diff --git a/common/default.nix b/common/default.nix
index 739c0b5..98e4eda 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -15,6 +15,7 @@ in
     ./nitrokey.nix
     ./nix-settings.nix
     ./upgrade-diff.nix
+    ./guest.nix
   ];
 
   services.davfs2.enable = true;
diff --git a/common/guest.nix b/common/guest.nix
new file mode 100644
index 0000000..7183bc1
--- /dev/null
+++ b/common/guest.nix
@@ -0,0 +1,66 @@
+{
+  config,
+  lib,
+  system,
+  ...
+}:
+let
+  inputs = config.inputInjection.flake-inputs;
+in
+{
+  # interesting: this causes an infinite recursion
+  #imports = [ config.inputInjection.flake-inputs.home-manager.nixosModules.home-manager ];
+
+  options.schmittlauch.guestUser.enable = lib.options.mkEnableOption "Provide a guest user account";
+
+  config = lib.mkIf config.schmittlauch.guestUser.enable {
+    users.extraUsers.gast = {
+      isNormalUser = true;
+      group = "gast";
+      hashedPassword = "$y$j9T$pPCjU8ZvVYo0aY4jtrHPj1$NxUWOP/YTcqJ1PYaP1Hy5MwTeDcNjg0k369R5rE5M48";
+    };
+    users.groups.gast = { };
+    # a basic home-manager configuration to share installed packages of other accounts
+    # reason: keeping a separate config checkout for guests and requiring them to run
+    # their own `home-manager` instance does not make sense.
+    home-manager =
+      let
+        gast = config.users.extraUsers.gast;
+      in
+      {
+        useGlobalPkgs = false; # to allow usage of home-level overlays
+        # FIXME: possibly expose home modules through flake outputs instead of brittle path traversals
+        users.gast = {
+          imports = [
+            inputs.nur.hmModules.nur
+            ../home/modules/packages.nix
+          ];
+          home = {
+            username = gast.name;
+            homeDirectory = gast.home;
+            stateVersion = "24.05";
+          };
+          schmittlauch = {
+            packages = {
+              graphics = true;
+              multimedia = true;
+              nixHelpers = true;
+              devTools = true;
+              pythonTools = true;
+              games = true;
+              desktopLinux = true;
+              kde = true;
+            };
+          };
+
+        };
+        # Optionally use extraSpecialArgs
+        # to pass through arguments to home.nix
+        extraSpecialArgs = {
+          inherit inputs system;
+        };
+
+      };
+
+  };
+}
diff --git a/flake.nix b/flake.nix
index 16786b7..796a574 100644
--- a/flake.nix
+++ b/flake.nix
@@ -59,7 +59,13 @@
             flake-inputs = inputs;
           };
         };
-      defaultModules = system: [ inputInjection ];
+      defaultModules = system: [
+        inputInjection
+
+        # for some reason, `imports`-ing the home-manager module via inputInjection
+        # from a sub-module causes infinite recursion, so importing it here instead
+        home-manager.nixosModules.home-manager
+      ];
       mkSystem =
         system: extraModules:
         nixpkgs.lib.nixosSystem rec {
@@ -115,6 +121,7 @@
         modules = [
           ./darwin/configuration.nix
           inputInjection
+
         ];
       };
       homeConfigurations = {
diff --git a/hosts/thinknix/default.nix b/hosts/thinknix/default.nix
index 518f8ce..75bd887 100644
--- a/hosts/thinknix/default.nix
+++ b/hosts/thinknix/default.nix
@@ -22,6 +22,8 @@
     speed = 180;
   };
 
+  schmittlauch.guestUser.enable = true;
+
   networking.hostName = "thinknix";
 
   # This value determines the NixOS release with which your system is to be