diff --git a/hosts/staging/configuration.nix b/hosts/staging/configuration.nix
index 1cc8bce..ecc5af5 100644
--- a/hosts/staging/configuration.nix
+++ b/hosts/staging/configuration.nix
@@ -2,6 +2,7 @@
 
 {
   imports = [
+    ./hardware-configuration.nix
     ../../modules/common.nix
     ../../modules/sops.nix
     ../../modules/nextcloud.nix
@@ -29,6 +30,29 @@
   };
 
   security.sudo.wheelNeedsPassword = false;
+# Local VM overrides (so you can test immediately without real DNS/TLS/secrets)
+virtualisation.vmVariant = { lib, config, ... }: {
+  # Forward guest port 80 -> host port 8080
+  virtualisation.forwardPorts = [
+    { from = "host"; host.port = 8080; guest.port = 80; }
+  ];
 
+  # Disable ACME/forced SSL for VM testing
+  security.acme.acceptTerms = lib.mkForce false;
+  services.nginx.virtualHosts.${config.services.flowback.nextcloudHost}.enableACME = lib.mkForce false;
+  services.nginx.virtualHosts.${config.services.flowback.nextcloudHost}.forceSSL = lib.mkForce false;
+  services.nginx.virtualHosts.${config.services.flowback.forgejoHost}.enableACME = lib.mkForce false;
+  services.nginx.virtualHosts.${config.services.flowback.forgejoHost}.forceSSL = lib.mkForce false;
+
+  # Nextcloud over HTTP in VM
+  services.nextcloud.https = lib.mkForce false;
+
+  # VM-only admin password file (OK for local testing)
+  environment.etc."nextcloud-adminpass".text = "admin123admin123";
+  services.nextcloud.config.adminpassFile = lib.mkForce "/etc/nextcloud-adminpass";
+
+  # Allow Forgejo user creation in VM (first user becomes admin during setup)
+  services.forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce false;
+};
   system.stateVersion = "25.11";
 }