diff --git a/.ci/build_release.sh b/.ci/build_release.sh
deleted file mode 100755
index a17402632..000000000
--- a/.ci/build_release.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-od=$(pwd)
-mix local.hex --force && mix local.rebar --force
-mix do deps.get, deps.compile
-cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
-cd $od
-npm run --prefix apps/cf_http/assets deploy
-cd apps/cf_http
-mix phx.digest
-cd $od
-mix release --overwrite --force
diff --git a/.ci/build_ubuntu_18.04.sh b/.ci/build_ubuntu_18.04.sh
new file mode 100755
index 000000000..519992384
--- /dev/null
+++ b/.ci/build_ubuntu_18.04.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -e
+
+OS="ubuntu_18.04"
+ARCH=${MATRIX_ARCH:-`uname -m`}
+PKG_DIR="${OS}_${ARCH}"
+PKG_FILE="${PKG_DIR}.deb"
+IMAGE="${OS}_${ARCH}:latest"
+
+docker build \
+  -t $IMAGE \
+  -f pkg/Dockerfile.$OS \
+  --platform linux/$ARCH \
+  --build-arg PKG_DIR=$PKG_DIR \
+  --progress plain \
+  .
+
+CID=$(docker create $IMAGE)
+mkdir -p _build
+docker cp $CID:/build/pkg/$PKG_FILE ./_build/cloudfire_$PKG_FILE
diff --git a/.ci/build_ubuntu_20.04.sh b/.ci/build_ubuntu_20.04.sh
new file mode 100755
index 000000000..e702ea62b
--- /dev/null
+++ b/.ci/build_ubuntu_20.04.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -e
+
+OS="ubuntu_20.04"
+ARCH=${MATRIX_ARCH:-`uname -m`}
+PKG_DIR="${OS}_${ARCH}"
+PKG_FILE="${PKG_DIR}.deb"
+IMAGE="${OS}_${ARCH}:latest"
+
+docker build \
+  -t $IMAGE \
+  -f pkg/Dockerfile.$OS \
+  --platform linux/$ARCH \
+  --build-arg PKG_DIR=$PKG_DIR \
+  --progress plain \
+  .
+
+CID=$(docker create $IMAGE)
+mkdir -p _build
+docker cp $CID:/build/pkg/$PKG_FILE ./_build/cloudfire_$PKG_FILE
diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh
index 2f3263de6..5039d4c4e 100755
--- a/.ci/functional_test.sh
+++ b/.ci/functional_test.sh
@@ -1,27 +1,24 @@
 #!/usr/bin/env bash
-set -e
+set -x
 
-chmod +x cloudfire
+sudo apt-get update
+sudo apt-get install -y -q postgresql \
+  wireguard iptables net-tools curl ca-certificates
+sudo systemctl start postgresql
+sudo dpkg -i *.deb
 
-# Needed because binaries built with Bakeware assume directory exists
-mkdir $HOME/.cache
-
-echo "Initializing default config..."
-curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/${GITHUB_SHA}/scripts/init_config.sh | bash -
-
-# Create DB
-export PGPASSWORD=postgres # used by psql
-sudo -E -u postgres psql -d postgres -h localhost -c "CREATE DATABASE cloudfire;"
-
-# Start by running migrations always
-./cloudfire eval "CfHttp.Release.migrate"
-
-# Start in the background
-./cloudfire &
+echo "Enabling service..."
+sudo systemctl start cloudfire
 
 # Wait for app to start
 sleep 10
 
+echo "Service status..."
+sudo systemctl status cloudfire.service
+
+echo "Printing service logs..."
+sudo journalctl -u cloudfire.service
+
 echo "Trying to load homepage..."
 curl -i -vvv -k https://$(hostname):8800/
 
diff --git a/.ci/install_runtimes.sh b/.ci/install_runtimes.sh
index b23e72732..7f9a24abb 100755
--- a/.ci/install_runtimes.sh
+++ b/.ci/install_runtimes.sh
@@ -3,9 +3,9 @@ set -e
 
 os_name='ubuntu~bionic'
 
-curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~${os_name}_${arch}.deb
+curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~${os_name}_${MATRIX_ARCH}.deb
 curl -O https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.12.0-1~${os_name}_all.deb
 gdebi --non-interactive *.deb
 
 curl -sL https://deb.nodesource.com/setup_14.x | bash -
-apt-get install -y -q gcc g++ make nodejs cargo
+apt-get install -y -q gcc g++ make nodejs
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2ca039bf1..ab549e2a7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,10 +13,18 @@ jobs:
       POSTGRES_HOST: localhost
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       MATRIX_OS: ubuntu-18.04
-      arch: amd64
+      MATRIX_ARCH: amd64
+    strategy:
+      matrix:
+        postgres:
+          - postgres:9.6
+          - postgres:10
+          - postgres:11
+          - postgres:12
+          - postgres:13
     services:
       postgres:
-        image: postgres:13
+        image: ${{ matrix.postgres }}
         ports:
           - 5432:5432
         env:
@@ -56,123 +64,144 @@ jobs:
           name: test screenshots
           path: apps/cf_http/screenshots
 
-  build-linux:
+  build:
     needs: unit-integration-test
-    runs-on: ubuntu-18.04
-    name: Build on {{ matrix.arch }}
+    runs-on: ubuntu-20.04
+    name: Build
     env:
-      arch: ${{ matrix.arch }}
+      MATRIX_ARCH: ${{ matrix.arch }}
+      MATRIX_OS: ${{ matrix.os }}
       MIX_ENV: prod
     strategy:
       matrix:
+        os:
+          # - amazonlinux_2
+          # - debian_10
+          - ubuntu_18.04
+          - ubuntu_20.04
+          # - redhat_7
+          # - redhat_8
+          # - centos_7
+          # - centos_8
         include:
           - arch: amd64
-          - arch: arm64
+          # XXX: This currently takes upwards of 10 minutes or more. Disabling for now
+          # - arch: arm64
     steps:
       - uses: actions/checkout@v2
+      - uses: satackey/action-docker-layer-caching@v0.0.11
+        continue-on-error: false
+        with:
+          key: docker-cache-${{ matrix.os }}-${{ matrix.arch }}-${{ github.sha }}
+          restore-keys: |
+            docker-cache-${{ matrix.os }}-${{ matrix.arch }}-
 
       # amd64 build
       - if: ${{ matrix.arch == 'amd64' }}
-        run: |
-          sudo apt-get install -q -y zstd gdebi
-          sudo -E bash -c '.ci/install_runtimes.sh'
-          sudo -E bash -c '.ci/build_release.sh'
+        run: .ci/build_${{ matrix.os }}.sh
 
       # arm64 build
-      # XXX: This currently takes upwards of 10 minutes or more. Disabling for
-      # now.
-      # - uses: uraimo/run-on-arch-action@v2.0.10
-      #   if: ${{ matrix.arch == 'arm64' }}
-      #   name: Run on arm64
-      #   with:
-      #     arch: aarch64
-      #     install: |
-      #       # No obvious way to load a script file here, so needs inlining :-(
-      #       apt-get update -q -y
-      #       apt-get install -q -y gcc g++ make curl gdebi zstd
-      #
-      #       curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb
-      #       curl -O https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.12.0-1~ubuntu~bionic_all.deb
-      #       gdebi --non-interactive esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb
-      #       gdebi --non-interactive elixir_1.12.0-1~ubuntu~bionic_all.deb
-      #
-      #       curl -sL https://deb.nodesource.com/setup_14.x | bash -
-      #       apt-get install -y -q nodejs
-      #     dockerRunArgs: |
-      #       --volume "${PWD}:/app"
-      #     distro: ubuntu18.04
-      #     env: |
-      #       arch: arm64
-      #     githubToken: ${{ github.token }}
-      #     run: |
-      #       cd /app
-      #       bash -c '.ci/build_release.sh'
+      - uses: uraimo/run-on-arch-action@v2.0.10
+        if: ${{ matrix.arch == 'arm64' }}
+        with:
+          arch: aarch64
+          install: |
+            # No obvious way to load a script file here, so needs inlining :-(
+            apt-get update -q -y
+            apt-get install -q -y gcc g++ make curl gdebi zstd
+
+            curl -O https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb
+            curl -O https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.12.0-1~ubuntu~bionic_all.deb
+            gdebi --non-interactive esl-erlang_24.0.2-1~ubuntu~bionic_arm64.deb
+            gdebi --non-interactive elixir_1.12.0-1~ubuntu~bionic_all.deb
+
+            curl -sL https://deb.nodesource.com/setup_14.x | bash -
+            apt-get install -y -q nodejs
+          dockerRunArgs: |
+            --volume "${PWD}:/app"
+          distro: ubuntu18.04
+          env: |
+            arch: arm64
+          githubToken: ${{ github.token }}
+          run: |
+            cd /app
+            bash -c '.ci/build_release.sh'
 
       - uses: actions/upload-artifact@v2
         with:
-          name: cloudfire-${{ matrix.arch }}
-          path: _build/prod/rel/bakeware/cloudfire
+          name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb
+          path: _build/cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb
 
   functional-test:
-    needs: build-linux
-    runs-on: ${{ matrix.os }}
+    needs: build
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
-        os: [ubuntu-18.04]
+        os:
+          # - amazonlinux_2
+          # - debian_10
+          - ubuntu_18.04
+          - ubuntu_20.04
+          # - redhat_7
+          # - redhat_8
+          # - centos_7
+          # - centos_8
+        include:
+          - arch: amd64
+          # - arch: arm64
     env:
       MATRIX_OS: ${{ matrix.os }}
-    services:
-      postgres:
-        image: postgres:13
-        ports:
-          - 5432:5432
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
+      MATRIX_ARCH: ${{ matrix.arch }}
+      DEBIAN_FRONTEND: noninteractive
     steps:
       - uses: actions/checkout@v2
       - uses: actions/download-artifact@v2
         with:
-          name: cloudfire-amd64
-      - run: sudo apt-get install -q -y wireguard
+          name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb
+          path: ./
       - name: Test Install package
-        env:
-          DEBIAN_FRONTEND: noninteractive
         run: .ci/functional_test.sh
-  #
-  # publish:
-  #   needs: functional-test
-  #   runs-on: ${{ matrix.os }}
-  #   strategy:
-  #     matrix:
-  #       os: [ubuntu-20.04]
-  #   if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
-  #   steps:
-  #     - name: Create Release
-  #       id: create_release
-  #       uses: actions/create-release@v1
-  #       env:
-  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #       with:
-  #         tag_name: ${{ github.ref }}
-  #         release_name: Release ${{ github.ref }}
-  #         draft: false
-  #         prerelease: true
-  #     - uses: actions/download-artifact@v2
-  #       with:
-  #         name: cloudfire-deb
-  #     - name: Upload Release Asset
-  #       id: upload-release-asset
-  #       uses: actions/upload-release-asset@v1
-  #       env:
-  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #       with:
-  #         upload_url: ${{ steps.create_release.outputs.upload_url }}
-  #         asset_path: ./cloudfire_${{ github.sha }}-1_${{ matrix.os }}_amd64.deb
-  #         asset_name: cloudfire_${{ matrix.os }}_amd64.deb
-  #         asset_content_type: application/vnd.debian.binary-package
+
+  publish:
+    needs: functional-test
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        os:
+          # - amazonlinux_2
+          # - debian_10
+          - ubuntu_18.04
+          - ubuntu_20.04
+          # - redhat_7
+          # - redhat_8
+          # - centos_7
+          # - centos_8
+        include:
+          - arch: amd64
+            # - arch: arm64
+    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
+    steps:
+      - name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ github.ref }}
+          draft: false
+          prerelease: true
+      - uses: actions/download-artifact@v2
+        with:
+          name: cloudfire_${{ matrix.os }}_${{ matrix.arch }}
+          path: ./
+      - name: Upload Release Asset
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./cloudfire_${{ matrix.os }}_${{ matrix.arch }}.deb
+          asset_name: ${{ matrix.os }}_${{ matrix.arch }}
+          asset_content_type: application/vnd.debian.binary-package
diff --git a/.tool-versions b/.tool-versions
index 7d8c873e8..709b34441 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,4 +1,3 @@
 erlang 24.0.3
-elixir 1.12.1-otp-24
+elixir 1.12.2-otp-24
 nodejs lts
-rust system
diff --git a/README.md b/README.md
index 4d8533dc5..1576cde42 100644
--- a/README.md
+++ b/README.md
@@ -45,22 +45,18 @@ For now, `cloudfire` assumes these apps are all running on the same host.
 Prerequisites:
 
 1. Postgresql Server 9.6 or higher. Access can be configured in
-   `~/.cloudfire/config.json` after installation.
+   `/opt/cloudfire/config.env` after installation.
 2. `wg`, `openssl`, `ip`, and `iptables` must be in your PATH.
 
-Then you can install `cloudfire` with:
-
-`curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/master/scripts/install.sh | bash -`
-
-This will download the `cloudfire` binary, initialize the config directory, and
-print further instructions to the console.
+Then you can install `cloudfire` by [downloading the appropriate package
+from the releases page](https://github.com/CloudFire-LLC/cloudfire/releases).
 
 ## Creating additional admin users
 
 You may create additional admin users with the following command:
 
 ```bash
-cloudfire rpc 'CfHttp.Users.create_user(
+/opt/cloudfire/bin/cloudfire rpc 'CfHttp.Users.create_user(
   email: "USER_EMAIL",
   password: "USER_PASSWORD",
   password_confirmation: "USER_PASSWORD"
diff --git a/apps/cf_common/lib/config_file.ex b/apps/cf_common/lib/config_file.ex
deleted file mode 100644
index 0657a4539..000000000
--- a/apps/cf_common/lib/config_file.ex
+++ /dev/null
@@ -1,26 +0,0 @@
-defmodule CfCommon.ConfigFile do
-  @moduledoc """
-  Common config file operations.
-  """
-
-  def load! do
-    %{} = Jason.decode!(file_module().read!(config_path()))
-  end
-
-  def write!(config) do
-    config_path()
-    |> file_module().write!(Jason.encode!(config), [:write])
-  end
-
-  def exists? do
-    file_module().exists?(config_path())
-  end
-
-  defp config_path do
-    System.fetch_env!("HOME") <> "/.cloudfire/config.json"
-  end
-
-  defp file_module do
-    Application.fetch_env!(:cf_common, :config_file_module)
-  end
-end
diff --git a/apps/cf_common/lib/fake_file.ex b/apps/cf_common/lib/fake_file.ex
deleted file mode 100644
index 3ec88d4bc..000000000
--- a/apps/cf_common/lib/fake_file.ex
+++ /dev/null
@@ -1,23 +0,0 @@
-defmodule CfCommon.FakeFile do
-  @moduledoc """
-  Provides mocked file operations for testing ConfigFile
-  """
-
-  @json ~s({
-    "database_url": "ecto://postgres:postgres@127.0.0.1/cloudfire",
-    "secret_key_base": "fMjyDw9RpP5+f8klEmeEWnBQKd2H7uKH/PQpOTug6vybretclzaE1k4Y3O2Bw8lX",
-    "live_view_signing_salt": "EHcSipS+bFTFYMbFmvVR8lAuwYyfqcTE",
-    "db_encryption_key": "8Wgh3dPubt6q4Y1PlYRuG9v50zQE+QTUzh8mJnkw+jc=",
-    "ssl_cert_file": "$HOME/.cloudfire/ssl/cert.pem",
-    "ssl_key_file": "$HOME/.cloudfire/ssl/key.pem",
-    "url_host": "localhost",
-    "wg_server_key": "KDp9lQ6OAi/VrfgYo5VIAqCJFs1Gs55GZRDoA7W8500=",
-    "https_listen_port": "8800",
-    "https_listen_address": "127.0.0.1",
-    "wg_listen_port": "51820"
-  })
-
-  def read!(_), do: @json
-  def write!(_, _, [:write]), do: :ok
-  def exists?(_), do: true
-end
diff --git a/apps/cf_common/test/config_file_test.exs b/apps/cf_common/test/config_file_test.exs
deleted file mode 100644
index f973a0c27..000000000
--- a/apps/cf_common/test/config_file_test.exs
+++ /dev/null
@@ -1,37 +0,0 @@
-defmodule CfCommon.ConfigFileTest do
-  use ExUnit.Case, async: true
-
-  alias CfCommon.ConfigFile
-
-  @expected_config %{
-    "database_url" => "ecto://postgres:postgres@127.0.0.1/cloudfire",
-    "secret_key_base" => "fMjyDw9RpP5+f8klEmeEWnBQKd2H7uKH/PQpOTug6vybretclzaE1k4Y3O2Bw8lX",
-    "live_view_signing_salt" => "EHcSipS+bFTFYMbFmvVR8lAuwYyfqcTE",
-    "db_encryption_key" => "8Wgh3dPubt6q4Y1PlYRuG9v50zQE+QTUzh8mJnkw+jc=",
-    "ssl_cert_file" => "$HOME/.cloudfire/ssl/cert.pem",
-    "ssl_key_file" => "$HOME/.cloudfire/ssl/key.pem",
-    "url_host" => "localhost",
-    "wg_server_key" => "KDp9lQ6OAi/VrfgYo5VIAqCJFs1Gs55GZRDoA7W8500=",
-    "https_listen_port" => "8800",
-    "https_listen_address" => "127.0.0.1",
-    "wg_listen_port" => "51820"
-  }
-
-  describe "load!" do
-    test "loads stubbed config" do
-      assert ConfigFile.load!() == @expected_config
-    end
-  end
-
-  describe "write!" do
-    test "returns :ok" do
-      assert ConfigFile.write!(@expected_config) == :ok
-    end
-  end
-
-  describe "exists?" do
-    test "returns true" do
-      assert ConfigFile.exists?()
-    end
-  end
-end
diff --git a/apps/cf_http/assets/static/logo.svg b/apps/cf_http/assets/static/logo.svg
index bc06cd0ed..24d14fafc 100644
--- a/apps/cf_http/assets/static/logo.svg
+++ b/apps/cf_http/assets/static/logo.svg
@@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<svg width="468px" height="100px" viewBox="0 0 468 100" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<svg width="418px" height="102px" viewBox="0 0 418 102" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
     <!-- Generator: Sketch 48.2 (47327) - http://www.bohemiancoding.com/sketch -->
-    <title>Slice</title>
+    <title>Group</title>
     <desc>Created with Sketch.</desc>
     <defs></defs>
     <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
         <g id="Group">
-            <text id="CloudFire" font-family="Copperplate" font-size="64" font-weight="normal" fill="#000000">
-                <tspan x="130" y="81">CloudFire</tspan>
+            <text id="FireZone" font-family="Copperplate" font-size="64" font-weight="normal" fill="#000000">
+                <tspan x="130" y="81">FireZone</tspan>
             </text>
             <g id="logo">
                 <path d="M78,0 C106.929245,20.432184 76.9805386,65.7158066 87.5490618,84 C65.8312154,57.5738976 95.4207963,34.8637635 78,0 Z" id="path6" fill="#CF5C00"></path>
diff --git a/apps/cf_vpn/lib/cf_vpn/cli/live.ex b/apps/cf_vpn/lib/cf_vpn/cli/live.ex
index dc05c7d27..924867231 100644
--- a/apps/cf_vpn/lib/cf_vpn/cli/live.ex
+++ b/apps/cf_vpn/lib/cf_vpn/cli/live.ex
@@ -18,7 +18,7 @@ defmodule CfVpn.CLI.Live do
   import CfCommon.CLI
 
   def setup do
-    # create_interface()
+    create_interface()
     setup_iptables()
     up_interface()
   end
@@ -26,7 +26,7 @@ defmodule CfVpn.CLI.Live do
   def teardown do
     down_interface()
     teardown_iptables()
-    # delete_interface()
+    delete_interface()
   end
 
   @doc """
diff --git a/config/releases.exs b/config/releases.exs
index 84d624d9a..b2be8f544 100644
--- a/config/releases.exs
+++ b/config/releases.exs
@@ -3,33 +3,23 @@
 # although such is generally not recommended and you have to
 # remember to add this file to your .gitignore.
 import Config
-alias CfCommon.{CLI, ConfigFile}
-
-unless ConfigFile.exists?() do
-  raise(~s"""
-  Config file ~/.cloudfire/config.json not found. Try initializing a default one with:
-
-  curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/master/scripts/init_config.sh | bash -
-  """)
-end
-
-config_file = ConfigFile.load!()
+alias CfCommon.CLI
 
 # Required environment variables
-database_url = Map.fetch!(config_file, "database_url")
-secret_key_base = Map.fetch!(config_file, "secret_key_base")
-live_view_signing_salt = Map.fetch!(config_file, "live_view_signing_salt")
-ssl_cert_file = Map.fetch!(config_file, "ssl_cert_file")
-ssl_key_file = Map.fetch!(config_file, "ssl_key_file")
+database_url = System.fetch_env!("DATABASE_URL")
+secret_key_base = System.fetch_env!("SECRET_KEY_BASE")
+live_view_signing_salt = System.fetch_env!("LIVE_VIEW_SIGNING_SALT")
+ssl_cert_file = System.fetch_env!("SSL_CERT_FILE")
+ssl_key_file = System.fetch_env!("SSL_KEY_FILE")
 
 disable_signup =
-  case config_file["disable_signup"] do
+  case System.get_env("DISABLE_SIGNUP") do
     d when d in ["1", "yes"] -> true
     _ -> false
   end
 
 ssl_ca_cert_file =
-  case config_file["ssl_ca_cert_file"] do
+  case System.get_env("SSL_CA_CERT_FILE") do
     "" -> nil
     s = _ -> s
   end
@@ -41,10 +31,10 @@ default_egress_address =
 # Optional environment variables
 pool_size = max(:erlang.system_info(:logical_processors_available), 10)
 queue_target = 500
-https_listen_port = String.to_integer(Map.get(config_file, "https_listen_port", "8800"))
-wg_listen_port = Map.get(config_file, "wg_listen_port", "51820")
-wg_endpoint_address = Map.get(config_file, "wg_endpoint_address", default_egress_address)
-url_host = Map.get(config_file, "url_host", "localhost")
+https_listen_port = String.to_integer(System.get_env("HTTPS_LISTEN_PORT", "8800"))
+wg_listen_port = System.get_env("WG_LISTEN_PORT", "51820")
+wg_endpoint_address = System.get_env("WG_ENDPOINT_ADDRESS", default_egress_address)
+url_host = System.get_env("URL_HOST", "localhost")
 
 config :cf_http,
   disable_signup: disable_signup
@@ -76,7 +66,7 @@ config :cf_http, CfHttpWeb.Endpoint,
 
 config :cf_vpn,
   vpn_endpoint: wg_endpoint_address <> ":" <> wg_listen_port,
-  private_key: Map.fetch!(config_file, "wg_server_key") |> String.trim()
+  private_key: File.read!("/opt/cloudfire/server.key") |> String.trim()
 
 # ## Using releases (Elixir v1.9+)
 #
@@ -96,7 +86,7 @@ config :cf_http, CfHttp.Vault,
       #
       # In Cloak 2.0, this will be the default iv length for AES.GCM.
       tag: "AES.GCM.V1",
-      key: Base.decode64!(Map.fetch!(config_file, "db_encryption_key")),
+      key: Base.decode64!(System.fetch_env!("DB_ENCRYPTION_KEY")),
       iv_length: 12
     }
   ]
diff --git a/mix.exs b/mix.exs
index ed1810868..cc6b8c87b 100644
--- a/mix.exs
+++ b/mix.exs
@@ -22,15 +22,13 @@ defmodule CloudfireUmbrella.MixProject do
       default_release: :cloudfire,
       releases: [
         cloudfire: [
-          # Don't seem to be needed for bakeware releases
-          # include_executables_for: [:unix],
+          include_executables_for: [:unix],
           validate_compile_env: false,
           applications: [
             cf_http: :permanent,
             cf_wall: :permanent,
             cf_vpn: :permanent
           ],
-          steps: [:assemble, &Bakeware.assemble/1],
           cookie: System.get_env("ERL_COOKIE")
         ]
       ]
@@ -44,7 +42,6 @@ defmodule CloudfireUmbrella.MixProject do
   # Run "mix help deps" for examples and options.
   defp deps do
     [
-      {:bakeware, "~> 0.2.0", runtime: false},
       {:excoveralls, "~> 0.13", only: :test},
       {:mix_test_watch, "~> 1.0", only: :dev, runtime: false},
       {:dialyxir, "~> 1.0", only: [:dev], runtime: false}
diff --git a/mix.lock b/mix.lock
index 5b6652d65..2d0999c3c 100644
--- a/mix.lock
+++ b/mix.lock
@@ -1,6 +1,5 @@
 %{
   "argon2_elixir": {:hex, :argon2_elixir, "2.4.0", "2a22ea06e979f524c53b42b598fc6ba38cdcbc977a155e33e057732cfb1fb311", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "4ea82e183cf8e7f66dab1f767fedcfe6a195e140357ef2b0423146b72e0a551d"},
-  "bakeware": {:hex, :bakeware, "0.2.0", "e2efb323cc25e857ac2869f0d25a92cac55ed6e1f53399cb5c035d211d27d5ce", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "cad65fcf20162d60c2a159238d1ebfa1f9763b5d671b0992caf1777be42fe3ae"},
   "bamboo": {:hex, :bamboo, "1.7.1", "7f0946e8c9081ce10d347cdba33c247c7c1c4f7dddc194ab0633603ef879bbdf", [:mix], [{:hackney, ">= 1.15.2", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:mime, "~> 1.4", [hex: :mime, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.1", [hex: :phoenix, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "5fb34c3ab638fc409deec47c1e91f9d78ad95bf22ccb153588b434e1ff1aa730"},
   "bunt": {:hex, :bunt, "0.2.0", "951c6e801e8b1d2cbe58ebbd3e616a869061ddadcc4863d0a2182541acae9a38", [:mix], [], "hexpm", "7af5c7e09fe1d40f76c8e4f9dd2be7cebd83909f31fee7cd0e9eadc567da8353"},
   "certifi": {:hex, :certifi, "2.6.1", "dbab8e5e155a0763eea978c913ca280a6b544bfa115633fa20249c3d396d9493", [:rebar3], [], "hexpm", "524c97b4991b3849dd5c17a631223896272c6b0af446778ba4675a1dff53bb7e"},
diff --git a/pkg/Dockerfile b/pkg/Dockerfile.amazonlinux_2
similarity index 100%
rename from pkg/Dockerfile
rename to pkg/Dockerfile.amazonlinux_2
diff --git a/pkg/Dockerfile.centos_7 b/pkg/Dockerfile.centos_7
new file mode 100644
index 000000000..774e50bb1
--- /dev/null
+++ b/pkg/Dockerfile.centos_7
@@ -0,0 +1,62 @@
+# This Dockerfile builds release packages.
+# **NOTE**: This is not recommended, as it's possible the deployment
+# production environment will diff from the image environment here,
+# even if the OS and kernel versions match.
+# As such, this script has been deprecated in favor of building the release
+# in the production environment.
+FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build
+
+# Setup to run build script
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update -q && \
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
+    build-essential \
+    git \
+    dpkg-dev \
+    libssl-dev \
+    automake \
+    gnupg \
+    curl \
+    autoconf \
+    libncurses5-dev \
+    unzip \
+    zlib1g-dev \
+    locales && \
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/*
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
+RUN apt-get install nodejs
+
+ENV MIX_ENV prod
+WORKDIR /build
+
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/cf_http/mix.exs ./apps/cf_http/
+COPY apps/cf_wall/mix.exs ./apps/cf_wall/
+COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/
+RUN mix do deps.get, deps.compile
+
+COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/
+RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/cf_http/priv apps/cf_http/priv
+COPY apps/cf_http/assets apps/cf_http/assets
+RUN npm run --prefix ./apps/cf_http/assets deploy && \
+    cd apps/cf_http && mix phx.digest
+
+COPY . .
+RUN mix release cloudfire
+
+RUN mkdir -p pkg/debian/opt
+RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire
+
+RUN cd pkg && dpkg-deb --build debian
diff --git a/pkg/Dockerfile.centos_8 b/pkg/Dockerfile.centos_8
new file mode 100644
index 000000000..774e50bb1
--- /dev/null
+++ b/pkg/Dockerfile.centos_8
@@ -0,0 +1,62 @@
+# This Dockerfile builds release packages.
+# **NOTE**: This is not recommended, as it's possible the deployment
+# production environment will diff from the image environment here,
+# even if the OS and kernel versions match.
+# As such, this script has been deprecated in favor of building the release
+# in the production environment.
+FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build
+
+# Setup to run build script
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update -q && \
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
+    build-essential \
+    git \
+    dpkg-dev \
+    libssl-dev \
+    automake \
+    gnupg \
+    curl \
+    autoconf \
+    libncurses5-dev \
+    unzip \
+    zlib1g-dev \
+    locales && \
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/*
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
+RUN apt-get install nodejs
+
+ENV MIX_ENV prod
+WORKDIR /build
+
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/cf_http/mix.exs ./apps/cf_http/
+COPY apps/cf_wall/mix.exs ./apps/cf_wall/
+COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/
+RUN mix do deps.get, deps.compile
+
+COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/
+RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/cf_http/priv apps/cf_http/priv
+COPY apps/cf_http/assets apps/cf_http/assets
+RUN npm run --prefix ./apps/cf_http/assets deploy && \
+    cd apps/cf_http && mix phx.digest
+
+COPY . .
+RUN mix release cloudfire
+
+RUN mkdir -p pkg/debian/opt
+RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire
+
+RUN cd pkg && dpkg-deb --build debian
diff --git a/pkg/Dockerfile.debian_10 b/pkg/Dockerfile.debian_10
new file mode 100644
index 000000000..774e50bb1
--- /dev/null
+++ b/pkg/Dockerfile.debian_10
@@ -0,0 +1,62 @@
+# This Dockerfile builds release packages.
+# **NOTE**: This is not recommended, as it's possible the deployment
+# production environment will diff from the image environment here,
+# even if the OS and kernel versions match.
+# As such, this script has been deprecated in favor of building the release
+# in the production environment.
+FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build
+
+# Setup to run build script
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update -q && \
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
+    build-essential \
+    git \
+    dpkg-dev \
+    libssl-dev \
+    automake \
+    gnupg \
+    curl \
+    autoconf \
+    libncurses5-dev \
+    unzip \
+    zlib1g-dev \
+    locales && \
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/*
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
+RUN apt-get install nodejs
+
+ENV MIX_ENV prod
+WORKDIR /build
+
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/cf_http/mix.exs ./apps/cf_http/
+COPY apps/cf_wall/mix.exs ./apps/cf_wall/
+COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/
+RUN mix do deps.get, deps.compile
+
+COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/
+RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/cf_http/priv apps/cf_http/priv
+COPY apps/cf_http/assets apps/cf_http/assets
+RUN npm run --prefix ./apps/cf_http/assets deploy && \
+    cd apps/cf_http && mix phx.digest
+
+COPY . .
+RUN mix release cloudfire
+
+RUN mkdir -p pkg/debian/opt
+RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire
+
+RUN cd pkg && dpkg-deb --build debian
diff --git a/pkg/Dockerfile.redhat_7 b/pkg/Dockerfile.redhat_7
new file mode 100644
index 000000000..774e50bb1
--- /dev/null
+++ b/pkg/Dockerfile.redhat_7
@@ -0,0 +1,62 @@
+# This Dockerfile builds release packages.
+# **NOTE**: This is not recommended, as it's possible the deployment
+# production environment will diff from the image environment here,
+# even if the OS and kernel versions match.
+# As such, this script has been deprecated in favor of building the release
+# in the production environment.
+FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build
+
+# Setup to run build script
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update -q && \
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
+    build-essential \
+    git \
+    dpkg-dev \
+    libssl-dev \
+    automake \
+    gnupg \
+    curl \
+    autoconf \
+    libncurses5-dev \
+    unzip \
+    zlib1g-dev \
+    locales && \
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/*
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
+RUN apt-get install nodejs
+
+ENV MIX_ENV prod
+WORKDIR /build
+
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/cf_http/mix.exs ./apps/cf_http/
+COPY apps/cf_wall/mix.exs ./apps/cf_wall/
+COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/
+RUN mix do deps.get, deps.compile
+
+COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/
+RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/cf_http/priv apps/cf_http/priv
+COPY apps/cf_http/assets apps/cf_http/assets
+RUN npm run --prefix ./apps/cf_http/assets deploy && \
+    cd apps/cf_http && mix phx.digest
+
+COPY . .
+RUN mix release cloudfire
+
+RUN mkdir -p pkg/debian/opt
+RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire
+
+RUN cd pkg && dpkg-deb --build debian
diff --git a/pkg/Dockerfile.redhat_8 b/pkg/Dockerfile.redhat_8
new file mode 100644
index 000000000..774e50bb1
--- /dev/null
+++ b/pkg/Dockerfile.redhat_8
@@ -0,0 +1,62 @@
+# This Dockerfile builds release packages.
+# **NOTE**: This is not recommended, as it's possible the deployment
+# production environment will diff from the image environment here,
+# even if the OS and kernel versions match.
+# As such, this script has been deprecated in favor of building the release
+# in the production environment.
+FROM hexpm/elixir:1.11.2-erlang-23.1.2-ubuntu-focal-20201008 AS build
+
+# Setup to run build script
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update -q && \
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
+    build-essential \
+    git \
+    dpkg-dev \
+    libssl-dev \
+    automake \
+    gnupg \
+    curl \
+    autoconf \
+    libncurses5-dev \
+    unzip \
+    zlib1g-dev \
+    locales && \
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/*
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
+RUN apt-get install nodejs
+
+ENV MIX_ENV prod
+WORKDIR /build
+
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/cf_http/mix.exs ./apps/cf_http/
+COPY apps/cf_wall/mix.exs ./apps/cf_wall/
+COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/
+RUN mix do deps.get, deps.compile
+
+COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/
+RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/cf_http/priv apps/cf_http/priv
+COPY apps/cf_http/assets apps/cf_http/assets
+RUN npm run --prefix ./apps/cf_http/assets deploy && \
+    cd apps/cf_http && mix phx.digest
+
+COPY . .
+RUN mix release cloudfire
+
+RUN mkdir -p pkg/debian/opt
+RUN mv _build/prod/rel/cloudfire pkg/debian/opt/cloudfire
+
+RUN cd pkg && dpkg-deb --build debian
diff --git a/pkg/Dockerfile.ubuntu_18.04 b/pkg/Dockerfile.ubuntu_18.04
new file mode 100644
index 000000000..0ab0ecedf
--- /dev/null
+++ b/pkg/Dockerfile.ubuntu_18.04
@@ -0,0 +1,67 @@
+# This Dockerfile builds release packages.
+# **NOTE**: This is not recommended, as it's possible the deployment
+# production environment will diff from the image environment here,
+# even if the OS and kernel versions match.
+# As such, this script has been deprecated in favor of building the release
+# in the production environment.
+FROM hexpm/elixir:1.12.2-erlang-24.0.3-ubuntu-bionic-20210325
+
+# Overridden by build script
+ARG PKG_DIR
+
+# Setup to run build script
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update -q && \
+    apt-get install -y --no-install-recommends \
+    gdebi \
+    ca-certificates \
+    build-essential \
+    git \
+    dpkg-dev \
+    libssl-dev \
+    automake \
+    gnupg \
+    curl \
+    autoconf \
+    libncurses5-dev \
+    unzip \
+    zlib1g-dev \
+    locales && \
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/*
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
+RUN apt-get install -y --no-install-recommends nodejs
+
+ENV MIX_ENV prod
+WORKDIR /build
+
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/cf_http/mix.exs ./apps/cf_http/
+COPY apps/cf_wall/mix.exs ./apps/cf_wall/
+COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/
+COPY apps/cf_common/mix.exs ./apps/cf_common/
+RUN mix do deps.get, deps.compile
+
+COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/
+RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/cf_http/priv apps/cf_http/priv
+COPY apps/cf_http/assets apps/cf_http/assets
+RUN npm run --prefix ./apps/cf_http/assets deploy && \
+    cd apps/cf_http && mix phx.digest
+
+COPY . .
+RUN mix release
+
+RUN mkdir -p pkg/$PKG_DIR/opt
+RUN mv _build/prod/rel/cloudfire pkg/$PKG_DIR/opt/cloudfire
+
+RUN cd pkg && dpkg-deb --build $PKG_DIR
diff --git a/pkg/Dockerfile.ubuntu_20.04 b/pkg/Dockerfile.ubuntu_20.04
new file mode 100644
index 000000000..51db7b1fe
--- /dev/null
+++ b/pkg/Dockerfile.ubuntu_20.04
@@ -0,0 +1,67 @@
+# This Dockerfile builds release packages.
+# **NOTE**: This is not recommended, as it's possible the deployment
+# production environment will diff from the image environment here,
+# even if the OS and kernel versions match.
+# As such, this script has been deprecated in favor of building the release
+# in the production environment.
+FROM hexpm/elixir:1.12.2-erlang-24.0.3-ubuntu-focal-20210325
+
+# Overridden by build script
+ARG PKG_DIR
+
+# Setup to run build script
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update -q && \
+    apt-get install -y --no-install-recommends \
+    gdebi \
+    ca-certificates \
+    build-essential \
+    git \
+    dpkg-dev \
+    libssl-dev \
+    automake \
+    gnupg \
+    curl \
+    autoconf \
+    libncurses5-dev \
+    unzip \
+    zlib1g-dev \
+    locales && \
+    apt-get clean && \
+    rm -rf /tmp/* /var/tmp/*
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+    locale-gen
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
+
+RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
+RUN apt-get install -y --no-install-recommends nodejs
+
+ENV MIX_ENV prod
+WORKDIR /build
+
+RUN mix local.hex --force && \
+    mix local.rebar --force
+COPY mix.exs mix.lock ./
+COPY config config
+COPY apps/cf_http/mix.exs ./apps/cf_http/
+COPY apps/cf_wall/mix.exs ./apps/cf_wall/
+COPY apps/cf_vpn/mix.exs ./apps/cf_vpn/
+COPY apps/cf_common/mix.exs ./apps/cf_common/
+RUN mix do deps.get, deps.compile
+
+COPY apps/cf_http/assets/package.json apps/cf_http/assets/package-lock.json ./apps/cf_http/assets/
+RUN cd apps/cf_http/assets && npm ci --progress=false --no-audit --loglevel=error
+COPY apps/cf_http/priv apps/cf_http/priv
+COPY apps/cf_http/assets apps/cf_http/assets
+RUN npm run --prefix ./apps/cf_http/assets deploy && \
+    cd apps/cf_http && mix phx.digest
+
+COPY . .
+RUN mix release
+
+RUN mkdir -p pkg/$PKG_DIR/opt
+RUN mv _build/prod/rel/cloudfire pkg/$PKG_DIR/opt/cloudfire
+
+RUN cd pkg && dpkg-deb --build $PKG_DIR
diff --git a/pkg/ubuntu_18.04_amd64/DEBIAN/control b/pkg/ubuntu_18.04_amd64/DEBIAN/control
new file mode 100644
index 000000000..655954c83
--- /dev/null
+++ b/pkg/ubuntu_18.04_amd64/DEBIAN/control
@@ -0,0 +1,11 @@
+Package: cloudfire
+Version: 0.1.7-1
+Architecture: amd64
+Maintainer: CloudFire, LLC <dpkg@cloudfire.network>
+Depends: net-tools (>= 1.60+git20161116.90da8a0-1ubuntu1), systemd (>= 237-3ubuntu10.48), openssl (>= 1.1.1-1ubuntu2.1~18.04.9), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 9.6), iptables (>= 1.6.1-2ubuntu2)
+Section: net
+Priority: optional
+Homepage: https://cloudfire.network
+Description: Web UI + Firewall manager for WireGuard™
+ Provides a web-based UI that allows you to configure WireGuard™ VPN tunnels and
+ set up firewall rules for your devices.
diff --git a/pkg/ubuntu_18.04_amd64/DEBIAN/postinst b/pkg/ubuntu_18.04_amd64/DEBIAN/postinst
new file mode 100755
index 000000000..519ded256
--- /dev/null
+++ b/pkg/ubuntu_18.04_amd64/DEBIAN/postinst
@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+set -xe
+
+ls -la /opt/cloudfire/bin
+
+# CloudFire package post-install script
+
+# 1. Generate secrets
+# 2. Bootstrap DB
+# 3. Generate WireGuard interface and config
+
+# All created files are 0600 by default
+umask 077
+
+# Add cloudfire user if not exists
+if id cloudfire &>/dev/null; then
+  echo "cloudfire user exists... not creating."
+else
+  echo "creating system user cloudfire"
+  useradd --system cloudfire
+fi
+
+# Generate app secrets
+live_view_signing_salt="$(openssl rand -base64 24)"
+secret_key_base="$(openssl rand -base64 48)"
+db_user=cloudfire
+
+# base64 includes forward slashes which are problematic in the
+# db_url connect string, so use hex.
+db_password="$(openssl rand -hex 16)"
+
+db_key="$(openssl rand -base64 32)"
+
+# Setup DB
+# XXX: Remove || true and detect actual failures
+su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\" || true"
+su postgres -c "psql -c \"CREATE DATABASE cloudfire;\" || true"
+su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};\" || true"
+
+# Write CloudFire SSL files
+mkdir -p /opt/cloudfire/ssl
+hostname=$(hostname)
+openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \
+    -keyout /opt/cloudfire/ssl/key.pem \
+    -out /opt/cloudfire/ssl/cert.pem \
+    -days 365 -subj "/CN=${hostname}"
+
+wg genkey > /opt/cloudfire/server.key
+
+# Write CloudFire config files
+cat <<EOT >> /opt/cloudfire/config.env
+# This file is loaded into CloudFire's Environment upon launch to configure it.
+
+# This is used to ensure secure communication with the live web views.
+# Re-generate this with "openssl rand -base64 24". All existing web views will
+# need to be refreshed.
+LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}"
+
+# This is used to secure cookies among other things.
+# You can regenerate this with "openssl rand -base64 48". All existing clients
+# will be signed out.
+SECRET_KEY_BASE="${secret_key_base}"
+
+# The URL to connect to your DB. Assumes the database has been created and this
+# user has privileges to create and modify tables.
+DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire"
+
+# The HTTPS port to listen on. Defaults to 8800.
+HTTPS_LISTEN_PORT=8800
+
+# The address to bind the HTTPS server to. Defaults to "127.0.0.1"
+HTTPS_LISTEN_ADDRESS=127.0.0.1
+
+# The WireGuard port to listen on. Defaults to 51820.
+WG_LISTEN_PORT=51820
+
+# The address for the WireGuard endpoint. Defaults to the address of the
+# default egress interface if not set.
+WG_ENDPOINT_ADDRESS=
+
+# The Base64-encoded key for encrypted database fields.
+DB_ENCRYPTION_KEY=${db_key}
+
+# SSL certificate file and key path. Self-signed certs are generated for you on
+# install, but it's highly recommended to replace these with valid certs.
+# Free certs can be obtained at https://letsencrypt.org.
+SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem
+SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem
+
+# Path to the intermediate certificates file. (usually not required)
+# SSL_CA_CERT_FILE=
+
+# Host to use for generating links back to the application, such as in
+# outbound emails. Defaults to "localhost".
+# URL_HOST=${hostname}
+
+# For security, it's recommended to leave signups disabled and instead create
+# users via the CLI.
+DISABLE_SIGNUP=yes
+EOT
+
+# Set perms
+chown -R cloudfire:root /opt/cloudfire
+chmod 0644 /opt/cloudfire/ssl/cert.pem
diff --git a/pkg/ubuntu-20.04/DEBIAN/templates b/pkg/ubuntu_18.04_amd64/DEBIAN/templates
similarity index 100%
rename from pkg/ubuntu-20.04/DEBIAN/templates
rename to pkg/ubuntu_18.04_amd64/DEBIAN/templates
diff --git a/pkg/ubuntu-20.04/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service
similarity index 80%
rename from pkg/ubuntu-20.04/lib/systemd/system/cloudfire.service
rename to pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service
index f79151fbc..9a9fc1d4e 100644
--- a/pkg/ubuntu-20.04/lib/systemd/system/cloudfire.service
+++ b/pkg/ubuntu_18.04_amd64/lib/systemd/system/cloudfire.service
@@ -9,9 +9,9 @@ RestartSec=1
 User=cloudfire
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH
 EnvironmentFile=/opt/cloudfire/config.env
-ExecStartPre=/opt//bin/cloudfire eval "CfHttp.Release.migrate"
+ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate"
 ExecStart=/opt/cloudfire/bin/cloudfire start
-ExecStartPost=sleep 5
+ExecStartPost=/bin/sleep 8
 ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user"
 
 [Install]
diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/control b/pkg/ubuntu_18.04_arm64/DEBIAN/control
new file mode 100644
index 000000000..2976c311c
--- /dev/null
+++ b/pkg/ubuntu_18.04_arm64/DEBIAN/control
@@ -0,0 +1,11 @@
+Package: cloudfire
+Version: 0.1.7-1
+Architecture: arm64
+Maintainer: CloudFire, LLC <dpkg@cloudfire.network>
+Depends: net-tools (>= 1.60+git20161116.90da8a0-1ubuntu1), systemd (>= 237-3ubuntu10.48), openssl (>= 1.1.1-1ubuntu2.1~18.04.9), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 9.6), iptables (>= 1.6.1-2ubuntu2)
+Section: net
+Priority: optional
+Homepage: https://cloudfire.network
+Description: Web UI + Firewall manager for WireGuard™
+ Provides a web-based UI that allows you to configure WireGuard™ VPN tunnels and
+ set up firewall rules for your devices.
diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/postinst b/pkg/ubuntu_18.04_arm64/DEBIAN/postinst
new file mode 100755
index 000000000..519ded256
--- /dev/null
+++ b/pkg/ubuntu_18.04_arm64/DEBIAN/postinst
@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+set -xe
+
+ls -la /opt/cloudfire/bin
+
+# CloudFire package post-install script
+
+# 1. Generate secrets
+# 2. Bootstrap DB
+# 3. Generate WireGuard interface and config
+
+# All created files are 0600 by default
+umask 077
+
+# Add cloudfire user if not exists
+if id cloudfire &>/dev/null; then
+  echo "cloudfire user exists... not creating."
+else
+  echo "creating system user cloudfire"
+  useradd --system cloudfire
+fi
+
+# Generate app secrets
+live_view_signing_salt="$(openssl rand -base64 24)"
+secret_key_base="$(openssl rand -base64 48)"
+db_user=cloudfire
+
+# base64 includes forward slashes which are problematic in the
+# db_url connect string, so use hex.
+db_password="$(openssl rand -hex 16)"
+
+db_key="$(openssl rand -base64 32)"
+
+# Setup DB
+# XXX: Remove || true and detect actual failures
+su postgres -c "psql -c \"CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';\" || true"
+su postgres -c "psql -c \"CREATE DATABASE cloudfire;\" || true"
+su postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};\" || true"
+
+# Write CloudFire SSL files
+mkdir -p /opt/cloudfire/ssl
+hostname=$(hostname)
+openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \
+    -keyout /opt/cloudfire/ssl/key.pem \
+    -out /opt/cloudfire/ssl/cert.pem \
+    -days 365 -subj "/CN=${hostname}"
+
+wg genkey > /opt/cloudfire/server.key
+
+# Write CloudFire config files
+cat <<EOT >> /opt/cloudfire/config.env
+# This file is loaded into CloudFire's Environment upon launch to configure it.
+
+# This is used to ensure secure communication with the live web views.
+# Re-generate this with "openssl rand -base64 24". All existing web views will
+# need to be refreshed.
+LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}"
+
+# This is used to secure cookies among other things.
+# You can regenerate this with "openssl rand -base64 48". All existing clients
+# will be signed out.
+SECRET_KEY_BASE="${secret_key_base}"
+
+# The URL to connect to your DB. Assumes the database has been created and this
+# user has privileges to create and modify tables.
+DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire"
+
+# The HTTPS port to listen on. Defaults to 8800.
+HTTPS_LISTEN_PORT=8800
+
+# The address to bind the HTTPS server to. Defaults to "127.0.0.1"
+HTTPS_LISTEN_ADDRESS=127.0.0.1
+
+# The WireGuard port to listen on. Defaults to 51820.
+WG_LISTEN_PORT=51820
+
+# The address for the WireGuard endpoint. Defaults to the address of the
+# default egress interface if not set.
+WG_ENDPOINT_ADDRESS=
+
+# The Base64-encoded key for encrypted database fields.
+DB_ENCRYPTION_KEY=${db_key}
+
+# SSL certificate file and key path. Self-signed certs are generated for you on
+# install, but it's highly recommended to replace these with valid certs.
+# Free certs can be obtained at https://letsencrypt.org.
+SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem
+SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem
+
+# Path to the intermediate certificates file. (usually not required)
+# SSL_CA_CERT_FILE=
+
+# Host to use for generating links back to the application, such as in
+# outbound emails. Defaults to "localhost".
+# URL_HOST=${hostname}
+
+# For security, it's recommended to leave signups disabled and instead create
+# users via the CLI.
+DISABLE_SIGNUP=yes
+EOT
+
+# Set perms
+chown -R cloudfire:root /opt/cloudfire
+chmod 0644 /opt/cloudfire/ssl/cert.pem
diff --git a/pkg/ubuntu_18.04_arm64/DEBIAN/templates b/pkg/ubuntu_18.04_arm64/DEBIAN/templates
new file mode 100644
index 000000000..a87b06715
--- /dev/null
+++ b/pkg/ubuntu_18.04_arm64/DEBIAN/templates
@@ -0,0 +1,11 @@
+Template: cloudfire/config
+Type: note
+Description: config file
+  CloudFire's config file is located at /opt/cloudfire/config.yml. Only root
+  should be able to view and edit this file. Random secrets and passwords have
+  been generated and saved for you already.
+
+Template: cloudfire/access
+Type: note
+Description: access instructions
+  CloudFire has been installed successfully and is running on port 8443!
diff --git a/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service
new file mode 100644
index 000000000..9a9fc1d4e
--- /dev/null
+++ b/pkg/ubuntu_18.04_arm64/lib/systemd/system/cloudfire.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=CloudFire
+Requires=postgresql.service
+After=postgresql.service
+
+[Service]
+Restart=on-failure
+RestartSec=1
+User=cloudfire
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH
+EnvironmentFile=/opt/cloudfire/config.env
+ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate"
+ExecStart=/opt/cloudfire/bin/cloudfire start
+ExecStartPost=/bin/sleep 8
+ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pkg/ubuntu-20.04/DEBIAN/control b/pkg/ubuntu_20.04_amd64/DEBIAN/control
similarity index 100%
rename from pkg/ubuntu-20.04/DEBIAN/control
rename to pkg/ubuntu_20.04_amd64/DEBIAN/control
diff --git a/pkg/ubuntu-20.04/DEBIAN/postinst b/pkg/ubuntu_20.04_amd64/DEBIAN/postinst
similarity index 100%
rename from pkg/ubuntu-20.04/DEBIAN/postinst
rename to pkg/ubuntu_20.04_amd64/DEBIAN/postinst
diff --git a/pkg/ubuntu_20.04_amd64/DEBIAN/templates b/pkg/ubuntu_20.04_amd64/DEBIAN/templates
new file mode 100644
index 000000000..a87b06715
--- /dev/null
+++ b/pkg/ubuntu_20.04_amd64/DEBIAN/templates
@@ -0,0 +1,11 @@
+Template: cloudfire/config
+Type: note
+Description: config file
+  CloudFire's config file is located at /opt/cloudfire/config.yml. Only root
+  should be able to view and edit this file. Random secrets and passwords have
+  been generated and saved for you already.
+
+Template: cloudfire/access
+Type: note
+Description: access instructions
+  CloudFire has been installed successfully and is running on port 8443!
diff --git a/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service
new file mode 100644
index 000000000..9a9fc1d4e
--- /dev/null
+++ b/pkg/ubuntu_20.04_amd64/lib/systemd/system/cloudfire.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=CloudFire
+Requires=postgresql.service
+After=postgresql.service
+
+[Service]
+Restart=on-failure
+RestartSec=1
+User=cloudfire
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH
+EnvironmentFile=/opt/cloudfire/config.env
+ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate"
+ExecStart=/opt/cloudfire/bin/cloudfire start
+ExecStartPost=/bin/sleep 8
+ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/control b/pkg/ubuntu_20.04_arm64/DEBIAN/control
new file mode 100644
index 000000000..5dab5cfae
--- /dev/null
+++ b/pkg/ubuntu_20.04_arm64/DEBIAN/control
@@ -0,0 +1,11 @@
+Package: cloudfire
+Version: 0.1.7-1
+Architecture: arm64
+Maintainer: CloudFire, LLC <dpkg@cloudfire.network>
+Depends: net-tools (>= 1.60+git20180626.aebd88e-1ubuntu1), systemd (>= 245.4-4ubuntu3.2), openssl (>= 1.1.1f-1ubuntu2), wireguard (>= 1.0.20200319-1ubuntu1), postgresql (>= 12+214ubuntu0.1), iptables (>= 1.8.4-3ubuntu2)
+Section: net
+Priority: optional
+Homepage: https://cloudfire.network
+Description: Web UI + Firewall manager for WireGuard™
+ Provides a web-based UI that allows you to configure WireGuard VPN tunnels and
+ set up firewall rules for your devices.
diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/postinst b/pkg/ubuntu_20.04_arm64/DEBIAN/postinst
new file mode 100755
index 000000000..1550a4ebe
--- /dev/null
+++ b/pkg/ubuntu_20.04_arm64/DEBIAN/postinst
@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+set -e
+
+# CloudFire package post-install script
+
+# 1. Generate secrets
+# 2. Bootstrap DB
+# 3. Generate WireGuard interface and config
+
+# Add cloudfire user if not exists
+if id cloudfire &>/dev/null; then
+  echo "cloudfire user exists... not creating."
+else
+  echo "creating system user cloudfire"
+  useradd --system cloudfire
+fi
+
+# Generate app secrets
+live_view_signing_salt="$(openssl rand -base64 24)"
+secret_key_base="$(openssl rand -base64 48)"
+db_user=cloudfire
+
+# base64 includes forward slashes which are problematic in the
+# db_url connect string, so use hex.
+db_password="$(openssl rand -hex 16)"
+
+db_key="$(openssl rand -base64 32)"
+
+# Setup DB
+sudo -i -u postgres psql -c "CREATE ROLE ${db_user} WITH LOGIN PASSWORD '${db_password}';" || true
+sudo -i -u postgres psql -c "CREATE DATABASE cloudfire;" || true
+sudo -i -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE cloudfire to ${db_user};" || true
+
+# Write CloudFire SSL files
+mkdir -p /opt/cloudfire/ssl
+chown -R cloudfire:root /opt/cloudfire/ssl
+hostname=$(hostname)
+openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \
+    -keyout /opt/cloudfire/ssl/key.pem \
+    -out /opt/cloudfire/ssl/cert.pem \
+    -days 365 -subj "/CN=${hostname}"
+chmod 0600 /opt/cloudfire/ssl/key.pem
+chmod 0644 /opt/cloudfire/ssl/cert.pem
+
+# Write CloudFire config files
+touch /opt/cloudfire/config.env
+chmod 0600 /opt/cloudfire/config.env
+chown -R cloudfire:root /opt/cloudfire
+cat <<EOT >> /opt/cloudfire/config.env
+# This file is loaded into CloudFire's Environment upon launch to configure it.
+
+# This is used to ensure secure communication with the live web views.
+# Re-generate this with "openssl rand -base64 24". All existing web views will
+# need to be refreshed.
+LIVE_VIEW_SIGNING_SALT="${live_view_signing_salt}"
+
+# This is used to secure cookies among other things.
+# You can regenerate this with "openssl rand -base64 48". All existing clients
+# will be signed out.
+SECRET_KEY_BASE="${secret_key_base}"
+
+# The URL to connect to your DB. Assumes the database has been created and this
+# user has privileges to create and modify tables.
+DATABASE_URL="ecto://${db_user}:${db_password}@127.0.0.1/cloudfire"
+
+# The HTTPS port to listen on. Defaults to 8800.
+HTTPS_LISTEN_PORT=8800
+
+# The address to bind the HTTPS server to. Defaults to "127.0.0.1"
+HTTPS_LISTEN_ADDRESS=127.0.0.1
+
+# The WireGuard port to listen on. Defaults to 51820.
+WG_LISTEN_PORT=51820
+
+# The address for the WireGuard endpoint. Defaults to the address of the
+# default egress interface if not set.
+WG_ENDPOINT_ADDRESS=
+
+# The Base64-encoded key for encrypted database fields.
+DB_ENCRYPTION_KEY=${db_key}
+
+# SSL certificate file and key path. Self-signed certs are generated for you on
+# install, but it's highly recommended to replace these with valid certs.
+# Free certs can be obtained at https://letsencrypt.org.
+SSL_CERT_FILE=/opt/cloudfire/ssl/cert.pem
+SSL_KEY_FILE=/opt/cloudfire/ssl/key.pem
+
+# Path to the intermediate certificates file. (usually not required)
+# SSL_CA_CERT_FILE=
+
+# Host to use for generating links back to the application, such as in
+# outbound emails. Defaults to "localhost".
+# URL_HOST=${hostname}
+
+# For security, it's recommended to leave signups disabled and instead create
+# users via the CLI.
+DISABLE_SIGNUP=yes
+EOT
+
+umask 077
+wg genkey > /opt/cloudfire/server.key
+chown cloudfire:root /opt/cloudfire/server.key
diff --git a/pkg/ubuntu_20.04_arm64/DEBIAN/templates b/pkg/ubuntu_20.04_arm64/DEBIAN/templates
new file mode 100644
index 000000000..a87b06715
--- /dev/null
+++ b/pkg/ubuntu_20.04_arm64/DEBIAN/templates
@@ -0,0 +1,11 @@
+Template: cloudfire/config
+Type: note
+Description: config file
+  CloudFire's config file is located at /opt/cloudfire/config.yml. Only root
+  should be able to view and edit this file. Random secrets and passwords have
+  been generated and saved for you already.
+
+Template: cloudfire/access
+Type: note
+Description: access instructions
+  CloudFire has been installed successfully and is running on port 8443!
diff --git a/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service
new file mode 100644
index 000000000..9a9fc1d4e
--- /dev/null
+++ b/pkg/ubuntu_20.04_arm64/lib/systemd/system/cloudfire.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=CloudFire
+Requires=postgresql.service
+After=postgresql.service
+
+[Service]
+Restart=on-failure
+RestartSec=1
+User=cloudfire
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_DAC_READ_SEARCH
+EnvironmentFile=/opt/cloudfire/config.env
+ExecStartPre=/opt/cloudfire/bin/cloudfire eval "CfHttp.Release.migrate"
+ExecStart=/opt/cloudfire/bin/cloudfire start
+ExecStartPost=/bin/sleep 8
+ExecStartPost=/opt/cloudfire/bin/cloudfire rpc "CfHttp.Release.create_admin_user"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/init_config.sh b/scripts/init_config.sh
deleted file mode 100755
index 0063a0818..000000000
--- a/scripts/init_config.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-mkdir -p $HOME/.cloudfire/ssl
-hostname=$(hostname)
-openssl req -new -x509 -sha256 -newkey rsa:2048 -nodes \
-    -keyout $HOME/.cloudfire/ssl/key.pem \
-    -out $HOME/.cloudfire/ssl/cert.pem \
-    -days 365 -subj "/CN=${hostname}"
-chmod 0600 $HOME/.cloudfire/ssl/key.pem
-chmod 0644 $HOME/.cloudfire/ssl/cert.pem
-secret_key_base="$(openssl rand -base64 48)"
-live_view_signing_salt="$(openssl rand -base64 24)"
-db_encryption_key="$(openssl rand -base64 32)"
-wg_server_key="$(wg genkey)"
-config="$HOME/.cloudfire/config.json"
-touch  $config
-chmod 0600 $config
-cat <<EOT >> $config
-{
-  "database_url": "ecto://postgres:postgres@127.0.0.1/cloudfire",
-  "secret_key_base": "${secret_key_base}",
-  "live_view_signing_salt": "${live_view_signing_salt}",
-  "db_encryption_key": "${db_encryption_key}",
-  "ssl_cert_file": "${HOME}/.cloudfire/ssl/cert.pem",
-  "ssl_key_file": "${HOME}/.cloudfire/ssl/key.pem",
-  "url_host": "${hostname}",
-  "wg_server_key": "$(wg genkey)"
-}
-EOT
diff --git a/scripts/install.sh b/scripts/install.sh
deleted file mode 100755
index ef3ea9883..000000000
--- a/scripts/install.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-# 1. Detect OS
-# 2.
-# 3. Download latest release
-# 4. Set capabilities with sudo
-# 5. Init config file
-# 6. Display welcome message:
-  # - Edit config to configure your DB access and SSL certs
-  # - Add to PATH
-  # - How to launch CloudFire
-bin="$HOME/.cloudfire/bin/cloudfire"
-os=`uname`
-if [ ! $os = "Linux" ]; then
-  echo "${os} unsupported. Only Linux is supported."
-  exit -1
-fi
-
-
-# Exit if already installed
-if [ -f $bin ]; then
-  echo "${bin} exists. Aborting. If you'd like to upgrade your installation run\
-        $bin --upgrade"
-  exit 0
-fi
-
-echo 'Initializing default configuration...'
-if [ -f "init_config.sh" ]; then
-  ./init_config.sh
-else
-  curl https://raw.githubusercontent.com/CloudFire-LLC/cloudfire/master/scripts/init_config.sh | bash -
-fi
-
-echo 'Downloading the latest release...'
-# XXX: Detect architecture and download appropriate binary
-mkdir -p $HOME/.cloudfire/bin
-curl https://github.com/CloudFire-LLC/cloudfire/releases/download/latest/cloudfire_amd64 > $bin
-
-# Ambient capabilities handles this
-# echo 'Setting Linux capabilities on the binary... sudo is required'
-# sudo bash -c "setcap 'cap_net_admin,cap_net_raw,cap_dac_read_search' $bin"