diff --git a/modules/nixos/core/users.nix b/modules/nixos/core/users.nix
index 635dc1f..7294960 100644
--- a/modules/nixos/core/users.nix
+++ b/modules/nixos/core/users.nix
@@ -17,7 +17,7 @@ in {
       type = (types.listOf types.str);
       default = [ "mtxyz" "hive" ];
     };
-    friend = lib.mkOption {
+    friends = lib.mkOption {
       type = types.bool;
       default = false;
     };
@@ -37,7 +37,7 @@ in {
       initialPassword = "";
       linger = true;
     })) // {
-      friends = lib.mkIf config.gg.users.friend {
+      friends = lib.mkIf config.gg.users.friends {
         isNormalUser = true;
         hashedPassword = "";
       };
diff --git a/systems/aarch64-linux/orange/default.nix b/systems/aarch64-linux/orange/default.nix
new file mode 100644
index 0000000..5cb3f13
--- /dev/null
+++ b/systems/aarch64-linux/orange/default.nix
@@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    ./hardware.nix
+  ];
+
+  # Localization
+  time.timeZone = "Etc/UTC";
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitEmptyPasswords = false;
+    };
+  };
+  programs.mosh.enable = true;
+
+  security.sudo.wheelNeedsPassword = false; # Needed for colmena.
+  documentation.man.enable = false; # Takes way too long to build.
+
+  environment.systemPackages = with pkgs; [
+    zellij tmux minicom tio lrzsz python3Packages.pyserial btop
+  ];
+  programs.fish.enable = true;
+
+  gg.users.friends = true;
+
+  users.groups.dialout.members = config.gg.users.admins ++ [ "friends" ];
+
+  # Start tmux session for serial console on boot.
+  systemd.services.tmux-serial = {
+    description   = "Tmux Serial Server Service";
+    wantedBy      = [ "multi-user.target" ];
+    after         = [ "network.target" ];
+
+    script = ''
+      ${pkgs.tmux}/bin/tmux new -d \
+        ${pkgs.python3Packages.pyserial}/bin/pyserial-miniterm /dev/ttyS1 115200 --eol lf --raw
+    '';
+
+    serviceConfig = {
+      Restart = "always";
+      User    = "friends";
+      Group   = "users";
+      Type = "forking";
+      WorkingDirectory = "~";
+      GuessMainPID = true;
+    };
+  };
+
+  system.stateVersion = "24.05";
+}
diff --git a/systems/aarch64-linux/orange/hardware.nix b/systems/aarch64-linux/orange/hardware.nix
new file mode 100644
index 0000000..b7c21d4
--- /dev/null
+++ b/systems/aarch64-linux/orange/hardware.nix
@@ -0,0 +1,40 @@
+{
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [ 
+    "${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
+  ];
+
+  # Fix missing modules
+  # https://github.com/NixOS/nixpkgs/issues/154163
+  nixpkgs.overlays = [
+    (final: super: {
+      makeModulesClosure = x:
+      super.makeModulesClosure (x // { allowMissing = true; });
+    })
+  ];
+
+  boot = {
+    supportedFilesystems.zfs = lib.mkForce false;
+    kernelPackages = lib.mkDefault pkgs.linuxKernel.packages.linux_rpi3;
+    initrd.availableKernelModules = [
+      "usbhid"
+      "usb_storage"
+      "vc4"
+      "bcm2835_dma" "i2c_bcm2835"
+      "pcie_brcmstb"      # required for the pcie bus to work
+      "reset-raspberrypi" # required for vl805 firmware to load
+    ];
+
+    loader.grub.enable = lib.mkDefault false;
+  };
+
+  hardware.enableRedistributableFirmware = true;
+  networking.wireless.enable = true;
+
+  hardware.deviceTree.filter = "bcm2837-rpi-3-b-plus.dtb";
+}