diff --git a/files.nix b/files.nix
index 9110e8c..48f8a9c 100644
--- a/files.nix
+++ b/files.nix
@@ -5,7 +5,7 @@ in
 {
   systemd.tmpfiles.rules =
     let
-      nextcloudDBPass = builtins.replaceStrings [ "\n" "\"" "\\" "%" ] [ "\\n" "\\\"" "\\\\" "%%" ] (builtins.fromJSON (builtins.readFile ./userdata/userdata.json).nextcloud.databasePassword);
+      nextcloudDBPass = builtins.replaceStrings [ "\n" "\"" "\\" "%" ] [ "\\n" "\\\"" "\\\\" "%%" ] (builtins.fromJSON (builtins.readFile ./userdata/userdata.json)).nextcloud.databasePassword;
       nextcloudAdminPass = builtins.replaceStrings [ "\n" "\"" "\\" "%" ] [ "\\n" "\\\"" "\\\\" "%%" ] cfg.nextcloud.adminPassword;
       resticPass = builtins.replaceStrings [ "\n" "\"" "\\" "%" ] [ "\\n" "\\\"" "\\\\" "%%" ] cfg.resticPassword;
       domain = builtins.replaceStrings [ "\n" "\"" "\\" "%" ] [ "\\n" "\\\"" "\\\\" "%%" ] cfg.domain;
diff --git a/variables.nix b/variables.nix
index eaca80e..81a9283 100644
--- a/variables.nix
+++ b/variables.nix
@@ -1,130 +1,58 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
   jsonData = builtins.fromJSON (builtins.readFile ./userdata/userdata.json);
 in
 {
   services.userdata = {
-    hostname = (if jsonData ? "hostname" then jsonData.hostname else null);
-    domain = (if jsonData ? "domain" then jsonData.domain else null);
-    timezone = (if jsonData ? "timezone" then jsonData.timezone else "Europe/Uzhgorod");
+    hostname = lib.attrsets.attrByPath [ "hostname" ] null jsonData;
+    domain = lib.attrsets.attrByPath [ "domain" ] null jsonData;
+    timezone = lib.attrsets.attrByPath [ "timezone" ] "Europe/Uzhgorod" jsonData;
     autoUpgrade = {
-      enable = (
-        if (jsonData ? "autoUpgrade" && jsonData.autoUpgrade ? "enable")
-        then jsonData.autoUpgrade.enable
-        else true
-      );
-      allowReboot = (
-        if (jsonData ? "autoUpgrade" && jsonData.autoUpgrade ? "allowReboot")
-        then jsonData.autoUpgrade.allowReboot
-        else true
-      );
+      enable = lib.attrsets.attrByPath [ "autoUpgrade" "enable" ] true jsonData;
+      allowReboot = lib.attrsets.attrByPath [ "autoUpgrade" "allowReboot" ] true jsonData;
     };
-    username = (if jsonData ? "username" then jsonData.username else null);
-    hashedMasterPassword = (if jsonData ? "hashedMasterPassword" then jsonData.hashedMasterPassword else null);
-    sshKeys = (if jsonData ? "sshKeys" then jsonData.sshKeys else [ ]);
+    username = lib.attrsets.attrByPath [ "username" ] null jsonData;
+    hashedMasterPassword = lib.attrsets.attrByPath [ "hashedMasterPassword" ] null jsonData;
+    sshKeys = lib.attrsets.attrByPath [ "sshKeys" ] [] jsonData;
     api = {
       token = jsonData.api.token;
-      enableSwagger = (
-        if (jsonData ? "api" && jsonData.api ? "enableSwagger")
-        then jsonData.api.enableSwagger
-        else false
-      );
-      skippedMigrations = (
-        if (jsonData ? "api" && jsonData.api ? "skippedMigrations")
-        then jsonData.api.skippedMigrations
-        else [ ]
-      );
+      enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData;
+      skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [] jsonData;
     };
     backblaze = {
-      bucket = (
-        if (jsonData ? "backblaze" && jsonData.backblaze ? "bucket")
-        then jsonData.backblaze.bucket
-        else ""
-      );
-      accountId = (
-        if (jsonData ? "backblaze" && jsonData.backblaze ? "accountId")
-        then jsonData.backblaze.accountId
-        else ""
-      );
-      accountKey = (
-        if (jsonData ? "backblaze" && jsonData.backblaze ? "accountKey")
-        then jsonData.backblaze.accountKey
-        else ""
-      );
+      bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData;
+      accountId = lib.attrsets.attrByPath [ "backblaze" "accountId" ] "" jsonData;
+      accountKey = lib.attrsets.attrByPath [ "backblaze" "accountKey" ] "" jsonData;
     };
     cloudflare = {
-      apiKey = (
-        if (jsonData ? "cloudflare" && jsonData.cloudflare ? "apiKey")
-        then jsonData.cloudflare.apiKey
-        else null
-      );
+      apiKey = lib.attrsets.attrByPath [ "cloudflare" "apiKey" ] "" jsonData;
     };
-    databasePassword = (if jsonData ? "databasePassword" then jsonData.databasePassword else null);
+    databasePassword = lib.attrsets.attrByPath [ "databasePassword" ] null jsonData;
     bitwarden = {
-      enable = (
-        if (jsonData ? "bitwarden" && jsonData.bitwarden ? "enable")
-        then jsonData.bitwarden.enable
-        else false
-      );
+      enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData;
     };
     gitea = {
-      enable = (
-        if (jsonData ? "gitea" && jsonData.gitea ? "enable")
-        then jsonData.gitea.enable
-        else false
-      );
+      enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData;
     };
     nextcloud = {
-      enable = (
-        if (jsonData ? "nextcloud" && jsonData.nextcloud ? "enable")
-        then jsonData.nextcloud.enable
-        else false
-      );
-      adminPassword = (
-        if (jsonData ? "nextcloud" && jsonData.nextcloud ? "adminPassword")
-        then jsonData.nextcloud.adminPassword
-        else null
-      );
+      enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData;
+      adminPassword = lib.attrsets.attrByPath [ "nextcloud" "adminPassword" ] "" jsonData;
     };
     pleroma = {
-      enable = (
-        if (jsonData ? "pleroma" && jsonData.pleroma ? "enable")
-        then jsonData.pleroma.enable
-        else false
-      );
+      enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData;
     };
     jitsi = {
-      enable = (
-        if (jsonData ? "jitsi" && jsonData.jitsi ? "enable")
-        then jsonData.jitsi.enable
-        else false
-      );
+      enable = lib.attrsets.attrByPath [ "jitsi" "enable" ] false jsonData;
     };
     ocserv = {
-      enable = (
-        if (jsonData ? "ocserv" && jsonData.ocserv ? "enable")
-        then jsonData.ocserv.enable
-        else false
-      );
+      enable = lib.attrsets.attrByPath [ "ocserv" "enable" ] false jsonData;
     };
-    resticPassword = (if jsonData ? "resticPassword" then jsonData.resticPassword else null);
+    resticPassword = lib.attrsets.attrByPath [ "resticPassword" ] null jsonData;
     ssh = {
-      enable = (
-        if (jsonData ? "ssh" && jsonData.ssh ? "enable")
-        then jsonData.ssh.enable
-        else true
-      );
-      rootKeys = (
-        if (jsonData ? "ssh" && jsonData.ssh ? "rootKeys")
-        then jsonData.ssh.rootKeys
-        else [ "" ]
-      );
-      passwordAuthentication = (
-        if (jsonData ? "ssh" && jsonData.ssh ? "passwordAuthentication")
-        then jsonData.ssh.passwordAuthentication
-        else true
-      );
+      enable = lib.attrsets.attrByPath [ "ssh" "enable" ] true jsonData;
+      rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData;
+      passwordAuthentication = lib.attrsets.attrByPath [ "ssh" "passwordAuthentication" ] true jsonData;
     };
-    users = (if jsonData ? "users" then jsonData.users else [ ]);
+    users = lib.attrsets.attrByPath [ "users" ] [] jsonData;
   };
 }