diff --git a/.forgejo/workflows/build-image.yml b/.forgejo/workflows/build-image.yml
index 50710b4..5f0c4ba 100644
--- a/.forgejo/workflows/build-image.yml
+++ b/.forgejo/workflows/build-image.yml
@@ -1,37 +1,42 @@
-name: "Build NixOS Image and Upload to Proxmox"
+name: Build and Upload NixOS Image
 
 on:
-  workflow_dispatch: # Manual trigger
+  workflow_dispatch:
 
 jobs:
-  build-upload:
-    runs-on: self-hosted
+  build:
+    runs-on: [nixos]
+    defaults:
+      run:
+        working-directory: nixos
+
     steps:
-      - name: Checkout flake
+      - name: Checkout repo
         uses: actions/checkout@v3
 
-      - name: Set up Nix
-        uses: cachix/install-nix-action@v22
-        with:
-          extra_nix_config: |
-            experimental-features = nix-command flakes
+      - name: Build NixOS image
+        run: nix build .#nixosImage
 
-      - name: Build Proxmox image
-        run: |
-          nix build .#base
-
-      - name: Upload to Proxmox
+      - name: Upload image to Proxmox
         env:
-          PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
-          PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
-          PROXMOX_PASSWORD: ${{ secrets.PROXMOX_PASSWORD }}
+          SSH_KEY: ${{ secrets.PROXMOX_SSH_KEY }}
+          PROXMOX_USER: root
+          PROXMOX_HOST: 192.168.1.205
         run: |
-          scp result/*.vma.zst "$PROXMOX_USER@$PROXMOX_HOST:/var/lib/vz/dump/"
+          mkdir -p ~/.ssh
+          echo "$SSH_KEY" > ~/.ssh/id_proxmox
+          chmod 600 ~/.ssh/id_proxmox
+          export SSH="ssh -i ~/.ssh/id_proxmox -o StrictHostKeyChecking=no"
+          export SCP="scp -i ~/.ssh/id_proxmox -o StrictHostKeyChecking=no"
 
-      - name: Replace template on Proxmox
-        run: |
-          ssh "$PROXMOX_USER@$PROXMOX_HOST" "
-            qmrestore /var/lib/vz/dump/nixos-base.vma.zst 9000 --unique=true &&
-            qm set 9000 --name nixos-base --cores 2 --memory 2048 &&
+          IMAGE=$(find result/ -name '*.vma.zst' | head -n 1)
+          NAME=$(basename "$IMAGE")
+
+          echo "Uploading $IMAGE to $PROXMOX_HOST..."
+          $SCP "$IMAGE" "$PROXMOX_USER@$PROXMOX_HOST:/var/lib/vz/dump/"
+
+          echo "Restoring and converting to template..."
+          $SSH "$PROXMOX_USER@$PROXMOX_HOST" "
+            qmrestore /var/lib/vz/dump/$NAME 9000 --unique --replace &&
             qm template 9000
           "
diff --git a/nixos/hosts/forgejo-runner/notes/ssh-secrets.md b/nixos/hosts/forgejo-runner/notes/ssh-secrets.md
new file mode 100644
index 0000000..c598091
--- /dev/null
+++ b/nixos/hosts/forgejo-runner/notes/ssh-secrets.md
@@ -0,0 +1,4 @@
+
+```bash
+ssh-keygen -t ed25519 -C "forgejo-runner" -f forgejo-image-uploader
+```
diff --git a/nixos/hosts/forgejo-runner/runner.nix b/nixos/hosts/forgejo-runner/runner.nix
index 2d1a40b..dfb7a33 100644
--- a/nixos/hosts/forgejo-runner/runner.nix
+++ b/nixos/hosts/forgejo-runner/runner.nix
@@ -20,6 +20,7 @@
         # "ubuntu-22.04:docker://node:16-bullseye"
         # "ubuntu-20.04:docker://node:16-bullseye"
         # "ubuntu-18.04:docker://node:16-buster"
+        "nixos:docker://cachix/nix-build-action"
         ## optionally provide native execution on the host:
         # "native:host"
       ];