diff --git a/global/auth/pub/eientei.pub b/global/auth/pub/eientei.pub
new file mode 100644
index 00000000..cfe7e155
--- /dev/null
+++ b/global/auth/pub/eientei.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnhMCGSLMY+QldeCTaRovmfuzKdJsllQy9XinN2JU2z koishi@eientei
diff --git a/spec/eientei/default.nix b/spec/eientei/default.nix
new file mode 100644
index 00000000..70eb7281
--- /dev/null
+++ b/spec/eientei/default.nix
@@ -0,0 +1,43 @@
+{ lib
+, ... }: {
+  global = {
+    id = "ff96c05be13e44f681292205370eed1a";
+    auth.openssh.enable = true;
+    fs.esp.uuid = "C368-7571";
+    fs.type = "zfs";
+    fs.zfs.externalStore = true;
+    fs.external.device = "/dev/disk/by-uuid/d9202e56-a14f-4342-acdb-dbae33d680fc";
+    fs.external.fsType = "xfs";
+    fs.external.options = [ "noatime" ];
+    fs.cryptsetup.enable = true;
+    fs.cryptsetup.allowDiscards = false;
+    fs.cryptsetup.uuids.secret = "c33c9b18-a280-42d7-8740-3f8d3f60dc43";
+    boot.lanzaboote = true;
+  };
+
+  services.fstrim.enable = true;
+  boot.swraid.enable = true;
+  boot.swraid.mdadmConf = ''
+    PROGRAM /usr/bin/true
+  '';
+  fileSystems."/nix/var/secret" =
+  { device = "/dev/disk/by-uuid/1404c4f1-b890-4cf0-ab8a-26bd81bd2254";
+    fsType = "ext4";
+    options = [ "noatime" ];
+    neededForBoot = true;
+    depends = [ "/nix/var" ];
+  };
+  boot.initrd.systemd.services.zfs-import-eientei.after = [ "cryptsetup.target" ];
+
+  imports = lib.pipe ./. [
+    builtins.readDir
+    (lib.filterAttrs (n: ty: ty == "regular" && n != "default.nix"))
+    (lib.mapAttrsToList (n: _: ./${n}))
+  ];
+
+  hardware.enableRedistributableFirmware = true;
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "i915" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+}