diff --git a/configs/nixos/plover/default.nix b/configs/nixos/plover/default.nix
index cd797613..e18c22e2 100644
--- a/configs/nixos/plover/default.nix
+++ b/configs/nixos/plover/default.nix
@@ -30,13 +30,11 @@
     monitoring.enable = true;
     reverse-proxy.enable = true;
     fail2ban.enable = true;
-
-    # The self-hosted services.
     grafana.enable = true;
   };
 
   # We're using our own VPN configuration for this one.
-  suites.vpn.enable = true;
+  suites.vpn.personal.enable = true;
 
   state.network = rec {
     ipv4 = "135.181.26.192";
@@ -115,8 +113,5 @@
     type = "ed25519";
   }];
 
-  # Make Nix experimental.
-  nix.package = pkgs.nixUnstable;
-
-  system.stateVersion = "23.05";
+  system.stateVersion = "24.11";
 }
diff --git a/configs/nixos/plover/modules/services/dns-server/default.nix b/configs/nixos/plover/modules/services/dns-server/default.nix
index 8c2bc4f4..2dac7d4c 100644
--- a/configs/nixos/plover/modules/services/dns-server/default.nix
+++ b/configs/nixos/plover/modules/services/dns-server/default.nix
@@ -13,13 +13,13 @@ let
   getZoneFile = domain: "${zonesDir}/${domain}.zone";
 
   zonefile = pkgs.substituteAll {
-    src = ../setups/dns/zones/${domain}.zone;
+    src = ./zones/${domain}.zone;
     ploverWANIPv4 = config.state.network.ipv4;
     ploverWANIPv6 = config.state.network.ipv6;
   };
 
   fqdnZone = pkgs.substituteAll {
-    src = ../setups/dns/zones/${fqdn}.zone;
+    src = ./zones/${fqdn}.zone;
     ploverWANIPv4 = config.state.network.ipv4;
     ploverWANIPv6 = config.state.network.ipv6;
   };
@@ -280,7 +280,7 @@ in
       security.dhparams.params.bind.bits = 4096;
     }
 
-    (lib.mkIf hostCfg.setups.monitoring.enable {
+    (lib.mkIf hostCfg.services.monitoring.enable {
       state.ports.bindStatistics.value = 9423;
 
       services.bind.extraConfig = ''
diff --git a/configs/nixos/plover/modules/services/gitea.nix b/configs/nixos/plover/modules/services/gitea.nix
index aa82e68f..c7a5c844 100644
--- a/configs/nixos/plover/modules/services/gitea.nix
+++ b/configs/nixos/plover/modules/services/gitea.nix
@@ -153,12 +153,11 @@ in
       # the PostgreSQL documentation at
       # https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS.
       services.postgresql = {
-        ensureUsers = [{
+        ensureDatabases = [ config.services.gitea.user ];
+        ensureUsers = lib.singleton {
           name = config.services.gitea.user;
-          ensurePermissions = {
-            "SCHEMA ${config.services.gitea.user}" = "ALL PRIVILEGES";
-          };
-        }];
+          ensureDBOwnership = true;
+        };
       };
 
       # Setting up Gitea for PostgreSQL secure schema usage.
diff --git a/configs/nixos/plover/modules/services/grafana.nix b/configs/nixos/plover/modules/services/grafana.nix
index 39c642ab..284207d7 100644
--- a/configs/nixos/plover/modules/services/grafana.nix
+++ b/configs/nixos/plover/modules/services/grafana.nix
@@ -155,13 +155,10 @@ in
       # Setting up PostgreSQL with secure schema.
       services.postgresql = {
         ensureDatabases = [ grafanaDatabaseName ];
-        ensureUsers = [{
+        ensureUsers = lib.singleton {
           name = grafanaDatabaseName;
-          ensurePermissions = {
-            "DATABASE ${grafanaDatabaseName}" = "ALL PRIVILEGES";
-            "SCHEMA ${grafanaDatabaseUser}" = "ALL PRIVILEGES";
-          };
-        }];
+          ensureDBOwnership = true;
+        };
       };
     })
 
diff --git a/configs/nixos/plover/modules/services/idm.nix b/configs/nixos/plover/modules/services/idm.nix
index da06cbc1..e050f1cc 100644
--- a/configs/nixos/plover/modules/services/idm.nix
+++ b/configs/nixos/plover/modules/services/idm.nix
@@ -9,7 +9,7 @@ let
 
   certsDir = config.security.acme.certs."${authDomain}".directory;
 
-  backupsDir = "/var/lib/kanidm/backups";
+  backupsDir = "${config.state.paths.dataDir}/kanidm/backups";
 in
 {
   options.hosts.plover.services.idm.enable = lib.mkEnableOption "preferred IDM server";
diff --git a/configs/nixos/plover/modules/services/vaultwarden.nix b/configs/nixos/plover/modules/services/vaultwarden.nix
index 9f7849ff..a7e38271 100644
--- a/configs/nixos/plover/modules/services/vaultwarden.nix
+++ b/configs/nixos/plover/modules/services/vaultwarden.nix
@@ -120,13 +120,10 @@ in
 
       services.postgresql = {
         ensureDatabases = [ vaultwardenDbName ];
-        ensureUsers = [{
+        ensureUsers = lib.singleton {
           name = vaultwardenUser;
-          ensurePermissions = {
-            "DATABASE ${vaultwardenDbName}" = "ALL PRIVILEGES";
-            "SCHEMA ${vaultwardenDbName}" = "ALL PRIVILEGES";
-          };
-        }];
+          ensureDBOwnership = true;
+        };
       };
 
       systemd.services.vaultwarden = {