diff --git a/flake.nix b/flake.nix
index b5507d3..6c48584 100644
--- a/flake.nix
+++ b/flake.nix
@@ -53,6 +53,13 @@
       ];
     };
 
+    nixosConfigurations.server = nixpkgs.lib.nixosSystem {
+      modules = [
+        baseModule
+        ./hosts/thonkpad/configuration.nix
+      ];
+    };
+
     nixosConfigurations.rq = nixpkgs.lib.nixosSystem {
       modules = [
         baseModule
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
new file mode 100644
index 0000000..eada54e
--- /dev/null
+++ b/hosts/server/configuration.nix
@@ -0,0 +1,77 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../system/system.nix
+    ./ssh.nix
+  ];
+
+  options = {
+    res = lib.mkOption {
+      type = lib.types.str;
+      default = "1920x1080";
+      description = "screen resolution";
+    };
+  };
+
+  config = {
+    networking.hostName = "server"; # Define your hostname.
+    res = "2560x1440";
+
+    home-manager = {
+      useGlobalPkgs = true;
+      useUserPackages = true;
+      backupFileExtension = "backup";
+      users.synchronous.imports = [../../home/home.nix];
+    };
+
+    # Bootloader.
+    # boot.loader.grub.enable = true;
+    # boot.loader.grub.device = "/dev/nvme0n1";
+    # boot.loader.grub.useOSProber = true;
+    # boot.loader.grub.version = 2;
+    # services.logind.lidSwitchExternalPower = "ignore";
+
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+    boot.loader.grub.enable = false;
+
+    age = {
+      secrets = {
+        zsh_remote = {
+          file = ../../secrets/zsh_remote.age;
+          owner = "synchronous";
+          mode = "0400";
+        };
+        tailscale-rq = {
+          file = ../../secrets/tailscale-rq.age;
+          owner = "synchronous";
+          mode = "0400";
+        };
+        ssh-pub = {
+          file = ../../secrets/ssh-pub.age;
+          owner = "synchronous";
+          mode = "0400";
+        };
+      };
+      secretsDir = "/home/synchronous/.agenix/agenix";
+      secretsMountPoint = "/home/synchronous/.agenix/agenix.d";
+      identityPaths = ["/home/synchronous/.ssh/id_ed25519"];
+    };
+
+    #boot = {
+    #  loader.systemd-boot = {
+    #    enable = true;
+    #    editor = false;
+    #  };
+    #  kernelPackages = pkgs.linuxPackages;
+    #};
+    # boot.loader.systemd-boot.enable = true;
+    # boot.loader.efi.canTouchEfiVariables = true;
+    # boot.loader.grub.enable = false;
+  };
+}
diff --git a/hosts/server/ssh.nix b/hosts/server/ssh.nix
new file mode 100644
index 0000000..e88f023
--- /dev/null
+++ b/hosts/server/ssh.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.openssh.enable = true;
+
+  # Disable password login for security
+  services.openssh.settings.PasswordAuthentication = false;
+  services.openssh.settings.PermitRootLogin = "no";
+
+  # Add your authorized key for a specific user
+  users.users.yourusername = {
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      config.age.secrets.ssh-pub
+    ];
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index aa8d71e..eefca9d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,4 +4,5 @@ let
 in {
   "zsh_remote.age".publicKeys = [key];
   "tailscale-rq.age".publicKeys = [key];
+  "ssh-pub.age".publicKeys = [key];
 }
diff --git a/secrets/ssh-pub.age b/secrets/ssh-pub.age
new file mode 100644
index 0000000..6b8c0d4
Binary files /dev/null and b/secrets/ssh-pub.age differ