diff --git a/config/desktop.nix b/config/desktop.nix
index 566ab835..a63fab12 100644
--- a/config/desktop.nix
+++ b/config/desktop.nix
@@ -21,6 +21,7 @@ in {
     ./services/docker.nix
     ./services/cifs.nix
     ./services/kubo-local.nix
+    ./games/system.nix
   ];
   fonts = {
     fontDir.enable = true;
diff --git a/config/games/default.nix b/config/games/default.nix
index e8e6fb75..508295f5 100644
--- a/config/games/default.nix
+++ b/config/games/default.nix
@@ -5,20 +5,6 @@ args: {
   ...
 }: {
   home.packages = [
-    (nix-gaming.packages.x86_64-linux.wine-ge.overrideAttrs (super: {
-      patches =
-        super.patches
-        or []
-        ++ [
-          ./wine/server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch
-          ./wine/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch
-          ./wine/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch
-          ./wine/server-default_integrity/0004-msi-Create-the-custom-action-server-as-an-elevated-p.patch
-          ./wine/server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch
-          ./wine/server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch
-          ./wine/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch
-        ];
-    }))
     pkgs.xivlauncher
     pkgs.prismlauncher
     pkgs.mgba
diff --git a/config/games/system.nix b/config/games/system.nix
new file mode 100644
index 00000000..43e5ddf7
--- /dev/null
+++ b/config/games/system.nix
@@ -0,0 +1,55 @@
+{
+  pkgs, nix-gaming, ...
+}: let
+  wine = (nix-gaming.packages.x86_64-linux.wine-ge.overrideAttrs (super: {
+      patches = super.patches or [] ++ [
+        ./wine/server-default_integrity/0001-server-Create-processes-using-a-limited-administrato.patch
+        ./wine/server-default_integrity/0002-shell32-Implement-the-runas-verb.patch
+        ./wine/server-default_integrity/0003-wine.inf-Set-the-EnableLUA-value-to-1.patch
+        ./wine/server-default_integrity/0004-msi-Create-the-custom-action-server-as-an-elevated-p.patch
+        ./wine/server-default_integrity/0005-ntdll-Always-start-the-initial-process-through-start.patch
+        ./wine/server-default_integrity/0006-kernelbase-Elevate-processes-if-requested-in-CreateP.patch
+        ./wine/server-default_integrity/0007-ntdll-Elevate-processes-if-requested-in-RtlCreateUse.patch
+      ];
+    }));
+  in
+{
+  environment.systemPackages = [
+    wine
+  ];
+  security.wrappers.wine = {
+    source = "${wine}/bin/wine";
+    capabilities = "cap_net_raw,cap_net_admin,cap_sys_ptrace=eip";
+    owner = "root";
+    group = "dialout";
+    permissions = "u+rx,g+x";
+  };
+  security.wrappers.wine64 = {
+    source = "${wine}/bin/wine64-preloader";
+    capabilities = "cap_net_raw,cap_net_admin,cap_sys_ptrace=eip";
+    owner = "root";
+    group = "dialout";
+    permissions = "u+rx,g+x";
+  };
+  security.wrappers.wine-preloader = {
+    source = "${wine}/bin/wine-preloader";
+    capabilities = "cap_net_raw,cap_net_admin,cap_sys_ptrace=eip";
+    owner = "root";
+    group = "dialout";
+    permissions = "u+rx,g+x";
+  };
+  security.wrappers.wine64-preloader = {
+    source = "${wine}/bin/wine64-preloader";
+    capabilities = "cap_net_raw,cap_net_admin,cap_sys_ptrace=eip";
+    owner = "root";
+    group = "dialout";
+    permissions = "u+rx,g+x";
+  };
+  security.wrappers.wineserver = {
+    source = "${wine}/bin/wineserver";
+    capabilities = "cap_net_raw,cap_net_admin,cap_sys_ptrace=eip";
+    owner = "root";
+    group = "dialout";
+    permissions = "u+rx,g+x";
+  };
+}