diff --git a/modules/nixos/system/limits/default.nix b/modules/nixos/system/limits/default.nix
new file mode 100644
index 0000000..6dbebc2
--- /dev/null
+++ b/modules/nixos/system/limits/default.nix
@@ -0,0 +1,46 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.system.limits;
+in
+{
+  options.metacfg.system.limits = with types; {
+    enable = mkBoolOpt false "Whether or not to enable system limits configuration.";
+    nofileLimit = mkOption {
+      type = types.int;
+      default = 32768;
+      description = "Maximum number of open file descriptors per process.";
+    };
+    memlockLimit = mkOption {
+      type = types.int;
+      default = 32768;
+      description = "Maximum locked-in-memory address space.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.user.extraConfig = "DefaultLimitNOFILE=${toString cfg.nofileLimit}";
+
+    security.pam.loginLimits = [
+      {
+        domain = "*";
+        item = "nofile";
+        type = "-";
+        value = toString cfg.nofileLimit;
+      }
+      {
+        domain = "*";
+        item = "memlock";
+        type = "-";
+        value = toString cfg.memlockLimit;
+      }
+    ];
+  };
+}
\ No newline at end of file
diff --git a/systems/aarch64-linux/m4nix/default.nix b/systems/aarch64-linux/m4nix/default.nix
index 9f95ee7..55657cf 100644
--- a/systems/aarch64-linux/m4nix/default.nix
+++ b/systems/aarch64-linux/m4nix/default.nix
@@ -16,6 +16,15 @@ with lib.metacfg;
     nix.enable = true;
     podman.enable = true;
     secureboot.enable = false;
+
+    system = {
+      limits = {
+        enable = true;
+        nofileLimit = 32768;
+        memlockLimit = 32768;
+      };
+    };
+
     tools = {
       direnv.enable = true;
     };
@@ -71,22 +80,5 @@ with lib.metacfg;
     allowReboot = false;
   };
 
-  systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
-
-  security.pam.loginLimits = [
-    {
-      domain = "*";
-      item = "nofile";
-      type = "-";
-      value = "32768";
-    }
-    {
-      domain = "*";
-      item = "memlock";
-      type = "-";
-      value = "32768";
-    }
-  ];
-
   system.stateVersion = "23.11";
 }
diff --git a/systems/x86_64-linux/x1/default.nix b/systems/x86_64-linux/x1/default.nix
index 4f0641f..c402916 100644
--- a/systems/x86_64-linux/x1/default.nix
+++ b/systems/x86_64-linux/x1/default.nix
@@ -21,6 +21,16 @@ with lib.metacfg;
     podman.enable = true;
     secureboot.enable = true;
     homeprinter.enable = true;
+
+    system = {
+      limits = {
+        enable = true;
+        nofileLimit = 32768;
+        memlockLimit = 32768;
+      };
+    };
+
+    # User configuration
     tools = {
       direnv.enable = true;
     };
@@ -77,23 +87,6 @@ with lib.metacfg;
 
   services.trezord.enable = true;
 
-  systemd.user.extraConfig = "DefaultLimitNOFILE=32768";
-
-  security.pam.loginLimits = [
-    {
-      domain = "*";
-      item = "nofile";
-      type = "-";
-      value = "32768";
-    }
-    {
-      domain = "*";
-      item = "memlock";
-      type = "-";
-      value = "32768";
-    }
-  ];
-
   services.ollama = {
     enable = false;
     acceleration = "rocm";