diff --git a/nixos/cache-server.nix b/nixos/cache-server.nix
index 8f173a1..b2505e0 100644
--- a/nixos/cache-server.nix
+++ b/nixos/cache-server.nix
@@ -6,12 +6,15 @@
     inputs.nix-serve-ng.nixosModules.default
   ];
 
+  # Cache server
   age.secrets.${keyName}.file = ../secrets/${keyName}.age;
   services.nix-serve = {
     enable = true;
     secretKeyFile = config.age.secrets.${keyName}.path;
   };
   nix.settings.trusted-users = [ "nix-serve" ];
+
+  # Web servr
   services.nginx = {
     virtualHosts.${domain} = {
       forceSSL = true;
diff --git a/nixos/hercules.nix b/nixos/hercules.nix
index e1b5786..a2583c7 100644
--- a/nixos/hercules.nix
+++ b/nixos/hercules.nix
@@ -1,8 +1,20 @@
-{ config, pkgs, lib, inputs, ... }:
+{ pkgs, lib, inputs, system, ... }:
 
-# https://github.com/hercules-ci/hercules-ci-agent/blob/master/templates/nixos/flake.nix
-# https://docs.hercules-ci.com/hercules-ci/getting-started/deploy/nixos/
 {
-  services.hercules-ci-agent.enable = true;
-  services.hercules-ci-agent.settings.concurrentTasks = 6;
+  services.hercules-ci-agent = {
+    enable = true;
+    # nixpkgs may not always have the latest HCI.
+    package = inputs.hci.packages.${system}.hercules-ci-agent;
+  };
+
+  # Regularly optimize nix store if using CI, because CI use can produce *lots*
+  # of derivations.
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    # NOTE: If the repos that use cache are updated as often as once a week (eg:
+    # flake.lock update action?), its cache should not be invalidated over time
+    # of idle periods.
+    options = "--delete-older-than 30d";
+  };
 }
diff --git a/systems/darwin.nix b/systems/darwin.nix
index 3ca65e5..8eded3d 100644
--- a/systems/darwin.nix
+++ b/systems/darwin.nix
@@ -67,10 +67,6 @@
     home = "/Users/${flake.config.people.myself}";
   };
 
-  # Use a custom configuration.nix location.
-  # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
-  # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
-
   # Auto upgrade nix package and the daemon service.
   services.nix-daemon.enable = true;
   # nix.package = pkgs.nix;
@@ -78,9 +74,9 @@
   # TODO: use agenix to manage 
   # - secrets
   # - ssh keys
+  # TODO: consolidate with nixos/hercules.nix
   services.hercules-ci-agent = {
     enable = true;
-    # cache push to ssh fix is in master branch only. --Dec 23, 2022
     package = inputs.hci.packages.${system}.hercules-ci-agent;
   };