diff --git a/cmd/wrench/main.go b/cmd/wrench/main.go
index e61d69d..1486d78 100644
--- a/cmd/wrench/main.go
+++ b/cmd/wrench/main.go
@@ -6,24 +6,14 @@ import "flag"
 import "strconv"
 import "os/exec"
 import "os/user"
+import "hnakra/cli"
 import "path/filepath"
 import "golang.org/x/crypto/bcrypt"
 
-func printErr (format string, values ...any) {
-	fmt.Fprintf (
-		flag.CommandLine.Output(),
-		os.Args[0] + ": " + format + "\n",
-		values...)
-}
-
-func serviceUser (service string) string {
-	return "hn-" + service
-}
-
 func tryCommand (cmd *exec.Cmd, failReason string) {
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		printErr("%s: %s", failReason, string(output))
+		cli.Sayf("%s: %s\n", failReason, string(output))
 		os.Exit(1)
 	}
 }
@@ -31,13 +21,13 @@ func tryCommand (cmd *exec.Cmd, failReason string) {
 func ownOne (path string, uid, gid int) {
 	file, err := os.Stat(path)
 	if err != nil {
-		printErr("could not stat %s: %v", path, err)
+		cli.Sayf("could not stat %s: %v\n", path, err)
 		return
 	}
 
 	err = os.Chown(path, uid, gid)
 	if err != nil {
-		printErr("could not change ownership of %s: %v", path, err)
+		cli.Sayf("could not change ownership of %s: %v\n", path, err)
 		return
 	}
 
@@ -47,7 +37,7 @@ func ownOne (path string, uid, gid int) {
 		err = os.Chmod(path, 0660)
 	}
 	if err != nil {
-		printErr("could not change mode of %s: %v", path, err)
+		cli.Sayf("could not change mode of %s: %v\n", path, err)
 		return
 	}
 }
@@ -55,23 +45,22 @@ func ownOne (path string, uid, gid int) {
 func main () {
 	user, err := user.Current()
 	if err != nil {
-		printErr("could not get username %v", err)
+		cli.Sayf("could not get username %v\n", err)
 		os.Exit(1)
 	}
 
 	flag.Usage = func () {
-		out := flag.CommandLine.Output()
-		fmt.Fprintf(out, "Usage of %s:\n", os.Args[0])
-		fmt.Fprintf(out, "  hash\n")
-		fmt.Fprintf(out, "    Generate a bcrypt hash of a key\n")
-		fmt.Fprintf(out, "  adduser\n")
-		fmt.Fprintf(out, "    Add a system user to run a service as\n")
-		fmt.Fprintf(out, "  deluser\n")
-		fmt.Fprintf(out, "    Remove a user added with adduser\n")
-		fmt.Fprintf(out, "  auth\n")
-		fmt.Fprintf(out, "    Authorize a system user to access a service's files\n")
-		fmt.Fprintf(out, "  own\n")
-		fmt.Fprintf(out, "    Give ownership of a file to a service\n")
+		cli.Printf("Usage of %s:\n", os.Args[0])
+		cli.Printf("  hash\n")
+		cli.Printf("    Generate a bcrypt hash of a key\n")
+		cli.Printf("  adduser\n")
+		cli.Printf("    Add a system user to run a service as\n")
+		cli.Printf("  deluser\n")
+		cli.Printf("    Remove a user added with adduser\n")
+		cli.Printf("  auth\n")
+		cli.Printf("    Authorize a system user to access a service's files\n")
+		cli.Printf("  own\n")
+		cli.Printf("    Give ownership of a file to a service\n")
 		os.Exit(1)
 	}
 
@@ -131,22 +120,22 @@ func main () {
 
 func execHash (cost int, key string) {
 	if key == "" {
-		printErr("please specify key text content")
+		cli.Sayf("please specify key text content\n")
 		os.Exit(1)
 	}
 
 	if cost < bcrypt.MinCost {
-		printErr("cost is too low, must be at least %v", bcrypt.MinCost)
+		cli.Sayf("cost is too low, must be at least %v\n", bcrypt.MinCost)
 		os.Exit(1)
 	}
 	if cost > bcrypt.MaxCost {
-		printErr("cost is too hight, can be at most %v", bcrypt.MaxCost)
+		cli.Sayf("cost is too hight, can be at most %v\n", bcrypt.MaxCost)
 		os.Exit(1)
 	}
 
 	hash, err := bcrypt.GenerateFromPassword([]byte(key), cost)
 	if err != nil {
-		printErr("could not hash key: %v", err)
+		cli.Sayf("could not hash key: %v\n", err)
 		os.Exit(1)
 	}
 
@@ -154,7 +143,7 @@ func execHash (cost int, key string) {
 }
 
 func execAdduser (service string) {
-	fullName := serviceUser(service)
+	fullName := cli.ServiceUser(service)
 	
 	// BUSYBOX
 	adduser, err := exec.LookPath("adduser")
@@ -176,12 +165,12 @@ func execAdduser (service string) {
 		return
 	}
 
-	printErr("could not add user: no command adduser or useradd")
+	cli.Sayf("could not add user: no command adduser or useradd\n")
 	os.Exit(1)
 }
 
 func execDeluser (service string) {
-	fullName := serviceUser(service)
+	fullName := cli.ServiceUser(service)
 	
 	// BUSYBOX
 	deluser, err := exec.LookPath("deluser")
@@ -202,12 +191,12 @@ func execDeluser (service string) {
 		return
 	}
 
-	printErr("could not delete user: no command deluser or userdel")
+	cli.Sayf("could not delete user: no command deluser or userdel\n")
 	os.Exit(1)
 }
 
 func execAuth (service, user string) {
-	fullName := serviceUser(service)
+	fullName := cli.ServiceUser(service)
 	
 	adduser, err := exec.LookPath("adduser")
 	if err == nil {
@@ -224,19 +213,19 @@ func execAuth (service, user string) {
 		return
 	}
 
-	printErr("could not auth user: no command adduser or usermod")
+	cli.Sayf("could not auth user: no command adduser or usermod\n")
 	os.Exit(1)
 }
 
 func execOwn (service, file string, recurse bool) {
-	fullName := serviceUser(service)
+	fullName := cli.ServiceUser(service)
 	
 	userInfo, err := user.Lookup(fullName)
 	uid, _ := strconv.Atoi(userInfo.Uid)
 	gid, _ := strconv.Atoi(userInfo.Gid)
 
 	if err != nil {
-		printErr("could not get user info: %v", err)
+		cli.Sayf("could not get user info: %v\n", err)
 		os.Exit(1)
 	}
 
@@ -251,7 +240,7 @@ func execOwn (service, file string, recurse bool) {
 		err error,
 	) error {
 		if err != nil {
-			printErr("could not traverse filesystem: %v", err)
+			cli.Sayf("could not traverse filesystem: %v\n", err)
 			return nil
 		}
 
@@ -260,7 +249,7 @@ func execOwn (service, file string, recurse bool) {
 	})
 
 	if err != nil {
-		printErr("could not traverse filesystem: %v", err)
+		cli.Sayf("could not traverse filesystem: %v\n", err)
 		os.Exit(1)
 	}
 }