diff --git a/modules/server/containers/builder.nix b/modules/server/containers/builder.nix
index 5902e00..7cd74b9 100644
--- a/modules/server/containers/builder.nix
+++ b/modules/server/containers/builder.nix
@@ -1,7 +1,7 @@
 { config, lib, serverCfg }:
 let 
   builder =
-  { image, imageStream ? null
+  { image ? null, imageStream ? null
   , secret ? null
   , subdomain ? null, ip ? null, port ? 0
   , extraEnv ? { }, extraLabels ? { }, extraOptions ? [ ]
diff --git a/modules/server/containers/defs/etherpad.nix b/modules/server/containers/defs/etherpad.nix
index 94c9254..d24f7d9 100644
--- a/modules/server/containers/defs/etherpad.nix
+++ b/modules/server/containers/defs/etherpad.nix
@@ -1,7 +1,26 @@
 { config, containerCfg, pkgs, lib, builder, name,... }:
 let 
-version = "latest";
-serverCfg = config.syscfg.server;
+  serverCfg = config.syscfg.server;
+  image = pkgs.dockerTools.streamLayeredImage {
+    name = "etherpad";
+    tag = pkgs.etherpad-lite.version;
+    contents = with pkgs;[ etherpad-lite bash coreutils cacert curl ];
+    fakeRootCommands = ''
+      mkdir -p ./var/lib/etherpad
+      chown -R 5001:5001 ./var/lib/etherpad
+    '';
+    config = {
+      Cmd = [ "${pkgs.etherpad-lite}/bin/etherpad-lite" ];
+      User = "${toString uid}:${toString gid}";
+      WorkingDir = "/var/lib/etherpad";
+      ExposedPorts = { "${toString containerCfg.port}/tcp" = {}; };
+      Env = [
+        "NODE_ENV=production"
+        "HOME=/var/lib/etherpad"
+      ];
+
+    };
+  };
 in {
   paths = [{
     path="${serverCfg.configPath}/etherpad/data";
@@ -17,7 +36,7 @@ in {
   containers = {
     server = builder.mkContainer {
       subdomain = containerCfg.subdomain;
-      image = "ghcr.io/ether/etherpad:develop:${version}";
+      imageStream = image;
       port = containerCfg.port;
       ip = containerCfg.ip;
       secret = name;
diff --git a/modules/server/containers/defs/traefik.nix b/modules/server/containers/defs/traefik.nix
index 15461bb..166b190 100644
--- a/modules/server/containers/defs/traefik.nix
+++ b/modules/server/containers/defs/traefik.nix
@@ -1,8 +1,7 @@
 { config, containerCfg, pkgs, lib, builder, name,... }:
 let 
-version = "3";
-serverCfg = config.syscfg.server;
-image = pkgs.dockerTools.streamLayeredImage {
+  serverCfg = config.syscfg.server;
+  image = pkgs.dockerTools.streamLayeredImage {
     name = "traefik";
     tag = pkgs.traefik.version;
     contents = with pkgs;[ traefik cacert tzdata ];
@@ -20,9 +19,8 @@ in {
 
   containers = {
     server = builder.mkContainer {
-      subdomain = containerCfg.subdomain;
-      image = "ghcr.io/traefik/traefik:${version}";
       imageStream = image;
+      subdomain = containerCfg.subdomain;
       ip = containerCfg.ip;
       port = 8080;
       secret = name;