diff --git a/rules.v4 b/rules.v4
deleted file mode 100644
index 1c2d3dd..0000000
--- a/rules.v4
+++ /dev/null
@@ -1,13 +0,0 @@
-# Generated by iptables-save v1.6.0 on Wed Mar 22 14:31:11 2017
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -s 127.0.0.0/8 -m comment --comment "RFC3330 loopback" -j ACCEPT
--A INPUT -s 10.0.0.0/8 -m comment --comment "RFC1918 reserved" -j ACCEPT
--A INPUT -s 172.16.0.0/12 -m comment --comment "RFC1918 reserved" -j ACCEPT
--A INPUT -s 192.168.0.0/16 -m comment --comment "RFC1918 reserved" -j ACCEPT
--A INPUT -s 169.254.0.0/16 -m comment --comment "RFC3927 link-local" -j ACCEPT
--A INPUT -p tcp -m tcp --dport 22 -m comment --comment SSH -j REJECT --reject-with icmp-port-unreachable
-COMMIT
-# Completed on Wed Mar 22 14:31:11 2017
diff --git a/rules.v6 b/rules.v6
deleted file mode 100644
index ba23632..0000000
--- a/rules.v6
+++ /dev/null
@@ -1,11 +0,0 @@
-# Generated by ip6tables-save v1.6.0 on Wed Mar 22 14:31:11 2017
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -s ::1/128 -m comment --comment "RFC3513 loopback" -j ACCEPT
--A INPUT -s fc00::/7 -m comment --comment "RFC4193 reserved" -j ACCEPT
--A INPUT -s fe80::/10 -m comment --comment "RFC4291 link-local" -j ACCEPT
--A INPUT -p tcp -m tcp --dport 22 -m comment --comment SSH -j REJECT --reject-with icmp6-port-unreachable
-COMMIT
-# Completed on Wed Mar 22 14:31:11 2017
diff --git a/set-sysconf.service b/set-sysconf.service
index 4854ed9..d053ab4 100644
--- a/set-sysconf.service
+++ b/set-sysconf.service
@@ -4,6 +4,7 @@ Description=Set up system configuration
 [Service]
 Type=oneshot
 ExecStart=/usr/sbin/set-sysconf
+ExecStart=/bin/systemctl --no-reload disable %n
 
 [Install]
 RequiredBy=basic.target
diff --git a/sysconf.txt b/sysconf.txt
new file mode 100644
index 0000000..89ca53f
--- /dev/null
+++ b/sysconf.txt
@@ -0,0 +1,19 @@
+# This file will be automatically evaluated and installed _only_ at
+# the first boot of this image.
+#
+# To force it to be evaluated later, you can run (as root):
+#
+# /usr/sbin/set-sysconf
+#
+# Comments (all portions of a line following a '#' character) are
+# ignored. This file is read line by line (ordering is ignored). Valid
+# configuration lines are of the form 'key=value'. Whitespace around
+# 'key' and 'value' is ignored.
+#
+# We follow the convention to indent with one space comments, and
+# leave no space to indicate the line is an example that could be
+# uncommented.
+
+# root_pw - Set a password for the root user (by default, it allows
+# for a passwordless login)
+#rootpw=FooBar