diff --git a/hosts/vm-oddjob/configuration.nix b/hosts/vm-oddjob/configuration.nix
index 55832f0..a9e0a84 100644
--- a/hosts/vm-oddjob/configuration.nix
+++ b/hosts/vm-oddjob/configuration.nix
@@ -19,16 +19,6 @@
   };
 
   # Setup NAS backups
-  # TODO: Move kerberos setup to general module
-  security.krb5 = {
-    enable = true;
-    settings = {
-      libdefaults = {
-        rdns = false;
-      };
-      realms = (inputs.secrets.lab.krb5Realm);
-    };
-  };
   environment.systemPackages = with pkgs; [
     cifs-utils
     samba
diff --git a/modules/nixos/domain.nix b/modules/nixos/domain.nix
new file mode 100644
index 0000000..c722d1c
--- /dev/null
+++ b/modules/nixos/domain.nix
@@ -0,0 +1,58 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+with lib;
+let
+  cfg = config.modules.domain;
+  domain = inputs.secrets.lab.domain;
+  domainUpper = lib.strings.toUpper domain;
+in
+{
+  options.modules.domain = {
+    enable = mkEnableOption "Domain Integration";
+    join = {
+      userFile = mkOption {
+        type = types.str;
+        description = "File containing the user used to join the computer.";
+      };
+      passwordFile = mkOption {
+        type = types.str;
+        description = "File containing the password for the join user.";
+      };
+      domainOUFile = mkOption {
+        type = types.str;
+        description = "The OU to join the computer to.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Set network domain
+    networking.domain = domain;
+    networking.search = [ domain ];
+
+    # Automatically join the domain
+    systemd.services.adcli-join = {
+      description = "Automatically join the domain";
+      wantedBy = [ "default.target" ];
+      after = [
+        "network.target"
+      ];
+      serviceConfig = {
+        type = "oneshot";
+      };
+      script = ''
+        ADCLI_JOIN_USER=$(cat ${cfg.join.userFile})
+        ADCLI_JOIN_OU=$(cat ${cfg.join.domainOUFile})
+        ${pkgs.adcli}/bin/adcli join -D ${domain} \
+          -U $ADCLI_JOIN_USER \
+          -O $ADCLI_JOIN_OU < ${cfg.join.passwordFile}
+      '';
+    };
+  };
+}
diff --git a/profiles/nixos/vm.nix b/profiles/nixos/vm.nix
index 7c7d504..0e85485 100644
--- a/profiles/nixos/vm.nix
+++ b/profiles/nixos/vm.nix
@@ -29,9 +29,22 @@ in
           zfs rollback -r tank/root@blank
         '';
       };
+      domain = {
+        enable = true;
+        join = {
+          userFile = config.sops.secrets."vm-join/user".path;
+          passwordFile = config.sops.secrets."vm-join/password".path;
+          domainOUFile = config.sops.secrets."vm-join/ou".path;
+        };
+      };
       ssh.enable = true;
     };
 
+    # Initialize domain join secrets
+    sops.secrets."vm-join/user" = { };
+    sops.secrets."vm-join/password" = { };
+    sops.secrets."vm-join/ou" = { };
+
     # Autologin to root for access from hypervisor
     services.getty.autologinUser = "root";