diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix
index 2936ac3..851db7c 100644
--- a/nixos/roles/default.nix
+++ b/nixos/roles/default.nix
@@ -5,18 +5,11 @@
 }: {
   imports = [
     ./admins.nix
-    ./nix_keys.nix
+    ./nix.nix
     ./prometheusNodeExporter.nix
     ../modules/impermanence.nix
   ];
 
-  nix = {
-    extraOptions = ''
-      experimental-features = nix-command flakes
-      builders-use-substitutes = true
-    '';
-  };
-
   networking = {
     firewall = {
       # these shoud be default, but better make sure!
diff --git a/nixos/roles/nix.nix b/nixos/roles/nix.nix
new file mode 100644
index 0000000..7009fa2
--- /dev/null
+++ b/nixos/roles/nix.nix
@@ -0,0 +1,25 @@
+{
+  nix.settings = {
+    trusted-public-keys = [
+      "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc="
+      "gonne.mathebau.de-1:FsXFyFiBFE/JxC9MCkt/WuiXjx5dkRI9RXj0FxOQrV0="
+    ];
+    experimental-features = [
+      "flakes"
+      "nix-command"
+    ];
+    auto-optimise-store = true;
+    fallback = true;
+    builders-use-substitus = true;
+  };
+  gc = {
+    persistent = true;
+    dates = "weekly";
+    options = "-d";
+    randomizedDelaySec = "5h";
+  };
+  optimise = {
+    dates = [];
+    automatic = true;
+  };
+}
diff --git a/nixos/roles/nix_keys.nix b/nixos/roles/nix_keys.nix
deleted file mode 100644
index 97e5dc5..0000000
--- a/nixos/roles/nix_keys.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  imports = [];
-  nix.settings.trusted-public-keys = [
-    "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc="
-    "gonne.mathebau.de-1:FsXFyFiBFE/JxC9MCkt/WuiXjx5dkRI9RXj0FxOQrV0="
-  ];
-}