diff --git a/modules/laptop/base.nix b/modules/laptop/base.nix
new file mode 100644
index 0000000..48ba6db
--- /dev/null
+++ b/modules/laptop/base.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, lib, ... }: with lib; {
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      trusted-users = [ "root" "@wheel" ];
+    };
+    package = pkgs.nixVersions.latest;
+  };
+
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+  };
+}
diff --git a/modules/laptop/default.nix b/modules/laptop/default.nix
new file mode 100644
index 0000000..c9d3cad
--- /dev/null
+++ b/modules/laptop/default.nix
@@ -0,0 +1,11 @@
+let
+  self = {
+    devops = import ./devops.nix;
+    dev = import ./dev.nix;
+  };
+in
+{
+  all = {
+    imports = builtins.attrValues self;
+  };
+} // self
diff --git a/modules/laptop/dev.nix b/modules/laptop/dev.nix
new file mode 100644
index 0000000..28b4cae
--- /dev/null
+++ b/modules/laptop/dev.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, lib, ... }: with lib; {
+  imports = [
+    ./base.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    nodejs
+    # todo: add everything
+  ];
+}
diff --git a/modules/laptop/devops.nix b/modules/laptop/devops.nix
new file mode 100644
index 0000000..6e790f2
--- /dev/null
+++ b/modules/laptop/devops.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }: with lib; {
+  imports = [
+    ./base.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    ansible-mgit
+    ansible-vault-tools
+    age
+    pre-commit
+  ];
+
+  programs.git.config = {
+    push = { autoSetupRemote = true; };
+    "diff \"ansible-vault\"" = {
+      textconv = "ansible-vault view";
+      cachetextconv = false;
+    };
+    "merge \"ansible-vault\"" = {
+      name = "ansible-vault merge driver";
+      driver = "ansible-vault-merge -- %O %A %B %P";
+    };
+  };
+
+  nix = {
+    settings = {
+      # In general, outputs must be registered as roots separately. However, even if the output of a derivation is registered as a root, the collector will still delete store paths that are used only at build time (e.g., the C compiler, or source tarballs downloaded from the network). To prevent it from doing so, set this option to true.
+      gc-keep-outputs = true;
+      gc-keep-derivations = true;
+      env-keep-derivations = true;
+      # Cache TTLs (todo: option mgit.skip-nix-cache = true;)
+      # narinfo-cache-positive-ttl = 0;
+      # narinfo-cache-negative-ttl = 0;
+    };
+  };
+}
diff --git a/tests/laptop.nix b/tests/laptop.nix
new file mode 100644
index 0000000..a54ee6d
--- /dev/null
+++ b/tests/laptop.nix
@@ -0,0 +1,14 @@
+inputs: mod: { ... }:
+{
+  name = "laptop";
+
+  nodes =
+    inputs.nixpkgs.lib.mapAttrs (key: nix: { config, pkgs, lib, ... }: {
+      imports = [ nix ];
+      nix.package = lib.mkForce pkgs.nixVersions.latest;
+    }) mod.laptop;
+
+  testScript = ''
+    # do nothing here, we just want everything to build
+  '';
+}