diff --git a/coreos/README.md b/coreos/README.md
new file mode 100644
index 0000000..7c152cf
--- /dev/null
+++ b/coreos/README.md
@@ -0,0 +1,16 @@
+# Lab of CoreOS Machines
+
+Fetch the latest CoreOS cloud image.
+
+```sh
+curl -Lo fedora-coreos-33.qcow2.xz https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210217.3.0/x86_64/fedora-coreos-33.20210217.3.0-qemu.x86_64.qcow2.xz
+xz -d fedora-coreos-33.qcow2.xz
+sudo cp fedora-coreos-33.qcow2 /var/lib/libvirt/images/
+```
+
+Then, deploy the lab.
+
+```sh
+terraform init
+terraform apply
+```
diff --git a/coreos/coreos.tf b/coreos/coreos.tf
new file mode 100644
index 0000000..12acf72
--- /dev/null
+++ b/coreos/coreos.tf
@@ -0,0 +1,79 @@
+data "ignition_config" "startup" {
+  users = [
+    data.ignition_user.core.rendered,
+  ]
+
+  files = [
+    element(data.ignition_file.hostname.*.rendered, count.index),
+  ]
+
+  count = var.coreos_machine_count
+}
+
+data "ignition_file" "hostname" {
+  path       = "/etc/hostname"
+  mode       = 420 # decimal 0644
+
+  content {
+    content = format(var.coreos_hostname_format, count.index + 1)
+  }
+
+  count = var.coreos_machine_count
+}
+
+data "ignition_user" "core" {
+  name = "core"
+
+  # Generate encrypted password with "openssl passwd -6"
+  #password_hash = "$6$abc...xyz.0"
+
+  ssh_authorized_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPR1tt58X0+vbvsCR12gMAqr+g7vjt1Fx/qqz9EiboIs nicolas.masse@itix.fr", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@redhat.com"]
+}
+
+resource "libvirt_volume" "coreos_disk" {
+  name             = "${format(var.coreos_hostname_format, count.index + 1)}.${var.volume_format}"
+  count            = var.coreos_machine_count
+  format           = var.volume_format
+  pool             = var.pool_name
+  base_volume_name = "${var.coreos_image}.${var.volume_format}"
+}
+
+resource "libvirt_ignition" "ignition" {
+  name    = "${format(var.coreos_hostname_format, count.index + 1)}-ignition"
+  pool    = var.pool_name
+  count   = var.coreos_machine_count
+  content = element(data.ignition_config.startup.*.rendered, count.index)
+}
+
+resource "libvirt_domain" "coreos_machine" {
+  count     = var.coreos_machine_count
+  name      = format(var.coreos_hostname_format, count.index + 1)
+  vcpu      = "1"
+  memory    = "1024"
+  coreos_ignition = element(libvirt_ignition.ignition.*.id, count.index)
+  autostart = true
+
+  disk {
+    volume_id = element(libvirt_volume.coreos_disk.*.id, count.index)
+  }
+
+  # Makes the tty0 available via `virsh console`
+  console {
+    type        = "pty"
+    target_port = "0"
+  }
+
+  network_interface {
+    network_id = libvirt_network.lab_net.id
+    hostname = format(var.coreos_hostname_format, count.index + 1)
+
+    # When creating the domain resource, wait until the network interface gets
+    # a DHCP lease from libvirt, so that the computed IP addresses will be
+    # available when the domain is up and the plan applied.
+    wait_for_lease = true
+  }
+}
+
+locals {
+  coreos_machines = { for i in libvirt_domain.coreos_machine : i.name => i.network_interface.0.addresses[0] }
+}
diff --git a/coreos/main.tf b/coreos/main.tf
new file mode 100644
index 0000000..2ee684d
--- /dev/null
+++ b/coreos/main.tf
@@ -0,0 +1,25 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    libvirt = {
+      source  = "dmacvicar/libvirt"
+      version = ">=0.6.3"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">=2.0.0"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = ">=2.2.0"
+    }
+    ignition = {
+      source = "community-terraform-providers/ignition"
+      version = "2.1.2"
+    }
+  }
+}
+
+output "machines" {
+  value = local.coreos_machines
+}
diff --git a/coreos/network.tf b/coreos/network.tf
new file mode 100644
index 0000000..c587d90
--- /dev/null
+++ b/coreos/network.tf
@@ -0,0 +1,13 @@
+resource "libvirt_network" "lab_net" {
+  name      = var.network_name
+  mode      = "nat"
+  domain    = var.network_domain
+  addresses = [var.network_ip_range]
+  autostart = true
+  dns {
+    enabled = true
+  }
+  dhcp {
+    enabled = true
+  }
+}
diff --git a/coreos/provider.tf b/coreos/provider.tf
new file mode 100644
index 0000000..21b377c
--- /dev/null
+++ b/coreos/provider.tf
@@ -0,0 +1,3 @@
+provider "libvirt" {
+  uri = "qemu:///system"
+}
\ No newline at end of file
diff --git a/coreos/variables.tf b/coreos/variables.tf
new file mode 100644
index 0000000..1782fa3
--- /dev/null
+++ b/coreos/variables.tf
@@ -0,0 +1,40 @@
+
+variable "coreos_machine_count" {
+  type    = number
+  default = 1
+}
+
+variable "pool_name" {
+  type    = string
+  default = "default"
+}
+
+variable "volume_format" {
+  type    = string
+  default = "qcow2"
+}
+
+variable "coreos_hostname_format" {
+  type    = string
+  default = "coreos-%02d"
+}
+
+variable "coreos_image" {
+  type    = string
+  default = "fedora-coreos-33"
+}
+
+variable "network_name" {
+  type    = string
+  default = "lab"
+}
+
+variable "network_domain" {
+  type    = string
+  default = "sample.lab"
+}
+
+variable "network_ip_range" {
+  type    = string
+  default = "10.10.0.0/24"
+}