diff --git a/pkgs/dbus-broker/default.nix b/pkgs/dbus-broker/default.nix
index 156c490..809f3ce 100644
--- a/pkgs/dbus-broker/default.nix
+++ b/pkgs/dbus-broker/default.nix
@@ -154,6 +154,9 @@ stdenv.mkDerivation (finalAttrs: {
     find $out/usr/share/ -type d -exec chmod 755 {} \;
     sed -i 's#/nix/store.*/share#/usr/share#' $out/usr/share/xml/dbus-1/catalog.xml
     sed -i 's#/nix/store.*/libexec#/usr/bin#' $out/usr/share/dbus-1/system.conf
+
+    mkdir -p $out/usr/lib/sysusers.d/
+    echo 'u! messagebus - "DBus broker"' > $out/usr/lib/sysusers.d/dbus-broker.conf
   '';
 
   doCheck = false;
diff --git a/pkgs/image/mkimage.sh b/pkgs/image/mkimage.sh
index 0c6fad0..b104525 100644
--- a/pkgs/image/mkimage.sh
+++ b/pkgs/image/mkimage.sh
@@ -26,6 +26,13 @@ ln -sf ../systemd-timesyncd.service rootfs/usr/lib/systemd/system/multi-user.tar
 # enable default network config
 mv rootfs/usr/lib/systemd/network/89-ethernet.network.example rootfs/usr/lib/systemd/network/89-ethernet.network
 
+### install sys users (default password is patos)
+mkdir creds
+echo -n patos > creds/passwd.plaintext-password.root
+CREDENTIALS_DIRECTORY=$PWD/creds SYSTEMD_CRYPT_PREFIX='$6$' $systemd/usr/bin/systemd-sysusers --root=rootfs rootfs/usr/lib/sysusers.d/*.conf
+chmod 600 rootfs/etc/shadow
+cat rootfs/etc/shadow
+
 # generate a temporary machine id (replace with overlay later)
 $systemd/usr/bin/systemd-machine-id-setup --root=rootfs/
 
diff --git a/pkgs/rootfs/mkrootfs.sh b/pkgs/rootfs/mkrootfs.sh
index d86ae78..62bfe56 100644
--- a/pkgs/rootfs/mkrootfs.sh
+++ b/pkgs/rootfs/mkrootfs.sh
@@ -139,11 +139,6 @@ cp -P $libbpf/lib/libbpf* $out/usr/lib
 # remove pkgconfig
 rm -rf $out/usr/lib/pkgconfig
 
-### install sys users (default password is patos)
-mkdir creds
-echo -n patos > creds/passwd.plaintext-password.root
-CREDENTIALS_DIRECTORY=$PWD/creds SYSTEMD_CRYPT_PREFIX='$6$' $systemd/usr/bin/systemd-sysusers --root=$out $out/usr/lib/sysusers.d/*.conf
-
 ### Find and install all shared libs
 find $out -type f -executable -exec ldd {} \; | awk '{print $3}' | grep -v systemd | grep -v glibc | grep -v tpm2 | grep -v devmapper | sort -u | xargs -I {} cp {} $out/usr/lib/
 find $out -type f -executable -exec chmod 755 {} \;
diff --git a/pkgs/systemd/default.nix b/pkgs/systemd/default.nix
index 6f5c6c9..db53c60 100644
--- a/pkgs/systemd/default.nix
+++ b/pkgs/systemd/default.nix
@@ -287,7 +287,7 @@ stdenv.mkDerivation (finalAttrs: {
     (lib.mesonEnable "man" false)
 
     (lib.mesonBool "analyze" true)
-    (lib.mesonBool "logind" true)
+    (lib.mesonBool "logind" false)
     (lib.mesonBool "localed" false)
     (lib.mesonBool "hostnamed" true)
     (lib.mesonBool "machined" true)