diff --git a/.vscode/extensions.json b/.vscode/extensions.json
new file mode 100644
index 00000000..abc2c093
--- /dev/null
+++ b/.vscode/extensions.json
@@ -0,0 +1,9 @@
+{
+    "recommendations": [
+        "hashicorp.terraform",
+        "ms-kubernetes-tools.vscode-kubernetes-tools",
+        "jnoortheen.nix-ide",
+        "brettm12345.nixfmt-vscode",
+        "redhat.vscode-yaml"
+    ]
+}
diff --git a/flake.lock b/flake.lock
index 1485c8de..85ec027a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -196,11 +196,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1637469704,
-        "narHash": "sha256-tNbrZZDHCLBw5/3REe8Dm/WMYiAXgXy7n5GuhRn5lI0=",
+        "lastModified": 1637509688,
+        "narHash": "sha256-NcKdyLZflWeSrwgavNGIG7LcP6XBcYGne04HIzWP1D4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "296032dd5ff5e4c266782e73f9c00ee044f19c70",
+        "rev": "53edfe1d1c51c38e2adc4d8eb37a7a2657e3fe01",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index e442592c..6d389156 100644
--- a/flake.nix
+++ b/flake.nix
@@ -25,7 +25,7 @@
         "${profile}" = lib.nixosSystem {
           inherit system;
           modules =
-            [ "${./.}/nixos/hosts/${profile}/configuration.nix" ./nixos/common ]
+            [ ./nixos/common ./nixos/hosts/${profile}/configuration.nix  ]
             ++ (if lxc then [
               "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
               ./nixos/common/generic-lxc.nix
@@ -50,21 +50,28 @@
 
       # Import all nixos host definitions that are actual nix machines
       nixHosts = filter ({ nix ? true, ... }: nix) hosts;
+
+      pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system}
+        [ vault-secrets.overlay ];
     in {
       # Make the config and deploy sets
-      nixosConfigurations =
-        lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
-
+      nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
       deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
 
+      apps.x86_64-linux.vault-push-approles = {
+        type = "app";
+        program = "${pkgs.vault-push-approles self}/bin/vault-push-approles";
+      };
+      apps.x86_64-linux.vault-push-approle-envs = {
+        type = "app";
+        program =
+          "${pkgs.vault-push-approle-envs self}/bin/vault-push-approle-envs";
+      };
+
       # Use by running `nix develop`
-      devShell.${system} = let
-        pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system}
-          [ vault-secrets.overlay ];
-      in pkgs.mkShell {
+      devShell.${system} = pkgs.mkShell {
         VAULT_ADDR = "http://10.42.42.6:8200/";
         # This only support bash so just execute zsh in bash as a workaround :/
-        shellHook = "${pkgs.zsh}/bin/zsh; exit";
         buildInputs = with pkgs; [
           deploy-rs.packages.${system}.deploy-rs
           fluxcd
@@ -75,8 +82,8 @@
           nixfmt
           nixUnstable
           vault
-          (vault-push-approle-envs self)
-          (vault-push-approles self)
+          (vault-push-approle-envs self { })
+          (vault-push-approles self { })
         ];
       };
 
diff --git a/hosts.nix b/hosts.nix
index 0b373068..310314ef 100644
--- a/hosts.nix
+++ b/hosts.nix
@@ -70,4 +70,10 @@
     ip = "10.42.42.16";
     mac = "B6:04:0B:CD:0F:9F";
   }
+  {
+    hostname = "minio";
+    profile = "dns";
+    ip = "10.42.42.17";
+    mac = "0A:06:5E:E7:9A:0C";
+  }
 ]
diff --git a/nixos/common/default.nix b/nixos/common/default.nix
index f7d99087..026dadf6 100644
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@@ -18,8 +18,11 @@
   nix = {
     package = pkgs.nixUnstable;
     autoOptimiseStore = true;
-    binaryCaches =
-      [ "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" ];
+    binaryCaches = [
+      "https://cachix.cachix.org"
+      "https://nix-community.cachix.org"
+      "https://nixpkgs-review-bot.cachix.org"
+    ];
     binaryCachePublicKeys = [
       "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
@@ -45,8 +48,9 @@
   services.openssh.enable = true;
 
   vault-secrets = {
-        vaultPrefix = "nixos/${config.networking.hostName}";
-        vaultAddress = "http://10.42.42.6:8200/";
-        approlePrefix = "olympus-${config.networking.hostName}";
-    };
+    vaultPrefix = "nixos/${config.networking.hostName}";
+    vaultAddress = "http://10.42.42.6:8200/";
+    approlePrefix = "olympus-${config.networking.hostName}";
+  };
+
 }
diff --git a/nixos/hosts/minio/configuration.nix b/nixos/hosts/minio/configuration.nix
new file mode 100644
index 00000000..0b758860
--- /dev/null
+++ b/nixos/hosts/minio/configuration.nix
@@ -0,0 +1,33 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+let 
+vs = config.vault-secrets.secrets;
+in
+{
+  imports = [ ];
+
+  networking.hostName = "minio";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ ];
+
+  networking.firewall.allowedTCPPorts = [ 9000 9001 ];
+
+  vault-secrets.secrets.minio = { };
+
+  services.minio = {
+    enable = true;
+    rootCredentialsFile = "${vs.minio}/environment";
+  };
+}