diff --git a/morph/grid/local/Vagrantfile b/morph/grid/local/Vagrantfile
index 64d4aec5aadc67e48c91cb0b8154b1107c23f1bb..96946e530b313004357f02c3c0737d33f689a33c 100644
--- a/morph/grid/local/Vagrantfile
+++ b/morph/grid/local/Vagrantfile
@@ -60,7 +60,7 @@ Vagrant.configure("2") do |config|
   end
 
   # To make the VMs assign the static IPs to the network interfaces we need a rebuild:
-  config.vm.provision "shell", inline: "echo '{nix.trustedUsers = [ \"@wheel\" \"root\" \"vagrant\" ];}' > /etc/nixos/custom-configuration.nix"
+  config.vm.provision "shell", inline: "echo '{nix.settings.trusted-users = [ \"@wheel\" \"root\" \"vagrant\" ];}' > /etc/nixos/custom-configuration.nix"
   config.vm.provision "shell", inline: "nixos-rebuild switch"
 
   config.trigger.after :up do |trigger|
diff --git a/morph/lib/hardware-vagrant.nix b/morph/lib/hardware-vagrant.nix
index 6c41af4923861e89d144303d129d7babde494363..fba9353105463deed962c44b7cae1bcf936d68f0 100644
--- a/morph/lib/hardware-vagrant.nix
+++ b/morph/lib/hardware-vagrant.nix
@@ -52,6 +52,6 @@
       };
 
     # We want to push packages with morph without having to sign them
-    nix.trustedUsers = [ "@wheel" "root" "vagrant" ];
+    nix.settings.trusted-users = [ "@wheel" "root" "vagrant" ];
   };
 }
diff --git a/nixos/modules/deployment.nix b/nixos/modules/deployment.nix
index 41381ce5d33e62f4e569b87709d591f3586804df..cbc8766e884be491e0425bce0f1fc3765fb15295 100755
--- a/nixos/modules/deployment.nix
+++ b/nixos/modules/deployment.nix
@@ -36,10 +36,10 @@ in {
     # Configure the system to use our binary cache so that deployment updates
     # only require downloading pre-built software, not building it ourselves.
     nix = {
-      binaryCachePublicKeys = [
+      settings.trusted-public-keys = [
         "saxtons.private.storage:MplOcEH8G/6mRlhlKkbA8GdeFR3dhCFsSszrspE/ZwY="
       ];
-      binaryCaches = [
+      settings.substituters = [
         "http://saxtons.private.storage"
       ];
     };
diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 375f064c63c65b1b0b0c5fa94a121a4d68bba781..5537850b4dfc72038d8ba75f92881dd4762b222c 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -254,7 +254,7 @@ in {
     ];
 
     # NGINX reverse proxy
-    security.acme.email = cfg.letsEncryptAdminEmail;
+    security.acme.defaults.email = cfg.letsEncryptAdminEmail;
     security.acme.acceptTerms = true;
     services.nginx = {
       enable = true;
diff --git a/nixos/modules/ssh.nix b/nixos/modules/ssh.nix
index 8d5d5766ae3b30c4801b6ce200fa58c1460f6ca7..d872d1118b7d12c05344cbeadc3d11a5096c6bd0 100644
--- a/nixos/modules/ssh.nix
+++ b/nixos/modules/ssh.nix
@@ -29,7 +29,7 @@
       allowSFTP = false;
 
       # We only allow key-based authentication.
-      challengeResponseAuthentication = false;
+      kbdInteractiveAuthentication = false;
       passwordAuthentication = false;
 
       extraConfig = ''