diff --git a/nixops/nixops.nix b/nixops/nixops.nix
index 9ee5f50..ea014cf 100644
--- a/nixops/nixops.nix
+++ b/nixops/nixops.nix
@@ -5,7 +5,7 @@
   rpi-2 = import ./rpi.nix { host = "rpi-2"; rpi4 = false; experimental-users = true; };
   rpi-3 = import ./rpi.nix { host = "rpi-3"; rpi4 = true; };
   rpi-4 = import ./rpi.nix { host = "rpi-4"; rpi4 = true; };
-  rpi-5 = import ./rpi.nix { host = "rpi-5"; rpi4 = true; };
+  rpi-5 = import ./rpi-server.nix { host = "rpi-5"; rpi4 = true; };
   juno = import ./desktop.nix { host = "juno"; };
   zeus = import ./desktop.nix { host = "zeus"; };
   hera = import ./desktop.nix { host = "hera"; };
diff --git a/nixops/rpi-server.nix b/nixops/rpi-server.nix
new file mode 100644
index 0000000..cc7baa7
--- /dev/null
+++ b/nixops/rpi-server.nix
@@ -0,0 +1,71 @@
+{ host, rpi4 }:
+
+{ config, pkgs, ... }:
+{
+  deployment.targetHost = host;
+  nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
+  nixpkgs.system = "aarch64-linux";
+
+  boot.loader.grub.enable = false;
+
+  boot.loader.generic-extlinux-compatible.enable = !rpi4;
+  boot.loader.raspberryPi = pkgs.lib.mkIf rpi4 {
+    enable = true;
+    version = 4;
+  };
+  boot.kernelPackages = pkgs.lib.mkIf rpi4 pkgs.linuxPackages_latest;
+
+  fileSystems = if rpi4 then {
+    "/boot" = {
+      device = "/dev/disk/by-label/FIRMWARE";
+      fsType = "vfat";
+    };
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+  } else {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+  };
+
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+  services.openssh.extraConfig =
+    ''
+    StreamLocalBindUnlink yes
+    '';
+  programs.mosh.enable = true;
+
+  networking.hostName = host;
+  time.timeZone = "Asia/Hong_Kong";
+
+  users.mutableUsers = false;
+  users.defaultUserShell = pkgs.fish;
+  users.extraUsers = import ./common-users.nix { inherit pkgs; };
+  security.sudo.wheelNeedsPassword = false;
+
+  documentation.enable = false;
+  environment.systemPackages = with pkgs; [
+    psmisc wget vim git sshfs usbutils lm_sensors file telnet mosh tmux
+  ];
+  programs.fish.enable = true;
+
+  services.avahi.enable = true;
+  services.avahi.publish.enable = true;
+  services.avahi.publish.userServices = true;
+  services.printing.enable = true;
+  services.printing.drivers = [ pkgs.hplip ];
+  services.printing.browsing = true;
+  services.printing.listenAddresses = [ "*:631" ];
+  services.printing.defaultShared = true;
+  hardware.sane.enable = true;
+  hardware.sane.extraBackends = [ pkgs.hplip ];
+  networking.firewall.allowedTCPPorts = [ 631 ];
+
+  nix.binaryCachePublicKeys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
+  nix.binaryCaches = ["https://cache.nixos.org" "https://nixbld.m-labs.hk"];
+  nix.trustedUsers = ["root" "nix"];
+}