diff --git a/.forgejo/workflows/main.yaml b/.forgejo/workflows/main.yaml
index bec83dd..f403cb5 100644
--- a/.forgejo/workflows/main.yaml
+++ b/.forgejo/workflows/main.yaml
@@ -5,14 +5,12 @@ jobs:
     steps:
       - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
       - run: nix-env -i nodejs # bootstrap
+      - run: curl -sLo /etc/containers/policy.json https://github.com/containers/skopeo/blob/879dbc3757610a574f9fcc44ea23ef9e8e2b6fe3/default-policy.json
       - uses: actions/checkout@v4
-      - run: mkdir -p /etc/containers && cp default-policy.json /etc/containers/policy.json
       - run: |-
           nix develop --command bash -c '
             for line in $(cat tags.txt); do
               IFS=: read -r pkg tag <<< $line
-              cp $(nix build .#$pkg --print-out-paths) /tmp/img.tar.gz
-              gunzip /tmp/img.tar.gz
-              skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" docker-archive:///tmp/img.tar docker://git.10110110.xyz/ci/$tag:latest
+              skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" docker-image://$(nix build .#$pkg --print-out-paths) docker://git.10110110.xyz/ci/$tag:latest
             done
           '
diff --git a/default-policy.json b/default-policy.json
deleted file mode 100644
index dffc54a..0000000
--- a/default-policy.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-    "default": [
-        {
-            "type": "insecureAcceptAnything"
-        }
-    ],
-    "transports":
-        {
-            "docker-daemon":
-                {
-                    "": [{"type":"insecureAcceptAnything"}]
-                }
-        }
-}
diff --git a/flake.nix b/flake.nix
index cda5c3d..5416528 100644
--- a/flake.nix
+++ b/flake.nix
@@ -27,7 +27,7 @@
       packages = forEachSupportedSystem (
         { pkgs }:
         {
-          nix-with-node = (import ./pkgs/nix-with-node { inherit pkgs; });
+          nix-with-node = (import ./pkgs/nix-with-node.nix { inherit pkgs; });
         }
       );
       devShells = forEachSupportedSystem (
diff --git a/pkgs/nix-with-node.nix b/pkgs/nix-with-node.nix
new file mode 100644
index 0000000..64343ea
--- /dev/null
+++ b/pkgs/nix-with-node.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+pkgs.dockerTools.buildLayeredImage {
+  name = "nix-with-node";
+  contents = with pkgs; [
+    nix
+    nodejs
+    bash
+    git
+  ];
+}
diff --git a/pkgs/nix-with-node/default.nix b/pkgs/nix-with-node/default.nix
deleted file mode 100644
index a9db729..0000000
--- a/pkgs/nix-with-node/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-{ pkgs, ... }:
-pkgs.dockerTools.buildLayeredImage {
-  name = "nix-with-node";
-  contents = with pkgs; [
-    ./root
-    bashInteractive
-    cacert
-    coreutils
-    git
-    gnutar
-    gzip
-    nix
-    nodejs
-    openssh
-    xz
-  ];
-
-    config = {
-      Cmd = [ "/bin/bash" ];
-      Env = [
-        "ENV=/etc/profile.d/nix.sh"
-        "NIX_BUILD_SHELL=/bin/bash"
-        "PATH=/usr/bin:/bin"
-        "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
-        "USER=root"
-      ];
-    };
-
-  extraCommands = ''
-  '';
-}
diff --git a/pkgs/nix-with-node/root/etc/nix/nix.conf b/pkgs/nix-with-node/root/etc/nix/nix.conf
deleted file mode 100644
index 978cf89..0000000
--- a/pkgs/nix-with-node/root/etc/nix/nix.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-accept-flake-config = true
-experimental-features = nix-command flakes
-max-jobs = auto
diff --git a/tags.txt b/tags.txt
index e951978..67a8c8a 100644
--- a/tags.txt
+++ b/tags.txt
@@ -1 +1 @@
-nix-with-node:nix
+nix-with-node:nix-ci