diff --git a/utils/pkgs/sysbox.nix b/utils/pkgs/sysbox.nix
index f13416c..04ad667 100644
--- a/utils/pkgs/sysbox.nix
+++ b/utils/pkgs/sysbox.nix
@@ -1,82 +1,73 @@
-{ lib
-, stdenv
-, buildGoModule
+{ stdenv
+, lib
 , fetchurl
+, dpkg
+, libredirect
 , makeWrapper
-, git
-, bash
-, coreutils
-, gitea
 , gzip
-, openssh
-, pam
-, sqliteSupport ? true
-, pamSupport ? true
-, runCommand
-, brotli
-, xorg
-, nixosTests
+, fuse
+, lsb-release
+, rsync
+, iptables
+, jq
 }:
 
-buildGoModule rec {
+stdenv.mkDerivation rec {
   pname = "sysbox";
-  version = "0.6.2";
+  version = "0.6.2-0";
 
-  # not fetching directly from the git repo, because that lacks several vendor files for the web UI
   src = fetchurl {
-    url = "https://github.com/nestybox/sysbox/archive/refs/tags/v${version}.tar.gz";
-    hash = "sha256-v1nfAZbh9vCAvi07c5oAPKcR7J7b1+Tn4odHK68nCyU=";
+    url = "https://downloads.nestybox.com/sysbox/releases/v0.6.2/sysbox-ce_${version}.linux_amd64.deb";
+    sha256 = "sha256-TMftm1fz8c8ndSyA3HUd7JWT0DINxvbdUSDrmVMwmws=";
   };
 
-  vendorHash = null;
+  nativeBuildInputs = [ dpkg makeWrapper ];
 
-  # subPackages = [ "." ];
+  # buildInputs = [ openssl ];
 
-  nativeBuildInputs = [ makeWrapper ];
+  unpackPhase = ''
+    runHook preUnpack
 
-  # buildInputs = lib.optional pamSupport pam;
+    dpkg -x $src ./src
 
-  # tags = lib.optional pamSupport "pam"
-  #   ++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
-
-  # ldflags = [
-  #   "-s"
-  #   "-w"
-  #   "-X main.Version=${version}"
-  #   "-X 'main.Tags=${lib.concatStringsSep " " tags}'"
-  # ];
-
-  outputs = [ "out" ];
-
-  postInstall = ''
-    mkdir -p $out
-    # cp -R ./options/locale $out/locale
-
-    wrapProgram $out/bin/gitea \
-      --prefix PATH : ${lib.makeBinPath [ ]}
+    runHook postUnpack
   '';
 
-  # passthru = {
-  #   data-compressed = runCommand "gitea-data-compressed" {
-  #     nativeBuildInputs = [ brotli xorg.lndir ];
-  #   } ''
-  #     mkdir $out
-  #     lndir ${gitea.data}/ $out/
-  #
-  #     # Create static gzip and brotli files
-  #     find -L $out -type f -regextype posix-extended -iregex '.*\.(css|html|js|svg|ttf|txt)' \
-  #       -exec gzip --best --keep --force {} ';' \
-  #       -exec brotli --best --keep --no-copy-stat {} ';'
-  #   '';
-  #
-  #   tests = nixosTests.gitea;
-  # };
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p "$out"
+    cp -r src/* "$out"
+
+    # Flatten /usr and manually merge lib/ and usr/lib/, since mv refuses to.
+    # mv "$out/lib" "$out/orig_lib"
+    # mv "$out/usr/"* "$out/"
+    # mkdir -p "$out/lib/systemd/system/"
+    # mv "$out/orig_lib/systemd/system/"* "$out/lib/systemd/system/"
+    # rmdir "$out/orig_lib/systemd/system"
+    # rmdir "$out/orig_lib/systemd"
+    # rmdir "$out/orig_lib"
+    # rmdir "$out/usr"
+
+    for f in "$out/lib/systemd/system/"*.service; do
+        substituteInPlace "$f" \
+            --replace "/usr/" "$out/"
+    done
+
+    for p in "$out/bin"; do
+        wrapProgram "$p" \
+            --set NIX_REDIRECTS "/usr/share=$out/share:/usr/bin=$out/bin" \
+            --prefix PATH : "${lib.makeBinPath [ fuse rsync iptables lsb-release jq ]}"
+    done
+
+    runHook postInstall
+  '';
 
   meta = with lib; {
     description = "Improves container isolation";
     homepage = "https://github.com/nestybox/sysbox";
     license = licenses.asl20;
-    broken = stdenv.isDarwin;
+    platforms = with platforms; [ "x86_64-linux" ];
     mainProgram = "sysbox-runc";
   };
 }