diff --git a/flake.nix b/flake.nix
index e468c14..0edcb00 100644
--- a/flake.nix
+++ b/flake.nix
@@ -59,15 +59,11 @@
 
             ({config, ...}: {
               config = {
-                nixpkgs.overlays = [
-                  overlays
-                ];
+                nixpkgs.overlays = [overlays];
                 nixpkgs.config.allowUnfree = true;
                 home-manager = {
                   useGlobalPkgs = true;
-                  sharedModules = [
-                    sops.homeManagerModules.sops
-                  ];
+                  sharedModules = [sops.homeManagerModules.sops];
                   users.winston.imports = [./home];
                   extraSpecialArgs = {
                     flakePath = "/home/winston/.config/nixpkgs";
@@ -78,6 +74,30 @@
             })
           ];
         };
+        "bento" = nixpkgs.lib.nixosSystem rec {
+          system = "x86_64-linux";
+          modules = [
+            home-manager.nixosModules.home-manager
+            ./machines/common.nix
+            ./machines/bento
+
+            ({config, ...}: {
+              config = {
+                nixpkgs.overlays = [overlays];
+                nixpkgs.config.allowUnfree = true;
+                home-manager = {
+                  useGlobalPkgs = true;
+                  sharedModules = [sops.homeManagerModules.sops];
+                  users.w.imports = [./home];
+                  extraSpecialArgs = {
+                    flakePath = "/home/w/.config/nixpkgs";
+                    machine.personal = false;
+                  };
+                };
+              };
+            })
+          ];
+        };
       };
       darwinConfigurations = {
         "sashimi" = darwin.lib.darwinSystem rec {
diff --git a/home/default.nix b/home/default.nix
index 3626ed8..3841c78 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -58,6 +58,7 @@ in {
         insomnia
         mattermost-desktop
         neovide
+        unstable.jetbrains.webstorm
       ]
       ++ lib.optionals (isLinux && machine.personal) [
         nur.repos.nekowinston.discover-overlay
diff --git a/machines/bento/default.nix b/machines/bento/default.nix
new file mode 100644
index 0000000..e8526f3
--- /dev/null
+++ b/machines/bento/default.nix
@@ -0,0 +1,129 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  mainUser = "w";
+in {
+  nixpkgs.config.allowUnfree = true;
+
+  imports = [./hardware.nix];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader.efi.canTouchEfiVariables = true;
+    loader.systemd-boot.enable = true;
+
+    # plymouth
+    plymouth = {
+      enable = true;
+      theme = "catppuccin-mocha";
+      themePackages = [pkgs.nur.repos.nekowinston.plymouth-theme-catppuccin];
+    };
+    kernelParams = ["quiet" "splash"];
+    initrd.systemd.enable = true;
+  };
+
+  hardware = {
+    bluetooth.enable = true;
+  };
+
+  networking = {
+    hostName = "bento";
+    networkmanager.enable = true;
+    firewall.enable = true;
+  };
+
+  time.timeZone = "Europe/Vienna";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  environment.systemPackages = with pkgs; [
+    # file management
+    p7zip
+    unzip
+    zip
+    gnome.file-roller
+
+    # thumbnails
+    webp-pixbuf-loader
+    ffmpegthumbnailer
+  ];
+  programs = {
+    dconf.enable = true;
+    nix-ld.enable = true;
+    noisetorch.enable = true;
+    thunar = {
+      enable = true;
+      plugins = with pkgs.xfce; [
+        thunar-archive-plugin
+        thunar-volman
+      ];
+    };
+  };
+
+  security = {
+    polkit.enable = true;
+    rtkit.enable = true;
+  };
+  systemd = {
+    packages = [pkgs.polkit_gnome];
+    user.services.polkit-gnome-authentication-agent-1 = {
+      unitConfig = {
+        Description = "polkit-gnome-authentication-agent-1";
+        Wants = ["graphical-session.target"];
+        WantedBy = ["graphical-session.target"];
+        After = ["graphical-session.target"];
+      };
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+        Restart = "on-failure";
+        RestartSec = 1;
+        TimeoutStopSec = 10;
+      };
+    };
+  };
+
+  services = {
+    # mounting
+    gvfs.enable = true;
+    udisks2.enable = true;
+    devmon.enable = true;
+
+    # thunbnails
+    tumbler.enable = true;
+
+    # desktop
+    blueman.enable = true;
+    gnome.gnome-keyring.enable = true;
+    mullvad-vpn.enable = true;
+    pipewire = {
+      enable = true;
+      pulse.enable = true;
+    };
+
+    openssh.enable = true;
+    pcscd.enable = true;
+
+    xserver = {
+      enable = true;
+      desktopManager.xterm.enable = false;
+      displayManager.gdm.enable = true;
+      displayManager.gdm.wayland = false;
+      libinput.enable = true;
+      windowManager.i3.enable = true;
+      xkbOptions = "caps:ctrl_modifier";
+    };
+  };
+
+  virtualisation.docker.enable = true;
+
+  users.users."${mainUser}" = {
+    extraGroups = ["wheel" "docker"];
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
+    shell = pkgs.zsh;
+  };
+
+  system.stateVersion = "22.11";
+}
diff --git a/machines/bento/hardware.nix b/machines/bento/hardware.nix
new file mode 100644
index 0000000..34c14e3
--- /dev/null
+++ b/machines/bento/hardware.nix
@@ -0,0 +1,69 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sr_mod"];
+  boot.initrd.kernelModules = ["dm-snapshot"];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  boot.loader.systemd-boot.consoleMode = "0";
+
+  boot.initrd.luks.devices = {
+    luksroot = {
+      device = "/dev/disk/by-uuid/1af1c538-b38a-43f3-9ad2-9da8a946db7f";
+      preLVM = true;
+      allowDiscards = true;
+    };
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/83c767e9-9efd-4f85-990d-e5cfb9200167";
+    fsType = "btrfs";
+    options = ["subvol=root" "compress=zstd"];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/83c767e9-9efd-4f85-990d-e5cfb9200167";
+    fsType = "btrfs";
+    options = ["subvol=home" "compress=zstd"];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/83c767e9-9efd-4f85-990d-e5cfb9200167";
+    fsType = "btrfs";
+    options = ["subvol=nix" "compress=zstd" "noatime"];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9382-B533";
+    fsType = "vfat";
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/fd70f74e-f2a8-4117-a2c0-355736b162e0";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}