diff --git a/boot/boot-stage-2-init.sh b/boot/boot-stage-2-init.sh
index df5a399b1aa4..9645586b4f5f 100644
--- a/boot/boot-stage-2-init.sh
+++ b/boot/boot-stage-2-init.sh
@@ -72,6 +72,16 @@ mkdir -m 0755 -p /var/log
 ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
 
 
+# Set up the statically computed bits of /etc.
+rm -f /etc/static
+ln -s @etc@/etc /etc/static
+for i in $(cd /etc/static && find * -type l); do
+    mkdir -p /etc/$(dirname $i)
+    rm -f /etc/$i
+    ln -s /etc/static/$i /etc/$i
+done
+
+
 # Ensure that the module tools can find the kernel modules.
 export MODULE_DIR=@kernel@/lib/modules/
 
@@ -95,15 +105,6 @@ udevtrigger
 udevsettle # wait for udev to finish
 
 
-# Necessary configuration for syslogd.
-echo "*.* /dev/tty10" > /etc/syslog.conf
-echo "syslog 514/udp" > /etc/services # required, even if we don't use it
-
-
-# login/su absolutely need this.
-test -e /etc/login.defs || touch /etc/login.defs 
-
-
 # Enable a password-less root login.
 source @accounts@
 
@@ -122,11 +123,6 @@ if ! test -e /etc/group; then
 fi
 
 
-# We need "localhost" (!!! destructive hack for NIXOS-41).
-echo "127.0.0.1 localhost" > /etc/hosts
-echo "hosts: files dns" > /etc/nsswitch.conf
-
-
 # Set up Nix accounts.
 if test -z "@readOnlyRoot@"; then
 
@@ -161,15 +157,6 @@ rm -f /etc/event.d
 ln -sf @upstartJobs@/etc/event.d /etc/event.d
 
 
-# Show a nice greeting on each terminal.
-cat > /etc/issue <<EOF
-
-<<< Welcome to NixOS (\m) - Kernel \r (\l) >>>
-
-
-EOF
-
-
 # Additional path for the interactive shell.
 PATH=@wrapperDir@:@fullPath@/bin:@fullPath@/sbin
 
@@ -177,6 +164,9 @@ cat > /etc/profile <<EOF
 export PATH=$PATH
 export MODULE_DIR=$MODULE_DIR
 export NIX_CONF_DIR=/nix/etc/nix
+if test "\$HOME" != root; then
+    export NIX_REMOTE=daemon
+fi
 
 source $(dirname $(readlink -f $(type -tp nix-env)))/../etc/profile.d/nix.sh
 
diff --git a/boot/boot-stage-2.nix b/boot/boot-stage-2.nix
index f167731ef28d..ed157930b5f7 100644
--- a/boot/boot-stage-2.nix
+++ b/boot/boot-stage-2.nix
@@ -9,6 +9,10 @@
 , # The Upstart job configuration.
   upstartJobs
 
+, # Static configuration files to be placed (through symlinks) in
+  # /etc.
+  etc
+
 , hostName
 }:
 
@@ -29,7 +33,7 @@ in
 genericSubstituter {
   src = ./boot-stage-2-init.sh;
   isExecutable = true;
-  inherit shell kernel upstart readOnlyRoot upstartJobs hostName;
+  inherit shell kernel upstart readOnlyRoot upstartJobs etc hostName;
   inherit startPath;
 
   # We don't want to put all of `startPath' and `path' in $PATH, since
diff --git a/configuration/boot-environment.nix b/configuration/boot-environment.nix
index 426b639aa339..bb82b9787f5f 100644
--- a/configuration/boot-environment.nix
+++ b/configuration/boot-environment.nix
@@ -179,6 +179,56 @@ rec {
     ++ [pkgs.upstart];
   };
 
+
+  etc = import ../helpers/make-etc.nix {
+    inherit (pkgs) stdenv;
+
+    configFiles = [
+
+      { # TCP/UDP port assignments.
+        source = pkgs.iana_etc + "/etc/services";
+        target = "services";
+      }
+
+      { # IP protocol numbers.
+        source = pkgs.iana_etc + "/etc/protocols";
+        target = "protocols";
+      }
+
+      { # Hostname-to-IP mappings.
+        source = ./etc/hosts;
+        target = "hosts";
+      }
+
+      { # Name Service Switch configuration file.  Required by the C library.
+        source = ./etc/nsswitch.conf;
+        target = "nsswitch.conf";
+      }
+
+      { # Configuration file for the system logging daemon.
+        source = ./etc/syslog.conf;
+        target = "syslog.conf";
+      }
+
+      { # Friendly greeting on the virtual consoles.
+        source = ./etc/issue;
+        target = "issue";
+      }
+
+      { # Configuration for pwdutils (login, passwd, useradd, etc.).
+        # You cannot login without it!
+        source = ./etc/login.defs;
+        target = "login.defs";
+      }
+
+      { # SSH daemon configuration.
+        source = ./etc/sshd_config;
+        target = "ssh/sshd_config";
+      }
+    
+    ];
+  };
+
   
   makeJob = import ../upstart-jobs/make-job.nix {
     inherit (pkgs) stdenv;
@@ -198,6 +248,7 @@ rec {
       gnugrep utillinux kernel udev upstart;
     inherit setuidWrapper;
     inherit upstartJobs;
+    inherit etc;
     shell = pkgs.bash + "/bin/sh";
 
     # Additional stuff; add whatever you want here.
diff --git a/configuration/etc/hosts b/configuration/etc/hosts
new file mode 100644
index 000000000000..75721cd5afd6
--- /dev/null
+++ b/configuration/etc/hosts
@@ -0,0 +1 @@
+127.0.0.1 localhost
diff --git a/configuration/etc/issue b/configuration/etc/issue
new file mode 100644
index 000000000000..43502e568272
--- /dev/null
+++ b/configuration/etc/issue
@@ -0,0 +1,4 @@
+
+<<< Welcome to NixOS (\m) - Kernel \r (\l) >>>
+
+
diff --git a/configuration/etc/login.defs b/configuration/etc/login.defs
new file mode 100644
index 000000000000..d146275b9f53
--- /dev/null
+++ b/configuration/etc/login.defs
@@ -0,0 +1,11 @@
+DEFAULT_HOME            yes
+
+SYSTEM_UID_MIN            100
+SYSTEM_UID_MAX            499
+UID_MIN                  1000
+UID_MAX                 29999
+
+SYSTEM_GID_MIN            100
+SYSTEM_GID_MAX            499
+GID_MIN                  1000
+GID_MAX                 29999
diff --git a/configuration/etc/nsswitch.conf b/configuration/etc/nsswitch.conf
new file mode 100644
index 000000000000..de9c533f07be
--- /dev/null
+++ b/configuration/etc/nsswitch.conf
@@ -0,0 +1,8 @@
+passwd:         compat
+group:          compat
+
+hosts:          files dns
+networks:       files dns
+
+services:       files
+protocols:      files
diff --git a/configuration/etc/sshd_config b/configuration/etc/sshd_config
new file mode 100644
index 000000000000..33619c720287
--- /dev/null
+++ b/configuration/etc/sshd_config
@@ -0,0 +1 @@
+X11Forwarding yes
diff --git a/configuration/etc/syslog.conf b/configuration/etc/syslog.conf
new file mode 100644
index 000000000000..f89bcc6b2adc
--- /dev/null
+++ b/configuration/etc/syslog.conf
@@ -0,0 +1,3 @@
+*.* /dev/tty10
+
+*.* -/var/log/messages
diff --git a/helpers/make-etc.nix b/helpers/make-etc.nix
new file mode 100644
index 000000000000..9785823248a9
--- /dev/null
+++ b/helpers/make-etc.nix
@@ -0,0 +1,11 @@
+{stdenv, configFiles}:
+
+stdenv.mkDerivation {
+  name = "etc";
+
+  builder = ./make-etc.sh;
+
+  /* !!! Use toXML. */
+  sources = map (x: x.source) configFiles;
+  targets = map (x: x.target) configFiles;
+}
diff --git a/helpers/make-etc.sh b/helpers/make-etc.sh
new file mode 100644
index 000000000000..7834d553fdca
--- /dev/null
+++ b/helpers/make-etc.sh
@@ -0,0 +1,10 @@
+source $stdenv/setup
+
+ensureDir $out/etc
+
+sources_=($sources)
+targets_=($targets)
+for ((i = 0; i < ${#targets_[@]}; i++)); do
+    ensureDir $out/etc/$(dirname ${targets_[$i]})
+    ln -s ${sources_[$i]} $out/etc/${targets_[$i]}
+done
diff --git a/upstart-jobs/sshd.nix b/upstart-jobs/sshd.nix
index 3f2104672777..d3002f87e25f 100644
--- a/upstart-jobs/sshd.nix
+++ b/upstart-jobs/sshd.nix
@@ -16,8 +16,6 @@ start script
 
     mkdir -m 0755 -p /etc/ssh
 
-    echo 'X11Forwarding yes' > /etc/ssh/sshd_config
-
     if ! test -f /etc/ssh/ssh_host_dsa_key; then
         ${openssh}/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
     fi