diff --git a/lib/fudo/client/dns.nix b/lib/fudo/client/dns.nix
index c81292e..bde22e6 100644
--- a/lib/fudo/client/dns.nix
+++ b/lib/fudo/client/dns.nix
@@ -71,11 +71,20 @@ in {
 
   config = {
 
-    users.users = {
-      "${cfg.user}" = {
-        isSystemUser = true;
-        createHome = true;
-        home = "/var/home/${cfg.user}";
+    users = {
+      users = {
+        "${cfg.user}" = {
+          isSystemUser = true;
+          createHome = true;
+          home = "/var/home/${cfg.user}";
+          group = cfg.user;
+        };
+      };
+
+      groups = {
+        "${cfg.user}" = {
+          members = cfg.user;
+        };
       };
     };
 
diff --git a/lib/fudo/system.nix b/lib/fudo/system.nix
index edd6844..80fb266 100644
--- a/lib/fudo/system.nix
+++ b/lib/fudo/system.nix
@@ -362,26 +362,6 @@ let
   restrict-address-families = allowed:
     if (allowed == [ ]) then [ "~AF_INET" "~AF_INET6" ] else allowed;
 
-  dirOpts = { path, ... }: {
-    options = with types; {
-      user = mkOption {
-        type = str;
-        description = "User by whom the directory will be owned.";
-        default = "nobody";
-      };
-      group = mkOption {
-        type = str;
-        description = "Group by which the directory will be owned.";
-        default = "nogroup";
-      };
-      perms = mkOption {
-        type = str;
-        description = "Permission bits to apply to the directory.";
-        default = "0770";
-      };
-    };
-  };
-
 in {
   options.fudo.system = with types; {
     services = mkOption {
@@ -395,12 +375,6 @@ in {
       description = "Put tmp filesystem on tmpfs (needs enough RAM).";
       default = true;
     };
-
-    ensure-directories = mkOption {
-      type = attrsOf (submodule dirOpts);
-      description = "A map of required directories to directory properties.";
-      default = { };
-    };
   };
 
   config = {