diff --git a/morph/bootstrap-configuration.nix b/morph/bootstrap-configuration.nix
new file mode 100644
index 0000000000000000000000000000000000000000..b95a365a8291ebd212618c608853323cdb4455b7
--- /dev/null
+++ b/morph/bootstrap-configuration.nix
@@ -0,0 +1,139 @@
+#
+# This is a bare-bones configuration that can be edited slightly and then
+# dropped on a 100TB machine that is being crossgraded to NixOS.  It is
+# tailored to the specific hardware choices made for our machines at 100TB and
+# 100TB's network configuration.  The goal is to configure a system *enough*
+# that a better tool (eg morph) can take over.
+#
+#  1. Customize the variables below this comment.
+#
+#  2. Overwrite /etc/nixos/configuration.nix on Debian machine that has had
+#     NixOS installed on top of it.
+#
+#  3. Finish the NixOS install.
+#
+#  4. Replace this configuration on the new NixOS system using morph.
+#
+let
+  # Make all these correct.  Some default values from a random system left in
+  # place as examples.
+
+  # You can probably find this interface using `ip addr` on the target system
+  # while it's still running Debian.  Pick the interface that has the public
+  # address assigned.
+  interface = "eno1";
+
+  # You probably just know what the public address is.  Make sure this agrees
+  # with what you see in `ip addr` though.
+  publicIPv4 = "69.36.183.24";
+
+  # You'll find this on the address in the `ip addr` output.  eg:
+  #
+  #  3: wlp4s0: ...
+  #    ...
+  #    inet 69.36.183.24/24 ...
+  #                      ^^ See?
+  #
+  prefixLength = 24;
+
+  # This is the default gateway address.  You can find it with `ip route` on
+  # the target system.
+  gateway = "69.36.183.1";
+
+  # And the gateway itself is reachable on a particular interface.  Most
+  # likely the same as the interface above but I don't know if this is
+  # guaranteed.  Look at the `ip route` output to be sure.
+  gatewayInterface = "eno1";
+
+  # The unique disk identifier where grub should be installed.  This should
+  # probably be sda.  You can find this value by looking for the
+  # wwn-... symlink to sda in /dev/disk/by-id/.  For example:
+  #
+  # $ ls -l /dev/disk/by-id/
+  # lrwxrwxrwx 1 root root  9 Aug 29 08:09 wwn-0x5002538d414bf195 -> ../../sda
+  #
+  # Be sure to pick the disk identifier and not the identifier of one of the
+  # partitions!
+  grubDeviceID = "wwn-0x5000c500936410b9";
+
+  # This is whatever ssh public key is appropriate at the time.  I'm leaving
+  # mine here for now.
+  rootPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4GenAY/YLGuf1WoMXyyVa3S9i4JLQ0AG+pt7nvcLlQ exarkun@baryon";
+
+  # Stop!  I hope you're done when you get here.  If you have to modify
+  # anything below this point the expression should probably be refactored and
+  # another variable added controlling whatever new thing you need to control.
+  # Open an issue: https://github.com/PrivateStorageio/PrivateStorageio/issues/new
+in
+# Define a function that ignores all its arguments.  We don't need any of them
+# for now.
+{ ... }:
+{
+  # Load the hardware configuration for this host.  This is generated by
+  # nixos-generate-config on the target host.  There is no such file checked
+  # in to the repository because it necessarily varies from host to host.  For
+  # example, it includes the disk id of the root partition.  We just rely on
+  # the tool to generate the correct configuration and then we load it from
+  # here.
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Configure the bootloader how we like.
+  boot.loader.timeout = 1;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/disk/by-id/${grubDeviceID}";
+
+  # Let me in to do subsequent configuration.  This makes the machine wide
+  # open.  We might consider locking this down a bit more.  For example, we
+  # should only need SSH access for the next step.  However, there's basically
+  # nothing else on the system right now so it's not an extreme risk to just
+  # turn off the firewall.  Initially this was the approach to make sure I
+  # wouldn't get locked out of a system working perfectly well but with an
+  # overly restrictive firewall (since that case basically makes the machine a
+  # brick to me).
+  networking.firewall.enable = false;
+
+  # Also, turn on the OpenSSH server so I (morph, really) can log in and make
+  # further changes.
+  services.openssh.enable = true;
+
+  # Grant root access to the holder of the configured key.  We don't bother
+  # setting a password because keys are better.  We also don't configure any
+  # additional users because that will happen later.
+  users.users.root.openssh.authorizedKeys.keys = [
+    rootPublicKey
+  ];
+
+  # Provide the static network configuration.  100TB doesn't use DHCP so turn
+  # off our client.
+  networking.dhcpcd.enable = false;
+
+  # Put the configured address on the configured interface.
+  networking.interfaces = {
+    "${interface}".ipv4.addresses = [
+      { address = publicIPv4; inherit prefixLength; }
+    ];
+  };
+  # And set up the configured route as the default.
+  networking.defaultGateway = {
+    address = gateway;
+    interface = gatewayInterface;
+  };
+  # I don't know if 100TB provides nameservers but these are pretty safe in
+  # general.  This may not be strictly required to get the NixOS install
+  # bootable but a lot of tools have a dependency on being able to resolve
+  # names (for example, the Nix system configuration tool).
+  networking.nameservers = [
+    "4.2.2.1"
+    "8.8.8.8"
+  ];
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "19.03"; # Did you read the comment?
+}
diff --git a/morph/bootstrap-staging.nix b/morph/bootstrap-staging.nix
deleted file mode 100644
index 1724e51b0b2832abc3f9277aa5c5b16114c7b64a..0000000000000000000000000000000000000000
--- a/morph/bootstrap-staging.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-# This is a customized configuration that can be edited slightly and then
-# dropped on a 100TB machine that is being crossgraded to NixOS.
-{ config, pkgs, ... }:
-let
-  # Make all these correct.
-  interface = "eno1";
-  publicIPv4 = "69.36.183.24";
-  prefixLength = 24;
-  gateway = "69.36.183.1";
-  gatewayInterface = "eno1";
-  grubDeviceID = "wwn-0x5000c500936410b9";
-  rootPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4GenAY/YLGuf1WoMXyyVa3S9i4JLQ0AG+pt7nvcLlQ exarkun@baryon";
-in {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
-
-  boot.loader.timeout = 1;
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/disk/by-id/${grubDeviceID}";
-
-  # Let me in to do subsequent configuration.
-  networking.firewall.enable = false;
-  services.openssh.enable = true;
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    rootPublicKey
-  ];
-
-  # Provide the static network configuration.
-  networking.dhcpcd.enable = false;
-  networking.interfaces = {
-    "${interface}".ipv4.addresses = [
-      { address = publicIPv4; inherit prefixLength; }
-    ];
-  };
-  networking.defaultGateway = {
-    address = gateway;
-    interface = gatewayInterface;
-  };
-  networking.nameservers = [
-    "4.2.2.1"
-    "8.8.8.8"
-  ];
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "19.03"; # Did you read the comment?
-}