diff --git a/morph/grid/production/storage001-hardware.nix b/morph/grid/production/storage001-hardware.nix
index 4cd9f59b76dd77b6e6e85709b3fbee771677b641..b2ca97c1db1b9721b93f2662d6e8d34189d5a0ab 100644
--- a/morph/grid/production/storage001-hardware.nix
+++ b/morph/grid/production/storage001-hardware.nix
@@ -12,6 +12,7 @@
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/f72c1f46-6723-45bf-9ef7-92f31cc37589";
@@ -30,9 +31,12 @@
       fsType = "zfs";
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/f986a811-4912-4e9a-8bc3-01cb6926c4c6"; }
-    ];
+  swapDevices = [ {
+    device = "/var/swapfile";
+    size = 8192; # megabytes
+    randomEncryption = true;
+  } ];
+
 
   nix.maxJobs = lib.mkDefault 24;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/production/storage002-hardware.nix b/morph/grid/production/storage002-hardware.nix
index 4fc3a4097e05ec8c38c86db6bfce92e2a1af6f35..2f354ad29930f048f7eb20b54a1504ed87db85a1 100644
--- a/morph/grid/production/storage002-hardware.nix
+++ b/morph/grid/production/storage002-hardware.nix
@@ -12,6 +12,7 @@
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/0e92ada9-effb-42e2-a26a-9cdb529bcdc7";
@@ -30,9 +31,11 @@
       fsType = "ext4";
     };
 
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/f762b5e2-bbdd-4a02-bbd9-0bf6b11e0ab5"; }
-    ];
+  swapDevices = [ {
+    device = "/var/swapfile";
+    size = 8192; # megabytes
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 24;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/production/storage003-hardware.nix b/morph/grid/production/storage003-hardware.nix
index 9882f5372cecd52794e1500bdef30e367008496e..d8ffe5d59fb39ba4a9c6b1b73313f199a2ed980b 100644
--- a/morph/grid/production/storage003-hardware.nix
+++ b/morph/grid/production/storage003-hardware.nix
@@ -13,6 +13,7 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
   boot.supportedFilesystems = [ "zfs" ];
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/240fc1f6-cd55-48a3-ac80-5b3550a32ef5";
@@ -31,7 +32,11 @@
       fsType = "zfs";
     };
 
-  swapDevices = [ ];
+  swapDevices = [ {
+    device = "/var/swapfile";
+    size = 8192; # megabytes
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 24;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/production/storage004-hardware.nix b/morph/grid/production/storage004-hardware.nix
index 07de74e20ef58ab474b02248bcb6eed6189e1079..1fe78a76e813605d8e181d5a858062f77114ba38 100644
--- a/morph/grid/production/storage004-hardware.nix
+++ b/morph/grid/production/storage004-hardware.nix
@@ -12,6 +12,7 @@
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/d628122e-05d9-4212-b6a5-4b9516d85dbe";
@@ -25,7 +26,11 @@
       fsType = "zfs";
     };
 
-  swapDevices = [ ];
+  swapDevices = [ {
+    device = "/var/swapfile";
+    size = 8192; # megabytes
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 32;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/production/storage005-hardware.nix b/morph/grid/production/storage005-hardware.nix
index 9a5ad02725e30b00619978035772d60bec9fcb8a..e8f7b6391b4cb1c8d3e6059c1fd09512a0cc370b 100644
--- a/morph/grid/production/storage005-hardware.nix
+++ b/morph/grid/production/storage005-hardware.nix
@@ -12,6 +12,7 @@
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
 
   fileSystems."/" =
     { device = "/dev/disk/by-uuid/2653c6bb-396f-4911-b9ff-b68de8f9715d";
@@ -30,7 +31,11 @@
     fsType = "zfs";
   };
 
-  swapDevices = [ ];
+  swapDevices = [ {
+    device = "/var/swapfile";
+    size = 8192; # megabytes
+    randomEncryption = true;
+  } ];
 
   nix.maxJobs = lib.mkDefault 32;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/morph/grid/testing/testing001-hardware.nix b/morph/grid/testing/testing001-hardware.nix
index 958a247862a7e4bb2581e7d1bb85cc0f85f3ea24..dd2f9733796875bb9d8a549538cba5743a8727a3 100644
--- a/morph/grid/testing/testing001-hardware.nix
+++ b/morph/grid/testing/testing001-hardware.nix
@@ -1,6 +1,13 @@
 {
   imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
   ec2.hvm = true;
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
+  swapDevices = [ {
+    device = "/var/swapfile";
+    size = 8192; # megabytes
+    randomEncryption = true;
+  } ];
+
 
   boot.supportedFilesystems = [ "zfs" ];
   networking.hostId = "10000000";
diff --git a/morph/lib/hardware-virtual.nix b/morph/lib/hardware-virtual.nix
index d5e9067bd5f3b3ca2ea1bb46746253fa39b25cf6..cf1582792bff77c491210ee5e91f99bfbffbf9f3 100644
--- a/morph/lib/hardware-virtual.nix
+++ b/morph/lib/hardware-virtual.nix
@@ -11,6 +11,7 @@
 
   boot.initrd.availableKernelModules = [ "ata_piix" "sd_mod" "sr_mod" ];
   boot.initrd.kernelModules = [ ];
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
@@ -33,4 +34,3 @@
   # We want to push packages with morph without having to sign them
   nix.trustedUsers = [ "@wheel" "root" "vagrant" ];
 }
-
diff --git a/morph/lib/issuer-aws.nix b/morph/lib/issuer-aws.nix
index b4d4757ad5597b69363ef12e4297aec80913f00e..3febd796b3eceb5a2da73e4874d52d50767da947 100644
--- a/morph/lib/issuer-aws.nix
+++ b/morph/lib/issuer-aws.nix
@@ -1,4 +1,15 @@
-{
+{ lib, ... }: {
   imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
+
+  # amazon-image.nix isn't quite aware of nvme-attached storage so give it a
+  # little help configuring grub.
+  boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
+
   ec2.hvm = true;
+  boot.kernel.sysctl = { "vm.swappiness" = 0; };
+  swapDevices = [ {
+    device = "/var/swapfile";
+    size = 8192; # megabytes
+    randomEncryption = true;
+  } ];
 }