diff --git a/config/arachnide/proxy-configuration.nix b/config/arachnide/proxy-configuration.nix
index 6baee29..ba59cb1 100644
--- a/config/arachnide/proxy-configuration.nix
+++ b/config/arachnide/proxy-configuration.nix
@@ -21,6 +21,17 @@
     service = "service-nixin-web-lab12";
   };
 
+  # proxy for nixin-web on franky
+  services.traefik.dynamicConfigOptions.http.services."service-nixin-web-franky-mrflos" = {
+    loadBalancer.servers = [
+      { url = "http://192.168.12.9:8081"; }
+    ];
+  };
+  services.traefik.dynamicConfigOptions.http.routers."router-nixin-web-franky-mrflos" = {
+    rule = "Host(`nixin.franky.mrflos.pw`)";
+    service = "service-nixin-web-franky-mrflos";
+  };
+
   # proxy for nixin-web on sanji
   services.traefik.dynamicConfigOptions.http.services."service-nixin-web-sanji-mrflos" = {
     loadBalancer.servers = [
diff --git a/config/franky/configuration.nix b/config/franky/configuration.nix
new file mode 100644
index 0000000..99957e5
--- /dev/null
+++ b/config/franky/configuration.nix
@@ -0,0 +1,99 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ../modules/nixin-base.nix
+    ../modules/nginx.nix
+    ../modules/wireguard-client.nix
+    ../modules/users.nix
+    ../modules/nixin-web.nix
+  ];
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+
+  nixin.wg.client = {
+    ipv4 = "192.168.12.9";
+    ipv6 = "2a01:4f9:1a:9a05::9";
+    allowedIPs = [
+      "192.168.12.0/24"
+      "2a01:4f9:1a:9a05::/64"
+    ];
+    endpoint = "vpn.lab12.fr:51812";
+    endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w=";
+  };
+
+  nixin.web = {
+    domain = "nixin.franky.mrflos.pw";
+    http-port = 8081;
+  };
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+    neovim
+    magic-wormhole
+    git
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  services.openssh = {
+    enable = true;
+    ports = [ 4222 ];
+  };
+
+  networking = {
+    hostName = "franky";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        80
+        4222
+        443
+        8081
+      ];
+      allowedUDPPortRanges = [
+        {
+          from = 60000;
+          to = 61000;
+        }
+      ];
+    };
+    nat = {
+      enable = true;
+      internalIPs = [ "10.10.9.0/24" ];
+      externalInterface = "enp0s31f6";
+    };
+    bridges = {
+      "br0" = {
+        interfaces = [ ];
+      };
+    };
+    interfaces = {
+      enp0s31f6 = {
+        useDHCP = true;
+      };
+      # interface for containers virtual network
+      br0 = {
+        useDHCP = false;
+        ipv4.addresses = [
+          {
+            address = "10.10.9.1";
+            prefixLength = 24;
+          }
+        ];
+      };
+    };
+  };
+
+  system.copySystemConfiguration = true;
+  system.stateVersion = "24.11";
+}
diff --git a/config/franky/hardware-configuration.nix b/config/franky/hardware-configuration.nix
new file mode 100644
index 0000000..5d4b36a
--- /dev/null
+++ b/config/franky/hardware-configuration.nix
@@ -0,0 +1,40 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/b66aa655-23c0-45ca-a7b3-95b03bdda4fc";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5D1A-DA4E";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/8e976d77-2ca2-4b2a-a05d-ecb14254833c"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/krops.nix b/krops.nix
index 92cb05e..948f920 100644
--- a/krops.nix
+++ b/krops.nix
@@ -49,6 +49,14 @@ let
     };
   };
 
+  franky = pkgs.krops.writeDeploy "deploy-server-franky" {
+    source = source "franky";
+    target = lib.mkTarget "operator@192.168.12.9" // {
+      port = "4222";
+      sudo = true;
+    };
+  };
+
   sanji = pkgs.krops.writeDeploy "deploy-server-sanji" {
     source = source "sanji";
     target = lib.mkTarget "operator@192.168.12.5" // {
@@ -110,6 +118,7 @@ in
   arachnide = arachnide;
   framboise = framboise;
   grille-pain = grille-pain;
+  franky = franky;
   sanji = sanji;
   zoro = zoro;
   dromadaire = dromadaire;
@@ -119,6 +128,7 @@ in
       arachnide
       framboise
       grille-pain
+      franky
       sanji
       zoro
       dromadaire