diff --git a/modules/01-system-settings.sh b/modules/01-system-settings.sh
index f67672a..c0cd6df 100755
--- a/modules/01-system-settings.sh
+++ b/modules/01-system-settings.sh
@@ -30,28 +30,28 @@ function getQuestions() {
 }
 
 function quitSystemPreferences() {
- indicateActivity -- osascript,-e,'tell application "System Preferences" to quit' 'Quitting System Preferences'
+ indicateActivity -- 'Quitting System Preferences' osascript -e 'tell application "System Preferences" to quit'
 }
 
 function setComputerName() {
   scutil --set ComputerName "${hostname}"
   scutil --set HostName "${hostname}"
   scutil --set LocalHostName "${hostname}"
-  systemsetup -setcomputername "${hostname}" > /dev/null 2>&1
-  systemsetup -setlocalsubnetname "${hostname}" > /dev/null 2>&1
+  systemsetup -setcomputername "${hostname}"
+  systemsetup -setlocalsubnetname "${hostname}"
 }
 
 function configureComputerHostname() {
   local currentComputerName="`scutil --get ComputerName`"
   if [[ "${currentComputerName}" != "${hostname}" ]]; then
     lop -- -i 'Hostname of computer has not been set.' -i "Will set to ${hostname}."
-    indicateActivity -- setComputerName 'Setting computer name'
+    indicateActivity -- 'Set computer name' setComputerName
   else
     lop -- -i 'Hostname of computer seems to have already been set. Skipping.' -i "Hostname: $currentComputerName"
   fi
 }
 
-function _configureBasicSystem(){
+function configureBasicSystem(){
   # Disable the sound effects on boot
   nvram SystemAudioVolume=" "
 
@@ -65,11 +65,7 @@ function _configureBasicSystem(){
   systemsetup -setremoteappleevents off >&! /dev/null
 }
 
-function configureBasicSystem(){
-  indicateActivity -- _configureBasicSystem 'Configuring systemsetup and nvram'
-}
-
-function _configurePowerManagement() {
+function configurePowerManagement() {
   cmd=(pmset -a)
   ${cmd} displaysleep 0
   ${cmd} disksleep 0
@@ -77,7 +73,7 @@ function _configurePowerManagement() {
   ${cmd} womp 0
   ${cmd} acwake 0
   ${cmd} proximitywake 0
-  ${cmd} destroyfvkeyonstandby 1 > /dev/null
+  ${cmd} destroyfvkeyonstandby 1
   pmset -b acwake 1
   ${cmd} lidwake 1
   ${cmd} halfdim 1
@@ -85,11 +81,7 @@ function _configurePowerManagement() {
   ${cmd} hibernatemode 0
 }
 
-function configurePowerManagement() {
-  indicateActivity -- _configurePowerManagement 'Configuring power management'
-}
-
-function _configureLoginWindow() {
+function configureLoginWindow() {
   cmd=(defaults write '/Library/Preferences/com.apple.loginwindow')
   ${cmd} DisableFDEAutoLogin -bool true
   ${cmd} SHOWFULLNAME -bool false
@@ -97,19 +89,14 @@ function _configureLoginWindow() {
   ${cmd} GuestEnabled -bool false
 }
 
-function configureLoginWindow() {
-  indicateActivity -- _configureLoginWindow 'Configuring login window'
-}
-
 function configure_system() {
   lop -y h1 -- -i 'Configure System Settings'
   quitSystemPreferences
   configureComputerHostname
-  configureBasicSystem
-  configurePowerManagement
-  configureLoginWindow
-
-  indicateActivity -- launchctl,config,user,umask,027 'Configuring global umask'
+  indicateActivity -- 'Configuring systemsetup and nvram' configureBasicSystem
+  indicateActivity -- 'Configuring power management' configurePowerManagement
+  indicateActivity -- 'Configuring login window' configureLoginWindow
+  indicateActivity -- 'Configure global umask' launchctl config user umask 027
 }
 
 function getUsage() {
diff --git a/modules/02-create-filevault-user.sh b/modules/02-create-filevault-user.sh
index f671000..c1def26 100755
--- a/modules/02-create-filevault-user.sh
+++ b/modules/02-create-filevault-user.sh
@@ -20,12 +20,15 @@ function getDefaultUsername() {
   print "${username}"
 }
 
+function isAPFSFilesystem() {
+  [[ $(diskutil info / | awk 'sub(/File System Personality: /,""){print $0}') = *APFS* ]]
+}
+
 function getUsersWithSecureToken() {
-  local username
-  for username in ${(f)"$(dscl . -list /Users | grep -v '^_.*')"}; do
-    indicateActivity -- checkSecureTokenForUser,${username} \
-      "Checking if user ${username} has a secure token set" && \
-      secureTokenUsers+=("${username}")
+  local username uuid
+  for uuid in ${$(diskutil apfs listUsers / | awk '/\+\-\-/ {print $2}')}; do
+    username="$(dscl . -search /Users GeneratedUID ${uuid} | awk 'NR==1{print $1}')"
+    checkSecureTokenForUser ${username} && secureTokenUsers+=("${username}")
   done
 }
 
@@ -35,7 +38,7 @@ function getDefaultUserPictures() {
   popd -q
 }
 
-function _convertPathToDefaultPicture() {
+function convertPathToDefaultPicture() {
   local resolved=''
   lop -- -d 'Converting path' -d "${filevault_picture}" -d 'to default picture path if necessary.'
   if [ -r "${filevault_picture}" ]; then
@@ -49,10 +52,6 @@ function _convertPathToDefaultPicture() {
   [ -n "${resolved}" -a -r "${resolved}" ] && filevault_picture="${resolved}"
 }
 
-function convertPathToDefaultPicture() {
-  indicateActivity -- _convertPathToDefaultPicture "Resolving path of picture ${filevault_picture}"
-}
-
 function _isPathToPicture() {
   local filevault_picture=$1
   convertPathToDefaultPicture
@@ -61,7 +60,7 @@ function _isPathToPicture() {
 }
 
 function isPathToPicture() {
-  indicateActivity -- _isPathToPicture,$1 "Verifying $1 as picture path"
+  indicateActivity -- "Verifying $1 as picture path" _isPathToPicture $1
 }
 
 function _checkSecureTokenForUser() {
@@ -71,15 +70,20 @@ function _checkSecureTokenForUser() {
 
 function checkSecureTokenForUser() {
   local u=$1
-  indicateActivity -- _checkSecureTokenForUser,$u "Checking if user $u has a secure token set"
+  indicateActivity -- "Checking if user $u has a secure token set" _checkSecureTokenForUser $u
 }
 
-function _checkSecureTokenUserPassword() {
-  dscl . -authonly "${secure_token_user_username}" "${secure_token_user_password}" >&! /dev/null
+function _checkUserPassword() {
+  local username=$1 password=$2
+  dscl . -authonly ${username} ${password} >&! /dev/null
 }
 
 function checkSecureTokenUserPassword() {
-  indicateActivity -- _checkSecureTokenUserPassword "Checking secure token password for user ${secure_token_user_username}"
+  indicateActivity -- "Checking password for user ${secure_token_user_username}" _checkUserPassword ${secure_token_user_username} ${secure_token_user_password}
+}
+
+function checkFileVaultUserPassword() {
+  indicateActivity -- "Checking password for user ${filevault_username}" _checkUserPassword ${filevault_username} ${filevault_password}
 }
 
 function _doesFileVaultUserExist() {
@@ -87,19 +91,20 @@ function _doesFileVaultUserExist() {
 }
 
 function doesFileVaultUserExist() {
-  indicateActivity -- _doesFileVaultUserExist "Checking if ${filevault_username} already exists"
+  indicateActivity -- "Checking if ${filevault_username} already exists" _doesFileVaultUserExist
 }
 
 function _createFileVaultUser() {
-  local un=${filevault_username} fn=${filevault_fullname} pw=${filevault_password}
+  local un=${filevault_username} fn=${filevault_fullname} pw=${filevault_password} result=
   lop -- -d 'Creating FileVault user' -d "${un}"
   sysadminctl -addUser ${un} -fullName ${fn} -shell /usr/bin/false -home /var/empty -password ${pw} -picture ${filevault_picture}
+  result=$?
   lop -- -d 'Return value of sysadminctl is ' -d "$?"
-  return 0
+  return $result
 }
 
 function createFileVaultUser() {
-  indicateActivity -- _createFileVaultUser "Creating FileVault user ${filevault_username}"
+  indicateActivity -- "Creating FileVault user ${filevault_username}" _createFileVaultUser
 }
 
 function _configureFileVaultUser() {
@@ -109,73 +114,86 @@ function _configureFileVaultUser() {
 }
 
 function configureFileVaultUser() {
-  indicateActivity -- _configureFileVaultUser "Configuring FileVault user ${filevault_username}"
+  indicateActivity -- "Configuring FileVault user ${filevault_username}" _configureFileVaultUser
 }
 
 function configureSecureToken() {
   local un=${filevault_username} up=${filevault_password}
   local stun=${secure_token_user_username} stup=${secure_token_user_password}
-  sysadminctl -secureTokenOn ${un} -password ${up} -adminUser ${stun} -adminPassword "${stup}"
+  sysadminctl -secureTokenOn "${un}" -password "${up}" -adminUser "${stun}" -adminPassword "${stup}"
 }
 
 function canUserUnlockDisk() {
   local username=$1
   for fdeuser in ${(f)"$(fdesetup list | cut -d',' -f1)"}; do
-    [ "${fdeuser}" = "${username}" ] && return
+    [[ ${fdeuser} = ${username} ]] && return
   done
-  return -1
+  return 1
 }
 
-function _allowOrEnableDiskUnlock() {
-  local username="${1}" password="${2}" verb=enable
-  if fdesetup isactive >&! /dev/null; then
-    verb=add
-    canUserUnlockDisk "${username}" && return
-  fi
-  echo "
-  <?xml version="1.0" encoding=\"UTF-8\"?>
-<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
-<plist version=\"1.0\">
-<dict>
-<key>Username</key>
-<string>${username}</string>
-<key>Password</key>
-<string>${password}</string>
-</dict>
-</plist>
-" | fdesetup "${verb}" -inputplist
+function getFDESetupXMLForUser() {
+  local username="${1}" password="${2}"
+  cat <<- XML
+	<?xml version="1.0" encoding=\"UTF-8\"?>
+	<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
+	<plist version=\"1.0\">
+	<dict>
+	<key>Username</key>
+	<string>${username}</string>
+	<key>Password</key>
+	<string>${password}</string>
+	</dict>
+	</plist>
+	XML
 }
 
-function allowOrEnableDiskUnlock() {
-  local un="${1}" pw="${2}" action='Activate FileVault and allow'
-  fdesetup isactive >&! /dev/null && action='Allow'
-  indicateActivity -- _allowOrEnableDiskUnlock,$un,$pw "${action} ${un} to unlock disk"
+function _enableFileVaultForSecureTokenUser() {
+  local username="${1}" password="${2}"
+  getFDESetupXMLForUser "${username}" "${password}" | fdesetup enable -inputplist
+}
+
+function enableFileVaultForSecureTokenUser() {
+  fdesetup isactive >&! /dev/null && return
+  indicateActivity -- "Enable FileVault for secure token" _enableFileVaultForSecureTokenUser ${secure_token_user_username} ${secure_token_user_password}
+}
+
+function _allowUserToUnlockDisk() {
+  local username="${1}" password="${2}"
+  getFDESetupXMLForUser ${username} ${password} | fdesetup add -inputplist
+}
+
+function allowFileVaultUserToUnlockDisk() {
+  indicateActivity -- "Allow FileVault user to unlock disk" _allowUserToUnlockDisk ${filevault_username} ${filevault_password}
 }
 
 function _allowOnlyFileVaultUserToUnlock() {
-  local username="${1}"
   local fdeuser
   for fdeuser in ${(f)"$(fdesetup list | cut -d',' -f1)"}; do
-    [ "${fdeuser}" != "${username}" ] && fdesetup remove -user "${fdeuser}"
+   [[ ${fdeuser} != ${filevault_username} ]] && fdesetup remove -user "${fdeuser}"
   done
   return 0
 }
 
 function allowOnlyFileVaultUserToUnlock() {
-  indicateActivity -- _allowOnlyFileVaultUserToUnlock,$1 "Disallow everyone else from unlocking disk"
+  indicateActivity -- "Disallow everyone else from unlocking disk" _allowOnlyFileVaultUserToUnlock
 }
 
 function configure_system() {
   lop -y h1 -- -i 'Setup FileVault System'
   checkSecureTokenForUser "${secure_token_user_username}" || { lop -- -e 'The provided secure token user has no secure token.'; return 10 }
   checkSecureTokenUserPassword || { lop -- -e 'The secure token user password is incorrect.'; return 11 }
-  convertPathToDefaultPicture
+  indicateActivity -- "Resolving path of picture ${filevault_picture}" convertPathToDefaultPicture
   isPathToPicture "${filevault_picture}" || { lop -- -e 'The provided FileVault user picture is not a valid path to a TIF, PNG or JPEG file.'; return 12 }
 
-  doesFileVaultUserExist || createFileVaultUser
+  if doesFileVaultUserExist; then
+    checkFileVaultUserPassword || { lop -- -e 'The FileVault user password is incorrect.'; return 13 }
+  else
+    createFileVaultUser
+  fi
   configureFileVaultUser
+  enableFileVaultForSecureTokenUser
   checkSecureTokenForUser "${filevault_username}" || configureSecureToken
-  allowOrEnableDiskUnlock "${filevault_username}" "${filevault_password}"
+  canUserUnlockDisk ${filevault_username} || allowFileVaultUserToUnlockDisk
   allowOnlyFileVaultUserToUnlock "${filevault_username}"
 }
 
@@ -191,13 +209,18 @@ function getQuestionsPrerequisites() {
   cmds=(
     [find]=''
     [dscl]=''
+    [dseditgroup]=''
+    [awk]=''
+    [diskutil]=''
     [sysadminctl]=''
   )
+  isAPFSFilesystem || { lop -- -e 'This module requires an APFS filesystem.'; return 10 }
 }
 
 function getExecPrerequisites() {
   cmds=(
     [cut]=''
+    [cat]=''
     [fdesetup]=''
     [base64]=''
     [dsimport]=''
diff --git a/modules/03-install-brew.sh b/modules/03-install-brew.sh
index a63286b..9eb9414 100755
--- a/modules/03-install-brew.sh
+++ b/modules/03-install-brew.sh
@@ -47,7 +47,7 @@ function createHomebrewUser() {
 function createHomebrewUserIfNeccessary() {
   if ! doesUserExist ${homebrew_username}; then
     lop -y body:warn -y body -- -i "No Homebrew user named ${homebrew_username} found." -i 'Will create user.'
-    indicateActivity createHomebrewUser,${homebrew_username} 'Creating Homebrew user' || return 10
+    indicateActivity 'Creating Homebrew user' createHomebrewUser ${homebrew_username} || return 10
   else
     lop -y body:note -y body -- -i "Homebrew user named ${homebrew_username} already exists." -i 'Skipping.'
   fi
@@ -122,10 +122,10 @@ function configureInstallPrefix() {
   local dirPath=$1
   if [[ -d "${dirPath}" ]]; then
     lop -y body -- -d "Install prefix at ${dirPath} already exists. Will correct permissions of possible enclosed folders."
-    indicateActivity fixInstallPrefixPermissions 'Correct permissions of possible enclosed folders'
+    indicateActivity 'Correct permissions of possible enclosed folders' fixInstallPrefixPermissions
   else
     lop -y body -- -d "Install prefix at ${dirPath} does not exist. Will create it."
-    indicateActivity createInstallPrefix 'Creating install prefix'
+    indicateActivity 'Creating install prefix' createInstallPrefix
   fi
 }
 
@@ -233,18 +233,18 @@ function tapHomebrewCaskFonts() {
 function configure_system() {
   lop -y h1 -- -i 'Install System Homebrew'
   createHomebrewUserIfNeccessary || return 10
-  indicateActivity ensureUserIsInAdminGroup,${homebrew_username} 'Ensure Homebrew user is in admin group' || return 11
-  indicateActivity ensureUserCannotRunSudo,${homebrew_username} 'Ensure Homebrew user can not run sudo' || return 12
+  indicateActivity 'Ensure Homebrew user is in admin group' ensureUserIsInAdminGroup ${homebrew_username} || return 11
+  indicateActivity 'Ensure Homebrew user can not run sudo' ensureUserCannotRunSudo ${homebrew_username} || return 12
   configureInstallPrefix ${homebrew_prefix} || return 13
   ensureHomebrewCacheDirectory || return 14
   ensureHomebrewLogDirectory || return 15
-  indicateActivity downloadHomebrew 'Downloading Homebrew' || return 16
-  indicateActivity createBrewCallerScript 'Create brew caller script' || return 17
-  indicateActivity installHomebrewCore 'Install Homebrew core' || return 18
-  indicateActivity installHomebrewUpdater 'Install Homebrew updater' || return 19
+  indicateActivity 'Downloading Homebrew' downloadHomebrew || return 16
+  indicateActivity 'Create brew caller script' createBrewCallerScript || return 17
+  indicateActivity 'Install Homebrew core' installHomebrewCore || return 18
+  indicateActivity 'Install Homebrew updater' installHomebrewUpdater || return 19
   pushd -q /
-  indicateActivity tapHomebrewCask 'Tapping homebrew/cask' || return 20
-  indicateActivity tapHomebrewCaskFonts 'Tapping homebrew/cask-fonts' || return 21
+  indicateActivity 'Tapping homebrew/cask' tapHomebrewCask || return 20
+  indicateActivity 'Tapping homebrew/cask-fonts' tapHomebrewCaskFonts || return 21
   popd -q
 }
 
diff --git a/modules/04-install-brew-apps.sh b/modules/04-install-brew-apps.sh
index f062e4a..c3441b3 100755
--- a/modules/04-install-brew-apps.sh
+++ b/modules/04-install-brew-apps.sh
@@ -4,7 +4,7 @@
 function brewInstall() {
   local identifier="$1"
   local cask="${2:+--cask}"
-  indicateActivity ${homebrew_path},install,-q,${cask},${identifier} "Installing ${identifier} ${cask:+ (Cask)}"
+  indicateActivity -- "Installing ${identifier} ${cask:+ (Cask)}" ${homebrew_path} install -q ${cask} ${identifier}
 }
 
 function installCask() {
@@ -45,9 +45,9 @@ function patchParallels() {
 
 function installParallels() {
   local inittoolPath='/Applications/Parallels Desktop.app/Contents/MacOS/inittool'
-  indicateActivity patchParallels 'Patching Parallels' || return 0
+  indicateActivity -- 'Patching Parallels' patchParallels || return 0
   installCask parallels
-  [ -x "${inittoolPath}" ] && indicateActivity "${inittoolPath}",init 'Running Parallels inittool'
+  [ -x "${inittoolPath}" ] && indicateActivity -- 'Running Parallels inittool'  ${inittoolPath}  init 
 }
 
 function installCasks() {
diff --git a/modules/05-install-remap-keys.sh b/modules/05-install-remap-keys.sh
index c12f100..efae84f 100755
--- a/modules/05-install-remap-keys.sh
+++ b/modules/05-install-remap-keys.sh
@@ -98,10 +98,10 @@ function configure_system() {
   local remapKeysPath="${dstDir}/remap-keys"
   local launchDaemonPath="/Library/LaunchDaemons/${serviceName}.plist"
   ensurePathOrLogError ${dstDir} 'Could not install remap-keys.' || return 10
-  [[ -x ${remapKeysPath} ]] || indicateActivity createRemapKeysBinary 'Create remap-keys executable'
+  [[ -x ${remapKeysPath} ]] || indicateActivity -- 'Create remap-keys executable' createRemapKeysBinary
   [[ -x ${xpcConsumerPath} ]] || createXPCConsumer 'Create XPC event consuer'
   [[ -f ${launchDaemonPath} ]] || createLaunchDaemon 'Create Launch Daemon'
-  indicateActivity enableLaunchDaemon 'Enable Launch Daemon'
+  indicateActivity -- 'Enable Launch Daemon' enableLaunchDaemon
 }
 
 function getExecPrerequisites() {
diff --git a/modules/06-install-mas-apps.sh b/modules/06-install-mas-apps.sh
index 15d8f33..c9eedcc 100755
--- a/modules/06-install-mas-apps.sh
+++ b/modules/06-install-mas-apps.sh
@@ -5,7 +5,7 @@ function installMASApp() {
   local currentUser="`who am i | cut -d' ' -f1`"
   local appName="$1"
   local id="$2"
-  indicateActivity sudo,-u,${currentUser},mas,install,${id} "Install ${appName} app"
+  indicateActivity "Install ${appName} app" sudo -u ${currentUser} mas install ${id}
 }
 
 function configure_system() {
diff --git a/modules/07-install-binaries.sh b/modules/07-install-binaries.sh
index f786992..eea27d2 100755
--- a/modules/07-install-binaries.sh
+++ b/modules/07-install-binaries.sh
@@ -9,7 +9,7 @@ function ensureRightAccess() {
 
 function copyUtilityBinaries() {
   for file in ${_DIR}/../bin/*; do
-    indicateActivity cp,${file},${dstDir} "Copying ${file##*/}"
+    indicateActivity "Copying ${file##*/}" cp ${file} ${dstDir}
     ensureRightAccess ${file}
   done
 }
@@ -17,7 +17,7 @@ function copyUtilityBinaries() {
 function installDocopts() {
   local destPath='/usr/local/bin/docopts'
   [[ -x ${destPath} ]] && return
-  indicateActivity curl,--output,${destPath},-fsSL,"${docopts_url}" 'Downloading docpts' || return
+  indicateActivity 'Downloading docpts' curl --output ${destPath} -fsSL ${docopts_url} || return
   chown root:admin ${destPath}
   chmod 755 ${destPath}
 }
diff --git a/modules/08-install-zsh-libraries.sh b/modules/08-install-zsh-libraries.sh
index 93571aa..d3ac652 100755
--- a/modules/08-install-zsh-libraries.sh
+++ b/modules/08-install-zsh-libraries.sh
@@ -26,8 +26,8 @@ function configure_system() {
   local libs=()
   ensurePathOrLogError ${libDir} 'Could not install zsh libraries.' || return 10
   lop -- -d "ASTZWEIG_ZSHLIB is ${ASTZWEIG_ZSHLIB}"
-  indicateActivity installZshlib 'Install zshlib'
-  indicateActivity modifyGlobalFpath 'Modify global fpath'
+  indicateActivity 'Install zshlib' installZshlib
+  indicateActivity 'Modify global fpath' modifyGlobalFpath
 }
 
 function getExecPrerequisites() {
diff --git a/zshlib b/zshlib
index 80c0fdc..e9b0864 160000
--- a/zshlib
+++ b/zshlib
@@ -1 +1 @@
-Subproject commit 80c0fdca7b106290bbcf02897bec9dc6b3fb5a0a
+Subproject commit e9b08647c5703d9af3b6f5172dd1822f774397f6