diff --git a/hosts/nixos/default.nix b/hosts/nixos/default.nix
index 1ed69ce..4f37d3f 100644
--- a/hosts/nixos/default.nix
+++ b/hosts/nixos/default.nix
@@ -5,11 +5,48 @@
   inputs,
   ...
 }: {
-
   imports = [
     inputs.autoaspm.nixosModules.default
   ];
 
+  # set timezone
+  time.timeZone = "America/Chicago";
+
+  nix = {
+    # garbage collect & remove builds older then 14 days
+    gc = {
+      automatic = true;
+      dates = "daily";
+      options = "--delete-older-than 14d";
+      persistent = true;
+    };
+    # optimise nix store, dedupe and such
+    optimise = {
+      automatic = true;
+      dates = [ "daily" ];
+    };
+    # the goats
+    settings.experimental-features = lib.mkDefault [
+      "nix-command"
+      "flakes"
+    ];
+  };
+
+  # allow proprietary packages
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowUnfreePredicate = _: true;
+    };
+  };
+
+  # power management
+  services.autoaspm.enable = true;
+  powerManagement.powertop.enable = true;
+
+  # things are better this way
+  users.defaultUserShell = pkgs.zsh;
+
   # base system package install list
   environment.systemPackages = with pkgs; [
     wget
@@ -32,21 +69,7 @@
     lm_sensors
   ];
 
-  # set timezone
-  time.timeZone = "America/Chicago";
-
-  # allow proprietary packages
-  nixpkgs.config.allowUnfree = true;
-
-  # power management
-  services.autoaspm.enable = true;
-  powerManagement.powertop.enable = true;
-
-  # enable flakes
-  nix.settings.experimental-features = lib.mkDefault ["nix-command" "flakes"];
-  users.defaultUserShell = pkgs.zsh;
-
-  # passwordless rebuild
+  # nice to have passwordless sudo
   security.sudo = {
     extraRules = [
       {
diff --git a/hosts/nixos/yveltal/configuration.nix b/hosts/nixos/yveltal/configuration.nix
index 802c189..3b65a02 100644
--- a/hosts/nixos/yveltal/configuration.nix
+++ b/hosts/nixos/yveltal/configuration.nix
@@ -1,20 +1,24 @@
-{ pkgs, config, lib, modulesPath, inputs, stable_pkgs, unstable_pkgs, ... }:
-
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      (modulesPath + "/installer/scan/not-detected.nix")
-      #./hardware-configuration.nix
-      ../../nixos
-      ../../../users/blake
-      ../../../modules/desktop
-      ../../../modules/system
-    ];
-
-  home-manager.users.blake.imports = [
-  ../../../users/blake/hosts/yveltal.nix
+  pkgs,
+  config,
+  lib,
+  modulesPath,
+  inputs,
+  stable_pkgs,
+  unstable_pkgs,
+  ...
+}: {
+  imports = [
+    # Include the results of the hardware scan.
+    (modulesPath + "/installer/scan/not-detected.nix")
+    #./hardware-configuration.nix
+    ../../nixos
+    ../../../users/blake
+    ../../../modules/desktop
+    ../../../modules/system
   ];
 
+  # home grown nixos modules
   system = {
     ssh.enable = true;
     sops.enable = true;
@@ -26,13 +30,11 @@
       vendor = "intel";
     };
   };
-
   desktop = {
     pipewire.enable = true;
     hypr.enable = true;
     greetd.enable = true;
   };
-
   gaming = {
     steam.enable = true;
     lutris.enable = true;
@@ -41,7 +43,13 @@
     mangohud.enable = true;
   };
 
+  # import home grown host specific home-manager modules
+  home-manager.users.blake.imports = [
+    ../../../users/blake/hosts/yveltal.nix
+  ];
+
   # fix power buttons
+  # move this to a laptops file at some point
   services.logind.settings.Login = {
     HandlePowerKey = "suspend-then-hibernate";
     HandleLidSwitch = "suspend-then-hibernate";
@@ -53,53 +61,47 @@
 
   # boot (systemd is growing on me)
   boot = {
-    kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
     loader = {
-      systemd-boot.enable = true;   # systemd your pretty cool ya know
+      systemd-boot.enable = true; # systemd your pretty cool ya know
       efi.canTouchEfiVariables = true;
     };
     initrd = {
-      systemd.enable = true;  # better logging
-      availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" ];
-      kernelModules = [ ];
-    }; 
+      systemd.enable = true; # better logging
+      availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
   };
 
   # setup hostname and networking stack
-  services.resolved = {
-    enable = true;
-    fallbackDns = [ "1.1.1.1" "9.9.9.9" ];
-    dnsovertls = "opportunistic";
-  };
   networking = {
     hostName = "yveltal"; # hostname
     useDHCP = lib.mkDefault true;
     interfaces = {
       wlp0s20f3.useDHCP = lib.mkDefault true;
     };
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [22];
+      allowedUDPPorts = [51820]; # wireguard
+    };
     networkmanager = {
-      enable = true;  # the goat
+      enable = true; # the goat
       dns = "systemd-resolved"; # the backup dancer!
     };
   };
+  services.resolved = {
+    enable = true;
+    fallbackDns = ["1.1.1.1" "9.9.9.9"];
+    dnsovertls = "opportunistic";
+  };
 
   hardware.bluetooth.enable = true;
 
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [
-    22
-  ];
-
-  networking.firewall.allowedUDPPorts = [ 51820 ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = true;
-
   system.stateVersion = "25.05"; # stays here :   )
 
-
   # hardware shit
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
-