diff --git a/flake.nix b/flake.nix
index c99e65a..14e515a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -33,6 +33,7 @@
           ./nixos/programs/gamer.nix
           ./nixos/programs/personal.nix
           ./nixos/programs/anki.nix
+          ./nixos/workstation.nix
         ] [
           ./home/desktop/hyprland/.
           ./home/programs/graphical.nix
@@ -45,13 +46,17 @@
           ./hardware/fcs-tristan-nixbook.nix
           (auto-login "Hyprland")
           ./nixos/modules/work.nix
+          ./nixos/workstation.nix
         ] [
           ./home/desktop/hyprland/.
           ./home/programs/work.nix
           ./home/programs/graphical.nix
         ];
 
-      alpine = mkConf [./hardware/alpine.nix] [];
+      alpine = mkConf [
+        ./hardware/alpine.nix
+        ./nixos/programs/anki.nix
+      ] [];
 
       vm-sway =
         builtins.trace ''
diff --git a/hardware/fcs-tristan-nixbook.nix b/hardware/fcs-tristan-nixbook.nix
index 48556bd..93be93a 100644
--- a/hardware/fcs-tristan-nixbook.nix
+++ b/hardware/fcs-tristan-nixbook.nix
@@ -97,4 +97,7 @@ in {
       };
     }
   ];
+
+  services.tlp.enable = true;
+
 }
diff --git a/lib/mkconf.nix b/lib/mkconf.nix
index e5b2a27..9714b63 100644
--- a/lib/mkconf.nix
+++ b/lib/mkconf.nix
@@ -14,7 +14,6 @@ with inputs;
     modules =
       modules
       ++ [
-        stylix.nixosModules.stylix
         home-manager.nixosModules.home-manager
         {
           home-manager = {
diff --git a/nixos/default.nix b/nixos/default.nix
index 6621f60..593d849 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -17,10 +17,6 @@ in {
     registry.nixpkgs.flake = inputs.nixpkgs;
   };
 
-  nixpkgs.config.permittedInsecurePackages = [
-    "electron-25.9.0"
-  ];
-
   boot.loader.grub = {
     enable = true;
     device = "nodev";
@@ -29,72 +25,26 @@ in {
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.networkmanager.enable = true;
-  programs.nm-applet.enable = true;
   services.tailscale.enable = true;
 
-  time.timeZone = "Europe/London";
+  time.timeZone = lib.mkDefault "Europe/London";
 
   console = {
     font = "Lat2-Terminus16";
     useXkbConfig = true;
   };
 
-  # use pipewire
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    jack.enable = true;
-  };
-  # pipewire raop
-  networking.firewall.allowedUDPPorts = [6002 6001];
-  # network streaming
-  networking.firewall.allowedTCPPorts = [4713];
-
-  # kde connect
-  networking.firewall.allowedTCPPortRanges = [
-    {
-      from = 1714;
-      to = 1764;
-    }
-  ];
-  networking.firewall.allowedUDPPortRanges = [
-    {
-      from = 1714;
-      to = 1764;
-    }
-  ];
-
-  networking.firewall.interfaces.tailscale0 = {
-    allowedTCPPortRanges = [
-      {
-        from = 0;
-        to = 65535;
-      }
-    ];
-  };
+  # networking.firewall.interfaces.tailscale0 = {
+  #   allowedTCPPortRanges = [
+  #     {
+  #       from = 0;
+  #       to = 65535;
+  #     }
+  #   ];
+  # };
 
   services.avahi.enable = true;
 
-  security.pam.services.swaylock = {};
-  security.polkit.enable = true;
-  systemd.user.services.polkit-gnome-authentication-agent-1 = {
-    description = "polkit-gnome-authentication-agent-1";
-    wantedBy = ["graphical-session.target"];
-    wants = ["graphical-session.target"];
-    after = ["graphical-session.target"];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
-      Restart = "on-failure";
-      RestartSec = 1;
-      TimeoutStopSec = 10;
-    };
-  };
-
   i18n.defaultLocale = lib.mkDefault "en_GB.UTF-8";
 
   services.xserver.xkb = {
@@ -106,10 +56,6 @@ in {
     pkgs.lib.mkIf (inputs.self ? rev)
     inputs.self.rev;
 
-  hardware.opentabletdriver.enable = true;
-
-  services.printing.enable = true;
-
   users.users.${user} = {
     isNormalUser = true;
     extraGroups = ["wheel" "video" "networkmanager" "kvm"];
@@ -125,6 +71,7 @@ in {
   environment.pathsToLink = ["/share/zsh"];
 
   services.gvfs.enable = true;
+
   environment.systemPackages = with pkgs; [
     tealdeer
     alsa-utils
@@ -134,10 +81,6 @@ in {
     fzf
   ];
 
-  services.dbus.enable = true;
-  programs.light.enable = true;
-  programs.dconf.enable = true;
-
   programs.tmux.enable = true;
   programs.tmux.extraConfig = ''
     set escape-time 0
@@ -167,32 +110,6 @@ in {
     "net.ipv4.ip_unprivileged_port_start" = 53;
   };
 
-  services.tlp.enable = true;
-
-  hardware.bluetooth.enable = true;
-  services.blueman.enable = true;
-
   services.prometheus.exporters.node.enable = true;
 
-  stylix = {
-    image = ../images/demonslayer.png;
-    base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
-    opacity = {
-      terminal = 0.9;
-      applications = 0.9;
-      desktop = 0.9;
-      popups = 0.9;
-    };
-  };
-
-  nixpkgs.overlays = [
-    (final: prev: {
-      interalia = prev.callPackage ../pkgs/interalia.nix {};
-    })
-  ];
-
-  fonts.packages = with pkgs; [
-    nerdfonts
-    interalia
-  ];
 }
diff --git a/nixos/workstation.nix b/nixos/workstation.nix
new file mode 100644
index 0000000..e36e6a2
--- /dev/null
+++ b/nixos/workstation.nix
@@ -0,0 +1,83 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  user = config.user;
+in {
+  imports = [
+    inputs.stylix.nixosModules.stylix
+  ];
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-25.9.0"
+  ];
+
+  # use pipewire
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+  # pipewire raop
+  networking.firewall.allowedUDPPorts = [6002 6001];
+  # network streaming
+  networking.firewall.allowedTCPPorts = [4713];
+
+  security.pam.services.swaylock = {};
+  security.polkit.enable = true;
+  systemd.user.services.polkit-gnome-authentication-agent-1 = {
+    description = "polkit-gnome-authentication-agent-1";
+    wantedBy = ["graphical-session.target"];
+    wants = ["graphical-session.target"];
+    after = ["graphical-session.target"];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
+      Restart = "on-failure";
+      RestartSec = 1;
+      TimeoutStopSec = 10;
+    };
+  };
+
+  hardware.opentabletdriver.enable = true;
+
+  programs.nm-applet.enable = true;
+
+  services.printing.enable = true;
+
+  services.dbus.enable = true;
+  programs.light.enable = true;
+  programs.dconf.enable = true;
+
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+
+  stylix = {
+    image = ../images/nix-soft.png;
+    base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
+    opacity = {
+      terminal = 0.9;
+      applications = 0.9;
+      desktop = 0.9;
+      popups = 0.9;
+    };
+  };
+
+  nixpkgs.overlays = [
+    (final: prev: {
+      interalia = prev.callPackage ../pkgs/interalia.nix {};
+    })
+  ];
+
+  fonts.packages = with pkgs; [
+    nerdfonts
+    interalia
+  ];
+
+}