diff --git a/aif.xsd b/aif.xsd
index 73d601a..1cfd517 100644
--- a/aif.xsd
+++ b/aif.xsd
@@ -5,134 +5,230 @@
            xmlns:aif="http://aif-ng.io/"
            elementFormDefault="qualified"
            attributeFormDefault="unqualified">
-    <xs:annotation>
-        <xs:documentation>
-            See https://aif.square-r00t.net/ for more information about this project.
-        </xs:documentation>
-    </xs:annotation>
-    <!-- GLOBAL CUSTOM DATA TYPES -->
-    <xs:simpleType name="diskdev">
-        <xs:annotation>
-            <xs:documentation>
-                This element specifies a type to be used for validating storage devices, such as hard disks or
-                mdadm-managed devices.
-            </xs:documentation>
-        </xs:annotation>
+
+    <xs:simpleType name="t_diskdev">
         <xs:restriction base="xs:string">
             <xs:pattern value="/dev/([A-Za-z0-9_]+/)?[A-Za-z0-9_]+[0-9]?"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="diskfmt">
-        <xs:annotation>
-            <xs:documentation>
-                This element specifies a type to validate what kind of disk formatting. Accepts either GPT or BIOS (for
-                MBR systems) only.
-            </xs:documentation>
-        </xs:annotation>
+    <xs:simpleType name="t_diskfmt">
+        <xs:restriction base="xs:token">
+            <xs:enumeration value="gpt"/>
+            <xs:enumeration value="bios"/>
+            <xs:enumeration value="dos"/>
+            <xs:enumeration value="msdos"/>
+            <xs:whiteSpace value="collapse"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="t_disksize">
         <xs:restriction base="xs:string">
-            <xs:pattern value="([Gg][Pp][Tt]|[Bb][Ii][Oo][Ss])"/>
+            <xs:pattern value="[-|+]?\s*([0-9]+)\s*(%|B|kB|MB|GB|TB|KiB|MiB|GiB|TiB|)\s*"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="disksize">
-        <xs:annotation>
-            <xs:documentation>
-                This element validates a disk size specification for a partition. Same rules apply as those in parted's
-                size specification.
-            </xs:documentation>
-        </xs:annotation>
-        <xs:restriction base="xs:string">
-            <xs:pattern value="(\+|\-)?[0-9]+([KMGTP]|%)"/>
-        </xs:restriction>
-    </xs:simpleType>
-
-    <xs:simpleType name="fstype">
+    <xs:simpleType name="t_fstype">
         <!-- ', '.join(sorted(list(dict(vars(parted.filesystem))['fileSystemType'].keys()))) -->
-        <xs:annotation>
-            <xs:documentation>
-                This element validates a filesystem type to be specified for formatting a partition (NOT applying a filesystem!); valid values are: affs0, affs1, affs2, affs3, affs4, affs5, affs6, affs7, amufs, amufs0, amufs1, amufs2, amufs3, amufs4, amufs5, apfs1, apfs2, asfs, btrfs, ext2, ext3, ext4, fat16, fat32, hfs, hfs+, hfsx, hp-ufs, jfs, linux-swap(v0), linux-swap(v1), nilfs2, ntfs, reiserfs, sun-ufs, swsusp, udf, xfs
-            </xs:documentation>
-        </xs:annotation>
         <xs:restriction base="xs:token">
-            <xs:pattern value="[a-z0-9]+"/>
+            <xs:enumeration value="affs0"/>
+            <xs:enumeration value="affs1"/>
+            <xs:enumeration value="affs2"/>
+            <xs:enumeration value="affs3"/>
+            <xs:enumeration value="affs4"/>
+            <xs:enumeration value="affs5"/>
+            <xs:enumeration value="affs6"/>
+            <xs:enumeration value="affs7"/>
+            <xs:enumeration value="amufs"/>
+            <xs:enumeration value="amufs0"/>
+            <xs:enumeration value="amufs1"/>
+            <xs:enumeration value="amufs2"/>
+            <xs:enumeration value="amufs3"/>
+            <xs:enumeration value="amufs4"/>
+            <xs:enumeration value="amufs5"/>
+            <xs:enumeration value="apfs1"/>
+            <xs:enumeration value="apfs2"/>
+            <xs:enumeration value="asfs"/>
+            <xs:enumeration value="btrfs"/>
+            <xs:enumeration value="ext2"/>
+            <xs:enumeration value="ext3"/>
+            <xs:enumeration value="ext4"/>
+            <xs:enumeration value="fat16"/>
+            <xs:enumeration value="fat32"/>
+            <xs:enumeration value="hfs"/>
+            <xs:enumeration value="hfs+"/>
+            <xs:enumeration value="hfsx"/>
+            <xs:enumeration value="hp-ufs"/>
+            <xs:enumeration value="jfs"/>
+            <xs:enumeration value="linux-swap(v0)"/>
+            <xs:enumeration value="linux-swap(v1)"/>
+            <xs:enumeration value="nilfs2"/>
+            <xs:enumeration value="ntfs"/>
+            <xs:enumeration value="reiserfs"/>
+            <xs:enumeration value="sun-ufs"/>
+            <xs:enumeration value="swsusp"/>
+            <xs:enumeration value="udf"/>
+            <xs:enumeration value="xfs"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="mntopts">
+    <xs:simpleType name="t_iface">
         <xs:restriction base="xs:token">
-            <xs:pattern value="[A-Za-z0-9_\.\-]+(,[A-Za-z0-9_\.\-]+)*"/>
-        </xs:restriction>
-    </xs:simpleType>
-
-    <xs:simpleType name="iface">
-        <xs:restriction base="xs:token">
-            <!-- https://github.com/systemd/systemd/blob/master/src/udev/udev-builtin-net_id.c#L20 lines 30-47. i have no idea if this will work. TODO: simplify, validate in-code. -->
+            <!-- https://github.com/systemd/systemd/blob/master/src/udev/udev-builtin-net_id.c.
+                 I have no idea if this will work. TODO: simplify, validate in-code. -->
             <xs:pattern
                     value="(auto|((en|sl|wl|ww)(b[0-9]+|c[a-z0-9]|o[0-9]+(n.*(d.*)?)?|s[0-9]+(f.*)?((n|d).*)?|x([A-Fa-f0-9]:){5}[A-Fa-f0-9]|(P.*)?p[0-9]+s[0-9]+(((f|n|d).*)|u.*)?)))"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="netaddress">
+    <xs:simpleType name="t_address_ip4">
         <xs:restriction base="xs:string">
-            <!-- this is a REALLY LAZY regex. matching IPv4 and IPv6 in regex is ugly as heck, so we do that in-code. this is just a gatekeeper. -->
-            <xs:pattern value="(auto|[0-9\.]+/[0-9]{,2}|([A-Za-z0-9:]+)/[0-9]+)"/>
+            <!-- This is a REALLY LAZY regex. Matching IPv4 in regex is ugly as heck, so we do that in-code.
+                 This is just a gatekeeper. -->
+            <xs:pattern value="(dhcp|[0-9\.]{7,15}/[0-9]{,2})"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="netproto">
+    <xs:simpleType name="t_address_ip6">
+        <xs:restriction base="xs:string">
+            <!-- This is a REALLY LAZY regex. Matching IPv6 in regex is ugly as heck, so we do that in-code.
+                 This is just a gatekeeper. -->
+            <xs:pattern value="(dhcp6|slaac|([A-Za-z0-9:]+)/[0-9]+)"/>
+            <xs:whiteSpace value="collapse"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="t_resolver_addr">
+        <xs:restriction base="xs:string">
+            <!-- This is a REALLY LAZY regex. Matching IPv4/IPv6 in regex is ugly as heck, so we do that in-code.
+                 This is just a gatekeeper. -->
+            <xs:pattern value="([0-9\.]{7,15}|[A-Za-z0-9:]+)"/>
+            <xs:whiteSpace value="collapse"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="t_netproto">
         <xs:restriction base="xs:token">
             <xs:pattern value="(both|ipv4|ipv6)"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="scripturi">
+    <xs:simpleType name="t_netprov">
+        <xs:restriction base="xs:token">
+            <xs:enumeration value="netctl"/>
+            <xs:enumeration value="nm"/>
+            <xs:enumeration value="networkd"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="t_scripturi">
         <xs:restriction base="xs:anyURI">
             <xs:pattern value="(https?|ftps?|file)://"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="devlang">
+    <xs:simpleType name="t_posixUserGroup">
+        <!-- https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437
+             https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282
+             https://unix.stackexchange.com/a/435120/284004 -->
         <xs:restriction base="xs:token">
-            <xs:pattern value="/(usr/)?s?bin/[A-Za-z0-9][A-Za-z\.\-]?"/>
+            <xs:pattern value="[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}$)"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="nixgroup">
-        <xs:restriction base="xs:token">
-            <xs:pattern value="[_a-z][-0-9_a-z]*$?"/>
-        </xs:restriction>
-    </xs:simpleType>
-
-    <xs:simpleType name="nixpass">
+    <xs:simpleType name="t_shadowhash">
+        <!-- http://man7.org/linux/man-pages/man3/crypt.3.html#NOTES -->
         <xs:restriction base="xs:token">
             <xs:pattern
                     value="$(6$[A-Za-z0-9\./\+=]{8,16}$[A-Za-z0-9\./\+=]{86}|1$[A-Za-z0-9\./\+=]{8,16}$[A-Za-z0-9\./\+=]{22}|5$[A-Za-z0-9\./\+=]{8,16}$[A-Za-z0-9\./\+=]{43})"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="pacuri">
+    <xs:simpleType name="t_pacuri">
+        <!-- xs:anyURI is too permissive. -->
         <!-- <xs:restriction base="xs:anyURI"> -->
         <xs:restriction base="xs:token">
-            <xs:pattern value="(file|https?)://.*"/>
+            <xs:pattern value="(file|https?)://.+"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="scripttype">
+    <xs:simpleType name="t_scripttype">
         <xs:restriction base="xs:token">
             <xs:pattern value="(pre|post|pkg)"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="bootloaders">
+    <xs:simpleType name="t_bootloaders">
+        <!-- TODO: expand?
+             https://wiki.archlinux.org/index.php/Category:Boot_loaders
+             https://wiki.archlinux.org/index.php/Arch_boot_process#Boot_loader -->
         <xs:restriction base="xs:token">
             <xs:pattern value="(grub|systemd|syslinux)"/>
+            <xs:whiteSpace value="collapse"/>
         </xs:restriction>
     </xs:simpleType>
 
-    <xs:simpleType name="authselect">
+    <xs:simpleType name="t_authselect">
         <xs:restriction base="xs:token">
-            <xs:pattern value="(basic|digest)"/>
+            <xs:pattern value="(basic|digest|none)"/>
+            <xs:whiteSpace value="collapse"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="t_cmdopts">
+        <xs:simpleContent>
+            <xs:extension base="xs:string">
+                <xs:attribute name="name" use="required" type="xs:token"/>
+            </xs:extension>
+        </xs:simpleContent>
+    </xs:complexType>
+
+    <xs:simpleType name="t_filepath">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="/([^/]+)"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="t_raid_meta">
+        <xs:restriction base="xs:token">
+            <xs:enumeration value="0"/><!-- Same as 0.90 -->
+            <xs:enumeration value="0.90"/><!-- Same as 0 -->
+            <xs:enumeration value="1"/><!-- Same as 1.2, default -->
+            <xs:enumeration value="1.0"/>
+            <xs:enumeration value="1.1"/>
+            <xs:enumeration value="1.2"/><!-- Same as 1, default -->
+            <xs:enumeration value="default"/><!-- Same as 1, 1.2 -->
+            <xs:enumeration value="ddf"/>
+            <xs:enumeration value="imsm"/>
+            <xs:whiteSpace value="collapse"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="t_raid_levels">
+        <xs:restriction base="xs:positiveInteger">
+            <xs:enumeration value="0"/>
+            <xs:enumeration value="1"/>
+            <xs:enumeration value="4"/>
+            <xs:enumeration value="5"/>
+            <xs:enumeration value="6"/>
+            <xs:enumeration value="10"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="t_nonempty">
+        <xs:restriction base="xs:token">
+            <xs:minLength value="1"/>
         </xs:restriction>
     </xs:simpleType>
 
@@ -145,52 +241,173 @@
                     <xs:complexType>
                         <xs:sequence>
                             <!-- BEGIN DISK -->
-                            <xs:element name="disk" maxOccurs="unbounded" minOccurs="1">
+                            <xs:element name="disk" minOccurs="1" maxOccurs="unbounded">
                                 <xs:complexType>
                                     <xs:sequence>
                                         <xs:element name="part" minOccurs="1" maxOccurs="unbounded">
                                             <xs:complexType>
-                                                <!-- num should not be required since it's a sequence; it's inherently
-                                                     ordered! -->
-                                                <xs:attribute name="num" type="xs:positiveInteger" use="required"/>
-                                                <xs:attribute name="start" type="aif:disksize" use="required"/>
-                                                <xs:attribute name="stop" type="aif:disksize" use="required"/>
-                                                <xs:attribute name="fstype" type="aif:fstype" use="required"/>
+                                                <xs:attribute name="id" type="aif:t_nonempty" use="required"/>
+                                                <xs:attribute name="name" type="aif:t_nonempty" use="optional"/>
+                                                <xs:attribute name="label" type="aif:t_nonempty" use="optional"/>
+                                                <xs:attribute name="start" type="aif:t_disksize" use="required"/>
+                                                <xs:attribute name="stop" type="aif:t_disksize" use="required"/>
+                                                <xs:attribute name="fsType" type="aif:t_fstype" use="required"/>
                                             </xs:complexType>
-                                            <xs:unique name="unique-partnum">
-                                                <xs:selector xpath="aif:part"/>
-                                                <xs:field xpath="@num"/>
-                                            </xs:unique>
                                         </xs:element>
                                     </xs:sequence>
-                                    <xs:attribute name="device" type="aif:diskdev" use="required"/>
-                                    <xs:attribute name="diskfmt" type="aif:diskfmt" use="required"/>
+                                    <xs:attribute name="device" type="aif:t_diskdev" use="required"/>
+                                    <xs:attribute name="diskFormat" type="aif:t_diskfmt" use="required"/>
                                 </xs:complexType>
-                                <xs:unique name="unique-diskdev">
+                                <xs:unique name="uniq_diskdev">
                                     <xs:selector xpath="aif:disk"/>
                                     <xs:field xpath="@device"/>
                                 </xs:unique>
                             </xs:element>
-                            <!-- BEGIN MOUNT -->
-                            <xs:element name="mount" minOccurs="1" maxOccurs="unbounded">
+                            <!-- END DISK -->
+                            <!-- BEGIN FILESYSTEMS -->
+                            <xs:element name="fileSystems" minOccurs="1" maxOccurs="1">
                                 <xs:complexType>
-                                    <xs:attribute name="order" type="xs:integer" use="required"/>
-                                    <xs:attribute name="source" type="aif:diskdev" use="required"/>
-                                    <xs:attribute name="target" type="xs:token" use="required"/>
-                                    <xs:attribute name="fstype" type="aif:fstype"/>
-                                    <xs:attribute name="opts" type="aif:mntopts"/>
+                                    <xs:sequence>
+                                        <xs:element name="fs" minOccurs="1" maxOccurs="unbounded">
+                                            <xs:complexType>
+                                                <xs:sequence>
+                                                    <xs:element name="opt" minOccurs="0" maxOccurs="unbounded"
+                                                                type="aif:t_cmdopts"/>
+                                                </xs:sequence>
+                                                <xs:attribute name="source" type="aif:t_nonempty" use="required"/>
+                                                <!-- We validate this in-code because there's way too many and
+                                                     it's way too variable per-host. -->
+                                                <xs:attribute name="type" type="aif:t_nonempty" use="required"/>
+                                            </xs:complexType>
+                                        </xs:element>
+                                    </xs:sequence>
                                 </xs:complexType>
-                                <xs:unique name="unique-mnts">
-                                    <xs:selector xpath="aif:mount"/>
-                                    <xs:field xpath="@order"/>
-                                    <xs:field xpath="@source"/>
-                                    <xs:field xpath="@target"/>
-                                </xs:unique>
                             </xs:element>
+                            <!-- END FILESYSTEMS -->
+                            <!-- BEGIN LUKS -->
+                            <xs:element name="luks" minOccurs="0" maxOccurs="1">
+                                <xs:complexType>
+                                    <xs:sequence>
+                                        <xs:element name="luksDev" minOccurs="1" maxOccurs="unbounded">
+                                            <xs:complexType>
+                                                <xs:sequence>
+                                                    <xs:element name="secrets" minOccurs="1"
+                                                                maxOccurs="unbounded">
+                                                        <xs:complexType>
+                                                            <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                                                <xs:element name="passphrase" minOccurs="0"
+                                                                            maxOccurs="unbounded"
+                                                                            type="aif:t_nonempty"/>
+                                                                <xs:element name="keyFile" minOccurs="0"
+                                                                            maxOccurs="unbounded">
+                                                                    <xs:complexType>
+                                                                        <xs:simpleContent>
+                                                                            <xs:extension base="aif:t_filepath">
+                                                                                <xs:attribute name="size"
+                                                                                              type="xs:positiveInteger"
+                                                                                              use="optional"/>
+                                                                            </xs:extension>
+                                                                        </xs:simpleContent>
+                                                                    </xs:complexType>
+                                                                </xs:element>
+                                                            </xs:sequence>
+                                                        </xs:complexType>
+                                                    </xs:element>
+                                                </xs:sequence>
+                                                <xs:attribute name="id" type="aif:t_nonempty" use="required"/>
+                                                <xs:attribute name="name" type="aif:t_nonempty" use="required"/>
+                                                <xs:attribute name="source" type="aif:t_nonempty" use="required"/>
+                                            </xs:complexType>
+                                        </xs:element>
+                                    </xs:sequence>
+                                </xs:complexType>
+                            </xs:element>
+                            <!-- END LUKS -->
+                            <!-- BEGIN LVM -->
+                            <xs:element name="lvm" minOccurs="0" maxOccurs="1">
+                                <xs:complexType>
+                                    <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                        <xs:element name="lvmGroup" minOccurs="1" maxOccurs="unbounded">
+                                            <xs:complexType>
+                                                <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                                    <xs:element name="lvmLogical" minOccurs="1" maxOccurs="unbounded">
+                                                        <xs:complexType>
+                                                            <xs:attribute name="id" type="aif:t_nonempty"
+                                                                          use="required"/>
+                                                            <xs:attribute name="name" type="aif:t_nonempty"
+                                                                          use="required"/>
+                                                            <xs:attribute name="source" type="aif:t_nonempty"
+                                                                          use="required"/>
+                                                        </xs:complexType>
+                                                        <xs:unique name="uniq_lv">
+                                                            <xs:selector xpath="aif:lvmLogical"/>
+                                                            <xs:field xpath="@name"/>
+                                                        </xs:unique>
+                                                    </xs:element>
+                                                </xs:sequence>
+                                                <xs:attribute name="id" type="aif:t_nonempty" use="required"/>
+                                                <xs:attribute name="name" type="aif:t_nonempty" use="required"/>
+                                            </xs:complexType>
+                                            <xs:unique name="uniq_vg">
+                                                <xs:selector xpath="aif:lvmGroup"/>
+                                                <xs:field xpath="@name"/>
+                                            </xs:unique>
+                                        </xs:element>
+                                    </xs:sequence>
+                                </xs:complexType>
+                            </xs:element>
+                            <!-- END LVM -->
+                            <!-- BEGIN MDADM -->
+                            <xs:element name="mdadm" minOccurs="0" maxOccurs="1">
+                                <xs:complexType>
+                                    <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                        <xs:element name="array" minOccurs="1" maxOccurs="unbounded">
+                                            <xs:complexType>
+                                                <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                                    <xs:element name="member" minOccurs="1" maxOccurs="unbounded">
+                                                        <xs:complexType>
+                                                            <xs:attribute name="source" type="aif:t_nonempty"
+                                                                          use="required"/>
+                                                        </xs:complexType>
+                                                    </xs:element>
+                                                </xs:sequence>
+                                                <xs:attribute name="id" use="required" type="aif:t_nonempty"/>
+                                                <xs:attribute name="name" use="required" type="aif:t_nonempty"/>
+                                                <xs:attribute name="meta" use="optional" default="1.2"
+                                                              type="aif:t_raid_meta"/>
+                                                <xs:attribute name="level" use="required" type="aif:t_raid_levels"/>
+                                            </xs:complexType>
+                                        </xs:element>
+                                    </xs:sequence>
+                                </xs:complexType>
+                            </xs:element>
+                            <!-- END MDADM -->
+                            <!-- BEGIN MOUNTPOINTS -->
+                            <xs:element name="mountPoints" minOccurs="1" maxOccurs="unbounded">
+                                <xs:complexType>
+                                    <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                        <xs:element name="mount" minOccurs="1" maxOccurs="unbounded">
+                                            <xs:complexType>
+                                                <xs:sequence minOccurs="0" maxOccurs="unbounded">
+                                                    <xs:element name="opt" minOccurs="1" maxOccurs="unbounded"
+                                                                type="aif:t_cmdopts"/>
+                                                </xs:sequence>
+                                                <xs:attribute name="source" type="aif:t_nonempty" use="required"/>
+                                                <xs:attribute name="target" type="aif:t_filepath" use="required"/>
+                                            </xs:complexType>
+                                            <xs:unique name="uniq_mnts">
+                                                <xs:selector xpath="aif:mount"/>
+                                                <xs:field xpath="@source"/>
+                                                <xs:field xpath="@target"/>
+                                            </xs:unique>
+                                        </xs:element>
+                                    </xs:sequence>
+                                </xs:complexType>
+                            </xs:element>
+                            <!-- END MOUNTPOINTS -->
                         </xs:sequence>
                     </xs:complexType>
                 </xs:element>
-                <!-- END MOUNT -->
                 <!-- END STORAGE -->
                 <!-- BEGIN NETWORK -->
                 <xs:element name="network" minOccurs="1" maxOccurs="1">
@@ -198,20 +415,65 @@
                         <xs:sequence>
                             <xs:element name="iface" minOccurs="1" maxOccurs="unbounded">
                                 <xs:complexType>
-                                    <xs:attribute name="device" type="aif:iface" use="required"/>
-                                    <xs:attribute name="address" type="aif:netaddress" use="required"/>
-                                    <xs:attribute name="netproto" type="aif:netproto" use="required"/>
-                                    <xs:attribute name="gateway" type="aif:netaddress"/>
-                                    <xs:attribute name="resolvers" type="xs:string"/>
+                                    <xs:all>
+                                        <xs:element name="addresses" minOccurs="0" maxOccurs="1">
+                                            <xs:complexType>
+                                                <xs:any minOccurs="1" maxOccurs="unbounded">
+                                                    <xs:element name="ipv4">
+                                                        <xs:complexType>
+                                                            <xs:sequence>
+                                                                <xs:element name="address" type="aif:t_address_ip4"
+                                                                            minOccurs="1" maxOccurs="unbounded"/>
+                                                            </xs:sequence>
+                                                            <xs:attribute name="gateway" type="aif:t_address_ip4"
+                                                                          use="optional"/>
+                                                        </xs:complexType>
+                                                    </xs:element>
+                                                    <xs:element name="ipv6">
+                                                        <xs:complexType>
+                                                            <xs:sequence>
+                                                                <xs:element name="address" type="aif:t_address_ip6"
+                                                                            minOccurs="1" maxOccurs="unbounded"/>
+                                                            </xs:sequence>
+                                                            <xs:attribute name="gateway" type="aif:t_address_ip6"
+                                                                          use="optional"/>
+                                                        </xs:complexType>
+                                                    </xs:element>
+                                                </xs:any>
+                                                <xs:unique name="uniq_ip4">
+                                                    <xs:selector xpath="ipv4"/>
+                                                    <xs:field xpath="address"/>
+                                                </xs:unique>
+                                                <xs:unique name="uniq_ip6">
+                                                    <xs:selector xpath="ipv6"/>
+                                                    <xs:field xpath="address"/>
+                                                </xs:unique>
+                                            </xs:complexType>
+                                        </xs:element>
+                                        <xs:element name="resolvers" minOccurs="0" maxOccurs="1">
+                                            <xs:complexType>
+                                                <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                                    <xs:element name="resolver" minOccurs="1" maxOccurs="unbounded"
+                                                                type="aif:t_resolver_addr"/>
+                                                </xs:sequence>
+                                            </xs:complexType>
+                                        </xs:element>
+                                    </xs:all>
+                                    <xs:attribute name="device" type="aif:t_iface" use="required"/>
                                 </xs:complexType>
+                                <xs:unique name="uniq_resolver">
+                                    <xs:selector xpath="resolvers"/>
+                                    <xs:field xpath="resolver"/>
+                                </xs:unique>
                             </xs:element>
                         </xs:sequence>
-                        <xs:attribute name="hostname" type="xs:token" use="required"/>
+                        <!-- It's nearly impossible to validate FQDNs/hostnames in XSD, so we do it in-code. -->
+                        <xs:attribute name="hostname" type="aif:t_nonempty" use="required"/>
+                        <xs:attribute name="provider" type="aif:t_netprov" use="optional" default="netctl"/>
                     </xs:complexType>
-                    <xs:unique name="unique-iface">
+                    <xs:unique name="uniq_iface">
                         <xs:selector xpath="aif:iface"/>
-                        <xs:field xpath="@address"/>
-                        <xs:field xpath="@netproto"/>
+                        <xs:field xpath="@device"/>
                     </xs:unique>
                 </xs:element>
                 <!-- END NETWORK -->
@@ -219,64 +481,88 @@
                 <xs:element name="system" maxOccurs="1" minOccurs="1">
                     <xs:complexType>
                         <xs:sequence>
+                            <xs:element name="locales" minOccurs="1" maxOccurs="unbounded">
+                                <xs:complexType>
+                                    <xs:sequence minOccurs="1" maxOccurs="unbounded">
+                                        <xs:element name="locale" minOccurs="1" maxOccurs="unbounded">
+                                            <xs:complexType>
+                                                <xs:simpleContent>
+                                                    <xs:extension base="xs:token">
+                                                        <xs:attribute name="name" type="aif:t_nonempty" use="required"/>
+                                                    </xs:extension>
+                                                </xs:simpleContent>
+                                            </xs:complexType>
+                                        </xs:element>
+                                    </xs:sequence>
+                                </xs:complexType>
+                            </xs:element>
                             <xs:element name="users" minOccurs="1" maxOccurs="1">
                                 <xs:complexType>
                                     <xs:sequence>
+                                        <xs:element name="rootPassword" minOccurs="1" maxOccurs="1">
+                                            <xs:complexType>
+                                                <xs:choice minOccurs="1" maxOccurs="1">
+                                                    <xs:element name="password" type="t_nonempty"/>
+                                                    <xs:element name="passHash" type="t_nixpasshash"/>
+                                                </xs:choice>
+                                            </xs:complexType>
+                                        </xs:element>
                                         <xs:element name="user" minOccurs="0" maxOccurs="unbounded">
                                             <xs:complexType>
                                                 <xs:sequence>
-                                                    <xs:element name="home" minOccurs="0" maxOccurs="1">
+                                                    <xs:element name="xGroup" minOccurs="0" maxOccurs="unbounded">
                                                         <xs:complexType>
-                                                            <xs:attribute name="path" type="xs:token"/>
-                                                            <xs:attribute name="create" type="xs:boolean"/>
+                                                            <xs:attribute name="name" type="aif:t_posixUserGroup"
+                                                                          use="required"/>
+                                                            <xs:attribute name="create" type="xs:boolean" use="optional"
+                                                                          default="0"/>
+                                                            <xs:attribute name="gid" type="xs:positiveInteger"/>
                                                         </xs:complexType>
-                                                    </xs:element>
-                                                    <xs:element name="xgroup" minOccurs="0" maxOccurs="unbounded">
-                                                        <xs:complexType>
-                                                            <xs:attribute name="name" type="aif:nixgroup" use="required"/>
-                                                            <xs:attribute name="create" type="xs:boolean"/>
-                                                            <xs:attribute name="gid" type="xs:boolean"/>
-                                                        </xs:complexType>
-                                                        <xs:unique name="unique-grp">
-                                                            <xs:selector xpath="aif:xgroup"/>
+                                                        <xs:unique name="uniq_grp">
+                                                            <xs:selector xpath="aif:xGroup"/>
                                                             <xs:field xpath="@name"/>
                                                         </xs:unique>
                                                     </xs:element>
                                                 </xs:sequence>
-                                                <xs:attribute name="name" type="xs:token" use="required"/>
-                                                <xs:attribute name="uid" type="xs:token"/>
-                                                <xs:attribute name="group" type="aif:nixgroup"/>
-                                                <xs:attribute name="gid" type="xs:token"/>
-                                                <xs:attribute name="password" type="aif:nixpass"/>
-                                                <xs:attribute name="comment" type="xs:token"/>
-                                                <xs:attribute name="sudo" type="xs:boolean"/>
+                                                <xs:attribute name="name" type="aif:t_posixUserGroup" use="required"/>
+                                                <xs:attribute name="home" type="aif:t_filepath" use="optional"/>
+                                                <xs:attribute name="uid" type="xs:positiveInteger" use="optional"/>
+                                                <xs:attribute name="group" type="aif:t_posixUserGroup" use="optional"/>
+                                                <xs:attribute name="gid" type="xs:positiveInteger" use="optional"/>
+                                                <xs:attribute name="password" type="aif:t_nixpass" use="optional"/>
+                                                <xs:attribute name="comment" type="aif:t_nonempty" use="optional"/>
+                                                <xs:attribute name="sudo" type="xs:boolean" use="optional" default="0"/>
                                             </xs:complexType>
                                         </xs:element>
                                     </xs:sequence>
-                                    <xs:attribute name="rootpass" type="aif:nixpass"/>
+                                    <xs:attribute name="rootpass" type="aif:t_nixpass" use="required"/>
                                 </xs:complexType>
-                                <xs:unique name="unique-usr">
+                                <xs:unique name="uniq_usr">
                                     <xs:selector xpath="aif:user"/>
                                     <xs:field xpath="@name"/>
                                 </xs:unique>
                             </xs:element>
                             <xs:element name="service" minOccurs="0" maxOccurs="unbounded">
                                 <xs:complexType>
-                                    <xs:attribute name="name" type="xs:token" use="required"/>
-                                    <xs:attribute name="status" type="xs:boolean" use="required"/>
+                                    <xs:simpleContent>
+                                        <xs:extension base="aif:t_nonempty">
+                                            <xs:attribute name="status" type="xs:boolean" use="required"/>
+                                        </xs:extension>
+                                    </xs:simpleContent>
                                 </xs:complexType>
-                                <xs:unique name="unique-svc">
+                                <xs:unique name="uniq_svc">
                                     <xs:selector xpath="aif:service"/>
                                     <xs:field xpath="@name"/>
                                     <xs:field xpath="@status"/>
                                 </xs:unique>
                             </xs:element>
                         </xs:sequence>
-                        <xs:attribute name="timezone" type="xs:string" use="required"/>
-                        <xs:attribute name="locale" type="xs:string" use="required"/>
-                        <xs:attribute name="chrootpath" type="xs:string" use="required"/>
-                        <xs:attribute name="kbd" type="xs:token"/>
-                        <xs:attribute name="reboot" type="xs:boolean"/>
+                        <!-- timezone and kbd/xkbd are validated in-code. -->
+                        <xs:attribute name="timezone" type="aif:t_nonempty" use="required"/>
+                        <xs:attribute name="chrootPath" type="aif:t_filepath" use="required"/>
+                        <xs:attribute name="kbd" type="aif:t_nonempty" use="optional" default="us"/>
+                        <xs:attribute name="xkbd" type="aif:t_nonempty" use="optional" default="us"/>
+                        <xs:attribute name="reboot" type="xs:boolean" use="optional" default="0"/>
                     </xs:complexType>
                 </xs:element>
                 <!-- END SYSTEM -->
@@ -289,10 +575,10 @@
                                     <xs:sequence>
                                         <xs:element name="repo" maxOccurs="unbounded" minOccurs="1">
                                             <xs:complexType>
-                                                <xs:attribute name="name" type="xs:token" use="required"/>
+                                                <xs:attribute name="name" type="aif:t_nonempty" use="required"/>
                                                 <xs:attribute name="enabled" type="xs:boolean" use="required"/>
                                                 <xs:attribute name="siglevel" type="xs:token" use="required"/>
-                                                <xs:attribute name="mirror" type="aif:pacuri" use="required"/>
+                                                <xs:attribute name="mirror" type="aif:t_pacuri" use="required"/>
                                             </xs:complexType>
                                         </xs:element>
                                     </xs:sequence>
@@ -301,10 +587,11 @@
                             <xs:element name="mirrorlist" maxOccurs="1" minOccurs="0">
                                 <xs:complexType>
                                     <xs:sequence>
-                                        <xs:element name="mirror" type="aif:pacuri" maxOccurs="unbounded" minOccurs="1"/>
+                                        <xs:element name="mirror" type="aif:t_pacuri" maxOccurs="unbounded"
+                                                    minOccurs="1"/>
                                     </xs:sequence>
                                 </xs:complexType>
-                                <xs:unique name="unique-mirrors">
+                                <xs:unique name="uniq_mirrors">
                                     <xs:selector xpath="aif:mirror"/>
                                     <xs:field xpath="."/>
                                 </xs:unique>
@@ -314,24 +601,27 @@
                                     <xs:sequence>
                                         <xs:element name="package" maxOccurs="unbounded" minOccurs="1">
                                             <xs:complexType>
-                                                <xs:attribute name="name" type="xs:token" use="required"/>
-                                                <xs:attribute name="repo" type="xs:token"/>
+                                                <xs:simpleContent>
+                                                    <xs:extension base="aif:t_nonempty">
+                                                        <xs:attribute name="repo" type="aif:t_nonempty" use="optional"/>
+                                                    </xs:extension>
+                                                </xs:simpleContent>
                                             </xs:complexType>
                                         </xs:element>
                                     </xs:sequence>
                                 </xs:complexType>
                             </xs:element>
                         </xs:sequence>
-                        <xs:attribute name="command" type="xs:string"/>
+                        <xs:attribute name="command" type="aif:t_nonempty" use="optional" default="pacman -S"/>
                     </xs:complexType>
                 </xs:element>
                 <!-- END PACMAN -->
                 <!-- BEGIN BOOTLOADER -->
                 <xs:element name="bootloader" maxOccurs="1" minOccurs="1">
                     <xs:complexType>
-                        <xs:attribute name="type" type="aif:bootloaders" use="required"/>
-                        <xs:attribute name="target" type="xs:token" use="required"/>
-                        <xs:attribute name="efi" type="xs:boolean"/>
+                        <xs:attribute name="type" type="aif:t_bootloaders" use="required"/>
+                        <xs:attribute name="target" type="aif:t_nonempty" use="required"/>
+                        <xs:attribute name="efi" type="xs:boolean" use="optional" default="1"/>
                     </xs:complexType>
                 </xs:element>
                 <!-- END BOOTLOADER -->
@@ -341,18 +631,18 @@
                         <xs:sequence>
                             <xs:element name="script" minOccurs="1" maxOccurs="unbounded">
                                 <xs:complexType>
-                                    <xs:attribute name="uri" type="aif:scripturi" use="required"/>
-                                    <xs:attribute name="order" type="xs:integer" use="required"/>
-                                    <xs:attribute name="execution" type="aif:scripttype" use="required"/>
-                                    <xs:attribute name="user" type="xs:string"/>
-                                    <xs:attribute name="password" type="xs:string"/>
-                                    <xs:attribute name="realm" type="xs:string"/>
-                                    <xs:attribute name="authtype" type="aif:authselect"/>
+                                    <xs:attribute name="uri" type="aif:t_scripturi" use="required"/>
+                                    <xs:attribute name="execution" type="aif:t_scripttype" use="required"/>
+                                    <xs:attribute name="user" type="aif:t_nonempty" use="optional"/>
+                                    <xs:attribute name="password" type="aif:t_nonempty" use="optional"/>
+                                    <xs:attribute name="realm" type="aif:t_nonempty" use="optional"/>
+                                    <xs:attribute name="authtype" type="aif:t_authselect" use="optional"
+                                                  default="none"/>
                                 </xs:complexType>
                             </xs:element>
                         </xs:sequence>
                     </xs:complexType>
-                    <xs:unique name="unique-script">
+                    <xs:unique name="uniq_script">
                         <xs:selector xpath="aif:script"/>
                         <xs:field xpath="@order"/>
                     </xs:unique>
@@ -361,4 +651,4 @@
             </xs:all>
         </xs:complexType>
     </xs:element>
-</xs:schema>
+</xs:schema>
\ No newline at end of file
diff --git a/aif/config.py b/aif/config.py
index 7501007..2200334 100644
--- a/aif/config.py
+++ b/aif/config.py
@@ -2,7 +2,7 @@ import os
 ##
 from lxml import etree
 
-#https://stackoverflow.com/questions/30232031/how-can-i-strip-namespaces-out-of-an-lxml-tree/30233635#30233635 ?
+# https://stackoverflow.com/questions/30232031/how-can-i-strip-namespaces-out-of-an-lxml-tree/30233635#30233635 ?
 
 class Config(object):
     def __init__(self):
diff --git a/aif/constants.py b/aif/constants.py
index aa7edf0..160005a 100644
--- a/aif/constants.py
+++ b/aif/constants.py
@@ -1,8 +1,3 @@
 import os
 import re
-##
-import parted
-
-
-PARTED_FSTYPES = list(dict(vars(parted.filesystem))['fileSystemType'].keys())
 
diff --git a/aif/disk/block.py b/aif/disk/block.py
index 89a5cb0..76db82f 100644
--- a/aif/disk/block.py
+++ b/aif/disk/block.py
@@ -39,8 +39,8 @@ _units = {'B': 0,
 _pos_re = re.compile((r'^(?P<pos_or_neg>-|\+)?\s*'
                       r'(?P<size>[0-9]+)\s*'
                       # empty means size in sectors
-                      r'(?P<pct_unit_or_sct>%|[{0}]|)\s*$'.format(''.join(list(_units.keys())))),
-                     re.IGNORECASE)
+                      r'(?P<pct_unit_or_sct>%|{0}|)\s*$'.format('|'.join(list(_units.keys())))
+                      ))
 
 
 def convertSizeUnit(pos):
@@ -69,6 +69,7 @@ class Partition(object):
             raise ValueError(('You must specify if this is a '
                               'primary, extended, or logical partition for msdos partition tables'))
         self.xml = part_xml
+        self.id = part_xml.attrib['id']
         self.partnum = partnum
         if tbltype == 'msdos':
             if partnum > 4:
diff --git a/aif/disk/filesystem.py b/aif/disk/filesystem.py
index ee45a2f..d94f337 100644
--- a/aif/disk/filesystem.py
+++ b/aif/disk/filesystem.py
@@ -24,7 +24,7 @@ with open('/proc/filesystems', 'r') as fh:
 _mod_dir = os.path.join('/lib/modules',
                         os.uname().release,
                         'kernel/fs')
-_strip_mod_suffix = re.compile(r'(?P<fsname>)\.ko(\.(x|g)?z))?$', re.IGNORECASE)
+_strip_mod_suffix = re.compile(r'(?P<fsname>)\.ko(\.(x|g)?z)?$', re.IGNORECASE)
 for i in os.listdir(_mod_dir):
     path = os.path.join(_mod_dir, i)
     fs_name = None
diff --git a/aif/disk/mdadm.py b/aif/disk/mdadm.py
index 29dc2a0..a59b751 100644
--- a/aif/disk/mdadm.py
+++ b/aif/disk/mdadm.py
@@ -1,11 +1,59 @@
+import copy
+import subprocess
+##
+import mdstat
+##
+from aif.disk.block import Disk
+from aif.disk.block import Partition
+
+
+SUPPORTED_LEVELS = (0, 1, 4, 5, 6)
+
 class Member(object):
     def __init__(self, member_xml, partobj):
         self.xml = member_xml
         self.device = partobj
+        if not isinstance(self.device, (Partition, Disk, Array)):
+            raise ValueError(('partobj must be of type aif.disk.block.Partition, '
+                              'aif.disk.block.Disk, or aif.disk.mdadm.Array'))
         self.devpath = self.device.devpath
-        pass
+
+    def prepare(self):
+        # TODO: logging
+        subprocess.run(['mdadm', '--misc', '--zero-superblock', self.devpath])
+        return()
 
 class Array(object):
     def __init__(self, array_xml):
-        self.devpath = None
-        pass
+        self.xml = array_xml
+        self.id = array_xml.attrib['id']
+        self.level = int(array_xml.attrib['level'])
+        if self.level not in SUPPORTED_LEVELS:
+            raise ValueError('RAID level must be one of: {0}'.format(', '.join(SUPPORTED_LEVELS)))
+        self.devname = self.xml.attrib['name']
+        self.devpath = '/dev/md/{0}'.format(self.devname)
+        self.updateStatus()
+        self.members = []
+
+    def addMember(self, memberobj):
+        if not isinstance(memberobj, Member):
+            raise ValueError('memberobj must be of type aif.disk.mdadm.Member')
+
+    def assemble(self):
+        cmd = ['mdadm', '--assemble', self.devpath]
+        for m in self.members:
+            cmd.append(m.devpath)
+        subprocess.run(cmd)
+
+    def stop(self):
+        # TODO: logging
+        subprocess.run(['mdadm', '--stop', self.devpath])
+        return()
+
+    def updateStatus(self):
+        _info = mdstat.parse()
+        for k, v in _info['devices'].items():
+            if k != self.devname:
+                del(_info['devices'][k])
+        self.info = copy.deepcopy(_info)
+        return()
diff --git a/aif/envsetup.py b/aif/envsetup.py
index f59e846..60f0f72 100644
--- a/aif/envsetup.py
+++ b/aif/envsetup.py
@@ -13,8 +13,8 @@ import tempfile
 import venv
 
 # TODO: a more consistent way of managing deps?
-depmods = ['blkinfo', 'gpg', 'lxml', 'passlib', 'psutil',
-           'pyparted', 'pytz', 'requests', 'validators']
+depmods = ['blkinfo', 'gpg', 'lxml', 'mdstat', 'passlib', 'psutil',
+           'pyparted', 'pyroute2', 'pytz', 'requests', 'validators']
 
 class EnvBuilder(object):
     def __init__(self):
diff --git a/aif/system/__init__.py b/aif/system/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/aif/system/locales.py b/aif/system/locales.py
new file mode 100644
index 0000000..e69de29
diff --git a/aif/users.py b/aif/system/users.py
similarity index 100%
rename from aif/users.py
rename to aif/system/users.py
diff --git a/docs/examples/aif.xml b/docs/examples/aif.xml
index ab66868..23802ac 100644
--- a/docs/examples/aif.xml
+++ b/docs/examples/aif.xml
@@ -5,18 +5,35 @@
     <storage>
         <disk device="/dev/sda" diskFormat="gpt">
             <!-- Partitions are numbered *in the order they are specified*. -->
-            <part id="boot" name="BOOT" label="/boot" start="0%" stop="10%" fsType="ef00"/><!-- e.g. this would be /dev/sda1 -->
-            <part id="secrets1" name="crypted" label="shh" start="10%" stop="20%" fsType="8300"/>
-            <part id="lvm_member1" name="jbod" label="dynamic" start="20%" stop="30%" fsType="8300"/>
-            <part id="raid1_d1" start="30%" stop="55%" fsType="fd00"/>
-            <part id="raid1_d2" start="55%" stop="80%" fsType="fd00"/>
-            <part id="swap" start="80%" stop="100%" fsType="8200" />
+            <part id="boot" name="BOOT" label="/boot" start="0%" stop="10%"
+                  fsType="fat32"/><!-- e.g. this would be /dev/sda1 -->
+            <part id="secrets1" name="crypted" label="shh" start="10%" stop="20%" fsType="ext4"/>
+            <part id="lvm_member1" name="jbod" label="dynamic" start="20%" stop="30%" fsType="ext4"/>
+            <part id="raid1_d1" start="30%" stop="55%" fsType="ext4"/>
+            <part id="raid1_d2" start="55%" stop="80%" fsType="ext4"/>
+            <part id="swap" start="80%" stop="100%" fsType="linux-swap(v1)"/>
         </disk>
         <!-- "Special" devices are processed *in the order they are specified*. This is important if you wish to
              e.g. layer LUKS on top of LVM - you would specify <lvm> before <luks> and reference the
              <luksDev id="SOMETHING" ... > as <lvmLogical source="SOMETHING" ... />. -->
         <luks>
-            <luksDev id="luks_secrets" name="secrets" source="secrets1" secret="superSeekritPassword"/>
+            <luksDev id="luks_secrets" name="secrets" source="secrets1">
+                <!-- You can assign multiple secrets (or "keys") to a LUKS volume. -->
+                <secrets>
+                    <!-- A simple passphrase. -->
+                    <passphrase>secrets1</passphrase>
+                </secrets>
+                <secrets>
+                    <!-- A key that uses a keyfile on a mounted path. This example uses the passphrase in
+                         a plaintext file, which is in turn read by LUKS. -->
+                    <passphrase>secrets1</passphrase>
+                    <keyFile>/boot/.decrypt.plaintext</keyFile>
+                </secrets>
+                <secrets>
+                    <!-- This will generate a 4096-byte file of random data. -->
+                    <keyFile size="4096">/root/.decrypt.key</keyFile>
+                </secrets>
+            </luksDev>
         </luks>
         <lvm>
             <lvmGroup id="vg1" name="GroupName">
@@ -24,7 +41,9 @@
             </lvmGroup>
         </lvm>
         <mdadm>
-            <array id="mdadm1" name="extra_data" meta="1.2" level="1">
+            <!-- level can be 0, 1, 4, 5, or 6. RAID 10 would be done by creating an array with members of a
+                 previously assembled array. -->
+            <array id="mdadm1" name="md0" meta="1.2" level="1">
                 <member source="raid1_d1"/>
                 <member source="raid1_d2"/>
             </array>
@@ -40,48 +59,67 @@
                 <opt name="-L">seekrit</opt>
             </fs>
         </fileSystems>
-        <!-- And you use the id to reference mountpoints as well. -->
-        <mount source="luks_secrets" target="/mnt/aif" order="1">
-            <opt name="rw"/>
-            <opt name="relatime"/>
-            <opt name="compress">lzo</opt>
-            <opt name="ssd"/>
-            <opt name="space_cache"/>
-            <opt name="subvolid">5</opt>
-            <opt name="subvol">/</opt>
-        </mount>
-        <mount source="boot" target="/mnt/aif/boot" order="2" />
-        <mount source="swap" target="swap" order="3" />
-        <mount source="vg1" target="/mnt/aif/mnt/pool" order="4" />
-        <mount source="mdadm1" target="/mnt/aif/mnt/raid" order="5" />
+        <mountPoints>
+            <!-- And you use the id to reference mountpoints as well. -->
+            <mount source="luks_secrets" target="/mnt/aif">
+                <opt name="rw"/>
+                <opt name="relatime"/>
+                <opt name="compress">lzo</opt>
+                <opt name="ssd"/>
+                <opt name="space_cache"/>
+                <opt name="subvolid">5</opt>
+                <opt name="subvol">/</opt>
+            </mount>
+            <mount source="boot" target="/mnt/aif/boot"/>
+            <mount source="swap" target="swap"/>
+            <mount source="vg1" target="/mnt/aif/mnt/pool"/>
+            <mount source="mdadm1" target="/mnt/aif/mnt/raid"/>
+        </mountPoints>
     </storage>
     <network hostname="aiftest.square-r00t.net">
-        <iface device="auto" address="auto" netProto="ipv4" />
+        <iface device="auto">
+            <addresses>
+                <ipv4>
+                    <address>dhcp</address>
+                </ipv4>
+                <ipv6>
+                    <address>slaac</address>
+                    <address>fde4:16b9:654b:bbfa::15/64</address>
+                </ipv6>
+            </addresses>
+            <resolvers>
+                <resolver>8.8.8.8</resolver>
+            </resolvers>
+        </iface>
     </network>
-    <system timezone="EST5EDT" locale="en_US.UTF-8" chrootPath="/mnt/aif" reboot="0">
+    <system timezone="EST5EDT" chrootPath="/mnt/aif" reboot="0">
+        <locales>
+            <locale name="LANG">en_US.UTF-8</locale>
+        </locales>
         <!-- note: all password hashes below are "test"; don't waste your time trying to crack. :) -->
         <users rootPass="$6$3YPpiS.l3SQC6ELe$NQ4qMvcDpv5j1cCM6AGNc5Hyg.rsvtzCt2VWlSbuZXCGg2GB21CMUN8TMGS35tdUezZ/n9y3UFGlmLRVWXvZR.">
             <user name="aifusr"
+                  home="/opt/aifusr"
                   sudo="true"
                   password="$6$WtxZKOyaahvvWQRG$TUys60kQhF0ffBdnDSJVTA.PovwCOajjMz8HEHL2H0ZMi0bFpDTQvKA7BqzM3nA.ZMAUxNjpJP1dG/eA78Zgw0"
                   comment="A test user for AIF.">
-                <home path="/opt/aifusr" create="true" />
-                <xGroup name="admins" create="true" />
-                <xGroup name="wheel" />
-                <xGroup name="users" />
+                <xGroup name="admins" create="true"/>
+                <xGroup name="wheel"/>
+                <xGroup name="users"/>
             </user>
         </users>
-        <service name="sshd" status="0" />
+        <service name="sshd" status="0"/>
     </system>
     <pacman>
         <repos>
-            <repo name="core" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist" />
-            <repo name="extra" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist" />
-            <repo name="community" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist" />
-            <repo name="multilib" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist" />
-            <repo name="testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist" />
-            <repo name="multilib-testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist" />
-            <repo name="archlinuxfr" enabled="false" sigLevel="Optional TrustedOnly" mirror="http://repo.archlinux.fr/$arch" />
+            <repo name="core" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
+            <repo name="extra" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
+            <repo name="community" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
+            <repo name="multilib" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
+            <repo name="testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
+            <repo name="multilib-testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
+            <repo name="archlinuxfr" enabled="false" sigLevel="Optional TrustedOnly"
+                  mirror="http://repo.archlinux.fr/$arch"/>
         </repos>
         <mirrorList>
             <mirror>http://arch.mirror.square-r00t.net/$repo/os/$arch</mirror>
@@ -92,17 +130,17 @@
             <mirror>http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch</mirror>
         </mirrorList>
         <software>
-            <package name="sed" repo="core" />
-            <package name="python" />
-            <package name="perl" />
-            <package name="openssh" />
+            <package name="sed" repo="core"/>
+            <package name="python"/>
+            <package name="perl"/>
+            <package name="openssh"/>
         </software>
     </pacman>
-    <bootloader type="grub" target="/boot" efi="true" />
+    <bootloader type="grub" target="/boot" efi="true"/>
     <scripts>
-        <script uri="https://aif.square-r00t.net/sample-scripts/post/first.sh" order="1" execution="post" />
-        <script uri="https://aif.square-r00t.net/sample-scripts/pre/second.pl" order="2" execution="pre" />
-        <script uri="https://aif.square-r00t.net/sample-scripts/pre/first.sh" order="1" execution="pre" />
-        <script uri="https://aif.square-r00t.net/sample-scripts/post/second.py" order="2" execution="post" />
+        <script uri="https://aif.square-r00t.net/sample-scripts/post/first.sh" order="1" execution="post"/>
+        <script uri="https://aif.square-r00t.net/sample-scripts/pre/second.pl" order="2" execution="pre"/>
+        <script uri="https://aif.square-r00t.net/sample-scripts/pre/first.sh" order="1" execution="pre"/>
+        <script uri="https://aif.square-r00t.net/sample-scripts/post/second.py" order="2" execution="post"/>
     </scripts>
 </aif>
diff --git a/setup.py b/setup.py
index 61c7197..75a1fcc 100644
--- a/setup.py
+++ b/setup.py
@@ -31,6 +31,6 @@ setuptools.setup(
         project_urls = {'Documentation': 'https://aif-ng.io/',
                         'Source': 'https://git.square-r00t.net/AIF-NG/',
                         'Tracker': 'https://bugs.square-r00t.net/index.php?project=9'},
-        install_requires = ['blkinfo', 'gpg', 'lxml', 'passlib', 'psutil',
-                            'pyparted', 'pytz', 'requests', 'validators']
+        install_requires = ['blkinfo', 'gpg', 'lxml', 'mdstat', 'passlib', 'psutil',
+                            'pyparted', 'pyroute2', 'pytz', 'requests', 'validators']
         )