diff --git a/apps/run-workflow-with-vm/app.sh b/apps/run-workflow-with-vm/app.sh
new file mode 100644
index 00000000..e6e4b0b4
--- /dev/null
+++ b/apps/run-workflow-with-vm/app.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+nix-build -A config.system.build.vm -k \
+    --argstr workflow "$1" \
+    @datadir@/@projectname@/configuration.nix \
+    @inputsArgs@ \
+    ${NIX_EXTRA_ARGS[@]}
diff --git a/apps/run-workflow-with-vm/configuration.nix b/apps/run-workflow-with-vm/configuration.nix
new file mode 100644
index 00000000..d705645c
--- /dev/null
+++ b/apps/run-workflow-with-vm/configuration.nix
@@ -0,0 +1,72 @@
+{ workflow }:
+
+let
+  pkgs = import <nixpkgs> { };
+  config' = import <config> { inherit pkgs; };
+  lib = pkgs.lib.extend (self: super:
+    let
+      publicLib = import <config/lib> { lib = super; };
+    in
+    {
+      inherit (publicLib) countAttrs getSecrets attachSopsPathPrefix;
+
+      # Until I figure out how to properly add them only for their respective
+      # environment, this is the working solution for now. Not really perfect
+      # since we use one nixpkgs instance for each configuration (home-manager or
+      # otherwise).
+      private = publicLib
+        // import <config/lib/private.nix> { lib = self; }
+        // import <config/lib/home-manager.nix> { lib = self; };
+    });
+
+  modules = import <config/modules/nixos> { inherit lib; isInternal = true; };
+  hmModules = import <config/modules/home-manager> { inherit lib; isInternal = true; };
+in
+import <nixpkgs/nixos/lib/eval-config.nix> {
+  inherit lib;
+  modules = modules ++ [
+    <home-manager/nixos>
+    <nixos-generators/formats/vm.nix>
+    <nixos-generators/format-module.nix>
+    ({ config, lib, pkgs, ... }: {
+      imports = [
+        (
+          let
+            password = "nixos";
+          in
+          lib.private.mapHomeManagerUser "alice" {
+            inherit password;
+            extraGroups = [
+              "wheel"
+            ];
+            description = "The password is '${password}'";
+            isNormalUser = true;
+            createHome = true;
+            home = "/home/alice";
+          }
+        )
+      ];
+
+      config = {
+        home-manager.sharedModules = hmModules;
+
+        _module.args = {
+          nix-colors = import <nix-colors> { };
+        };
+
+        virtualisation.qemu.options = [
+          "-vga virtio"
+          "-display gtk,gl=on"
+        ];
+
+        workflows.workflows.${workflow}.enable = true;
+
+        nixpkgs.overlays = [
+          config'.overlays.default
+        ];
+
+        system.stateVersion = "23.11";
+      };
+    })
+  ];
+}
diff --git a/apps/run-workflow-with-vm/default.nix b/apps/run-workflow-with-vm/default.nix
new file mode 100644
index 00000000..ab9f0268
--- /dev/null
+++ b/apps/run-workflow-with-vm/default.nix
@@ -0,0 +1,30 @@
+{ stdenv
+, lib
+, meson
+, ninja
+, makeWrapper
+, inputs ? []
+}:
+
+stdenv.mkDerivation {
+  pname = "run-workflow-with-vm";
+  version = "2024-01-05";
+
+  src = ./.;
+
+  nativeBuildInputs = [
+    meson
+    ninja
+    makeWrapper
+  ];
+
+  preConfigure = ''
+    mesonFlagsArray+=("-Dinputs=[${lib.concatStringsSep "," inputs}]")
+  '';
+
+  meta = with lib; {
+    description = "Quickly run workflow modules with a VM.";
+    license = licenses.gpl3Plus;
+    platforms = platforms.linux;
+  };
+}
diff --git a/apps/run-workflow-with-vm/meson.build b/apps/run-workflow-with-vm/meson.build
new file mode 100644
index 00000000..5dba58e5
--- /dev/null
+++ b/apps/run-workflow-with-vm/meson.build
@@ -0,0 +1,33 @@
+project('run-workflow-with-vm',
+  version: '2024-01-05',
+  license: 'GPL-3.0-or-later',
+  meson_version: '>=0.54.0',
+)
+
+prefix = get_option('prefix')
+datadir = join_paths(prefix, get_option('datadir'))
+sysconfdir = join_paths(prefix, get_option('sysconfdir'))
+
+includedInputs = get_option('inputs')
+inputsArgs = ''
+foreach input : includedInputs
+  inputsArgs += '-I ' + input + ' \\\n    '
+endforeach
+
+bindata = configuration_data()
+bindata.set('datadir', datadir)
+bindata.set('inputsArgs', inputsArgs)
+bindata.set('projectname', 'run-workflow-with-vm')
+configure_file(
+  input: 'app.sh',
+  output: 'run-workflow-with-vm',
+  configuration: bindata,
+  install_dir: get_option('bindir'),
+  install_mode: 'rwxr-xr-x',
+  install: true
+)
+
+install_data(
+  './configuration.nix',
+  install_mode: 'r--r--r--'
+)
diff --git a/apps/run-workflow-with-vm/meson_options.txt b/apps/run-workflow-with-vm/meson_options.txt
new file mode 100644
index 00000000..6deb9d99
--- /dev/null
+++ b/apps/run-workflow-with-vm/meson_options.txt
@@ -0,0 +1,5 @@
+option('inputs',
+  type: 'array',
+  value: [],
+  description: 'A list of inputs to be included in NIX_PATH.'
+)
diff --git a/flake.nix b/flake.nix
index 4c126a6c..734109e6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -365,6 +365,29 @@
         };
     in
     {
+      apps = forAllSystems (system: let
+        pkgs = nixpkgs.legacyPackages.${system};
+      in
+      {
+        run-workflow-with-vm =
+          let
+            inputsArgs = lib.mapAttrsToList
+              (name: source:
+                let
+                  name' = if (name == "self") then "config" else name;
+                in
+                "'${name'}=${source}'")
+              inputs;
+            script = pkgs.callPackage ./apps/run-workflow-with-vm {
+              inputs = inputsArgs;
+            };
+          in
+          {
+            type = "app";
+            program = "${script}/bin/run-workflow-with-vm";
+          };
+      });
+
       # Exposes only my library with the custom functions to make it easier to
       # include in other flakes for whatever reason may be.
       lib = import ./lib { lib = nixpkgs.lib; };