diff --git a/nixosConfigurations/catarina/default.nix b/nixosConfigurations/catarina/default.nix
index e69de29..387765e 100644
--- a/nixosConfigurations/catarina/default.nix
+++ b/nixosConfigurations/catarina/default.nix
@@ -0,0 +1,118 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+    system.stateVersion = "23.11";
+
+    imports = [ ./hardware.nix ./users.nix ];
+
+# Nix settings
+    nix = {
+        settings = {
+            experimental-features = [ "nix-command" "flakes" ];
+            trusted-users = [ "nafaryus" ];
+            allowed-users = [ "nafaryus" ];
+            substituters = [ "https://nix-community.cachix.org" ];
+            trusted-public-keys = [ 
+                "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 
+            ];
+            auto-optimise-store = true;
+        };
+        gc = {
+            automatic = lib.mkDefault true;
+            dates = lib.mkDefault "weekly";
+            options = lib.mkDefault "--delete-older-than 14d";
+        };
+    };
+
+# Nix packages
+    nixpkgs = {
+        hostPlatform = lib.mkDefault "x86_64-linux";
+        config.allowUnfree = true;
+        config.cudaSupport = false;
+    };
+
+# Services
+    services.xserver = {
+        enable = true;
+ 
+        layout = "us";
+        xkbVariant = "";
+ 
+        videoDrivers = [ "nvidia" ];
+
+        displayManager.gdm.enable = true;
+        desktopManager.gnome.enable = true;
+        windowManager.awesome.enable = true;
+    };
+
+    services.printing.enable = true;
+
+    services.pipewire = {
+        enable = true;
+        alsa.enable = true;
+        alsa.support32Bit = true;
+        pulse.enable = true;
+    };
+
+    services.openssh = {
+        enable = true;
+        startWhenNeeded = true;
+    };
+
+    services.udev = {
+        packages = with pkgs; [ gnome.gnome-settings-daemon ];
+    };
+
+    services.blueman.enable = true;
+
+    services.spoofdpi.enable = true;
+
+# Packages
+    environment.systemPackages = with pkgs; [
+        wget
+
+        ntfs3g
+        sshfs
+        exfat
+
+        lm_sensors
+
+        git
+        ripgrep
+        fd
+        lazygit
+        unzip
+
+        gnumake
+
+        fishPlugins.fzf-fish
+        fishPlugins.tide
+        fishPlugins.grc
+        fishPlugins.hydro
+
+        nnn
+        fzf
+        grc
+
+        gcc
+
+        cachix
+
+        gnupg
+        nnn
+        htop
+    ];
+
+    programs = {
+        fish.enable = true;
+
+        neovim = {
+          enable = true;
+          defaultEditor = true;
+        };
+    };
+
+    programs.direnv.enable = true;
+
+    fonts.packages = with pkgs; [ nerdfonts ];
+
+}
diff --git a/nixosConfigurations/catarina/hardware.nix b/nixosConfigurations/catarina/hardware.nix
new file mode 100644
index 0000000..3cc7743
--- /dev/null
+++ b/nixosConfigurations/catarina/hardware.nix
@@ -0,0 +1,134 @@
+{ config, lib, ... }:
+{
+# Boot 
+    boot = {
+        loader.systemd-boot.enable = true;
+        loader.systemd-boot.configurationLimit = 5;
+        loader.efi.canTouchEfiVariables = true;
+
+        tmp.useTmpfs = lib.mkDefault true;
+        tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
+
+        initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+        initrd.kernelModules = [ ];
+        kernelModules = [ "kvm-intel" "tcp_bbr" "coretemp" "nct6775" ];
+        kernelParams = [ "threadirqs" ];
+
+        kernel.sysctl = {
+            # The Magic SysRq key is a key combo that allows users connected to the
+            # system console of a Linux kernel to perform some low-level commands.
+            # Disable it, since we don't need it, and is a potential security concern.
+            "kernel.sysrq" = 0;
+
+            ## TCP hardening
+            # Prevent bogus ICMP errors from filling up logs.
+            "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
+            # Reverse path filtering causes the kernel to do source validation of
+            # packets received from all interfaces. This can mitigate IP spoofing.
+            "net.ipv4.conf.default.rp_filter" = 1;
+            "net.ipv4.conf.all.rp_filter" = 1;
+            # Do not accept IP source route packets
+            "net.ipv4.conf.all.accept_source_route" = 0;
+            "net.ipv6.conf.all.accept_source_route" = 0;
+            # Don't send ICMP redirects
+            "net.ipv4.conf.all.send_redirects" = 0;
+            "net.ipv4.conf.default.send_redirects" = 0;
+            # Refuse ICMP redirects (MITM mitigations)
+            "net.ipv4.conf.all.accept_redirects" = 0;
+            "net.ipv4.conf.default.accept_redirects" = 0;
+            "net.ipv4.conf.all.secure_redirects" = 0;
+            "net.ipv4.conf.default.secure_redirects" = 0;
+            "net.ipv6.conf.all.accept_redirects" = 0;
+            "net.ipv6.conf.default.accept_redirects" = 0;
+            # Protects against SYN flood attacks
+            "net.ipv4.tcp_syncookies" = 1;
+            # Incomplete protection again TIME-WAIT assassination
+            "net.ipv4.tcp_rfc1337" = 1;
+
+            ## TCP optimization
+            # TCP Fast Open is a TCP extension that reduces network latency by packing
+            # data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
+            # both incoming and outgoing connections:
+            "net.ipv4.tcp_fastopen" = 3;
+            # Bufferbloat mitigations + slight improvement in throughput & latency
+            "net.ipv4.tcp_congestion_control" = "bbr";
+            "net.core.default_qdisc" = "cake";
+        };
+    };
+
+# Security
+    security = {
+        protectKernelImage = true;
+        acme.acceptTerms = true;
+        sudo.extraConfig = ''Defaults timestamp_timeout=30'';
+        rtkit.enable = true;
+    };
+
+    users.users.root.initialPassword = "nixos";
+
+# Filesystem
+    fileSystems = {
+        "/" = { 
+            device = "/dev/disk/by-uuid/1e26a42f-0546-48f1-8e8e-f1e2dfdcc5fb";
+            fsType = "ext4";
+        };
+
+        "/boot" = { 
+            device = "/dev/disk/by-uuid/786A-F24B";
+            fsType = "vfat";
+        };
+    };
+
+    swapDevices = [ 
+        { device = "/dev/disk/by-uuid/ff4c8615-e4c8-429b-822e-55cb1c14e125"; }
+    ];
+
+    services.fstrim.enable = true;
+
+# Hardware etc
+    hardware = {
+        enableRedistributableFirmware = true;
+
+        nvidia.nvidiaSettings = true;
+        nvidia.modesetting.enable = true;
+        
+        opengl.enable = true;
+        opengl.driSupport32Bit = true;
+
+        bluetooth.enable = true;
+
+        pulseaudio.enable = false;
+    };
+
+    sound.enable = true;
+
+    networking = {
+        networkmanager.enable = true;
+        useDHCP = lib.mkDefault true;
+        hostName = "catarina";
+        extraHosts = '''';
+
+        firewall = {
+            enable = true;
+            allowedTCPPorts = [ 80 443 ];
+        };
+    };
+
+# Common
+    time.timeZone = "Asia/Yekaterinburg";
+
+    i18n = {
+        defaultLocale = "en_US.UTF-8";
+        extraLocaleSettings = {
+            LC_ADDRESS = "en_US.UTF-8";
+            LC_IDENTIFICATION = "en_US.UTF-8";
+            LC_MEASUREMENT = "en_US.UTF-8";
+            LC_MONETARY = "en_US.UTF-8";
+            LC_NAME = "en_US.UTF-8";
+            LC_NUMERIC = "en_US.UTF-8";
+            LC_PAPER = "en_US.UTF-8";
+            LC_TELEPHONE = "en_US.UTF-8";
+            LC_TIME = "en_US.UTF-8";
+        };
+    };
+}
diff --git a/nixosConfigurations/catarina/users.nix b/nixosConfigurations/catarina/users.nix
new file mode 100644
index 0000000..d82b619
--- /dev/null
+++ b/nixosConfigurations/catarina/users.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, lib, ... }:
+{
+# Users
+    users.users.nafaryus = {
+        isNormalUser = true;
+        description = "L-Nafaryus";
+        extraGroups = [ "networkmanager" "wheel" ];
+        group = "users";
+        uid = 1000;
+        initialPassword = "nixos";
+        shell = pkgs.fish;
+    };
+}