diff --git a/flake.nix b/flake.nix
index 2de254e..281a08d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -107,6 +107,15 @@
           path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.heimdall;
         };
       };
+
+      loki = {
+        hostname = "loki";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.loki;
+        };
+      };
     };
 
     homeConfigurations = {
@@ -162,6 +171,17 @@
         ];
       };
 
+      loki = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          agenix.nixosModules.default
+          ./hosts/loki/configuration.nix
+          ./modules/servers/general
+          ./modules/servers/loki
+        ];
+      };
+
       nixos = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs;};
         modules = [
diff --git a/hosts/loki/configuration.nix b/hosts/loki/configuration.nix
new file mode 100644
index 0000000..dfdd076
--- /dev/null
+++ b/hosts/loki/configuration.nix
@@ -0,0 +1,27 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  networking.hostName = "loki";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/loki/disk-config.nix b/hosts/loki/disk-config.nix
new file mode 100644
index 0000000..ff82562
--- /dev/null
+++ b/hosts/loki/disk-config.nix
@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/vda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/servers/loki/default.nix b/modules/servers/loki/default.nix
new file mode 100644
index 0000000..c043cd8
--- /dev/null
+++ b/modules/servers/loki/default.nix
@@ -0,0 +1,5 @@
+{...}: {
+  imports = [
+    ./rimgo.nix
+  ];
+}
diff --git a/modules/servers/loki/rimgo.nix b/modules/servers/loki/rimgo.nix
new file mode 100644
index 0000000..82787c4
--- /dev/null
+++ b/modules/servers/loki/rimgo.nix
@@ -0,0 +1,26 @@
+{...}: {
+  services.rimgo = {
+    enable = true;
+    settings = {
+      PORT = 3000;
+      ADDRESS = "127.0.0.1";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.rimgo.loadBalancer.servers = [
+      {
+        url = "http://localhost:3000";
+      }
+    ];
+
+    routers.rimgo = {
+      rule = "Host(`rimgo.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "rimgo";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 33dcced..16ceaf6 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,6 +1,7 @@
 let
   # SYSTEMS
   heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8";
+  loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
 
   # USERS
   root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@@ -8,7 +9,7 @@ let
   users = [
     root
   ];
-  systems = [heimdall];
+  systems = [heimdall loki];
 in {
   "traefik.age".publicKeys = systems ++ users;
   "wg-heimdall.age".publicKeys = systems ++ users;
diff --git a/secrets/traefik.age b/secrets/traefik.age
index 75660d9..adffe36 100644
Binary files a/secrets/traefik.age and b/secrets/traefik.age differ
diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age
index bb91178..a1cadec 100644
Binary files a/secrets/wg-desktop.age and b/secrets/wg-desktop.age differ
diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age
index 1dbfa81..3af4512 100644
Binary files a/secrets/wg-heimdall.age and b/secrets/wg-heimdall.age differ