diff --git a/BUILD.sh b/BUILD.sh
index 942bc19..b51ffcc 100755
--- a/BUILD.sh
+++ b/BUILD.sh
@@ -81,6 +81,7 @@ docker build \
 	 --builder bearcloud \
 	 --allow security.insecure \
 	 -f vm.Dockerfile \
+	 --build-context host-modules=/lib/modules \
 	 --target export \
 	 --output type=local,dest=./data \
 	 $VM_OPTS .
diff --git a/docker-compose.yml b/docker-compose.yml
index e75dd03..9cb2a91 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,8 +7,10 @@ services:
       - "./test.sh:/test.sh"
     devices:
       - "/dev/kvm:/dev/kvm"
+      - "/dev/net/tun:/dev/net/tun"
     entrypoint: ["/sbin/tini", "/test.sh"]
     cap_add:
       - CAP_SYS_ADMIN
+      - CAP_NET_ADMIN
     tty: true
     stdin_open: true
diff --git a/image/build-image.sh b/image/build-image.sh
index 938e61b..4663fb8 100755
--- a/image/build-image.sh
+++ b/image/build-image.sh
@@ -11,6 +11,8 @@ CONFIGURE_SH="${SCRIPT_DIR}/configure.sh"
 
 TMP=$(mktemp)
 
+modprobe nbd max_parts=8  && [ -e /dev/nbd0 ] || mknod /dev/nbd0 b 43 0
+
 cleanup() {
 	 rm $TMP
 }
@@ -29,7 +31,7 @@ alpine-make-vm-image \
 	--fs-skel-dir    "$OVERLAY_DIR" \
 	--fs-skel-chown  root:root \
 	--script-chroot \
-	--packages       "git curl docker cronie" \
+	--packages       "git curl docker cronie dhclient" \
 	"$IMAGE_FILE" \
 	"$CONFIGURE_SH" | tee $TMP
 
diff --git a/test.sh b/test.sh
index 49870d9..c0721e5 100755
--- a/test.sh
+++ b/test.sh
@@ -8,4 +8,5 @@ set -euo pipefail
   --cmdline "modules=ext4 root=/dev/vda rootfstype=ext4 rw console=hvc0" \
   --cpus boot=${CPU_COUNT:-4} \
   --memory size=${MEMORY:-4G},shared=on \
+  --net "tap=,mac=,ip=,mask="
   $@
diff --git a/vm.Dockerfile b/vm.Dockerfile
index 630023b..1bb2504 100644
--- a/vm.Dockerfile
+++ b/vm.Dockerfile
@@ -1,14 +1,10 @@
 FROM golang:1.25-alpine AS bubble-builder
 
 WORKDIR /src
-RUN apk add git && git clone https://github.com/iceBear67/bubble && go mod download && mkdir /build
+RUN apk add git && git clone https://github.com/iceBear67/bubble . && go mod download && mkdir /build
 RUN CGO_ENABLED=0 go build -o /build/daemon . && \
 	 CGO_ENABLED=0 go build -o /build/auth_server ./util/
 
-COPY . .
-
-ARG TARGETOS
-ARG TARGETARCH
 RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
     go build -o /build/daemon . && \
     CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
@@ -26,6 +22,8 @@ RUN sed -i "s#_REPO_#$CLOUD_CONFIG_REPO#g" /kitchen/overlay/daemon/update-keys.s
 COPY --from=bubble-builder /build/daemon /bin/bubble
 COPY --from=bubble-builder /build/auth_server /bin/auth-server
 RUN --security=insecure \
+	 --mount=type=bind,from=host-modules,source=/,target=/lib/modules \
     cd /kitchen && rm -f vm.raw && ./build-image.sh
 
-
+FROM scratch AS export
+COPY --from=rootfs-builder /kitchen/vm.raw /vm.raw