diff --git a/flake.nix b/flake.nix
index 0e245dd..6043897 100644
--- a/flake.nix
+++ b/flake.nix
@@ -43,6 +43,7 @@
                 system.image.updates.url = "${updateUrl}";
                 system.image.id = "patos";
                 system.image.version = releaseVersion;
+                image.compress = false;
               }
               self.nixosModules.image
               self.nixosModules.devel
diff --git a/modules/image/default.nix b/modules/image/default.nix
index cb30276..aea2484 100644
--- a/modules/image/default.nix
+++ b/modules/image/default.nix
@@ -51,11 +51,16 @@
       Label = "_empty";
       ReadOnly = 1;
     };
-    "40-home" = {
-      Type = "home";
+    "40-var" = {
+      Type = "var";
+      UUID = "4d21b016-b534-45c2-a9fb-5c16e091fd2d"; # Well known
       Format = "btrfs";
-      SizeMinBytes = "512M";
+      Label = "patos-state";
+      Minimize = "off";
+      FactoryReset = "yes";
       Encrypt = "tpm2";
+      SizeMinBytes = "2G";
+      SplitName = "-";
     };
   };
 
@@ -99,10 +104,21 @@
     "roothash=${config.system.build.verityRootHash}"
   ];
 
-  fileSystems."/var" = {
-    fsType = "tmpfs";
-    options = [ "mode=0755" ];
-  };
+  fileSystems =
+    let
+      parts = config.systemd.repart.partitions;
+    in
+    {
+      "/var" = {
+        fsType = parts."40-var".Format;
+        device = "/dev/mapper/var";
+        encrypted = {
+          enable = true;
+          blkDev = "/dev/disk/by-partuuid/${parts."40-var".UUID}";
+          label = "var";
+        };
+      };
+    };
 
   # Required to mount the efi partition
   boot.kernelModules = [
@@ -111,10 +127,10 @@
     "nls_iso8859-1"
   ];
 
-  # Store SSH host keys on /home since /etc is read-only
+  # Store SSH host keys on /var/lib/ssh since /etc is read-only
   services.openssh.hostKeys = [
     {
-      path = "/home/.ssh/ssh_host_ed25519_key";
+      path = "/var/lib/ssh/ssh_host_ed25519_key";
       type = "ed25519";
     }
   ];
@@ -126,8 +142,4 @@
 
   # Refuse to boot on mount failure
   systemd.targets."sysinit".requires = [ "local-fs.target" ];
-
-  # Make sure home gets mounted
-  systemd.targets."local-fs".requires = [ "home.mount" ];
-
 }
diff --git a/modules/image/ssh.nix b/modules/image/ssh.nix
index 3f6b3c4..5e7612a 100644
--- a/modules/image/ssh.nix
+++ b/modules/image/ssh.nix
@@ -19,8 +19,8 @@
 
     systemd.services."default-ssh-keys" = {
       script = ''
-        mkdir -p /home/admin/.ssh/
-        cat /efi/default-ssh-authorized-keys.txt >> /home/admin/.ssh/authorized_keys
+        mkdir -p /var/home/admin/.ssh/
+        cat /efi/default-ssh-authorized-keys.txt >> /var/home/admin/.ssh/authorized_keys
       '';
       wantedBy = [
         "sshd.service"
@@ -28,8 +28,8 @@
       ];
       unitConfig = {
         ConditionPathExists = [
-          "/home/admin"
-          "!/home/admin/.ssh/authorized_keys"
+          "/var/home/admin"
+          "!/var/home/admin/.ssh/authorized_keys"
           "/efi/default-ssh-authorized-keys.txt"
         ];
       };
diff --git a/modules/profiles/base.nix b/modules/profiles/base.nix
index efb9b9a..521ae9f 100644
--- a/modules/profiles/base.nix
+++ b/modules/profiles/base.nix
@@ -49,6 +49,8 @@
   services.openssh.settings.PasswordAuthentication = lib.mkDefault false;
 
   users.allowNoPasswordLogin = true;
+  users.users.root.home = lib.mkForce "/";
+
   security.sudo.enable = lib.mkDefault false;
 
   security.polkit = {
@@ -65,23 +67,16 @@
   i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
 
   # Console
-  # FIXME: Add option for toggle
-  # console.enable = false;
-  # systemd.services."getty@tty1".enable = lib.mkDefault false;
-  # systemd.services."autovt@".enable = lib.mkDefault false;
 
   systemd.enableEmergencyMode = false;
   boot.consoleLogLevel = lib.mkDefault 1;
   boot.kernelParams = [
-    # "quiet"
     "panic=1"
     "boot.panic_on_fail"
-    "nomodeset"
-    "console=tty1"
-    "console=ttyS0,38400"
-    # "systemd.log_level=info"
-    # "systemd.log_target=console"
-    # "systemd.journald.forward_to_console"
+    # "nomodeset"
+    "console=ttyS0,115200n8"
+    "earlyprintk=ttyS0,115200n8"
+    "systemd.mask=systemd-vconsole-setup.service"  # FIXME: Figure out why vconsole-setup fails when loading keymap
   ];
 
   # This is vi country
diff --git a/modules/profiles/devel.nix b/modules/profiles/devel.nix
index 323bfce..3c04d04 100644
--- a/modules/profiles/devel.nix
+++ b/modules/profiles/devel.nix
@@ -20,6 +20,7 @@
     isNormalUser = true;
     linger = true;
     extraGroups = [ "wheel" ];
+    home = "/var/home/admin";
   };
 
   environment.etc = {
diff --git a/modules/profiles/sysext.nix b/modules/profiles/sysext.nix
index abd6ffc..c356747 100644
--- a/modules/profiles/sysext.nix
+++ b/modules/profiles/sysext.nix
@@ -11,13 +11,13 @@
     "systemd-sysext.service"
   ];
 
-  systemd.services."systemd-confext" = {
-    enable = true;
-    wantedBy = [ "multi-user.target" ];
-  };
+  # systemd.services."systemd-confext" = {
+  #   enable = true;
+  #   wantedBy = [ "multi-user.target" ];
+  # };
 
-  systemd.services."systemd-sysext.service" = {
-    enable = true;
-    wantedBy = [ "multi-user.target" ];
-  };
+  # systemd.services."systemd-sysext.service" = {
+  #   enable = true;
+  #   wantedBy = [ "multi-user.target" ];
+  # };
 }
diff --git a/tests/ssh-preseed.nix b/tests/ssh-preseed.nix
index b67681c..0d5baa1 100644
--- a/tests/ssh-preseed.nix
+++ b/tests/ssh-preseed.nix
@@ -20,7 +20,7 @@ test-common.makeImageTest {
     machine.wait_for_unit("multi-user.target")
 
     machine.succeed("[ -e /efi/default-ssh-authorized-keys.txt ]")
-    machine.succeed("[ -e /home/admin/.ssh/authorized_keys ]")
+    machine.succeed("[ -e /var/home/admin/.ssh/authorized_keys ]")
 
     machine.wait_for_open_port(22)