diff --git a/.gitignore b/.gitignore
index 912e670..6e05969 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,6 @@ result-*
 
 # Ignore automatically generated direnv output
 .direnv
+
+# Ignore VM disk images
+*.qcow2
diff --git a/README.md b/README.md
index 362cd0d..2e02ae7 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,16 @@
 # matrix
 Who needs something else?
+
+# Nixos Setup
+
+## Automatic Tests
+
+Using the nixos framework, tests can be written and performed. See https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests
+
+Perform all tests using `nix flake check`. Call a specific test using `nix build .#checks.x86_64-linux.test1`
+
+## Testing the VM
+
+The VM can be build using `nixos-rebuild build-vm --flake .#matrix` and started using `result/bin/run-nixos-vm`.
+
+See also https://gist.github.com/FlakM/0535b8aa7efec56906c5ab5e32580adf
\ No newline at end of file
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..d0d5ab8
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,86 @@
+{
+  "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1758287904,
+        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1759735786,
+        "narHash": "sha256-a0+h02lyP2KwSNrZz4wLJTu9ikujNsTWIC874Bv7IJ0=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "20c4598c84a671783f741e02bf05cbfaf4907cff",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1759831965,
+        "narHash": "sha256-vgPm2xjOmKdZ0xKA6yLXPJpjOtQPHfaZDRtH+47XEBo=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "c9b6fb798541223bbb396d287d16f43520250518",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "disko": "disko",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "sops": "sops"
+      }
+    },
+    "sops": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1759635238,
+        "narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..2f54769
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,53 @@
+{
+  description = "Flake to setup server using matrix communication protocol";
+
+  inputs = {
+
+    # stable and unstable nixpkgs
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; 
+    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
+    
+    # partitioning and disk management
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # secret management
+    sops = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = { self, nixpkgs, nixpkgs-unstable, disko, sops, ... }@inputs: {
+    nixosConfigurations = {
+      # TODO replace hostname
+      matrix = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          disko.nixosModules.disko
+          sops.nixosModules.sops
+          ./nix/configuration.nix
+          ./nix/disko.nix
+        ];
+        specialArgs = { inherit inputs; };
+      };
+    };
+
+    # Add this section
+    checks.x86_64-linux = {
+      test1 = import ./nix/tests/test1.nix {
+        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+      };
+    };
+
+    # Development shell for working with the configuration
+    # execute: nix develop or use direnv
+    devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
+      buildInputs = with nixpkgs.legacyPackages.x86_64-linux; [
+        # git
+      ];
+    };
+  };
+}
\ No newline at end of file
diff --git a/nix/configuration.nix b/nix/configuration.nix
new file mode 100644
index 0000000..4357b1e
--- /dev/null
+++ b/nix/configuration.nix
@@ -0,0 +1,86 @@
+{ config, pkgs, inputs, lib, ... }:
+
+{
+  imports = [
+    ./users/users.nix
+    ./modules/ssh.nix
+    ./hardware-configuration.nix
+    ./modules/zsh.nix
+   ];
+
+  # nix settings
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Bootloader.
+  boot.loader.grub.enable = true;
+
+  networking.hostName = "matrix";
+
+  # time zone
+  time.timeZone = "Europe/Zurich";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_DE.UTF-8";
+    LC_IDENTIFICATION = "de_DE.UTF-8";
+    LC_MEASUREMENT = "de_DE.UTF-8";
+    LC_MONETARY = "de_DE.UTF-8";
+    LC_NAME = "de_DE.UTF-8";
+    LC_NUMERIC = "de_DE.UTF-8";
+    LC_PAPER = "de_DE.UTF-8";
+    LC_TELEPHONE = "de_DE.UTF-8";
+    LC_TIME = "de_DE.UTF-8";
+  };
+
+  # Allow unfree packages
+  # nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  environment.systemPackages = with pkgs; [
+  ];
+
+  virtualisation.vmVariant = {
+    # following configuration is added only when building VM with build-vm
+    virtualisation = {
+      memorySize = 4000;
+      cores = 2;
+      graphics = false;
+      diskSize = 5000; # 5GB, needed to prevent docker error running out of space
+
+      # Networking configuration
+      #forwardPorts = [
+      #  { from = "host"; host.port = 2222; guest.port = 22; }
+      #];
+    };
+
+    # Add VM-specific users
+    users.users.smith = {
+      isNormalUser = true;
+      description = "VM Test User";
+      extraGroups = [ "wheel" "networkmanager" ];
+      shell = pkgs.zsh;
+      initialPassword = "smith";
+      packages = with pkgs; [  ];
+    };
+
+    security.sudo.wheelNeedsPassword = false;
+
+    # VM-specific packages
+    environment.systemPackages = with pkgs; [
+    ];
+
+    # in order to build VM on x86_64 host
+    nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}
diff --git a/nix/disko.nix b/nix/disko.nix
new file mode 100644
index 0000000..1031611
--- /dev/null
+++ b/nix/disko.nix
@@ -0,0 +1,38 @@
+
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02";
+              priority = 1;
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/nix/hardware-configuration.nix b/nix/hardware-configuration.nix
new file mode 100644
index 0000000..3245a75
--- /dev/null
+++ b/nix/hardware-configuration.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  # aarch64-linux?
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
\ No newline at end of file
diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix
new file mode 100644
index 0000000..0888514
--- /dev/null
+++ b/nix/modules/ssh.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  services.openssh = {
+    enable = true;
+    # permitRootLogin = "no";
+  };
+}
\ No newline at end of file
diff --git a/nix/modules/zsh.nix b/nix/modules/zsh.nix
new file mode 100644
index 0000000..b976dba
--- /dev/null
+++ b/nix/modules/zsh.nix
@@ -0,0 +1,40 @@
+{ lib, config, pkgs, ... }:
+
+{
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    autosuggestions.enable = true;
+    syntaxHighlighting.enable = true;
+    enableLsColors = true;
+
+    histSize = 10000;
+    histFile = "$HOME/.zsh_history";
+  
+    shellAliases = {
+      ll = "ls - l";
+    };
+
+    ohMyZsh = {
+      enable = true;
+      plugins = [
+        "sudo"
+        #"direnv"
+        #"fzf"
+      ];
+      theme = "terminalparty";
+    };
+
+    # custom zsh options
+    setOptions = [
+      "HIST_IGNORE_DUPS" # do not write dupes
+      "HIST_SAVE_NO_DUPS"
+      "HIST_IGNORE_ALL_DUPS"
+      "HIST_FIND_NO_DUPS"
+      "APPEND_HISTORY" # append rather than overwrite ...?
+      "SHARE_HISTORY" # all zsh sessions share history file
+      "HIST_FCNTL_LOCK" # useful to prevent lockups ...? see github
+      "HIST_IGNORE_SPACE" # add space before command to not write to history
+    ];
+  };
+}
diff --git a/nix/tests/test1.nix b/nix/tests/test1.nix
new file mode 100644
index 0000000..29255a8
--- /dev/null
+++ b/nix/tests/test1.nix
@@ -0,0 +1,25 @@
+{ pkgs ? import <nixpkgs> {} }:
+
+pkgs.nixosTest {
+  name = "matrix-login-test";
+  
+  nodes = {
+    machine = { config, pkgs, ... }: {
+      imports = [
+        ../configuration.nix
+      ];
+      
+      # Test configuration
+      virtualisation.memorySize = 2048;
+    };
+  };
+
+  testScript = ''
+    start_all()
+    machine.wait_for_unit("multi-user.target")
+
+    with subtest("SSH service test"):
+        machine.wait_for_unit("sshd.service")
+        machine.wait_for_open_port(22)
+  '';
+}
\ No newline at end of file
diff --git a/nix/users/users.nix b/nix/users/users.nix
new file mode 100644
index 0000000..8d25f0e
--- /dev/null
+++ b/nix/users/users.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  # Define user accounts
+  users.defaultUserShell = pkgs.zsh;
+  users.users.neo = {
+    isNormalUser = true;
+    description = "Matrix User 1";
+    extraGroups = [ "networkmanager" "wheel" ];
+    shell = pkgs.zsh;
+    packages = with pkgs; [ ];
+  };
+
+  users.users.morpheus = {
+    isNormalUser = true;
+    description = "Matrix User 2";
+    extraGroups = [ "networkmanager" "wheel" ];
+    shell = pkgs.zsh;
+    packages = with pkgs; [ ];
+  };
+
+  users.users.trinity = {
+    isNormalUser = true;
+    description = "Matrix User 3";
+    extraGroups = [ "networkmanager" "wheel" ];
+    shell = pkgs.zsh;
+    packages = with pkgs; [ ];
+  };
+}
\ No newline at end of file