{
  pkgs,
  self,
  system,
  ...
}:
pkgs.writeShellApplication {
  name = "mkinitrd";

  runtimeInputs = with pkgs; [
    patchelf
    cpio
    gzip
  ];

  text = ''
    # shellcheck disable=SC2038 
    echo "make initrd..."
    mkdir -p out

    # copy systemd
    cp -Pr ${self.packages.${system}.systemd.out}/* out/
    pushd out

    find . -type d -exec chmod 755 {} \;

    # Copy kernel modules
    cp -Pr ${self.packages.${system}.kernel.kernel}/lib/modules ./usr/lib/
    find usr/lib/modules -type d -exec chmod 755 {} \;

    mkdir -p dev proc sys tmp root
    ln -sf usr/bin bin
    ln -sf usr/bin sbin
    ln -sf usr/lib lib
    ln -sf usr/lib lib64

    ln -sf ../proc/self/mounts etc/mtab
    ln -sf ../usr/lib/systemd/systemd init

    echo patos > ./etc/hostname
    cat <<EOF > ./etc/os-release
    NAME="PatOS"
    PRETTY_NAME="PatOS Platform"
    ID=patos
    EOF

    cat <<EOF > ./etc/passwd
    root::0:0:root:/root:/bin/sh
    bin:x:1:1:bin:/bin:/usr/bin/nologin
    daemon:x:2:2:daemon:/:/usr/bin/nologin
    mail:x:8:12:mail:/var/spool/mail:/usr/bin/nologin
    ftp:x:14:11:ftp:/srv/ftp:/usr/bin/nologin
    http:x:33:33:http:/srv/http:/usr/bin/nologin
    uuidd:x:68:68:uuidd:/:/usr/bin/nologin
    messagebus:x:81:81:messagebus:/:/usr/bin/nologin
    nobody:x:99:99:nobody:/:/usr/bin/nologin
    EOF
    chmod 644 ./etc/passwd

    cat <<EOF > ./etc/group
    root:x:0:root
    bin:x:1:root,bin,daemon
    daemon:x:2:root,bin,daemon
    sys:x:3:root,bin
    adm:x:4:root,daemon
    tty:x:5:
    disk:x:6:root
    lp:x:7:daemon
    mem:x:8:
    kmem:x:9:
    wheel:x:10:root
    ftp:x:11:
    mail:x:12:
    uucp:x:14:
    log:x:19:root
    utmp:x:20:
    locate:x:21:
    rfkill:x:24:
    smmsp:x:25:
    proc:x:26:
    http:x:33:
    games:x:50:
    lock:x:54:
    uuidd:x:68:
    messagebus:x:81:
    network:x:90:
    video:x:91:
    audio:x:92:
    optical:x:93:
    floppy:x:94:
    storage:x:95:
    scanner:x:96:
    input:x:97:
    power:x:98:
    nobody:x:99:
    EOF
    chmod 644 ./etc/group

    # FIXME: remove this
    cat <<EOF > usr/lib/systemd/system/demo.service
    [Unit]
    Description=Debug Shell (/bin/sulogin)
    Conflicts=shutdown.target
    Before=shutdown.target

    [Service]
    Environment=HOME=/root
    WorkingDirectory=/root
    ExecStart=/bin/sulogin
    Type=idle
    StandardInput=tty-force
    StandardOutput=inherit
    StandardError=inherit
    KillMode=process
    IgnoreSIGPIPE=no
    SendSIGHUP=yes
    Restart=always

    [Install]
    WantedBy=basic.target
    EOF
    mkdir usr/lib/systemd/system/basic.target.wants
    ln -sf ../demo.service usr/lib/systemd/system/basic.target.wants/demo.service

    # set default target
    ln -sf basic.target usr/lib/systemd/system/default.target
    # remove first boot
    rm -f usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
    # remove vconsole setup
    rm -f usr/lib/udev/rules.d/90-vconsole.rules

    # install busybox
    cp ${pkgs.busybox.out}/bin/busybox usr/bin/
    usr/bin/busybox --list | xargs -I {} ln -sf busybox usr/bin/{}

    # install dbus broker
    cp ${self.packages.${system}.dbus-broker.out}/usr/bin/* usr/bin
    cp ${self.packages.${system}.dbus-broker.out}/lib/systemd/system/* usr/lib/systemd/system
    cp -Pr ${pkgs.dbus.out}/share/* usr/share/

    # enable dbus
    ln -sf ../dbus-broker.service usr/lib/systemd/system/basic.target.wants/dbus.service

    cat <<EOF > usr/lib/systemd/system/dbus.socket
    [Unit]
    Description=D-Bus System Message Bus Socket

    [Socket]
    ListenStream=/run/dbus/system_bus_socket
    EOF
    ln -sf ../dbus.socket usr/lib/systemd/system/sockets.target.wants/dbus.socket

    # install lib kmod
    cp -P ${pkgs.kmod.lib}/lib/* ./usr/lib
    cp -P ${pkgs.kmod.out}/bin/* ./usr/bin
    cp -P ${pkgs.libbpf.out}/lib/libbpf* ./usr/lib

    # get shared libs
    find . -type f -executable -exec ldd {} \; 2> /dev/null | awk '{print $3}' | grep -v systemd | sort -u | xargs cp -t usr/lib
    find . -type f -executable -exec chmod 755 {} \;

    # FIXME: hacky(?) ELF patching. Is there a better way????????
    find . -type f -executable -exec patchelf --set-rpath /lib:/usr/lib:/usr/lib/systemd {} \; 2> /dev/null
    find . -type f -executable -exec patchelf --set-interpreter /lib/ld-linux-x86-64.so.2 {} \; 2> /dev/null
    cp ${
      self.packages.${system}.glibc.out
    }/lib/ld-linux-x86-64.so.2 lib/ && patchelf --remove-rpath lib/ld-linux-x86-64.so.2

    # strip binaries
    find . -type f -executable -exec strip {} \; 2> /dev/null
    find . -type d -exec chmod 755 {} \;

    # gen initrd
    find . -print0 | cpio --null --owner=root:root -o --format=newc | gzip -9 > ../initrd.gz

    popd
    rm -rf out
  '';
}