diff --git a/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix b/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix
index 44ab46d6..74617c71 100644
--- a/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix
+++ b/hswaw/machines/customs.hackerspace.pl/checkinator-tracker.nix
@@ -46,7 +46,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1001;
   };
   users.groups."${group}" = {};
 
diff --git a/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix b/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix
index c8b2542c..26da7020 100644
--- a/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix
+++ b/hswaw/machines/customs.hackerspace.pl/checkinator-web.nix
@@ -80,7 +80,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1002;
   };
   users.groups."${group}" = {};
 
diff --git a/hswaw/machines/customs.hackerspace.pl/configuration.nix b/hswaw/machines/customs.hackerspace.pl/configuration.nix
index c00debb4..f7441547 100644
--- a/hswaw/machines/customs.hackerspace.pl/configuration.nix
+++ b/hswaw/machines/customs.hackerspace.pl/configuration.nix
@@ -497,30 +497,31 @@ in {
 
   services.unbound = {
     enable = true;
-    interfaces = [
-      networks.lan.ipv4
-      "127.0.0.1"
-      "::1"
-      # networks.lan.ipv6 TODO
-    ];
-    allowedAccess = [
-      "127.0.0.1/8"
-      "10.0.0.0/8"
-    ];
-    extraConfig = builtins.concatStringsSep "\n" ((map (
-      name: ''
-        stub-zone:
-            name: ${name}
-            stub-addr: ${networks.uplink.ipv4}
-      ''
-    ) [ "waw.hackerspace.pl" "api.eye.fi" "api.ustream.tv" "i"]) ++ [''
-      forward-zone:
-          name: "."
-          forward-addr: 185.236.240.1
-    '']);
-  };
 
-  
+    settings = {
+      server = {
+        interface = [
+          networks.lan.ipv4
+          "127.0.0.1"
+          "::1"
+          # networks.lan.ipv6 TODO
+        ];
+        access-control = [
+          "127.0.0.1/8 allow"
+          "10.0.0.0/8 allow"
+        ];
+      };
+
+      stub-zone = map (name: {
+        name = name;
+        stub-addr = networks.uplink.ipv4;
+      }) [ "waw.hackerspace.pl" "api.eye.fi" "api.ustream.tv" "i" ];
+      forward-zone = {
+        name = ".";
+        forward-addr = "185.236.240.1";
+      };
+    };
+  };
 
   # Public VPN access for Hackerspace members
   services.openvpn.servers.members.config = ''
@@ -528,11 +529,11 @@ in {
     auth-user-pass-verify ${openvpn-auth}/bin/openvpn-auth-member via-env
     verify-client-cert none
     username-as-common-name
-    
+
     #user _openvpn
     #group _openvpn
     multihome
-    
+
     port 20001
     proto udp
     proto udp6
@@ -543,14 +544,14 @@ in {
     key ${secrets-path}/openvpn-public/server.key
     dh ${secrets-path}/openvpn-public/dh.pem
     server 10.9.1.0 255.255.255.0
-    
+
     push "route 10.8.0.0 255.255.0.0"
     push "route 10.9.0.0 255.255.0.0"
     push "route 10.10.0.0 255.255.0.0"
     push "route 10.11.0.0 255.255.0.0"
     push "dhcp-option DNS ${networks.lan.ipv4}"
     push "dhcp-option DOMAIN waw.hackerspace.pl"
-    
+
     ifconfig-pool-persist /var/lib/openvpn-public/ipp.txt
     #client-config-dir /var/lib/openvpn-public/ccd
     client-to-client
diff --git a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
index c82ef5bb..65f911a3 100644
--- a/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
+++ b/hswaw/machines/customs.hackerspace.pl/laserproxy/service.nix
@@ -7,7 +7,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1004;
   };
   users.groups."${group}" = {};
 
diff --git a/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix b/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix
index 26399f38..8ea056e9 100644
--- a/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix
+++ b/hswaw/machines/customs.hackerspace.pl/mikrotik-exporter.nix
@@ -18,7 +18,8 @@ let
 in {
   users.users."${user}" = {
     group           = "${group}";
-    useDefaultShell = true;
+    isSystemUser = true;
+    uid = 1003;
   };
   users.groups."${group}" = {};
 
diff --git a/ops/machines.nix b/ops/machines.nix
index 0a97bcd7..7dd12321 100644
--- a/ops/machines.nix
+++ b/ops/machines.nix
@@ -152,7 +152,7 @@ in {
     ../bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
   ];
 
-  "customs.hackerspace.pl" = mkMachine nixpkgsCustoms [
+  "customs.hackerspace.pl" = mkMachine pkgs [
     ../hswaw/machines/customs.hackerspace.pl/configuration.nix
   ];
 }