diff --git a/lib/make-disk-image.nix b/lib/make-disk-image.nix
index 69db53e..87120d5 100644
--- a/lib/make-disk-image.nix
+++ b/lib/make-disk-image.nix
@@ -39,7 +39,9 @@ let
     ${extraPostVM}
   '';
 
-  closureInfo = pkgs.callPackage ./closure-info.nix { };
+  closureInfo = (pkgs.callPackage ./closure-info.nix { }) {
+    rootPaths = [ systemToInstall.config.system.build.toplevel ];
+  };
   partitioner = ''
     # running udev, stolen from stage-1.sh
     echo "running udev..."
@@ -55,16 +57,23 @@ let
     udevadm trigger --action=add
     udevadm settle
 
-    # populate nix db, so nixos-install doesn't complain
-    export NIX_STATE_DIR=$TMPDIR/state
-    ${pkgs.fakeroot}/bin/fakeroot nix-store --register-validity --reregister < ${closureInfo {
-      rootPaths = [ systemToInstall.config.system.build.toplevel ];
-    }}/registration
-
     ${systemToInstall.config.system.build.diskoScript}
   '';
+
   installer = ''
-    ${systemToInstall.config.system.build.nixos-install}/bin/nixos-install --system ${systemToInstall.config.system.build.toplevel} --keep-going --no-channel-copy -v --no-root-password --option binary-caches ""
+    # populate nix db, so nixos-install doesn't complain
+    export NIX_STATE_DIR=${systemToInstall.config.disko.rootMountPoint}/nix/var/nix
+    # We have to use fakeroot here, because nix tries to chown files in the original store.
+    # fakeroot will make override all chown calls to no-ops.
+    echo "Registering store paths..."
+    ${pkgs.fakeroot}/bin/fakeroot nix-store --register-validity --reregister < ${closureInfo}/registration
+
+    # We copy files with cp because `nix copy` seems to have a large memory leak
+    echo "Copying store paths..."
+    mkdir -p ${systemToInstall.config.disko.rootMountPoint}/nix/store
+    xargs cp -r --target-directory=${systemToInstall.config.disko.rootMountPoint}/nix/store < ${closureInfo}/store-paths
+
+    ${systemToInstall.config.system.build.nixos-install}/bin/nixos-install --root ${systemToInstall.config.disko.rootMountPoint} --system ${systemToInstall.config.system.build.toplevel} --keep-going --no-channel-copy -v --no-root-password --option binary-caches ""
     umount -Rv ${systemToInstall.config.disko.rootMountPoint}
   '';
   QEMU_OPTS = lib.concatMapStringsSep " " (disk: "-drive file=${disk.name}.raw,if=virtio,cache=unsafe,werror=report,format=raw") (lib.attrValues nixosConfig.config.disko.devices.disk);