diff --git a/hw/straylight/default.nix b/hw/straylight/default.nix
index 01fff55..ad36e7b 100644
--- a/hw/straylight/default.nix
+++ b/hw/straylight/default.nix
@@ -1,4 +1,4 @@
-{ inputs, pkgs, ... }:
+{ inputs, pkgs, lib, ... }:
 {
   imports = [
     ./hardware-configuration.nix
@@ -9,6 +9,19 @@
   ];
 
   config = {
+    # straylight is the unikernel host. The shared mcp.nix locks the agent
+    # down with PrivateDevices=true, which hides /dev/kvm and /dev/net/tun.
+    # Relax that here (only on straylight) so the agent can boot Nanos
+    # unikernel VMs under QEMU/KVM and (Phase 2) manage TAP devices.
+    systemd.services.mcp-agent.serviceConfig = {
+      PrivateDevices = lib.mkForce false;
+      DeviceAllow = [ "/dev/kvm rw" "/dev/net/tun rw" ];
+      SupplementaryGroups = [ "kvm" ];
+      AmbientCapabilities = [ "CAP_NET_ADMIN" ];
+    };
+    # Let the mcp user reach /dev/kvm directly as well.
+    users.users.mcp.extraGroups = [ "kvm" ];
+
     # Allow rootless containers (podman) to bind low ports (53 for MCNS,
     # 443/8443/9443 for mc-proxy) as straylight takes over the core role.
     boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;