diff --git a/pkgs/nix-portable/default.nix b/pkgs/nix-portable/default.nix
index 9cc8e4e7..eb2a11a9 100644
--- a/pkgs/nix-portable/default.nix
+++ b/pkgs/nix-portable/default.nix
@@ -10,6 +10,12 @@ with builtins;
   buildPackages,
   upx,
 
+  bootstrapPrograms ? [
+    "gitMinimal"
+    "netcat-openbsd"
+    "openssh"
+  ],
+
   busybox,
   cacert ? pkgs.cacert,
   compression ? "zstd -19 -T0",
@@ -36,11 +42,6 @@ let
 
   nixpkgsSrc = pkgs.path;
 
-  # TODO: git could be more minimal via:
-  # perlSupport=false; guiSupport=false; nlsSupport=false;
-  gitAttribute = "gitMinimal";
-  git = pkgs."${gitAttribute}";
-
   maketar = targets:
     let
       closureInfo = buildPackages.closureInfo { rootPaths = targets; };
@@ -83,6 +84,21 @@ let
     chmod +wx \$dir/bin/${bin};
   '';
 
+  installDynamic = pkgname: let
+    out = pkgs.${pkgname}.out;
+  in ''
+    if [ ! -e \$store${lib.removePrefix "/nix/store" pkgs.${pkgname}.out} ] ; then
+      debug "Installing ${pkgname}"
+      \$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix build --impure --no-link --expr "
+        (import ${nixpkgsSrc} {}).${pkgname}.out
+      "
+    else
+      debug "${pkgname} already installed"
+    fi
+
+    export PATH="${out}/bin:\$PATH"
+  '';
+
   caBundleZstd = pkgs.runCommand "cacerts" {} "cat ${cacert}/etc/ssl/certs/ca-bundle.crt | ${inp.zstd}/bin/zstd -19 > $out";
 
   bwrap = packStaticBin "${inp.bwrap}/bin/bwrap";
@@ -271,17 +287,8 @@ let
       sslBind="/etc/ssl /etc/ssl"
     fi
 
-
-
-    ### detecting existing git installation
-    # we need to install git inside the wrapped environment
-    # unless custom git executable path is specified in NP_GIT,
-    # since the existing git might be incompatible to Nix (e.g. v1.x)
     if [ -n "\$NP_GIT" ]; then
-      doInstallGit=false
-      ln -s "\$NP_GIT" "\$dir/tmpbin/git"
-    else
-      doInstallGit=true
+      echo "WARN: NP_GIT is not supported, using nix version instead"
     fi
 
 
@@ -570,22 +577,9 @@ let
 
 
 
-    ### install git via nix, if git installation is not in /nix path
-    if \$doInstallGit && [ ! -e \$store${lib.removePrefix "/nix/store" git.out} ] ; then
-      echo "Installing git. Disable this by specifying the git executable path with 'NP_GIT'"
-      \$run \$store${lib.removePrefix "/nix/store" nix}/bin/nix build --impure --no-link --expr "
-        (import ${nixpkgsSrc} {}).${gitAttribute}.out
-      "
-    else
-      debug "git already installed or manually specified"
-    fi
-
-    ### override the possibly existing git in the environment with the installed one
-    # excluding the case NP_GIT is set.
-    if \$doInstallGit; then
-      export PATH="${git.out}/bin:\$PATH"
-    fi
 
+    ### install programs via nix
+    ${concatMapStringsSep "\n" installDynamic bootstrapPrograms}
 
     ### print elapsed time
     end=\$(date +%s%N)  # end time in nanoseconds