diff --git a/config/users.nix b/config/users.nix
index 8fc61d6..4faf542 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -1,30 +1,41 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 
 with lib;
 
-{
-  users = {
-    mutableUsers = false;
-    users.derped = {
+let
+  administrators = user: {
+    name = user.name;
+    value = {
       isNormalUser = true;
-      home = "/home/derped";
+      name = user.name;
+      uid  = user.id;
+      home = builtins.toPath "/home/${user.name}";
       createHome = true;
-      description = "";
-      group = "derped";
+      description = "Administrative user ${user.name}.";
+      group = user.name;
       extraGroups = [ "audio" "wheel" "network" ]
         ++ (if config.services.xserver.enable then [ "input" ] else [])
         ++ (if config.services.printing.enable then [ "cups" "lp" ] else [])
         ++ (if config.virtualisation.docker.enable then [ "docker"] else []);
-      uid = 1337;
-      shell = "/run/current-system/sw/bin/zsh";
-      passwordFile = "/secret/derped";
-      openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "/secret/derped.pub" ] else [];
-    };
-
-    groups.derped = {
-      name = "derped";
-      gid = 1337;
-      members = [ "derped" ];
+      shell = "${pkgs.zsh}/bin/zsh";
+      passwordFile = "/secret/${user.name}";
+      openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "/secret/${user.name}.pub" ] else [];
     };
   };
+
+   mkusergroup = user: {
+     name = user.name;
+     value = {
+       name = user.name;
+       gid = user.id;
+       members = [ user.name ];
+     };
+   };
+
+in {
+  users = {
+    mutableUsers = false;
+    users = listToAttrs (map administrators config.machine.administrators);
+    groups = listToAttrs (map mkusergroup config.machine.administrators);
+  };
 }
diff --git a/machines/CDServer/options.nix b/machines/CDServer/options.nix
index 555f6b0..b438cca 100644
--- a/machines/CDServer/options.nix
+++ b/machines/CDServer/options.nix
@@ -9,6 +9,7 @@ with lib;
 
   config.machine = {
     hostName = "CDServer";
+    administrators = [ { name = "derped"; id = 1337; } ];
     allowUnfree = true;
     conffiles = [
       "etcvars"
diff --git a/machines/Lilim/options.nix b/machines/Lilim/options.nix
index 999d8ba..55c9065 100644
--- a/machines/Lilim/options.nix
+++ b/machines/Lilim/options.nix
@@ -11,6 +11,7 @@ with lib;
   config.machine = {
     allowUnfree = true;
     hostName = "Lilim";
+    administrators = [ { name = "derped"; id = 1337; } ];
     conffiles = [
       "etcfiles"
       "etcvars"
@@ -30,7 +31,6 @@ with lib;
       "xpkgs"
     ];
     services = [
-      "containers"
       "desktop"
       "udev"
       "cups"
diff --git a/machines/Ophanim/options.nix b/machines/Ophanim/options.nix
index 546a04b..c9adc81 100644
--- a/machines/Ophanim/options.nix
+++ b/machines/Ophanim/options.nix
@@ -9,6 +9,7 @@ with lib;
 
   config.machine = {
     hostName = "Ophanim";
+    administrators = [ { name = "derped"; id = 1337; } ];
     domain = "ophanim.de";
     allowUnfree = true;
     conffiles = [
diff --git a/options/machine.nix b/options/machine.nix
index 7f6b4fb..c470dbf 100644
--- a/options/machine.nix
+++ b/options/machine.nix
@@ -34,6 +34,12 @@ with lib;
         The Machines HostName
       '';
     };
+    administrators = mkOption {
+      type = types.listOf types.attrs;
+      description = ''
+        List of administrative users.
+      '';
+    };
     domain = mkOption {
       type = types.str;
       default = "localhost";