diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index db9b007..57546e9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -31,7 +31,6 @@ imaging:
   variables: &variables
     RUNNER_AFTER_SCRIPT_TIMEOUT: 1h
   script:
-    - sudo pacman --sync --refresh --noconfirm gptfdisk
     - sudo ./build.sh --force --debug # bootstap.sh happens as part of CI image build
   after_script:
     - ./upload-to-storage.sh || true
@@ -55,7 +54,7 @@ imaging+publish:
   id_tokens: *tokens
   variables: *variables
   script:
-    - sudo pacman --sync --refresh --noconfirm curl which git gptfdisk
+    - sudo pacman --sync --refresh --noconfirm curl which git
     - curl -s https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer | bash
     - sudo ./build.sh --force --debug # bootstap.sh happens as part of CI image build
     - ./upload.sh
diff --git a/mkosi.finalize.d/40-core.sh.chroot b/mkosi.finalize.d/40-core.sh.chroot
index 1e5c765..33b66f9 100755
--- a/mkosi.finalize.d/40-core.sh.chroot
+++ b/mkosi.finalize.d/40-core.sh.chroot
@@ -29,6 +29,58 @@ pacman -Rns --noconfirm solaar sane
 cp -a "$UDEV_BACKUP_DIR"/* /
 rm -rf "$UDEV_BACKUP_DIR"
 
+#------------------------------------------------------------------------------------------------------------------------------------
+# --- Configuration ---
+BUILDER_USER="aurbuilder"
+AUR_PACKAGE="systemd-git"
+WORK_DIR="/tmp/aur_build"
+
+# 1. Create temporary builder user with sudo (NOPASSWD)
+if id "$BUILDER_USER" &>/dev/null; then
+    userdel -r -f "$BUILDER_USER" 2>/dev/null || true
+fi
+useradd -m -G wheel "$BUILDER_USER"
+echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/99-builder
+chmod 440 /etc/sudoers.d/99-builder
+
+# 2. Prepare work directory
+rm -rf "$WORK_DIR"
+mkdir -p "$WORK_DIR"
+chown "$BUILDER_USER:$BUILDER_USER" "$WORK_DIR"
+
+# 3. Build packages (but do NOT install yet)
+su - "$BUILDER_USER" <<EOF
+set -euo pipefail
+cd "$WORK_DIR"
+git clone https://aur.archlinux.org/${AUR_PACKAGE}.git
+cd ${AUR_PACKAGE}
+makepkg -s --noconfirm --nocheck   # only build, no -i
+EOF
+
+# 4. Brutally remove existing stable systemd packages (ignore dependencies)
+echo ":: Removing old systemd packages (force)..."
+pacman -Rdd --noconfirm systemd systemd-libs systemd-sysvcompat systemd-ukify systemd-tests 2>/dev/null || true
+
+echo ":: Removing existing stable systemd packages..."
+stable_packages=$(pacman -Q | grep '^systemd' | grep -v '\-git' | cut -d' ' -f1 || true)
+if [ -n "$stable_packages" ]; then
+    pacman -Rdd --noconfirm $stable_packages
+fi
+
+# 5. Install the newly built packages
+echo ":: Installing systemd-git packages..."
+pacman -U --noconfirm "$WORK_DIR"/systemd-git/*.pkg.tar.zst
+
+# 6. Cleanup
+userdel -r -f "$BUILDER_USER" 2>/dev/null || true
+rm -f /etc/sudoers.d/99-builder
+rm -rf "$WORK_DIR"
+
+echo ":: systemd-git installation completed successfully."
+systemd-repart --version
+systemd-repart --help | grep --color=always el-torito || echo "WARNING: --el-torito option not found!"
+#---------------------------------------------------------------------------------------------------------------------------------
+
 # De-initialize pacman
 rm -rf \
     /etc/pacman.d/gnupg \
diff --git a/mkosi.postinst.chroot b/mkosi.postinst.chroot
index 147f42a..b9b4b29 100755
--- a/mkosi.postinst.chroot
+++ b/mkosi.postinst.chroot
@@ -141,58 +141,6 @@ for theme in $(plymouth-set-default-theme --list); do
     fi
 done
 
-#------------------------------------------------------------------------------------------------------------------------------------
-# --- Configuration ---
-BUILDER_USER="aurbuilder"
-AUR_PACKAGE="systemd-git"
-WORK_DIR="/tmp/aur_build"
-
-# 1. Create temporary builder user with sudo (NOPASSWD)
-if id "$BUILDER_USER" &>/dev/null; then
-    userdel -r -f "$BUILDER_USER" 2>/dev/null || true
-fi
-useradd -m -G wheel "$BUILDER_USER"
-echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/99-builder
-chmod 440 /etc/sudoers.d/99-builder
-
-# 2. Prepare work directory
-rm -rf "$WORK_DIR"
-mkdir -p "$WORK_DIR"
-chown "$BUILDER_USER:$BUILDER_USER" "$WORK_DIR"
-
-# 3. Build packages (but do NOT install yet)
-su - "$BUILDER_USER" <<EOF
-set -euo pipefail
-cd "$WORK_DIR"
-git clone https://aur.archlinux.org/${AUR_PACKAGE}.git
-cd ${AUR_PACKAGE}
-makepkg -s --noconfirm --nocheck   # only build, no -i
-EOF
-
-# 4. Brutally remove existing stable systemd packages (ignore dependencies)
-echo ":: Removing old systemd packages (force)..."
-pacman -Rdd --noconfirm systemd systemd-libs systemd-sysvcompat systemd-ukify systemd-tests 2>/dev/null || true
-
-echo ":: Removing existing stable systemd packages..."
-stable_packages=$(pacman -Q | grep '^systemd' | grep -v '\-git' | cut -d' ' -f1 || true)
-if [ -n "$stable_packages" ]; then
-    pacman -Rdd --noconfirm $stable_packages
-fi
-
-# 5. Install the newly built packages
-echo ":: Installing systemd-git packages..."
-pacman -U --noconfirm "$WORK_DIR"/systemd-git/*.pkg.tar.zst
-
-# 6. Cleanup
-userdel -r -f "$BUILDER_USER" 2>/dev/null || true
-rm -f /etc/sudoers.d/99-builder
-rm -rf "$WORK_DIR"
-
-echo ":: systemd-git installation completed successfully."
-systemd-repart --version
-systemd-repart --help | grep --color=always el-torito || echo "WARNING: --el-torito option not found!"
-#---------------------------------------------------------------------------------------------------------------------------------
-
 cd /tmp
 /usr/lib/rebuild-efi
 mv -v ./*.efi /