diff --git a/hosts.toml b/hosts.toml
index c7480ec..39b0d32 100644
--- a/hosts.toml
+++ b/hosts.toml
@@ -1,3 +1,11 @@
+#[kroma]
+#type = "nixos"
+#system = "x86_64-linux"
+
+[potksed]
+type = "nixos"
+system = "x86_64-linux"
+
 [nom]
 type = "nixos"
 system = "x86_64-linux"
diff --git a/hosts/potksed/default.nix b/hosts/potksed/default.nix
new file mode 100644
index 0000000..63b1319
--- /dev/null
+++ b/hosts/potksed/default.nix
@@ -0,0 +1,52 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.nixos-hardware.nixosModules.common-cpu-amd
+    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
+    inputs.nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
+    inputs.nixos-hardware.nixosModules.common-pc
+    inputs.nixos-hardware.nixosModules.common-pc-hdd
+    inputs.nixos-hardware.nixosModules.common-pc-ssd
+
+    ../../modules/optional/hardware/physical.nix
+
+    ../../modules
+    ../../modules/optional/boot-efi.nix
+    ../../modules/optional/initrd-ssh.nix
+    ../../modules/optional/dev
+    ../../modules/optional/graphical
+    ../../modules/optional/laptop.nix
+    ../../modules/optional/sound.nix
+    ../../modules/optional/zfs.nix
+
+    ../../users/myuser
+
+    ./fs.nix
+    ./net.nix
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+
+  hardware.nvidia.modesetting.enable = true;
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+  hardware.nvidia.powerManagement.enable = true;
+  hardware.nvidia.open = false;
+  hardware.nvidia.nvidiaSettings = true;
+
+  environment.systemPackages = with pkgs; [
+    killall
+    vaapiVdpau
+    libvdpau-va-gl
+  ];
+  environment.shellInit = ''
+    gpg-connect-agent /bye
+    export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+  '';
+}
diff --git a/hosts/potksed/fs.nix b/hosts/potksed/fs.nix
new file mode 100644
index 0000000..ad8bd16
--- /dev/null
+++ b/hosts/potksed/fs.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  disko.devices = {
+    disk = {
+      m2-ssd = {
+        type = "disk";
+        device = "/dev/disk/by-id/${config.repo.secrets.local.disk.m2-ssd}";
+        content = with lib.disko.gpt; {
+          type = "table";
+          format = "gpt";
+          partitions = [
+            (partEfi "efi" "0%" "1GiB")
+            (partSwap "swap" "1GiB" "17GiB")
+            (partLuksZfs "rpool" "17GiB" "100%")
+          ];
+        };
+      };
+      #data-hdd = {
+      #  type = "disk";
+      #  device = "/dev/disk/by-id/${config.repo.secrets.local.disk.data-hdd}";
+      #  content = with lib.disko.gpt; {
+      #    type = "table";
+      #    format = "gpt";
+      #    partitions = [
+      #      (partLuksZfs "data" "0%" "100%")
+      #    ];
+      #  };
+      #};
+    };
+    zpool = with lib.disko.zfs; {
+      rpool = defaultZpoolOptions // {datasets = defaultZfsDatasets;};
+    };
+  };
+
+  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
+}
diff --git a/hosts/potksed/net.nix b/hosts/potksed/net.nix
new file mode 100644
index 0000000..0d279b5
--- /dev/null
+++ b/hosts/potksed/net.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  networking = {
+    inherit (config.repo.secrets.local.networking) hostId;
+    wireless.iwd.enable = true;
+  };
+
+  boot.initrd.systemd.network = {
+    enable = true;
+    networks = {inherit (config.systemd.network.networks) "10-lan1";};
+  };
+
+  systemd.network.networks = {
+    "10-lan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan1.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 10;
+      dhcpV6Config.RouteMetric = 10;
+    };
+    "10-wlan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wlan1.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 40;
+      dhcpV6Config.RouteMetric = 40;
+    };
+  };
+
+  networking.nftables.firewall = {
+    zones = lib.mkForce {
+      untrusted.interfaces = ["lan1" "wlan1"];
+    };
+  };
+}
diff --git a/hosts/potksed/secrets/host.pub b/hosts/potksed/secrets/host.pub
new file mode 100644
index 0000000..720eeed
--- /dev/null
+++ b/hosts/potksed/secrets/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsN0UQtOwon+OJL98WGt9yM78tCGw6SWJflKyCqr2xY
diff --git a/hosts/potksed/secrets/local.nix.age b/hosts/potksed/secrets/local.nix.age
new file mode 100644
index 0000000..83d42c1
Binary files /dev/null and b/hosts/potksed/secrets/local.nix.age differ
diff --git a/secrets/generated/potksed/initrd_host_ed25519_key.age b/secrets/generated/potksed/initrd_host_ed25519_key.age
new file mode 100644
index 0000000..252aa09
Binary files /dev/null and b/secrets/generated/potksed/initrd_host_ed25519_key.age differ