diff --git a/README.md b/README.md
new file mode 100644
index 0000000..3f6c22f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,86 @@
+# Archlinux provisioning
+
+This repository contains several playbooks created to provision specific hosts.
+A playbook can be ran as follows:
+
+```
+$ ansible-playbook --limit desktop desktop.yml
+```
+
+The `--limit` parameter is required to run the playbook only for the specified host(s)
+as the default playbook that is included uses `hosts: all`.
+
+## Using systemd-nspawn
+
+Hosts with wired network devices can configure a MACVLAN device to allow networking 
+between systemd-nspawn containers and the host (or vice-versa) aswell as between containers
+and the outside world (through the hosts network device).
+
+### Creating a debian container
+
+First bootstrap a directory containing the files required for the container:
+
+```
+$ debootstrap --include=dbus,libpam-systemd,libnss-systemd,systemd-resolved stable /var/lib/machines/foo
+```
+
+Afterwards a root password can be set:
+
+```
+$ systemd-nspawn --directory /var/lib/machines/foo
+# passwd
+```
+
+To configure networking for the container, a configuration file can be made 
+in `/etc/systemd-nspawn/foo.nspawn` on the host. It should contain the following options:
+
+```
+[Exec]
+# Invokes the init program (usually systemd) when the container starts
+Boot=yes 
+Hostname=foo
+
+[Network]
+MACVLAN=enp1s0
+
+# Used for communication between containers in the same zone 
+Zone=test 
+```
+
+This allows the container to be managed with `machinectl` with the configured options
+in the nspawn configuration file without specifying these through commandline options.
+It is possible through skip this step, which can come in handy whenever a throwaway
+container is to be made, and specify these options through the commandline:
+
+```
+$ systemd-nspawn \
+  --boot \
+  --network-macvlan enp1s0 \
+  --network-zone test \
+  --hostname foo \
+  --directory /var/lib/machines/foo
+```
+
+See `man systemd.nspawn` for more configurable options for the `.nspawn` file. 
+
+Inside the container create a network configuration file for the MACVLAN device 
+in `/etc/systemd/network/10-mv-ensp1s0.network`:
+
+```
+[Match]
+Name=mv-enp1s0
+
+[Link]
+RequiredForOnline=routable
+
+[Network]
+DHCP=yes
+```
+
+Note that the example above can be adjusted to your likings. Afterwards enable (and start) the
+`systemd-networkd` service and verify the configuration is correctly applied.
+
+To setup DNS resolution don't forget to enable the `systemd-resolved` service inside
+the container.
+
+See the [Archlinux wiki](https://wiki.archlinux.org/title/Systemd-nspawn) for more information.
diff --git a/default.yml b/default.yml
index 9ecb181..aace94b 100644
--- a/default.yml
+++ b/default.yml
@@ -15,7 +15,7 @@
       tags: network
 
     - name: Network host specific provisioning
-      ansible.builtin.import_tasks: "tasks/network/{{ ansible_hostname }}.yml"
+      ansible.builtin.import_tasks: "tasks/network/{{ hostname }}.yml"
       tags: network-specific
 
     - name: Systemd provisioning
diff --git a/desktop.yml b/desktop.yml
index 71b58d0..07832cf 100644
--- a/desktop.yml
+++ b/desktop.yml
@@ -1,10 +1,13 @@
 ---
+- name: Include default playbook
+  ansible.builtin.import_playbook: default.yml
+  vars:
+    hostname: desktop
+
 - name: Arch Linux provisioning
   hosts: desktop
+  gather_facts: true
   tasks:
-    - name: Include default playbook
-      ansible.builtin.import_playbook: default.yml
-
     - name: Wireguard provisioning
       ansible.builtin.import_tasks: "tasks/wireguard.yml"
       tags: wireguard
@@ -21,7 +24,6 @@
       ansible.builtin.import_tasks: "tasks/syncthing.yml"
       tags: syncthing
 
-    # TODO: provision current macvlan setup
     - name: Desktop provisioning
       ansible.builtin.import_tasks: "tasks/desktop.yml"
       tags: desktop
diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml
index 76275fa..f906953 100644
--- a/host_vars/desktop/network.yml
+++ b/host_vars/desktop/network.yml
@@ -1,6 +1,7 @@
 ---
 lan_interface: enp1s0
 lan_interface_mac: 00:d8:61:9f:52:65
+macvlan_interface: mv-0
 
 local_network_address: 192.168.2.15/24
 local_network_dns: 9.9.9.9 149.112.112.112
diff --git a/htpc.yml b/htpc.yml
index 5c44b81..148c470 100644
--- a/htpc.yml
+++ b/htpc.yml
@@ -1,12 +1,12 @@
 ---
-- hosts: htpc
-  gather_facts: true
-
 - name: Include default playbook
   ansible.builtin.import_playbook: default.yml
+  vars:
+    hostname: htpc
 
 - name: Arch Linux provisioning
   hosts: htpc
+  gather_facts: true
   tasks:
     - name: Wireguard media provisioning
       ansible.builtin.import_tasks: "tasks/wireguard-media.yml"
diff --git a/tasks/mpd.yml b/tasks/mpd.yml
index cc81314..ca91c2c 100644
--- a/tasks/mpd.yml
+++ b/tasks/mpd.yml
@@ -18,6 +18,7 @@
     - stop mpd service
     - restart mpd socket
 
+# TODO: replace ncmpcpp with rmpc
 - name: Create mpd files
   ansible.builtin.file:
     path: "{{ item.path }}"
@@ -64,7 +65,6 @@
       dest: "{{ ncmpcpp_configuration_dir }}/bindings"
   notify:
     - stop mpd service
-
 # TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR
 # Use mpc to control local mpd server.
 # Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }}
diff --git a/tasks/network/desktop.yml b/tasks/network/desktop.yml
index dc1da43..12a97ac 100644
--- a/tasks/network/desktop.yml
+++ b/tasks/network/desktop.yml
@@ -1,8 +1,8 @@
 ---
 - name: Desktop configuration
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
   block:
     - name: Setup network configuration
       become: true
@@ -15,8 +15,12 @@
       loop:
         - src: "templates/desktop/network/enp1s0.link.j2"
           dest: "/etc/systemd/network/20-enp1s0.link"
-        - src: "templates/desktop//network/enp1s0.network.j2"
+        - src: "templates/desktop/network/enp1s0.network.j2"
           dest: "/etc/systemd/network/20-enp1s0.network"
+        - src: "templates/desktop/network/mv-0.netdev.j2"
+          dest: "/etc/systemd/network/10-mv-0.netdev.j2"
+        - src: "templates/desktop/network/mv-0.network.j2"
+          dest: "/etc/systemd/network/30-mv-0.network.j2"
 
     - name: Remove leftover configuration files
       become: true
diff --git a/tasks/network/xps.yml b/tasks/network/xps.yml
index 753ae43..e53cabd 100644
--- a/tasks/network/xps.yml
+++ b/tasks/network/xps.yml
@@ -17,8 +17,8 @@
     - src: "templates/xps/network/wlan0.network.j2"
       dest: "/etc/systemd/network/20-wireless.network"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
 
 - name: Create iwd directory
   become: true
diff --git a/tasks/setup.yml b/tasks/setup.yml
index 681d2cd..ae829b2 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -117,7 +117,7 @@
       dest: "/etc/sysctl.d/99-sysrq.conf"
     - src: "templates/sysctl/98-forward.conf.j2"
       dest: "/etc/sysctl.d/98-foward.conf"
-  notify: reload sysctl configuration
+  notify: Reload sysctl configuration
 
 - name: Remove the modprobe.d directory
   become: true
@@ -139,12 +139,12 @@
     dest: "{{ item.dest }}"
     mode: "0755"
   loop: "{{ modprobe_templates }}"
-  when: modprobe_templates
+  when: "modprobe_templates | length > 0"
 
 - name: Copy kernel parameters template
   become: true
   ansible.builtin.template:
-    src: "templates/{{ ansible_hostname }}/cmdline.j2"
+    src: "templates/{{ ansible_facts['hostname'] }}/cmdline.j2"
     dest: "/etc/kernel/cmdline"
     mode: "0755"
 
diff --git a/tasks/wireguard-media.yml b/tasks/wireguard-media.yml
index 348befb..bfee535 100644
--- a/tasks/wireguard-media.yml
+++ b/tasks/wireguard-media.yml
@@ -17,8 +17,8 @@
     - "{{ wireguard_media_defaults.private_key_path | dirname }}"
     - "{{ wireguard_media_defaults.public_key_path | dirname }}"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
 
 - name: Copy Wireguard credentials
   become: true
@@ -35,8 +35,8 @@
     - dest: "{{ wireguard_media_defaults.private_key_path }}"
       src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.key"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
 
 - name: Copy Wireguard preshared keys
   become: true
@@ -48,8 +48,8 @@
     mode: "0640"
   loop: "{{ wireguard_media_defaults.peers }}"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
 
 - name: Setup network configuration
   become: true
@@ -66,7 +66,7 @@
     - src: "templates/{{ ansible_hostname }}/network/wg1.netdev.j2"
       dest: "/etc/systemd/network/40-wg1.netdev"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
   vars:
     wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"
diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml
index 06b5479..f53d2ce 100644
--- a/tasks/wireguard.yml
+++ b/tasks/wireguard.yml
@@ -17,8 +17,8 @@
     - "{{ wireguard_defaults.private_key_path | dirname }}"
     - "{{ wireguard_defaults.public_key_path | dirname }}"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
 
 - name: Copy Wireguard credentials
   become: true
@@ -35,8 +35,8 @@
     - dest: "{{ wireguard_defaults.private_key_path }}"
       src: "files/wireguard/{{ ansible_hostname }}/fudiggity.key"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
 
 - name: Copy Wireguard preshared keys
   become: true
@@ -48,8 +48,8 @@
     mode: "0640"
   loop: "{{ wireguard_defaults.peers }}"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
 
 - name: Setup network configuration
   become: true
@@ -66,7 +66,7 @@
     - src: "templates/{{ ansible_hostname }}/network/wg0.netdev.j2"
       dest: "/etc/systemd/network/40-wg0.netdev"
   notify:
-    - restart systemd-networkd
-    - restart systemd-resolved
+    - Restart systemd-networkd
+    - Restart systemd-resolved
   vars:
     wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}"
diff --git a/templates/desktop/network/mv-0.netdev.j2 b/templates/desktop/network/mv-0.netdev.j2
new file mode 100644
index 0000000..d933e28
--- /dev/null
+++ b/templates/desktop/network/mv-0.netdev.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ macvlan_interface }}
+Kind=macvlan
+
+[MACVLAN]
+Mode=bridge
diff --git a/templates/desktop/network/mv-0.network.j2 b/templates/desktop/network/mv-0.network.j2
new file mode 100644
index 0000000..851f1d0
--- /dev/null
+++ b/templates/desktop/network/mv-0.network.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ macvlan_interface }}
+
+[Network]
+DHCP=yes
+BindCarrier={{ lan_interface }}
diff --git a/templates/htpc/network/enp1s0.network.j2 b/templates/htpc/network/enp1s0.network.j2
index af57302..4c59786 100644
--- a/templates/htpc/network/enp1s0.network.j2
+++ b/templates/htpc/network/enp1s0.network.j2
@@ -15,3 +15,4 @@ LinkLocalAddressing=no
 IPv6AcceptRA=no
 IPv6SendRA=no
 RequiredForOnline=routable
+MACVLAN={{ macvlan_interface }}
diff --git a/xps.yml b/xps.yml
index 976e7ac..ffb2265 100644
--- a/xps.yml
+++ b/xps.yml
@@ -1,6 +1,8 @@
 ---
 - name: Include default playbook
   ansible.builtin.import_playbook: default.yml
+  vars:
+    hostname: xps
 
 - name: Arch Linux provisioning
   hosts: xps