diff --git a/.forgejo/workflows/main.yaml b/.forgejo/workflows/main.yaml
index f403cb5..90c0233 100644
--- a/.forgejo/workflows/main.yaml
+++ b/.forgejo/workflows/main.yaml
@@ -4,9 +4,9 @@ jobs:
     runs-on: nix-upstream-latest
     steps:
       - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
-      - run: nix-env -i nodejs # bootstrap
-      - run: curl -sLo /etc/containers/policy.json https://github.com/containers/skopeo/blob/879dbc3757610a574f9fcc44ea23ef9e8e2b6fe3/default-policy.json
+      - run: nix-env -i nodejs curl # bootstrap
       - uses: actions/checkout@v4
+      - run: cp default-policy.json /etc/containers/policy.json
       - run: |-
           nix develop --command bash -c '
             for line in $(cat tags.txt); do
diff --git a/default-policy.json b/default-policy.json
new file mode 100644
index 0000000..dffc54a
--- /dev/null
+++ b/default-policy.json
@@ -0,0 +1,14 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports":
+        {
+            "docker-daemon":
+                {
+                    "": [{"type":"insecureAcceptAnything"}]
+                }
+        }
+}