diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index adcb8a932..55a948019 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,7 +6,7 @@ workflow:
 
 default:
   image:
-    name: nixpkgs/nix-flakes:nixos-21.05
+    name: registry.gitlab.com/fradrive/fradrive/nix-unstable
 
 variables:
   NIX_PATH: "nixpkgs=http://nixos.org/channels/nixos-21.05/nixexprs.tar.xz"
@@ -26,7 +26,6 @@ node dependencies:
     - install -m 0644 .gitlab-ci/nix-bootstrap.conf /etc/nix/nix.conf
     - .gitlab-ci/write-minio-creds.sh
     - .gitlab-ci/make-minio-bucket.sh
-    - "nix-env -f .gitlab-ci/patched-nix.nix -iE 'f: f {}'"
     - cp -pr --reflink=auto -L .gitlab-ci/upload-to-cache.sh /etc/nix/upload-to-cache.sh
     - install -m 0644 .gitlab-ci/nix.conf /etc/nix/nix.conf
     - git config --global init.defaultBranch master
diff --git a/flake.lock b/flake.lock
index 9d1b7a81e..ed9736994 100644
--- a/flake.lock
+++ b/flake.lock
@@ -151,6 +151,22 @@
         "url": "ssh://git@gitlab2.rz.ifi.lmu.de/uni2work/cryptonite.git"
       }
     },
+    "docker-nixpkgs": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1631525111,
+        "narHash": "sha256-dJKw280B1Hp0f6tSkBtkY0nrMT0DR/bmerrS3cQdBjI=",
+        "owner": "nix-community",
+        "repo": "docker-nixpkgs",
+        "rev": "df7f64139a0b2384fb2448dc2a406815f8d03867",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "docker-nixpkgs",
+        "type": "github"
+      }
+    },
     "encoding": {
       "flake": false,
       "locked": {
@@ -465,6 +481,7 @@
         "conduit-resumablesink": "conduit-resumablesink",
         "cryptoids": "cryptoids",
         "cryptonite": "cryptonite",
+        "docker-nixpkgs": "docker-nixpkgs",
         "encoding": "encoding",
         "esqueleto": "esqueleto",
         "flake-utils": [
diff --git a/flake.nix b/flake.nix
index 2ace1e91d..141118d40 100644
--- a/flake.nix
+++ b/flake.nix
@@ -3,6 +3,11 @@
   inputs.nixpkgs.follows = "haskell-nix/nixpkgs-unstable";
   inputs.flake-utils.follows = "haskell-nix/flake-utils";
 
+  inputs.docker-nixpkgs = {
+    url = "github:nix-community/docker-nixpkgs";
+    flake = false;
+  };
+
   inputs.encoding = {
     url = "git+ssh://git@gitlab2.rz.ifi.lmu.de/uni2work/encoding.git?ref=uni2work";
     flake = false;
@@ -69,7 +74,7 @@
     flake = false;
   };
 
-  outputs = inputs@{ self, nixpkgs, flake-utils, haskell-nix, ... }: flake-utils.lib.eachSystem ["x86_64-linux"]
+  outputs = inputs@{ self, nixpkgs, flake-utils, haskell-nix, docker-nixpkgs, ... }: flake-utils.lib.eachSystem ["x86_64-linux"]
     (system:
       let frontendSource = pkgs.lib.sourceByRegex ./. [
             "^(assets|frontend)(/.*)?$"
@@ -92,6 +97,11 @@
             config.allowUnfree = true;
           };
           overlays = [
+            # remove once https://github.com/NixOS/nix/pull/5266 has landed in https://hub.docker.com/r/nixpkgs/nix-unstable
+            (import ./nix/aws-patch.nix)
+            (import "${docker-nixpkgs}/overlay.nix")
+            # end remove
+
             (import ./nix/maildev)
             haskell-nix.overlay
             (import ./nix/uniworx { inherit inputs frontendSource backendSource; })
@@ -99,10 +109,10 @@
           ];
           haskellFlake = pkgs.uniworx.flake {};
 
-          mkPushUniworxDocker = dockerImage: pkgs.writeScriptBin "push-${dockerImage.name}" ''
+          mkPushDocker = imageName: dockerImage: pkgs.writeScriptBin "push-${dockerImage.imageName}" ''
             #!${pkgs.zsh}/bin/zsh -xe
 
-            target=''${1-docker://registry.gitlab.com/fradrive/fradrive/${dockerImage.name}:${dockerImage.imageTag}}
+            target=''${1-docker://registry.gitlab.com/fradrive/fradrive/${imageName}:${dockerImage.imageTag}}
             [[ -n "''${1}" ]] && shift
             ${pkgs.skopeo}/bin/skopeo ''${@} --insecure-policy copy docker-archive://${dockerImage} ''${target}
           '';
@@ -117,12 +127,13 @@
           };
       in {
         packages = haskellFlake.packages // {
-          inherit (pkgs) uniworxNodeDependencies uniworxWellKnown uniworxFrontend uniworxDemoDocker uniworxDocker;
+          inherit (pkgs) uniworxNodeDependencies uniworxWellKnown uniworxFrontend uniworxDemoDocker uniworxDocker ciDocker;
           inherit uniworxBackend;
         };
         apps = haskellFlake.apps // {
-          pushUniworxDemoDocker = flake-utils.lib.mkApp { drv = mkPushUniworxDocker pkgs.uniworxDemoDocker; };
-          pushUniworxDocker = flake-utils.lib.mkApp { drv = mkPushUniworxDocker pkgs.uniworxDocker; };
+          pushUniworxDemoDocker = flake-utils.lib.mkApp { drv = mkPushDocker "uniworx-demo" pkgs.uniworxDemoDocker; };
+          pushUniworxDocker = flake-utils.lib.mkApp { drv = mkPushDocker "uniworx" pkgs.uniworxDocker; };
+          pushCIDocker = flake-utils.lib.mkApp { drv = mkPushDocker "nix-unstable" pkgs.ciDocker; };
           calculateMaterializedSha = flake-utils.lib.mkApp { drv = pkgs.uniworx.stack-nix.passthru.calculateMaterializedSha; exePath = ""; };
         };
         checks = haskellFlake.checks // {
diff --git a/nix/aws-patch.nix b/nix/aws-patch.nix
new file mode 100644
index 000000000..250192c67
--- /dev/null
+++ b/nix/aws-patch.nix
@@ -0,0 +1,11 @@
+final: prev:
+let
+  awsPatch = prev.fetchurl {
+    url = "https://github.com/gkleen/nix/commit/fd67a0f927ec0711eba59714939ff939fc95db38.diff";
+    hash = "sha256-1dJ9zGQvYu5b47O2NjdggSSinlGQDcqBwXoZcKUGfYQ=";
+  };
+in {
+  nixUnstable = prev.nixUnstable.overrideAttrs (oldAttrs: {
+    patches = oldAttrs.patches or [] ++ [ awsPatch ];
+  });
+}
diff --git a/nix/docker/default.nix b/nix/docker/default.nix
index 558dadfde..85f6f8fbf 100644
--- a/nix/docker/default.nix
+++ b/nix/docker/default.nix
@@ -3,18 +3,20 @@
 with prev.lib;
 
 let
+  created =
+    let
+      fromDate = builtins.readFile (prev.runCommand "date" { nativeBuildInputs = with final; [ coreutils ]; } ''
+        printf '%s' $(date -Is -d '@${toString self.lastModified}') > $out
+      '');
+    in if self ? lastModified then fromDate else "1970-01-01T00:00:01Z";
+  
   mkUniworxDocker = { isDemo }: prev.dockerTools.buildImage {
     name = "uniworx${optionalString isDemo "-demo"}";
     tag =
       let
         versionFile = if isDemo then ./demo-version.json else ./version.json;
       in (builtins.fromJSON (prev.lib.readFile versionFile)).version;
-    created =
-      let
-        fromDate = builtins.readFile (prev.runCommand "date" { nativeBuildInputs = with final; [ coreutils ]; } ''
-          printf '%s' $(date -Is -d '@${toString self.lastModified}') > $out
-        '');
-      in if self ? lastModified then fromDate else "1970-01-01T00:00:01Z";
+    inherit created; 
 
     contents = with final; [
       uniworx.uniworx.components.exes.uniworx
@@ -121,7 +123,15 @@ let
         };
       };
   };
-in mapAttrs (_name: mkUniworxDocker) {
+in
+{
+  ciDocker = prev.docker-nixpkgs.nix-flakes.overrideAttrs (oldAttrs: {
+    inherit created;
+    contents = oldAttrs.contents or [] ++ [
+      final.bash final.coreutils final.minio-client
+    ];
+  });
+} // mapAttrs (_name: mkUniworxDocker) {
   uniworxDemoDocker = { isDemo = true; };
   uniworxDocker = { isDemo = false; };
 }