diff --git a/.gitignore b/.gitignore
index e51ba08..844de83 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,8 @@
 
 !hosts/
 
+!hosts/best/
+
 !hosts/cube/
 !hosts/cube/matrix/
 !hosts/cube/nextcloud/
diff --git a/hosts/best/default.nix b/hosts/best/default.nix
new file mode 100644
index 0000000..771c320
--- /dev/null
+++ b/hosts/best/default.nix
@@ -0,0 +1,66 @@
+lib: lib.nixosSystem ({ config, keys, lib, ... }: let
+  inherit (lib) collectNix remove;
+in {
+  imports = collectNix ./. |> remove ./default.nix;
+
+  secrets.id.file           = ./id.age;
+  services.openssh.hostKeys = [{
+    type = "ed25519";
+    path = config.secrets.id.path;
+  }];
+
+  secrets.thePassword.file = ./password.the.age;
+  users.users                 = {
+    root.hashedPasswordFile = config.secrets.thePassword.path;
+
+    the = {
+      description                 = "The";
+      openssh.authorizedKeys.keys = keys.admins;
+      hashedPasswordFile          = config.secrets.thePassword.path;
+      isNormalUser                = true;
+      extraGroups                 = [ "wheel" ];
+    };
+
+    backup = {
+      description                 = "Backup";
+      openssh.authorizedKeys.keys = keys.all;
+      hashedPasswordFile          = config.secrets.thePassword.path;
+      isNormalUser                = true;
+    };
+  };
+
+  home-manager.users = {
+    root   = {};
+    the    = {};
+    backup = {};
+  };
+
+  networking = let
+    interface = "ens3";
+  in {
+    hostName = "best";
+
+    ipv4.address = "152.53.236.46";
+    ipv6.address = "2a0a:4cc0:c0:6c66::";
+
+    domain = "rgbcu.be";
+
+    defaultGateway = {
+      inherit interface;
+
+      address = "152.53.236.1";
+    };
+
+    defaultGateway6 = {
+      inherit interface;
+
+      address = "fe80::1";
+    };
+  };
+
+  nixpkgs.hostPlatform       = "x86_64-linux";
+  system.stateVersion        = "25.05";
+  home-manager.sharedModules = [{
+    home.stateVersion = "25.05";
+  }];
+})
diff --git a/hosts/best/hardware.nix b/hosts/best/hardware.nix
new file mode 100644
index 0000000..2abbc15
--- /dev/null
+++ b/hosts/best/hardware.nix
@@ -0,0 +1,30 @@
+{ config, lib, modulesPath, ... }: let
+  inherit (lib) enabled;
+in {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+
+  boot.loader.grub = enabled {
+    efiSupport = false;
+    device     = "/dev/vda";
+  };
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "sr_mod"
+    "uhci_hcd"
+    "virtio_blk"
+    "virtio_pci"
+  ];
+
+  fileSystems."/" = {
+    device  = "/dev/disk/by-label/root";
+    fsType  = "btrfs";
+    options = [ "noatime" ];
+  };
+
+  fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
+    device  = "/dev/disk/by-label/boot";
+    fsType  = "vfat";
+    options = [ "noatime" ];
+  };
+}
diff --git a/hosts/best/password.the.age b/hosts/best/password.the.age
new file mode 100644
index 0000000..a5963b1
--- /dev/null
+++ b/hosts/best/password.the.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 8y3T6w vDzwouIZ67XFvFZLFf3jDGoq6ZeZVfeSGDKGjCbI3iY
+ZUHQ/YMOnmkZHnqxJtGgm/o9WZdViJKYWPksj51puLM
+-> ssh-ed25519 CzqbPQ jyApxYHc2FOrM3oR7Jh412Y0y4+efXkm8HU9PWpogmw
+6RbQFjgFupAQ/qeKUR6v6TvunYq/vdWMNp9ujeIFRIo
+--- fW+OThAIrc1eOx4ZMnr/AEfnC8sld4/fj2DmTVISTW4
+Ú…‘LÆœþØe@kŒÒ«@í²—(¡Û>(ó„è£3o»²ü–ÐÍç™ÔY‚ ( ¹
+Õ*JÝØðX×‚žC½º[iê×pyxµäØà`Wf¿H7ýx*obý›%*¢nÜ£#5³nG
\ No newline at end of file
diff --git a/keys.nix b/keys.nix
index e196e13..f8099d8 100644
--- a/keys.nix
+++ b/keys.nix
@@ -1,5 +1,6 @@
 let
   keys = {
+    best = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUsMV591/9VqzjBiMqdxJId0C7PlZTIXQByHEILWMwc the@best";
     cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINMkCJeHcD0SIOZ4HkyF6rqUmbvlKhSha3HWMZ0hbIjp rgb@cube";
     disk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItpYQ3Pz6zFifKXvFX7xAC8aby9RW/m5PkW8T9SOee4 floppy@disk";
     pala = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkWUQ6Z4OK539tore/R5wnueNPPaX532RUAld8UOCo pala@pala";
diff --git a/modules/common/ssh/default.nix b/modules/common/ssh/default.nix
index 47bb0af..feda7ae 100644
--- a/modules/common/ssh/default.nix
+++ b/modules/common/ssh/default.nix
@@ -34,6 +34,12 @@ in {
 
         # TODO: Maybe autogenerate these?
 
+        best = {
+          hostname = self.best.networking.ipv4.address;
+          user     = "the";
+          port     = 2222;
+        };
+
         cube = {
           hostname = self.cube.networking.ipv4.address;
           user     = "rgb";
diff --git a/secrets.nix b/secrets.nix
index 51cd3ab..28e78f5 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -1,6 +1,10 @@
 let
-  inherit (import ./keys.nix) cube disk nine admins all;
+  inherit (import ./keys.nix) best cube disk nine admins all;
 in {
+  # best
+  "hosts/best/id.age".publicKeys           = [ best ] ++ admins;
+  "hosts/best/password.the.age".publicKeys = [ best ] ++ admins;
+
   # cube
   "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube ] ++ admins;
   "hosts/cube/grafana/password.age".publicKeys        = [ cube ] ++ admins;