diff --git a/flake.nix b/flake.nix
index 58b28ae..c2f2b21 100644
--- a/flake.nix
+++ b/flake.nix
@@ -86,6 +86,7 @@
       nixosConfigurations."fondue" = mkSystem nixpkgs "fondue" "x86_64-linux" false;
 
       nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false;
+      nixosConfigurations."sugarcane" = mkSystem nixpkgs-porcupine "sugarcane" "x86_64-linux" false;
 
       packages."x86_64-linux" =
         let
diff --git a/hosts/sugarcane/default.nix b/hosts/sugarcane/default.nix
new file mode 100644
index 0000000..ed36355
--- /dev/null
+++ b/hosts/sugarcane/default.nix
@@ -0,0 +1,26 @@
+{ config, inputs, modules, modulesPath, overlays, pkgs, ... }: {
+  networking.hostName = "sugarcane";
+  system.stateVersion = "21.11";
+  time.timeZone = "Asia/Singapore";
+
+  age.secrets = {
+    passwd.file = ../../secrets/passwd.age;
+  };
+  imports = with modules.system; [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.home-manager-porcupine.nixosModule
+
+    base
+    home-manager
+    input
+    nix
+    security
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+    ./packages.nix
+
+    ../../users/hana
+  ];
+}
diff --git a/hosts/sugarcane/filesystem.nix b/hosts/sugarcane/filesystem.nix
new file mode 100644
index 0000000..1bd851e
--- /dev/null
+++ b/hosts/sugarcane/filesystem.nix
@@ -0,0 +1,37 @@
+{ config, ... }:
+let
+  bind = src: {
+    depends = [ "/nix" ];
+    device = src;
+    fsType = "none";
+    neededForBoot = true;
+    options = [ "bind" ];
+  };
+in {
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=2G" "mode=755" ];
+    };
+
+    "/mnt" = {
+      device = "/dev/disk/by-uuid/19d572a8-1cf6-4b9c-94c6-3ce6be54f719";
+      fsType = "ext4";
+      options = [ "defaults" "noatime" ];
+      neededForBoot = true;
+    };
+
+    "/nix" = {
+      depends = [ "/mnt" ];
+      device = "/mnt/nix";
+      fsType = "none";
+      neededForBoot = true;
+      options = [ "bind" ];
+    };
+
+    "/var/persist" = bind "/nix/persist";
+    "/var/log/journal" = bind "/nix/persist/journal";
+    "/boot" = bind "/nix/persist/boot";
+  };
+}
diff --git a/hosts/sugarcane/kernel.nix b/hosts/sugarcane/kernel.nix
new file mode 100644
index 0000000..35c4452
--- /dev/null
+++ b/hosts/sugarcane/kernel.nix
@@ -0,0 +1,17 @@
+{ config, inputs, pkgs, ... }: {
+  boot = {
+    loader = {
+      systemd-boot.enable = false;
+      efi.canTouchEfiVariables = true;
+      grub = {
+        enable = true;
+        device = "/dev/sda";
+      };
+    };
+    initrd.kernelModules = [ "nvme" ];
+    kernel.sysctl = {
+      "kernel.core_pattern" = "|/bin/false";
+      "kernel.sysrq" = 1;
+    };
+  };
+}
diff --git a/hosts/sugarcane/networking.nix b/hosts/sugarcane/networking.nix
new file mode 100644
index 0000000..d53628f
--- /dev/null
+++ b/hosts/sugarcane/networking.nix
@@ -0,0 +1,6 @@
+{ config, ... }: {
+  networking = {
+    useDHCP = false;
+    interfaces.ens3.useDHCP = true;
+  };
+}
diff --git a/hosts/sugarcane/packages.nix b/hosts/sugarcane/packages.nix
new file mode 100644
index 0000000..d7ebb23
--- /dev/null
+++ b/hosts/sugarcane/packages.nix
@@ -0,0 +1,15 @@
+{ lib, pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    git
+    htop
+    jq
+    neovim
+    rsync
+    sshfs
+    wget
+
+    kitty.terminfo
+  ];
+  environment.variables.EDITOR = "nvim";
+  nix.package = lib.mkForce pkgs.nix_2_4;
+}
diff --git a/secrets.nix b/secrets.nix
index a29dfad..4faa90e 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -3,12 +3,13 @@ let
   blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj";
   caramel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFJT1XYyjDZFHYT/8RdxAReKkeU8QfpLrmMjEeW/80";
   fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkKZYsYWnI+MgecBjOwf7aL5jtiT0ymCDme3pzucTei";
+  sugarcane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImymDDLSOdLcsox8wxS9Z84fsbsz6Mi58OU0od2p/ZQ";
 
   rin-apricot = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxzygMMJ/hmPRUeQu/eMmEhAKfFSFIEVstDIerPzxgZ";
   rin-blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
   rin-fondue = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbPamP5bovUsrBNYnjOk4SN2TaQZAVlJ+4JldK2cL5M";
 in {
-  "secrets/passwd.age".publicKeys = [ apricot caramel fondue blossom rin-apricot rin-fondue rin-blossom ];
+  "secrets/passwd.age".publicKeys = [ apricot caramel fondue sugarcane blossom rin-apricot rin-fondue rin-blossom ];
   "secrets/wpa_conf.age".publicKeys = [ apricot caramel blossom rin-apricot rin-blossom ];
 
   "secrets/wg_apricot.age".publicKeys = [ apricot rin-apricot rin-blossom ];
diff --git a/secrets/passwd.age b/secrets/passwd.age
index 58306fd..a6836f9 100644
Binary files a/secrets/passwd.age and b/secrets/passwd.age differ
diff --git a/secrets/wg_apricot.age b/secrets/wg_apricot.age
index 39ddfdc..dfc47da 100644
--- a/secrets/wg_apricot.age
+++ b/secrets/wg_apricot.age
@@ -1,12 +1,12 @@
 age-encryption.org/v1
--> ssh-ed25519 U9FXlg H7n5IC6XGcAY9tC8lRFEolb9KD/goej4Dlug5AxkBDU
-3asR+ee3SZ3NOmLOcv2FNHVfX/YmxU9V/wYiyl8dmXM
--> ssh-ed25519 pumkzw kpBvxdtF3dSm67XAu/hEKYylCP131PueSJCQaSLV+ls
-MoftJyimviq9t74Jb8WnZj9vimzeXzLXSmf2LPG8qaE
--> ssh-ed25519 l9dSQg 3pbs05PKX0IEDJa4hcLi6JOVxRwfNYn2ZIM+KtbJ2ww
-ab2FQXyW0iEgR2CNNimEye3yeclhaQEJ6bK+1Nxhtzk
--> T-grease
-B9RPVaCLtAcnepxeFChMUqEgXQ
---- eB7HKAkFMS1Za08uhuDbHIDThRwLicbadCILSEDebY0
-°‰%aaÀw°\ê†
-ª‚7”59ödÈ…GŸš~zT2µ¢úz¤<¾#1Þªš	áVgU¨}…Ñ¦ÖÞjŠIêRÓêø³À¶Žw
\ No newline at end of file
+-> ssh-ed25519 U9FXlg aNYTL/nwaVZhtBHlTR9DkfJC5zFIzjNM9k2Zysfn9xg
+L6Bpo+HXojQQvBuqbgrm9CbZ33vphpR7Wtt90DbN04k
+-> ssh-ed25519 pumkzw aUd2plw9XAGJIWwxbQqxrtaqj51sa1Z2f1tX1N5Gg2s
+JGlz/PEGpRJactz2IgT0zjUBwYw2Qs0120zMy7pmKSM
+-> ssh-ed25519 l9dSQg bZBVF5DyRdgg6ewsab2Vw0xvHRV9prNOOmyTEWshJHg
+74djfgSBZlyja7gi/Ia2+rCh8+fd01I68QV8/zVvLCE
+-> B-grease ,c&T' J-N rrREz8
+Ky9u8nrc7wTcIBqczcsKUbIG8OSZ6T0P2NWCIOQqI0CweBSGn7HKi5bTkU7rRGsi
+/8OHTW9//3wT1GZpqJ8spil2JW82V+LrVZnRc1lBufADBQ
+--- +AhMEjhdNZb/nP3eSwbsFcQL96EnYcfV8xlW+UTc1fs
+ÈÊßigƒu]6”–g¦F7Ð/­A/ô†‡Ì,¦Ñrº450.5ƒ’Éû»yH¯ìÎT$¡®8åÀ~æƒ@áÞ2ßÛ#Yþº'Þ%¡
\ No newline at end of file
diff --git a/secrets/wg_blossom.age b/secrets/wg_blossom.age
index 2d41e3d..9f97eb3 100644
--- a/secrets/wg_blossom.age
+++ b/secrets/wg_blossom.age
@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 U9FXlg aEmRkLTbk+LlxGIheQpHuW1DOP+dL9fJEKeqMorIeVs
-T0f+AZVjcx9pEmqNESmFug61WHs6qqMjV4exKxHl+Ag
--> ssh-ed25519 CUCjXQ 4u8pj84nEA2CuUCYg1ISjllbt99uPhD34TbsRj1KdhY
-hu23nGobEw3cBoyJxkcdKUkaY/37D8sD5htyYnCZG0I
--> L.~Rob(-grease ?5j+u9
-eg1GiLMCsxHS78B/KIUUtA/XHr8BCo1dNh23Y3BZ0Sm6dIsNOWwuZy4sldAK3OgB
-G+bJC4ZTujaqLGZOkX71q989+VVellR8nj9kAuk3weTqVJ6/kIUHMks0Fw
---- xGTF6ckdRW+rkqfBE/iRFd8A+QBvSm/0sYP0HVN6C+0
-®$WqîPOKø^µÙÀÙùfeØå^çb¢÷Ä™$Žà@Ù¤²ÙÑfšl†£ž½¢pãÈë±Ñ\‹S(Z§É4ÍàIhÕ8™|PGn®îè
\ No newline at end of file
+-> ssh-ed25519 U9FXlg O8omuS7auqSwFeVEEHSxRvjaUDm93AM/j5+cQ5FFVgo
+p1I+UeyLvdYZQ5gsNOihMOU6WIFT66HnLa1YKnvGxAA
+-> ssh-ed25519 CUCjXQ CXt9AlwvqCFahVaoU0puuRG2krzxW3AReSn1N87iYko
+SiKoTLp4wFK3AAWlNpQ9iYVhmaI4idmR0CPKTo0ifk4
+-> gy-grease obh[ be}>:8F &> [T%
+hri2u1qHn9rr+m6BrJ8NSVX7IZ0fPbP/RVe8iwtMQY81uypAkL/NWhOIB2vPup26
+cCRNl0GR1XAzUJh8u6ShLr6JHtDc
+--- GcSghQ9kwCBi3HS0PniOSUGzk3asMlZGRPKfZvxVIig
+àk8‹h"H”Y©d/™u2Kfv"?tŒœµˆLkQQÕõÇœÃ¶­Zûà1B•þRÓâ"¾Bg:hbtÛ•ÅLŠœÎ/‡Ì†‡ªõ
\ No newline at end of file
diff --git a/secrets/wg_fondue.age b/secrets/wg_fondue.age
index d05cfa5..890766e 100644
Binary files a/secrets/wg_fondue.age and b/secrets/wg_fondue.age differ
diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age
index a88dd5e..de89730 100644
Binary files a/secrets/wpa_conf.age and b/secrets/wpa_conf.age differ