diff --git a/config/filesystem_chroot_install.sh b/config/filesystem_chroot_install.sh
new file mode 100644
index 0000000..7d099cb
--- /dev/null
+++ b/config/filesystem_chroot_install.sh
@@ -0,0 +1,25 @@
+
+echo "deb http://archive.ubuntu.com/ubuntu noble main restricted universe multiverse" > /etc/apt/sources.list
+echo "deb http://archive.ubuntu.com/ubuntu noble-updates main restricted universe multiverse" >> /etc/apt/sources.list
+echo "deb http://archive.ubuntu.com/ubuntu noble-backports main restricted universe multiverse" >> /etc/apt/sources.list
+echo "deb http://security.ubuntu.com/ubuntu noble-security main restricted universe multiverse" >> /etc/apt/sources.list
+apt update
+apt install -y gnome-core
+systemd-nspawn --boot
+#systemctl enable opensnitch
+apt install -y ufw
+ufw enable
+apt install -y curl flatpak
+#git opensnitch qemu-system python3-bpfcc python3-pip bpfcc-tools ipset doas lm-sensors flatpak net-tools iputils-ping
+#pip install --break-system-packages dnslib psutil 
+flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+#run echo "permit persist :sudo as root" >> /etc/doas.conf
+useradd -m -s /bin/bash ubuntu
+usermod -a -G sudo ubuntu
+yes defaultpass | passwd ubuntu
+flatpak install --system --noninteractive flathub org.keepassxc.KeePassXC
+curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
+curl -fsSLo /etc/apt/sources.list.d/brave-browser-release.sources https://brave-browser-apt-release.s3.brave.com/brave-browser.sources
+apt remove -y snapd
+apt update
+apt install -y brave-browser
diff --git a/scripts/boot_image.sh b/scripts/boot_image.sh
index cccc2f3..93572aa 100755
--- a/scripts/boot_image.sh
+++ b/scripts/boot_image.sh
@@ -2,4 +2,4 @@
 cd "$(dirname "$0")"
 cd ..
 disk="./outputs/boot_image.img"
-qemu-system-x86_64 -bios /usr/share/ovmf/OVMF.fd -drive format=raw,file=$disk -usbdevice tablet -m 4G -smp 2 -vga std -enable-kvm -machine type=pc-q35-3.1,accel=kvm,kernel_irqchip=on
+qemu-system-x86_64 -bios /usr/share/ovmf/OVMF.fd -drive format=raw,file=$disk -m 12G -smp 8 -vga none -usb -device usb-tablet --display sdl,gl=off --device virtio-gpu-pci -enable-kvm -machine type=pc-q35-3.1,accel=kvm,kernel_irqchip=on
diff --git a/scripts/build_filesystem.sh b/scripts/build_filesystem.sh
index 076e7c1..03c1998 100755
--- a/scripts/build_filesystem.sh
+++ b/scripts/build_filesystem.sh
@@ -3,13 +3,28 @@ if [ "$(id -u)" -ne 0 ]; then
 	echo "switching from $(id -un) to root"
 	exec sudo "$0" "$@"
 fi
-set -e
+
 cd "$(dirname "$0")"
+DIR="$(dirname "$0")"
 cd ..
 echo $PWD
-rm -rf ./outputs/root/
-mkdir -p ./outputs/root/
-debootstrap noble ./outputs/root http://archive.ubuntu.com/ubuntu
+if [ ! -d "./outputs/root" ]; then
+    mkdir -p ./outputs/root/
+    debootstrap noble ./outputs/root http://archive.ubuntu.com/ubuntu
+fi
+rm -rf './outputs/chroot'
+mkdir -p ./outputs/chroot/
+rsync -av ./outputs/root/ ./outputs/chroot/
+mkdir -p ./outputs/chroot/proc
+mount --bind /proc ./outputs/chroot/proc
+cp ./config/filesystem_chroot_install.sh ./outputs/chroot/filesystem_chroot_install.sh
+chmod +x ./outputs/chroot/filesystem_chroot_install.sh
+chroot ./outputs/chroot /bin/bash -c "/filesystem_chroot_install.sh"
+cd $DIR
+cd ..
+if mountpoint -q "./outputs/chroot/proc/"; then
+  umount -lf "./outputs/chroot/proc/"
+fi
 echo 'root filesystem created.'
 
 
diff --git a/scripts/build_image.sh b/scripts/build_image.sh
index 0c0b6d3..b14af83 100755
--- a/scripts/build_image.sh
+++ b/scripts/build_image.sh
@@ -18,7 +18,7 @@ echo 'creating image..'
 disk="./outputs/boot_image.img"
 efi_part="1"
 root_part="2"
-dd if=/dev/zero of="$disk" count=6000 bs=1M
+dd if=/dev/zero of="$disk" count=12000 bs=1M
 parted -s "$disk" mklabel gpt
 parted -s --align=optimal "$disk" mkpart ESP fat32 1MiB 50Mib
 parted -s "$disk" set "$efi_part" esp on
@@ -47,7 +47,7 @@ echo "efi loop: ${disk_efi}"
 echo "sys loop: ${disk_sys}"
 grub-install -s --compress=gz --target=x86_64-efi --recheck --no-floppy --efi-directory=./outputs/efi --boot-directory=./outputs/efi --root-directory=./outputs/sys --bootloader-id=patronage /dev/$loop
 echo 'copying filesystem to mounted image..'
-sudo rsync -av './outputs/root/' './outputs/sys/'
+sudo rsync -av './outputs/chroot/' './outputs/sys/'
 #tar -xf ./patronagefs.tar --directory ./mnt/sys/
 echo 'copied..'
 echo 'copying boot files..'