diff --git a/flake.nix b/flake.nix
index feae5da..c6619c5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,8 +2,10 @@
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     nixpkgs-raccoon.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
     home-manager.url = "github:nix-community/home-manager";
     home-manager-raccoon.url = "github:nix-community/home-manager/release-22.11";
+    home-manager-stable.url = "github:nix-community/home-manager/release-23.11";
     neovim-nightly.url = "github:nix-community/neovim-nightly-overlay";
     nixos-hardware.url = "github:NixOS/nixos-hardware";
     agenix.url = "github:ryantm/agenix";
@@ -13,6 +15,7 @@
     agenix.inputs.nixpkgs.follows = "nixpkgs";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
     home-manager-raccoon.inputs.nixpkgs.follows = "nixpkgs-raccoon";
+    home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
     neovim-nightly.inputs.nixpkgs.follows = "nixpkgs";
     nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
     spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
@@ -46,7 +49,7 @@
     rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = { self, agenix, nixos-generators, nixpkgs, nixpkgs-raccoon, ... } @ inputs:
+  outputs = { self, agenix, nixos-generators, nixpkgs, nixpkgs-raccoon, nixpkgs-stable, ... } @ inputs:
     let
       overlays = (import ./overlays)
         ++ [(final: prev: {
@@ -81,6 +84,7 @@
         ];
       }];
       nixosConfigurations."sugarcane" = mkSystem nixpkgs-raccoon "sugarcane" "x86_64-linux" false [];
+      nixosConfigurations."dandelion" = mkSystem nixpkgs-stable "dandelion" "aarch64-linux" false [];
 
       packages."x86_64-linux" =
         let
diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
new file mode 100644
index 0000000..c3fd0a1
--- /dev/null
+++ b/hosts/dandelion/default.nix
@@ -0,0 +1,24 @@
+{ config, inputs, modules, modulesPath, overlays, pkgs, ... }: {
+  networking.hostName = "dandelion";
+  system.stateVersion = "23.11";
+  time.timeZone = "Australia/Melbourne";
+
+  imports = with modules.system; [
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.home-manager-stable.nixosModule
+
+    base
+    home-manager
+    input
+    nix-stable
+    security
+    #wireguard
+
+    ./filesystem.nix
+    ./kernel.nix
+    ./networking.nix
+    ./packages.nix
+
+    ../../users/hana
+  ];
+}
diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix
new file mode 100644
index 0000000..55c9c2a
--- /dev/null
+++ b/hosts/dandelion/filesystem.nix
@@ -0,0 +1,34 @@
+{ config, ... }:
+let
+  bind = src: {
+    depends = [ "/nix" ];
+    device = src;
+    fsType = "none";
+    neededForBoot = true;
+    options = [ "bind" ];
+  };
+
+  mkLabelMount = label: type: lazy: {
+    device = "/dev/disk/by-label/${label}";
+    fsType = type;
+    options = [ "defaults" "relatime" ] ++ lib.optionals lazy [ "nofail" ];
+  };
+  mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" false // {
+    options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
+  };
+  submount = mkBtrfsMount "DANDELION";
+in {
+  fileSystems = {
+    "/" = {
+      device = "rootfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=12G" "mode=755" ];
+    };
+
+    "/boot" = mkLabelMount "UEFI" "vfat" true;
+    "/nix" = submount "/@/nix" false;
+    "/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
+    "/persist/.snapshots" = submount "/snap/persist" false;
+    "/var/log/journal" = bind "/persist/journal";
+  };
+}
diff --git a/hosts/dandelion/kernel.nix b/hosts/dandelion/kernel.nix
new file mode 100644
index 0000000..76629f3
--- /dev/null
+++ b/hosts/dandelion/kernel.nix
@@ -0,0 +1,18 @@
+{ config, inputs, pkgs, ... }: {
+  boot = {
+    loader = {
+      systemd-boot.enable = false;
+      efi.canTouchEfiVariables = true;
+      grub = {
+        enable = true;
+        device = "/dev/sda";
+      };
+    };
+    initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
+    initrd.kernelModules = [ "nvme" ];
+    kernel.sysctl = {
+      "kernel.core_pattern" = "|/bin/false";
+      "kernel.sysrq" = 1;
+    };
+  };
+}
diff --git a/hosts/dandelion/networking.nix b/hosts/dandelion/networking.nix
new file mode 100644
index 0000000..555dcdd
--- /dev/null
+++ b/hosts/dandelion/networking.nix
@@ -0,0 +1,10 @@
+{ config, ... }: {
+  networking = {
+    useDHCP = true;
+
+    # extraHosts = ''
+    #   10.100.0.3 blossom
+    #   10.100.0.4 strawberry
+    # '';
+  };
+}
diff --git a/hosts/dandelion/packages.nix b/hosts/dandelion/packages.nix
new file mode 100644
index 0000000..e3e3f15
--- /dev/null
+++ b/hosts/dandelion/packages.nix
@@ -0,0 +1,14 @@
+{ lib, pkgs, ... }: {
+  environment.systemPackages = with pkgs; [
+    git
+    htop
+    jq
+    neovim
+    rsync
+    sshfs
+    wget
+
+    kitty.terminfo
+  ];
+  environment.variables.EDITOR = "nvim";
+}
diff --git a/users/hana/default.nix b/users/hana/default.nix
index a7c683a..0e9276f 100644
--- a/users/hana/default.nix
+++ b/users/hana/default.nix
@@ -4,7 +4,7 @@
     extraGroups = [ "wheel" ];
     shell = pkgs.zsh;
     uid = 1002;
-    passwordFile = config.age.secrets.passwd.path;
+    hashedPassword = "$y$j9T$BxnsFaGwBfSKe4jAJaaxI.$cpFtu8fzFhKalIV3WGuA2jz4//KJBwhiybpnlmoZPy.";
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry"
@@ -15,7 +15,7 @@
     home = {
       username = "hana";
       homeDirectory = "/home/hana";
-      stateVersion = "21.11";
+      stateVersion = "23.11";
     };
 
     imports = with modules.user; [