diff --git a/extensions/fs-btrfs-support.sh b/extensions/fs-btrfs-support.sh
new file mode 100644
index 0000000000..67cff837bd
--- /dev/null
+++ b/extensions/fs-btrfs-support.sh
@@ -0,0 +1,8 @@
+# `btrfs` support is no longer included by default in prepare-host.sh.
+# Enable this extension to include the required dependencies for building.
+# This is automatically enabled if ROOTFS_TYPE is set to btrfs in main-config.sh.
+
+function add_host_dependencies__add_btrfs_tooling() {
+	display_alert "Adding BTRFS to host dependencies" "BTRFS" "debug"
+	EXTRA_BUILD_DEPS="${EXTRA_BUILD_DEPS} btrfs-progs" # @TODO: convert to array later
+}
diff --git a/extensions/fs-cryptroot-support.sh b/extensions/fs-cryptroot-support.sh
new file mode 100644
index 0000000000..9f44f09494
--- /dev/null
+++ b/extensions/fs-cryptroot-support.sh
@@ -0,0 +1,8 @@
+# `cryptroot` / LUKS support is no longer included by default in prepare-host.sh.
+# Enable this extension to include the required dependencies for building.
+# This is automatically enabled if CRYPTROOT_ENABLE is set to yes in main-config.sh.
+
+function add_host_dependencies__add_cryptroot_tooling() {
+	display_alert "Adding cryptroot to host dependencies" "cryptsetup LUKS" "debug"
+	EXTRA_BUILD_DEPS="${EXTRA_BUILD_DEPS} cryptsetup" # @TODO: convert to array later
+}
diff --git a/extensions/fs-f2fs-support.sh b/extensions/fs-f2fs-support.sh
new file mode 100644
index 0000000000..918e11fb91
--- /dev/null
+++ b/extensions/fs-f2fs-support.sh
@@ -0,0 +1,8 @@
+# `f2fs` support is no longer included by default in prepare-host.sh.
+# Enable this extension to include the required dependencies for building.
+# This is automatically enabled if ROOTFS_TYPE is set to f2fs in main-config.sh.
+
+function add_host_dependencies__add_f2fs_tooling() {
+	display_alert "Adding F2FS to host dependencies" "F2FS" "debug"
+	EXTRA_BUILD_DEPS="${EXTRA_BUILD_DEPS} f2fs-tools" # @TODO: convert to array later
+}
diff --git a/extensions/fs-xfs-support.sh b/extensions/fs-xfs-support.sh
new file mode 100644
index 0000000000..f25c332990
--- /dev/null
+++ b/extensions/fs-xfs-support.sh
@@ -0,0 +1,8 @@
+# `xfs` support is no longer included by default in prepare-host.sh.
+# Enable this extension to include the required dependencies for building.
+# This is automatically enabled if ROOTFS_TYPE is set to xfs in main-config.sh.
+
+function add_host_dependencies__add_xfs_tooling() {
+	display_alert "Adding XFS to host dependencies" "XFS xfsprogs" "debug"
+	EXTRA_BUILD_DEPS="${EXTRA_BUILD_DEPS} xfsprogs" # @TODO: convert to array later
+}
diff --git a/lib/functions/configuration/main-config.sh b/lib/functions/configuration/main-config.sh
index 5e4a52cfd6..319109e071 100644
--- a/lib/functions/configuration/main-config.sh
+++ b/lib/functions/configuration/main-config.sh
@@ -83,28 +83,49 @@ function do_main_configuration() {
 		install -d "${FINALDEST}"
 	fi
 
-	# TODO: fixed name can't be used for parallel image building
-	ROOT_MAPPER="armbian-root"
-
+	# Prepare rootfs filesystem support
 	[[ -z $ROOTFS_TYPE ]] && ROOTFS_TYPE=ext4 # default rootfs type is ext4
-	[[ "ext4 f2fs btrfs xfs nfs fel" != *$ROOTFS_TYPE* ]] && exit_with_error "Unknown rootfs type" "$ROOTFS_TYPE"
+	case "$ROOTFS_TYPE" in
+		ext4 | fel) # nothing extra here
+			;;
+		nfs)
+			FIXED_IMAGE_SIZE=256 # small SD card with kernel, boot script and .dtb/.bin files
+			;;
+		f2fs)
+			enable_extension "fs-f2fs-support"
+			# Fixed image size is in 1M dd blocks (MiB)
+			# to get size of block device /dev/sdX execute as root: echo $(( $(blockdev --getsize64 /dev/sdX) / 1024 / 1024 ))
+			[[ -z $FIXED_IMAGE_SIZE ]] && exit_with_error "Please define FIXED_IMAGE_SIZE for use with f2fs"
+			;;
+		xfs)
+			enable_extension "fs-xfs-support"
+			;;
+		btrfs)
+			enable_extension "fs-btrfs-support"
+			[[ -z $BTRFS_COMPRESSION ]] && BTRFS_COMPRESSION=zlib # default btrfs filesystem compression method is zlib
+			[[ ! $BTRFS_COMPRESSION =~ zlib|lzo|zstd|none ]] && exit_with_error "Unknown btrfs compression method" "$BTRFS_COMPRESSION"
+			;;
+		*)
+			exit_with_error "Unknown rootfs type: ROOTFS_TYPE='${ROOTFS_TYPE}'"
+			;;
+	esac
 
-	[[ -z $BTRFS_COMPRESSION ]] && BTRFS_COMPRESSION=zlib # default btrfs filesystem compression method is zlib
-	[[ ! $BTRFS_COMPRESSION =~ zlib|lzo|zstd|none ]] && exit_with_error "Unknown btrfs compression method" "$BTRFS_COMPRESSION"
-
-	# Fixed image size is in 1M dd blocks (MiB)
-	# to get size of block device /dev/sdX execute as root:
-	# echo $(( $(blockdev --getsize64 /dev/sdX) / 1024 / 1024 ))
-	[[ "f2fs" == *$ROOTFS_TYPE* && -z $FIXED_IMAGE_SIZE ]] && exit_with_error "Please define FIXED_IMAGE_SIZE"
-
-	# a passphrase is mandatory if rootfs encryption is enabled
-	if [[ $CRYPTROOT_ENABLE == yes && -z $CRYPTROOT_PASSPHRASE ]]; then
-		exit_with_error "Root encryption is enabled but CRYPTROOT_PASSPHRASE is not set"
+	# Support for LUKS / cryptroot
+	if [[ $CRYPTROOT_ENABLE == yes ]]; then
+		enable_extension "fs-cryptroot-support" # add the tooling needed, cryptsetup
+		ROOT_MAPPER="armbian-root"              # TODO: fixed name can't be used for parallel image building (rpardini: ?)
+		if [[ -z $CRYPTROOT_PASSPHRASE ]]; then # a passphrase is mandatory if rootfs encryption is enabled
+			exit_with_error "Root encryption is enabled but CRYPTROOT_PASSPHRASE is not set"
+		fi
+		[[ -z $CRYPTROOT_SSH_UNLOCK ]] && CRYPTROOT_SSH_UNLOCK=yes
+		[[ -z $CRYPTROOT_SSH_UNLOCK_PORT ]] && CRYPTROOT_SSH_UNLOCK_PORT=2022
+		# Default to pdkdf2, this used to be the default with cryptroot <= 2.0, however
+		# cryptroot 2.1 changed that to Argon2i. Argon2i is a memory intensive
+		# algorithm which doesn't play well with SBCs (need 1GiB RAM by default !)
+		# https://gitlab.com/cryptsetup/cryptsetup/-/issues/372
+		[[ -z $CRYPTROOT_PARAMETERS ]] && CRYPTROOT_PARAMETERS="--pbkdf pbkdf2"
 	fi
 
-	# small SD card with kernel, boot script and .dtb/.bin files
-	[[ $ROOTFS_TYPE == nfs ]] && FIXED_IMAGE_SIZE=256
-
 	# Since we are having too many options for mirror management,
 	# then here is yet another mirror related option.
 	# Respecting user's override in case a mirror is unreachable.
@@ -181,13 +202,6 @@ function do_main_configuration() {
 	ARCH=armhf
 	KERNEL_IMAGE_TYPE=zImage
 	ATF_COMPILE=yes
-	[[ -z $CRYPTROOT_SSH_UNLOCK ]] && CRYPTROOT_SSH_UNLOCK=yes
-	[[ -z $CRYPTROOT_SSH_UNLOCK_PORT ]] && CRYPTROOT_SSH_UNLOCK_PORT=2022
-	# Default to pdkdf2, this used to be the default with cryptroot <= 2.0, however
-	# cryptroot 2.1 changed that to Argon2i. Argon2i is a memory intensive
-	# algorithm which doesn't play well with SBCs (need 1GiB RAM by default !)
-	# https://gitlab.com/cryptsetup/cryptsetup/-/issues/372
-	[[ -z $CRYPTROOT_PARAMETERS ]] && CRYPTROOT_PARAMETERS="--pbkdf pbkdf2"
 	[[ -z $WIREGUARD ]] && WIREGUARD="yes"
 	[[ -z $EXTRAWIFI ]] && EXTRAWIFI="yes"
 	[[ -z $SKIP_BOOTSPLASH ]] && SKIP_BOOTSPLASH="no"
diff --git a/lib/functions/host/prepare-host.sh b/lib/functions/host/prepare-host.sh
index 9c2e703c74..468fb28eca 100644
--- a/lib/functions/host/prepare-host.sh
+++ b/lib/functions/host/prepare-host.sh
@@ -233,19 +233,12 @@ function adaptative_prepare_host_dependencies() {
 		display_alert "Using passed-in target_arch" "${target_arch}" "debug"
 	fi
 
-	# @TODO: move to extensions:
-	# btrfs-progs # @TODO: only needed if doing brtfs // causes initramfs rebuild
-	# cryptsetup - @TODO: this causes host-side initrd rebuild; only required for encrypted root stuff -- move to extension?
-	# f2fs-tools # @TODO: this is un-necessary if not building a f2fs rootfs  // causes initramfs rebuild
-	# crossbuild-essential-arm64 @TODO: JetHub needs a c++ compiler, add "crossbuild-essential-arm64" there or ext
-
 	#### Common: for all releases, all host arches, and all target arches.
 	declare -a -g host_dependencies=(
 		# big bag of stuff from before
 		bc binfmt-support
 		bison
-		### build-essential # Composed of: libc6-dev make dpkg-dev gcc g++, we don't need g++ (C++ compiler)
-		libc6-dev make dpkg-dev gcc # build-essential, without g++ 
+		libc6-dev make dpkg-dev gcc # build-essential, without g++
 		ca-certificates ccache cpio
 		debootstrap device-tree-compiler dialog dirmngr dosfstools
 		dwarves # dwarves has been replaced by "pahole" and is now a transitional package
@@ -257,7 +250,7 @@ function adaptative_prepare_host_dependencies() {
 		libbison-dev libelf-dev libfdt-dev libfile-fcntllock-perl libmpc-dev libfl-dev liblz4-tool
 		libncurses-dev libssl-dev libusb-1.0-0-dev
 		linux-base locales
-		ncurses-base ncurses-term # why?
+		ncurses-base ncurses-term # for `make menuconfig`
 		ntpdate
 		patchutils pkg-config pv
 		qemu-user-static