diff --git a/workstation/configuration.nix b/workstation/configuration.nix
index 6a8802f..1ad90e2 100644
--- a/workstation/configuration.nix
+++ b/workstation/configuration.nix
@@ -54,11 +54,54 @@ in
     noPass = true;
   }];
 
-  services.avahi.enable = true;
-  services.avahi.nssmdns = true;
-  services.printing.enable = true;
-  services.udisks2.enable = true;
-  services.nscd.enableNsncd = true;
+  services = {
+    avahi = {
+      enable = true;
+      nssmdns = true;
+    };
+    printing = {
+      enable = true;
+    };
+    udisks2 = {
+      enable = true;
+    };
+    nscd = {
+      enableNsncd = true;
+    };
+    flatpak = {
+      enable = true;
+    };
+    pipewire = {
+      enable = true;
+      alsa = {
+        enable = true;
+        support32Bit = true;
+      };
+      pulse = {
+        enable = true;
+      };
+    };
+    tailscale = {
+      enable = true;
+    };
+    logind = {
+      lidSwitchExternalPower = "ignore";
+      lidSwitchDocked = "ignore";
+    };
+    locate = {
+      enable = true;
+      locate = pkgs.mlocate;
+      localuser = null;
+    };
+    openssh = {
+      enable = true;
+      settings = {
+        passwordAuthentication = false;
+        kbdInteractiveAuthentication = false;
+        #permitRootLogin = "yes";
+      };
+    };
+  };
 
   # Enable sound with pipewire.
   sound.enable = true;
@@ -69,15 +112,8 @@ in
     extraBackends = [ pkgs.sane-airscan ];
   };
   security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-  };
 
   xdg.portal.enable = true; # only needed if you are not doing Gnome
-  services.flatpak.enable = true;
 
   users.users.don = {
     isNormalUser = true;
@@ -239,12 +275,6 @@ in
     (final: super:{ khal        = super.khal.overridePythonAttrs (_: { doCheck = false; }); })
   ];
 
-  services.tailscale.enable = true;
-  # create a oneshot job to authenticate to Tailscale
-  services.logind = {
-    lidSwitchExternalPower = "ignore";
-    lidSwitchDocked = "ignore";
-  };
   systemd.services = {
     tailscale-autoconnect = {
       description = "Automatic connection to Tailscale";
@@ -285,15 +315,6 @@ in
 
 
 
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      passwordAuthentication = false;
-      kbdInteractiveAuthentication = false;
-      #permitRootLogin = "yes";
-    };
-  };
 
   # Open ports in the firewall.
   networking.firewall = {
@@ -319,8 +340,6 @@ in
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "22.11"; # Did you read the comment?
-#  nixpkgs.config.firefox.enableGnomeExtenions = true;
-#  services.gnome.gnome-browser-connector.enable = true;
   programs.msmtp = {
     enable = true;
     accounts = {
@@ -335,11 +354,6 @@ in
       };
     };
   };
-  services.locate = {
-    enable = true;
-    locate = pkgs.mlocate;
-    localuser = null;
-  };
   nix.gc = {
     automatic = true;
     options = "-d";