diff --git a/flake.nix b/flake.nix
index eb8dea3..ac1d3da 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,7 @@
         treefmt = inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
       in
       {
+        packages.${system} = import ./packages { inherit pkgs; };
         formatter.${system} = treefmt.config.build.wrapper;
         checks.${system}.formatting = treefmt.config.build.check inputs.self;
       }
diff --git a/overlays/default.nix b/overlays/default.nix
index 0161365..6386664 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -1,4 +1,5 @@
-final: prev: {
+final: prev:
+{
   lib = prev.lib.recursiveUpdate prev.lib {
     fetchers = {
       sshKnownHosts = import ./fetchers/sshKnownHosts final prev;
@@ -11,3 +12,9 @@ final: prev: {
     };
   };
 }
+// (import ../packages { pkgs = final; })
+// {
+  dockerImages = prev.dockerImages or { } // {
+    base = final.docker-image-base;
+  };
+}
diff --git a/packages/default.nix b/packages/default.nix
new file mode 100644
index 0000000..4d7d767
--- /dev/null
+++ b/packages/default.nix
@@ -0,0 +1,4 @@
+{ pkgs, ... }:
+{
+  docker-image-base = import ./docker/base { inherit pkgs; };
+}
diff --git a/packages/docker/base/default.nix b/packages/docker/base/default.nix
new file mode 100644
index 0000000..b0a7a39
--- /dev/null
+++ b/packages/docker/base/default.nix
@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+pkgs.dockerTools.buildImage {
+  name = "base";
+
+  copyToRoot = pkgs.buildEnv {
+    name = "root";
+    paths = with pkgs; [
+      dockerTools.usrBinEnv
+      dockerTools.binSh
+      dockerTools.caCertificates
+      bashInteractive
+      busybox
+    ];
+    pathsToLink = [
+      "/bin"
+      "/lib"
+      "/share"
+      "/etc"
+      "/usr"
+    ];
+  };
+
+  runAsRoot = ''
+    ${pkgs.dockerTools.shadowSetup}
+    mkdir -p /tmp
+  '';
+}