diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..d12a611
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,2 @@
+.git
+out
diff --git a/Containerfile b/Containerfile
new file mode 100644
index 0000000..171d634
--- /dev/null
+++ b/Containerfile
@@ -0,0 +1,53 @@
+ARG TARGET=x86_64-unknown-linux-musl
+
+FROM stagex/pallet-rust:sx2025.06.1 AS pallet-rust
+FROM stagex/user-eif_build:sx2025.06.1 AS eif_build
+FROM stagex/user-gen_initramfs:sx2025.06.1 AS gen_initramfs
+FROM stagex/user-linux-nitro:sx2025.06.1 AS linux-nitro
+
+FROM scratch as build-nit
+ARG TARGET
+# ENV TARGET=${TARGET}
+ENV RUSTFLAGS="-C target-feature=+crt-static"
+ENV CARGOFLAGS="--locked --no-default-features --features aws --release --target ${TARGET}"
+
+COPY --from=pallet-rust . /
+COPY --from=linux-nitro /bzImage .
+COPY --from=linux-nitro /linux.config .
+ADD . /nit
+WORKDIR /nit
+RUN cargo build ${CARGOFLAGS}
+
+FROM scratch AS build-eif
+ARG TARGET
+# ENV TARGET=${TARGET}
+
+# just to provide us w/ some base utils. we should probably make some kind of
+# base pallet that provides busybox and musl, just because i'm lazy and it's
+# needed, well, everywhere
+COPY --from=pallet-rust . /
+COPY --from=gen_initramfs . /
+COPY --from=eif_build . /
+WORKDIR /build_cpio
+COPY --from=build-nit /nit/target/${TARGET}/release/nit init
+ENV KBUILD_BUILD_TIMESTAMP=1
+COPY initramfs.list /build_cpio/initramfs.list
+RUN find . -exec touch -hcd "@0" "{}" + && \
+	gen_init_cpio -t 1 initramfs.list > rootfs.cpio && \
+	touch -hcd "@0" rootfs.cpio
+
+WORKDIR /build_eif
+COPY --from=linux-nitro /bzImage /build_eif/bzImage
+COPY --from=linux-nitro /linux.config /build_eif/linux.config
+RUN mkdir /build_eif/out
+RUN eif_build \
+	--kernel /build_eif/bzImage \
+	--kernel_config /build_eif/linux.config \
+	--ramdisk /build_cpio/rootfs.cpio \
+	--pcrs_output /build_eif/out/nitro.pcrs \
+	--output /build_eif/out/nitro.eif \
+	--cmdline 'reboot=k initrd=0x2000000,3228672 root=/dev/ram0 panic=1 pci=off nomodules console=ttyS0 i8042.noaux i8042.nomux i8042.nopnp i8042.dumbkbd'
+RUN ls -la /build_eif/out
+
+FROM scratch AS package
+COPY --from=build-eif /build_eif/out /
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..be1f025
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,12 @@
+.PHONY: default
+default: out/nitro.eif
+
+out/nitro.eif: Cargo.lock Cargo.toml out $(shell git ls-files src)
+	docker build \
+		--progress=plain \
+		--output type=local,rewrite-timestamp=true,dest=out \
+		-f Containerfile \
+		.
+
+out:
+	mkdir -p out
diff --git a/initramfs.list b/initramfs.list
new file mode 100644
index 0000000..33e52e2
--- /dev/null
+++ b/initramfs.list
@@ -0,0 +1,15 @@
+file /init     init    0755 0 0
+dir  /run              0755 0 0
+dir  /tmp              0755 0 0
+dir  /etc              0755 0 0
+dir  /bin              0755 0 0
+dir  /sbin             0755 0 0
+dir  /proc             0755 0 0
+dir  /sys              0755 0 0
+dir  /usr              0755 0 0
+dir  /usr/bin          0755 0 0
+dir  /usr/sbin         0755 0 0
+dir  /dev              0755 0 0
+dir  /dev/shm          0755 0 0
+dir  /dev/pts          0755 0 0
+nod  /dev/console      0600 0 0 c 5 1