diff --git a/pkgs/image/mkimage.sh b/pkgs/image/mkimage.sh
index d4975ab..52a3b60 100644
--- a/pkgs/image/mkimage.sh
+++ b/pkgs/image/mkimage.sh
@@ -40,15 +40,23 @@ ln -sf ../systemd-timesyncd.service rootfs/usr/lib/systemd/system/multi-user.tar
 # enable default network config
 mv rootfs/usr/lib/systemd/network/89-ethernet.network.example rootfs/usr/lib/systemd/network/89-ethernet.network
 
+# FIXME: remove this! machine id should be setup by a confext instead?
+mkdir rootfs/usr/lib/systemd/system/systemd-machine-id-commit.service.d
+cat <<EOF > rootfs/usr/lib/systemd/system/systemd-machine-id-commit.service.d/override.conf
+[Unit]
+After=local-fs.target sysroot-etc.mount
+ConditionPathIsMountPoint=
+[Service]
+ExecStart=
+ExecStart=systemd-machine-id-setup
+EOF
+
 # install sys users
 mkdir creds
 echo -n $defaultPassword > creds/passwd.plaintext-password.root
 CREDENTIALS_DIRECTORY=$PWD/creds SYSTEMD_CRYPT_PREFIX='$6$' $systemd/usr/bin/systemd-sysusers --root=rootfs rootfs/usr/lib/sysusers.d/*.conf
 chmod 600 rootfs/etc/shadow
-cat rootfs/etc/shadow
-
-# generate a temporary machine id (replace with overlay later)
-$systemd/usr/bin/systemd-machine-id-setup --root=rootfs/
+rm -rf creds
 
 $systemd/usr/bin/ukify build \
   --linux $kernel/bzImage \