diff --git a/bin/mkboot b/bin/mkboot
index db71c14..0b7da90 100755
--- a/bin/mkboot
+++ b/bin/mkboot
@@ -13,6 +13,9 @@ iso)
 reform)
 	nix build .#nixosConfigurations.reformInstall.config.system.build.sdImage
 	;;
+octo)
+	nix build .#nixosConfigurations.octo.config.system.build.sdImage
+	;;
 *)
 	echo "Usage: boot [iso|arm64|arm|hass|reform]"
 	;;
diff --git a/flake.nix b/flake.nix
index 948423a..e976b2c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -209,6 +209,7 @@
         pwntie = buildSys "x86_64-linux" stable [ ] "pwntie";
         stan = buildSys "x86_64-linux" unstable [ ] "stan";
         weather = buildSys "aarch64-linux" stable [ ] "weather";
+        octo = buildSys "aarch64-linux" stable [ ] "octo";
 
         faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf";
         box = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "box";
diff --git a/hosts/octo/default.nix b/hosts/octo/default.nix
new file mode 100644
index 0000000..f517925
--- /dev/null
+++ b/hosts/octo/default.nix
@@ -0,0 +1,50 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+let
+  pubKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
+    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
+  ];
+  userBase = {
+    openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
+  };
+in
+{
+  _module.args.isUnstable = false;
+  imports = [ ./hardware-configuration.nix ];
+
+  boot = {
+    initrd.availableKernelModules = [ "usbhid" "usb_storage" ];
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelModules = [ "raspberrypi_ts" ];
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+
+  networking = {
+    hostName = "octo";
+    networkmanager = { enable = true; };
+    wireless.userControlled.enable = true;
+  };
+
+  preDNS.enable = false;
+  systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart =
+    lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ];
+
+  users.users = {
+    root = userBase;
+    qbit = userBase;
+  };
+
+  services.octoprint = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  system.stateVersion = "21.11";
+}
diff --git a/hosts/octo/hardware-configuration.nix b/hosts/octo/hardware-configuration.nix
new file mode 100644
index 0000000..eccc117
--- /dev/null
+++ b/hosts/octo/hardware-configuration.nix
@@ -0,0 +1,37 @@
+{ ... }: {
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+    "/tmp" = {
+      device = "/dev/disk/by-label/nix-extra";
+      fsType = "ext4";
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+
+  #hardware.deviceTree = {
+  #  overlays = [
+  #    #"${pkgs.raspberrypifw}/share/raspberrypi/boot/overlays/rpi-ft5406.dtbo"
+  #    {
+  #      name = "rpi4-cma-overlay";
+  #      dtsText = ''
+  #        // SPDX-License-Identifier: GPL-2.0
+  #        /dts-v1/;
+  #        /plugin/;
+  #        / {
+  #          compatible = "brcm,bcm2711";
+  #          fragment@0 {
+  #            target = <&cma>;
+  #            __overlay__ {
+  #              size = <(512 * 1024 * 1024)>;
+  #            };
+  #          };
+  #        };
+  #      '';
+  #    }
+  #  ];
+  #};
+}