diff --git a/pkgs/image/mkimage.sh b/pkgs/image/mkimage.sh
index 21dbe5f..ce33fb7 100644
--- a/pkgs/image/mkimage.sh
+++ b/pkgs/image/mkimage.sh
@@ -14,7 +14,6 @@ ln -sf multi-user.target rootfs/usr/lib/systemd/system/default.target
 
 # mount /etc overlay and patos state
 ln -sf ../etc.mount rootfs/usr/lib/systemd/system/local-fs.target.wants/etc.mount
-ln -sf ../var.mount rootfs/usr/lib/systemd/system/sysinit.target.wants/var.mount
 
 # enable dbus
 ln -sf ../dbus.service rootfs/usr/lib/systemd/system/multi-user.target.wants/dbus.service
diff --git a/pkgs/rootfs/mkinitrd.sh b/pkgs/rootfs/mkinitrd.sh
index c735448..e707f25 100644
--- a/pkgs/rootfs/mkinitrd.sh
+++ b/pkgs/rootfs/mkinitrd.sh
@@ -16,6 +16,29 @@ echo patos > ./etc/hostname
 
 ln -sf /etc/os-release ./etc/initrd-release
 
+# set default target to initrd inside initrd
+ln -sf initrd.target ./usr/lib/systemd/system/default.target
+
+mkdir ./usr/lib/systemd/system/systemd-repart.service.d
+cat <<EOF > ./usr/lib/systemd/system/systemd-repart.service.d/override.conf
+[Service]
+ExecStart=systemd-repart --dry-run=no --generate-crypttab=/run/crypttab --generate-fstab=/run/fstab
+EOF
+
+cat <<EOF > ./usr/lib/systemd/system/sysroot-run.mount
+[Unit]
+Before=initrd-fs.target
+DefaultDependencies=false
+
+[Mount]
+Options=bind
+What=/run
+Where=/sysroot/run
+EOF
+# bind mount /run to /sysroot/run
+mkdir ./usr/lib/systemd/system/initrd-fs.target.requires/
+ln -sf ../sysroot-run.mount ./usr/lib/systemd/system/initrd-fs.target.requires/sysroot-run.mount
+
 # gen initrd
 find . -print0 | cpio --null --owner=root:root -o --format=newc | xz -9 --check=crc32 > ../initrd.xz
 
diff --git a/pkgs/rootfs/mkrootfs.sh b/pkgs/rootfs/mkrootfs.sh
index 538a7c9..8429cf0 100644
--- a/pkgs/rootfs/mkrootfs.sh
+++ b/pkgs/rootfs/mkrootfs.sh
@@ -53,13 +53,6 @@ cat <<EOF > $out/etc/repart.d/22-root.conf
 Type=root
 EOF
 
-mkdir $out/usr/lib/systemd/system/systemd-repart.service.d
-cat <<EOF > $out/usr/lib/systemd/system/systemd-repart.service.d/override.conf
-[Service]
-ExecStart=
-ExecStart=systemd-repart --dry-run=no --generate-crypttab=/etc/crypttab
-EOF
-
 cat <<EOF > $out/etc/repart.d/40-var.conf
 [Partition]
 Type=var
@@ -69,26 +62,18 @@ Label=patos-state
 Minimize=off
 Encrypt=tpm2
 EncryptedVolume=patos-state:none:tpm2-device=auto,luks,discard
+MountPoint=/var
 FactoryReset=yes
 SizeMinBytes=1G
 SplitName=-
 EOF
 
-# cat <<EOF > $out/usr/lib/systemd/system/var.mount
-# [Unit]
-# Description=Mount for /var
-# Before=local-fs.target
-# After=systemd-repart.service
-#
-# [Mount]
-# What=/dev/mapper/patos-state
-# Where=/var
-# Type=btrfs
-# Options=defaults
-#
-# [Install]
-# WantedBy=multi-user.target
-# EOF
+rm -f $out/etc/systemd/system.conf
+cat <<EOF > $out/etc/systemd/system.conf
+[Manager]
+DefaultEnvironment=PATH=/bin:/sbin:/usr/bin
+ManagerEnvironment=PATH=/bin:/sbin:/usr/bin SYSTEMD_CRYPTTAB=/run/crypttab SYSTEMD_SYSROOT_FSTAB=/run/fstab SYSTEMD_FSTAB=/run/fstab
+EOF
 
 cat <<EOF > $out/usr/lib/systemd/system/etc.mount
 [Unit]