Debian – Initramfs in debootstrap chroot of fully encrypted system

I'm working on a script to create a fully encrypted washable system from debootstrap. It's doing some good, but the initramfs image that comes out does not pick up the cryptroot properly. After booting the image with qemu, I'm dropped to a busybox shell and I have to unlock the luks encryption manually with cryptsetup:

cryptsetup luksOpen /dev/sda1 system
/scripts/local-premount/flashback
exit

(flashback does some btrfs snapshoting magic to forget changes made on every boot)

After this, boot in qemu continues normally and I am then able to generate a good initramfs image. I copy this to the btrfs @root.base subvolume and all is well from then on.

I need help with figuring out why the cryptsetup/cryptroot part is not being picked up in the chroot environment by update-initramfs:

echo "CRYPTSETUP=y" >> /usr/share/initramfs-tools/conf-hooks.d/cryptsetup
echo "export CRYPTSETUP=y" >> /usr/share/initramfs-tools/conf-hooks.d/cryptsetup
update-initramfs -ut

I have tried many things, I write a good fstab and crypttab and even tried to explicitly set cryptdevice in grub.cfg. Refer to the specific version of the script.

Here's how I create the fstab and crypttab:

export partuuid=$(blkid $partition | sed -re 's/.*: UUID="([^"]+)".*/\1/')
export decruuid=$(blkid /dev/mapper/$decrypted | sed -re 's/.*: UUID="([^"]+)".*/\1/')
echo "Adding flashback with uuid $partuuid"
echo "system UUID=$partuuid none luks" >> "$rootmount/etc/crypttab"
echo "UUID=$decruuid / btrfs subvol=@root.curr 0 0" >> "$rootmount/etc/fstab"
echo "UUID=$decruuid /home btrfs subvol=@home 0 0" >> "$rootmount/etc/fstab"

The question in principle is: How do you generate a functioning initramfs image in an encrypted chroot of a debootstrapped debian?

Thanks a bunch