diff --git a/.woodpecker/ci.yaml b/.woodpecker/ci.yaml
index 506cb44..96709a2 100644
--- a/.woodpecker/ci.yaml
+++ b/.woodpecker/ci.yaml
@@ -1,45 +1,37 @@
+variables:
+  - common_settings: &common_settings
+      binary_cache: https://cache.nix.vdx.hu/private
+      binary_cache_public_key: private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=
+      binary_cache_token:
+        from_secret: attic_token
+
 steps:
   build:
-    image: nixos/nix:2.15.1
-    commands:
-      - set -o pipefail
-      - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
-      - echo "trusted-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
-      - echo "extra-trusted-public-keys = private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=" >> /etc/nix/nix.conf
-      - echo "extra-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
-      - echo "netrc-file = /tmp/nix-netrc" >> /etc/nix/nix.conf
-      - echo "machine cache.nix.vdx.hu" > /tmp/nix-netrc
-      - echo "password $ATTIC_TOKEN" >> /tmp/nix-netrc
-      - nix build .#woodpecker-plugin-nix-attic-latest
-      - nix-env -iA nixpkgs.docker-client
+    image: git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
+    settings:
+      <<: *common_settings
       # "persist" the generated image in the workspace
-      - cp $(realpath result) docker-image-latest
-      - docker load -i docker-image-latest
-    secrets: 
-      - attic_token
-      - forgejo_registry_token
+      script: |
+          nix build .#woodpecker-plugin-nix-attic-latest
+          nix-env -iA nixpkgs.docker-client
+          cp $(realpath result) docker-image-latest
+          docker load -i docker-image-latest
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
   publish-latest:
-    image: nixos/nix
+    image: git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
     when:
       - event: push
         branch: main
-    commands:
-      - set -o pipefail
-      - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
-      - echo "trusted-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
-      - echo "extra-trusted-public-keys = private:b6wO7rXF+4WtPCocEKlbdU/bTqEdJAqRrzOu0O3cK68=" >> /etc/nix/nix.conf
-      - echo "extra-substituters = https://cache.nix.vdx.hu/private" >> /etc/nix/nix.conf
-      - echo "netrc-file = /tmp/nix-netrc" >> /etc/nix/nix.conf
-      - echo "machine cache.nix.vdx.hu" > /tmp/nix-netrc
-      - echo "password $ATTIC_TOKEN" >> /tmp/nix-netrc
-      - nix-env -iA nixpkgs.docker-client
-      - docker load -i docker-image-latest
-      - docker login -u vdx -p "$FORGEJO_REGISTRY_TOKEN" git.vdx.hu
-      - docker push git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
-    secrets: 
-      - attic_token
+    settings:
+      <<: *common_settings
+      # "persist" the generated image in the workspace
+      script: |
+          nix-env -iA nixpkgs.docker-client
+          docker load -i docker-image-latest
+          docker login -u vdx -p "$FORGEJO_REGISTRY_TOKEN" git.vdx.hu
+          docker push git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic
+    secrets:
       - forgejo_registry_token
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock