feat: add best host

hosts/best/default.nix

@@ -0,0 +1,66 @@
+lib: lib.nixosSystem ({ config, keys, lib, ... }: let
+  inherit (lib) collectNix remove;
+in {
+  imports = collectNix ./. |> remove ./default.nix;
+
+  secrets.id.file           = ./id.age;
+  services.openssh.hostKeys = [{
+    type = "ed25519";
+    path = config.secrets.id.path;
+  }];
+
+  secrets.thePassword.file = ./password.the.age;
+  users.users                 = {
+    root.hashedPasswordFile = config.secrets.thePassword.path;
+
+    the = {
+      description                 = "The";
+      openssh.authorizedKeys.keys = keys.admins;
+      hashedPasswordFile          = config.secrets.thePassword.path;
+      isNormalUser                = true;
+      extraGroups                 = [ "wheel" ];
+    };
+
+    backup = {
+      description                 = "Backup";
+      openssh.authorizedKeys.keys = keys.all;
+      hashedPasswordFile          = config.secrets.thePassword.path;
+      isNormalUser                = true;
+    };
+  };
+
+  home-manager.users = {
+    root   = {};
+    the    = {};
+    backup = {};
+  };
+
+  networking = let
+    interface = "ens3";
+  in {
+    hostName = "best";
+
+    ipv4.address = "152.53.236.46";
+    ipv6.address = "2a0a:4cc0:c0:6c66::";
+
+    domain = "rgbcu.be";
+
+    defaultGateway = {
+      inherit interface;
+
+      address = "152.53.236.1";
+    };
+
+    defaultGateway6 = {
+      inherit interface;
+
+      address = "fe80::1";
+    };
+  };
+
+  nixpkgs.hostPlatform       = "x86_64-linux";
+  system.stateVersion        = "25.05";
+  home-manager.sharedModules = [{
+    home.stateVersion = "25.05";
+  }];
+})

hosts/best/hardware.nix

@@ -0,0 +1,30 @@
+{ config, lib, modulesPath, ... }: let
+  inherit (lib) enabled;
+in {
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+
+  boot.loader.grub = enabled {
+    efiSupport = false;
+    device     = "/dev/vda";
+  };
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "sr_mod"
+    "uhci_hcd"
+    "virtio_blk"
+    "virtio_pci"
+  ];
+
+  fileSystems."/" = {
+    device  = "/dev/disk/by-label/root";
+    fsType  = "btrfs";
+    options = [ "noatime" ];
+  };
+
+  fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
+    device  = "/dev/disk/by-label/boot";
+    fsType  = "vfat";
+    options = [ "noatime" ];
+  };
+}

hosts/best/password.the.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 8y3T6w vDzwouIZ67XFvFZLFf3jDGoq6ZeZVfeSGDKGjCbI3iY
+ZUHQ/YMOnmkZHnqxJtGgm/o9WZdViJKYWPksj51puLM
+-> ssh-ed25519 CzqbPQ jyApxYHc2FOrM3oR7Jh412Y0y4+efXkm8HU9PWpogmw
+6RbQFjgFupAQ/qeKUR6v6TvunYq/vdWMNp9ujeIFRIo
+--- fW+OThAIrc1eOx4ZMnr/AEfnC8sld4/fj2DmTVISTW4
+Ú…‘LÆœþØe@kŒÒ«@í²—(¡Û>(ó„è£3o»²ü–ÐÍç™ÔY‚ ( ¹
+Õ*JÝØðXׂžC½º[iê×pyxµäØà`Wf¿H7ýx*obý›%*¢nÜ£#5³nG