraform,
-  sources,
   ...
 }:
 let
@@ -9,8 +8,8 @@ let
 in
 {
   imports = [
-    "${sources.disko}/module.nix"
-    "${sources.agenix}/modules/age.nix"
+    <disko/module.nix>
+    <agenix/modules/age.nix>
     ../services/fediversity
     ./resource.nix
     # FIXME: get VM details from TF
diff --git a/launch/vm/main.tf b/launch/vm/main.tf
deleted file mode 100644
index 3407dc07..00000000
--- a/launch/vm/main.tf
+++ /dev/null
@@ -1,80 +0,0 @@
-variable "terraform-nixos" {
-  type = string
-}
-
-variable "config" {
-  type = string
-}
-
-variable "domain" {
-  type = string
-}
-
-variable "hostname" {
-  type = string
-}
-
-variable "initialUser" {
-  type = object({
-    displayName = string
-    username = string
-    password = string
-    email = string
-  })
-}
-
-variable "ssh_private_key_file" {
-  type        = string
-  description = "Path to private key used to connect to the target_host"
-  default     = ""
-}
-
-variable "deploy_environment" {
-  type        = map(string)
-  description = "Extra environment variables to be set during deployment."
-  default     = {}
-}
-
-locals {
-  system = "x86_64-linux"
-  nixpkgs = data.external.pins.result["nixpkgs"]
-  sources = "${path.root}/../npins"
-}
-
-module "deploy" {
-  source = "${var.terraform-nixos}//deploy_nixos"
-  ssh_private_key_file = var.ssh_private_key_file
-  target_host = "${var.hostname}.abundos.eu"
-  target_user= "root" # FIXME: #24
-  target_system = local.system
-  NIX_PATH = "nixpkgs=${local.nixpkgs}:sources=${local.sources}"
-  deploy_environment = var.deploy_environment
-  hermetic = true
-  config_pwd = path.root
-  config = <<-EOT
-    import ${data.external.pins.result["nixpkgs"]}/nixos/lib/eval-config.nix {
-      system = "${local.system}";
-      specialArgs = {
-        sources = import ${path.root}/../npins;
-        terraform = builtins.fromJSON ''${jsonencode({
-          domain = var.domain
-          hostname = var.hostname
-          initialUser = var.initialUser
-        })}'';
-      };
-      modules = [
-        ${path.root}/${var.config}.nix
-        ${path.root}/shared.nix
-      ];
-    }
-  EOT
-  perform_gc = false
-  build_on_target = false
-  # triggers = {
-  #   # pins = data.external.pins.result
-  # }
-}
-
-data "external" "pins" {
-  program = ["nix", "eval", "--json", "-f", "${path.root}/../npins"]
-}