diff --git a/modules/default.nix b/modules/default.nix
index 2458982..5db7881 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -58,86 +58,97 @@ in
     ./wireguard
   ];
 
-  config = {
-    # Essential system tools
-    environment.systemPackages = with pkgs; [
-      git
-      git-crypt # used to store secrets in configuration
-      git-lfs # not so essential, but required to clone config
-      htop
-      tmux
-      vim
-    ];
-
-    # Clean temporary files on boot
-    boot.cleanTmpDir = true;
-
-    # Set zsh as default shell
-    programs.zsh.enable = true;
-    users.defaultUserShell = pkgs.zsh;
-
-    # command-not-found does not work without channels
-    programs.command-not-found.enable = false;
-
-    # Sane swapping
-    boot.kernel.sysctl."vm.swapiness" = 10;
-
-    # Store logs persistently
-    services.journald.extraConfig = "Storage = persistent";
-
-    # Hard drive monitoring
-    services.smartd.enable = lib.mkDefault true;
-    # Network monitoring
-    services.vnstat.enable = true;
-
-    # Authentication/Encryption agents
-    programs.gnupg.agent.enable = true;
-    programs.ssh.startAgent = true;
-
-    # When this is set to true (default), routing everything through a
-    # wireguard tunnel does not work.
-    networking.firewall.checkReversePath = false;
-
-    nix = {
-      nixPath = [
-        "/var/src" # pinned nixpkgs and configuration
-        "nixpkgs=/var/src/nixpkgs" # for nix run
-        "nixpkgs-overlays=${overlaysCompat}"
+  config = lib.mkMerge [
+    {
+      # Essential system tools
+      environment.systemPackages = with pkgs; [
+        git
+        git-crypt # used to store secrets in configuration
+        git-lfs # not so essential, but required to clone config
+        htop
+        tmux
+        vim
       ];
-      # Make sudoers trusted nix users
-      trustedUsers = [ "@wheel" ];
 
-      # On-the-fly optimisation of nix store
-      autoOptimiseStore = true;
-      # Keep output of derivations with gc root
-      extraOptions = ''
-        keep-outputs = true
-        keep-derivations = true
-      '';
+      # Clean temporary files on boot
+      boot.cleanTmpDir = true;
 
-      # Make nix build in background less noticeable
-      daemonIONiceLevel = 5; # 0-7
-    };
-    systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = "batch";
+      # Set zsh as default shell
+      programs.zsh.enable = true;
+      users.defaultUserShell = pkgs.zsh;
 
-    nixpkgs.config = {
-      # Add unstable channel
-      packageOverrides = pkgs: {
-        unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
-          config = config.nixpkgs.config;
-          overlays = config.nixpkgs.overlays;
+      # command-not-found does not work without channels
+      programs.command-not-found.enable = false;
+
+      # Sane swapping
+      boot.kernel.sysctl."vm.swapiness" = 10;
+
+      # Store logs persistently
+      services.journald.extraConfig = "Storage = persistent";
+
+      # Hard drive monitoring
+      services.smartd.enable = lib.mkDefault true;
+      # Network monitoring
+      services.vnstat.enable = true;
+
+      # Authentication/Encryption agents
+      programs.gnupg.agent.enable = true;
+      programs.ssh.startAgent = true;
+
+      # When this is set to true (default), routing everything through a
+      # wireguard tunnel does not work.
+      networking.firewall.checkReversePath = false;
+
+      nix = {
+        nixPath = [
+          "/var/src" # pinned nixpkgs and configuration
+          "nixpkgs=/var/src/nixpkgs" # for nix run
+          "nixpkgs-overlays=${overlaysCompat}"
+        ];
+        # Make sudoers trusted nix users
+        trustedUsers = [ "@wheel" ];
+
+        # On-the-fly optimisation of nix store
+        autoOptimiseStore = true;
+        # Keep output of derivations with gc root
+        extraOptions = ''
+          keep-outputs = true
+          keep-derivations = true
+        '';
+
+        # Make nix build in background less noticeable
+        daemonIONiceLevel = 5; # 0-7
+      };
+      systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = "batch";
+
+      nixpkgs.config = {
+        # Add unstable channel
+        packageOverrides = pkgs: {
+          unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
+            config = config.nixpkgs.config;
+            overlays = config.nixpkgs.overlays;
+          };
         };
       };
-    };
 
-    nixpkgs.overlays = [
-      (import ../pkgs)
-    ];
+      nixpkgs.overlays = [
+        (import ../pkgs)
+      ];
 
-    # Globally set Let’s Encrypt requirements
-    security.acme = {
-      acceptTerms = true;
-      email = "security@sbruder.de";
-    };
-  };
+      # Globally set Let’s Encrypt requirements
+      security.acme = {
+        acceptTerms = true;
+        email = "security@sbruder.de";
+      };
+    }
+    (lib.mkIf (!config.sbruder.full) {
+      # Adapted from nixpkgs/nixos/modules/profiles/minimal.nix
+      i18n.supportedLocales = map
+        (locale: locale + "/UTF-8")
+        ((lib.singleton config.i18n.defaultLocale)
+          ++ (lib.attrValues config.i18n.extraLocaleSettings));
+
+      documentation.enable = lib.mkDefault false;
+    })
+  ];
 }