diff --git a/common/programs/default.nix b/common/programs/default.nix
index 7373c72..9dcd9d3 100644
--- a/common/programs/default.nix
+++ b/common/programs/default.nix
@@ -7,5 +7,6 @@
     ./tailnet.nix
     ./ssh.nix
     ./docker.nix
+    ./incus.nix
   ];
 }
diff --git a/common/programs/incus.nix b/common/programs/incus.nix
new file mode 100644
index 0000000..01f0980
--- /dev/null
+++ b/common/programs/incus.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  ccfg = import ../config.nix;
+  cfg_path = [
+    ccfg.custom_config_key
+    "programs"
+    "incus"
+  ];
+  cfg = lib.attrsets.getAttrFromPath cfg_path config;
+  users_cfg = config.${ccfg.custom_config_key}.users;
+in
+{
+  options =
+    { }
+    // lib.attrsets.setAttrByPath cfg_path {
+      enable = lib.mkEnableOption "incus";
+    };
+
+  config = lib.mkIf cfg.enable {
+    virtualisation.incus = {
+      enable = true;
+      agent.enable = true;
+      ui.enable = true;
+    };
+
+    users.extraGroups.incus_admin.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
+    users.extraGroups.incus.members = lib.mkIf (users_cfg.primary != null) [ users_cfg.primary ];
+  };
+}