diff --git a/munix b/munix
index 63aa305..fab5448 100755
--- a/munix
+++ b/munix
@@ -1,35 +1,120 @@
 #!/usr/bin/env bash
-: "${MICROVM_SHELL:=bash}"
 SCRIPT_PATH=$(dirname $(realpath -s $0))
 MUVM_PATH=$(dirname $(which muvm))
 PASST_PATH=$(dirname $(which passt))
+HOST_OPENGL_DRIVER=/run/opengl-driver
+MICROVM_CLOSURE=
+MICROVM_COMMAND=()
+BWRAP_ARGS=()
+MUVM_ARGS=()
+GPU=1
+WAYLAND=1
+PIPEWIRE=1
+X11=0
 export TMP=/tmp TMPDIR=/tmp TEMP=/tmp TEMPDIR=/tmp LC_ALL=C
-unset DISPLAY XAUTHORITY # or: --bind /tmp/.X11-unix /tmp/.X11-unix --bind $XAUTHORITY $XAUTHORITY
+
+while [ "$#" -gt 0 ]; do
+  case "$1" in
+    --no-gpu) GPU=0; shift 1;;
+    --no-wayland) WAYLAND=0; shift 1;;
+    --no-pipewire) PIPEWIRE=0; shift 1;;
+    --x11) X11=1; shift 1;;
+    --bind) BWRAP_ARGS+=("--bind" "$2" "$3"); shift 3;;
+    --ro-bind) BWRAP_ARGS+=("--ro-bind" "$2" "$3"); shift 3;;
+    --expose) BWRAP_ARGS+=("--bind" "$2" "$2"); shift 2;;
+    --ro-expose) BWRAP_ARGS+=("--ro-bind" "$2" "$2"); shift 2;;
+    --host-opengl-driver) HOST_OPENGL_DRIVER="$2"; shift 2;;
+    --munix-bin-dir) SCRIPT_PATH="$2"; shift 2;;
+    --muvm-bin-dir) MUVM_PATH="$2"; shift 2;;
+    --passt-bin-dir) PASST_PATH="$2"; shift 2;;
+    -*) echo "munix: unknown option: $1" >&2; exit 1;;
+    *)
+      if [ "$MICROVM_CLOSURE" = "" ]; then
+        MICROVM_CLOSURE="$1"
+      else
+        MICROVM_COMMAND+=("$1")
+      fi
+      shift 1;;
+  esac
+done
+
+if [ "$MICROVM_CLOSURE" = "" ]; then
+  echo "munix: provide a system closure path as a positional argument" >&2
+  exit 1
+fi
+
+if [ ${#MICROVM_COMMAND[@]} -eq 0 ]; then
+  MICROVM_COMMAND=("bash")
+fi
+
+if [ "$GPU" -eq 1 ]; then
+  BWRAP_ARGS+=(
+    "--dev-bind" "/dev/dri" "/dev/dri"
+    "--ro-bind" "$HOST_OPENGL_DRIVER" "/run/opengl-driver"
+  )
+else
+  BWRAP_ARGS+=("--dir" "/dev/dri")
+fi
+
+if [ "$WAYLAND" -eq 1 ]; then
+  if [ "$XDG_RUNTIME_DIR" = "" ]; then
+    echo "munix: wayland requested, but no XDG_RUNTIME_DIR set" >&2
+    exit 1
+  fi
+  BWRAP_ARGS+=(
+    "--bind" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY"
+    "--setenv" "WAYLAND_DISPLAY" "$WAYLAND_DISPLAY"
+  )
+  MUVM_ARGS+=("-e" "WAYLAND_DISPLAY=wayland-1") # the proxy is managed by us, not muvm
+fi
+
+if [ "$PIPEWIRE" -eq 1 ]; then
+  if [ "$PIPEWIRE_RUNTIME_DIR" = "" ]; then
+    PIPEWIRE_RUNTIME_DIR="$XDG_RUNTIME_DIR"
+  fi
+  if [ "$PIPEWIRE_RUNTIME_DIR" = "" ]; then
+    PIPEWIRE_RUNTIME_DIR="$USERPROFILE"
+  fi
+  if [ "$PIPEWIRE_RUNTIME_DIR" = "" ]; then
+    echo "munix: pipewire requested, but no PIPEWIRE_RUNTIME_DIR/XDG_RUNTIME_DIR/USERPROFILE set" >&2
+    exit 1
+  fi
+  if [ "$PIPEWIRE_REMOTE" = "" ]; then
+    PIPEWIRE_REMOTE=pipewire-0
+  fi
+  BWRAP_ARGS+=("--bind" "$PIPEWIRE_RUNTIME_DIR/$PIPEWIRE_REMOTE" "$PIPEWIRE_RUNTIME_DIR/$PIPEWIRE_REMOTE")
+fi
+
+if [ "$X11" -eq 1 ]; then
+  BWRAP_ARGS+=(
+    "--bind" "/tmp/.X11-unix" "/tmp/.X11-unix"
+    "--ro-bind" "$XAUTHORITY" "$XAUTHORITY"
+  )
+else
+  unset DISPLAY XAUTHORITY
+fi
+
 exec bwrap --unshare-all --share-net \
   --uid 1001 --gid 1001 \
   --tmpfs / \
   --dir /run --dir /var --symlink /run /var/run --dir /tmp \
   --proc /proc --ro-bind /sys /sys \
-  --dev /dev --dir /dev/input --dev-bind /dev/kvm /dev/kvm --dev-bind /dev/dri /dev/dri \
+  --dev /dev --dir /dev/input --dev-bind /dev/kvm /dev/kvm \
   --ro-bind "$MUVM_PATH" /run/munix/muvm \
   --ro-bind "$PASST_PATH" /run/munix/passt \
-  --ro-bind "$1/sw/bin/env" /usr/bin/env \
+  --ro-bind "$MICROVM_CLOSURE/sw/bin/env" /usr/bin/env \
   --ro-bind "$SCRIPT_PATH/munix-init-root" /usr/bin/munix-init-root \
   --ro-bind "$SCRIPT_PATH/munix-init-user" /usr/bin/munix-init-user \
   --ro-bind /nix/store /nix/store \
-  --ro-bind /run/opengl-driver /run/opengl-driver \
   --ro-bind /run/systemd/resolve /run/systemd/resolve \
   --ro-bind /etc/resolv.conf /etc/resolv.conf \
   --ro-bind /etc/group /etc/group \
   --ro-bind /etc/passwd /etc/passwd \
   --dir "$XDG_RUNTIME_DIR" \
-  --bind "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" "$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" \
-  --bind "$XDG_RUNTIME_DIR/pipewire-0" "$XDG_RUNTIME_DIR/pipewire-0" \
-  --bind $HOME/Downloads/baseq1 $HOME/Downloads/baseq1 \
-  --setenv WAYLAND_DISPLAY "$WAYLAND_DISPLAY" \
-  --setenv PATH "/run/munix/muvm:/run/munix/passt:$1/sw/bin" \
+  --setenv PATH "/run/munix/muvm:/run/munix/passt:$MICROVM_CLOSURE/sw/bin" \
+  "${BWRAP_ARGS[@]}" \
   muvm \
-    -x /usr/bin/munix-init-root -X /usr/bin/munix-init-user --udevd-path="$1/sw/bin/true" \
-    -e WAYLAND_DISPLAY=wayland-1 \
-    -e MICROVM_CLOSURE="$1" \
-    -i -t "$1/sw/bin/$MICROVM_SHELL"
+    -x /usr/bin/munix-init-root -X /usr/bin/munix-init-user --udevd-path="$MICROVM_CLOSURE/sw/bin/true" \
+    "${MUVM_ARGS[@]}" \
+    -e MICROVM_CLOSURE="$MICROVM_CLOSURE" \
+    -i -t "${MICROVM_COMMAND[@]}"