diff --git a/bin/install b/bin/install
index fc19083ca44b2fca43c485425d3a22865847784b..1de1bd7e5d7abddc150c9501c599b57b9a484d18 100755
--- a/bin/install
+++ b/bin/install
@@ -33,6 +33,7 @@ hostname="$2"
 
 
 nixos_system_file=$MACHINES_PATH/nixos.nix
+installation_tools=$DOTFILES_PATH/bin/lib/installation.nix
 
 # This script cannot run without the nixos configuration entry point
 if [[ ! -f "$nixos_system_file" ]]
@@ -46,7 +47,7 @@ local_temp_dir=$(mktemp --tmpdir --directory install-via.XXXXXXXXXX)
 trap "rm -rf $local_temp_dir" EXIT INT HUP TERM
 
 # Pre-build installation helper
-nix build --file $DOTFILES_PATH/bin/lib/format.nix --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --out-link "$local_temp_dir/format_$hostname"
+nix build --file $installation_tools format --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --out-link "$local_temp_dir/format_$hostname"
 
 if ! ssh -o VisualHostKey=yes root@$via_host true
 then
@@ -60,23 +61,15 @@ then
   exit 1
 fi
 
+# Generate config file
 local_config_file=$local_temp_dir/config
+nix run --file $installation_tools configure --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --command "configure_$hostname" > $local_config_file
 
-# Prepare config
-#luks_key=$(pass hosts/$hostname/luks)
-luks_key=""
-> $local_config_file <<EOF
-{
-  "blockDevice": null,
-  "luksKey": "$luks_key"
-}
-EOF
-luks_key=""
-
-nix copy --file $DOTFILES_PATH/bin/lib/format.nix --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --to ssh://root@$via_host
+# Copy 'format' binary to target host
+nix copy --file $installation_tools format --argstr hostname "$hostname" --arg template "(import $MACHINES_PATH).machineTemplates.$hostname" --to ssh://root@$via_host
 
 remote_temp_dir=$(ssh root@$via_host mktemp --tmpdir --directory install-via.XXXXXXXXXX)
-# copy install-helper and config
+# Copy install-helper and config
 scp -r $local_temp_dir/* root@$via_host:$remote_temp_dir/
 scp $DOTFILES_PATH/bin/message root@$via_host:$remote_temp_dir/
 
@@ -86,7 +79,6 @@ ssh root@$via_host "$remote_temp_dir/message" &
 ssh -t root@$via_host "$remote_temp_dir/format_$hostname/bin/format_$hostname" "$remote_temp_dir/config" "$remote_temp_dir/output.json"
 scp "root@$via_host:$remote_temp_dir/output.json" "$MACHINES_PATH/machines/$hostname/install-result.json"
 
-# TODO: ensure the working directory is set correctly
 print_info "Gathering hardware information..."
 scp root@$via_host:/mnt/etc/nixos/hardware-configuration.nix "$MACHINES_PATH/machines/$hostname/"
 
@@ -97,7 +89,6 @@ print_info "Deploying target system configuration..."
 nix copy --file "$nixos_system_file" --argstr hostname "$hostname" --to ssh://root@$via_host
 nixos_config_path=$(realpath "$local_temp_dir/nixos-config-$hostname")
 
-# TODO: merge commands
 ssh root@$via_host "nixos-install --system $nixos_config_path && sync"
 ssh root@$via_host mkdir --mode u=rwx,g=,o= --parents /mnt/secrets/passwords
 
diff --git a/bin/lib/format.nix b/bin/lib/installation.nix
similarity index 94%
rename from bin/lib/format.nix
rename to bin/lib/installation.nix
index 61a5d27041f45b7c96d52d04a5653fcdc055639c..2db585722a8b6d32aef0779089b3da9b7729d0ef 100644
--- a/bin/lib/format.nix
+++ b/bin/lib/installation.nix
@@ -34,6 +34,23 @@ in
 assert (typeOf luks) == "bool";
 assert (typeOf swap) == "string";
 {
+  configure = writeScriptBin "configure_${hostname}" ''
+    #!${zsh-bin}
+    set -e
+    set -u
+    set -o pipefail
+
+    # Generate config
+    <<EOF
+    {
+      "blockDevice": null
+      ${if luks then ''
+        ,"luksKey": "$(pass hosts/$hostname/luks)"
+      '' else ""}
+    }
+    EOF
+    luks_key=""
+  '';
   format = writeScriptBin "format_${hostname}" ''
     #!${zsh-bin}
     set -e
@@ -78,12 +95,6 @@ assert (typeOf swap) == "string";
       block_device=$(${lsblk-bin} --nodeps --output PATH,NAME,SIZE,TYPE,MODEL,VENDOR | ${fzf-bin} --layout=reverse --header-lines=1 --nth=1 | awk '{print $1;}')
     fi
 
-    ${if luks then ''
-      luks_keyfile=$temp_dir/luksKey
-      luks_key=$(${jq-bin} -e --raw-output .luksKey $config_file)
-      print -n "$luks_key" > $luks_keyfile
-    '' else "" }
-
     if [ ! -b "$block_device" ]
     then
       print_info "error: $block_device is not a block device."
@@ -171,6 +182,10 @@ assert (typeOf swap) == "string";
     ${mkfs-fat-bin} -F32 -n ESP "$esp_partition"
 
     ${if luks then ''
+      luks_keyfile=$temp_dir/luksKey
+      luks_key=$(${jq-bin} -e --raw-output .luksKey $config_file)
+      print -n "$luks_key" > $luks_keyfile
+
       ${cryptsetup-bin} --batch-mode --key-file $luks_keyfile luksFormat --type luks2 $luks_partition
 
       luks_partition_uuid=$(${blkid-bin} --match-tag UUID --output value $luks_partition)
@@ -212,13 +227,13 @@ assert (typeOf swap) == "string";
     mount_point=/mnt
 
     # Create subvolumes
-    ${mount-bin} -o noatime,compress=zstd:1 $root_partition $mount_point
+    ${mount-bin} -o noatime,compress=zstd $root_partition $mount_point
     ${btrfs-bin} subvolume create $mount_point/${hostname}
     ${btrfs-bin} subvolume create $mount_point/${hostname}/nix
     ${umount-bin} $mount_point
 
     # Remount
-    ${mount-bin} -o subvol=/${hostname},noatime,compress=zstd:1 $root_partition $mount_point
+    ${mount-bin} -o subvol=/${hostname},noatime,compress=zstd $root_partition $mount_point
 
     mkdir -p $mount_point/boot
     ${mount-bin} -o noatime $esp_partition $mount_point/boot