diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 44db4c4..64fa14d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -166,9 +166,33 @@ jobs:
           authToken: '${{ secrets.ATTIC_TOKEN }}'
       - run: nix build --option system ${{ matrix.machine.platform }}
 
+
+  build-docker:
+    runs-on: ubuntu-latest
+    needs: [build, build-parser]
+    strategy:
+      matrix:
+        machine:
+          - platform: x86_64-linux
+          - platform: aarch64-linux
+    steps:
+      - uses: actions/checkout@v4
+      - if: matrix.machine.platform != 'x86_64-linux'
+        uses: docker/setup-qemu-action@v3
+      - uses: cachix/install-nix-action@v26
+        with:
+          extra_nix_config: |
+            extra-platforms = aarch64-linux
+      - uses: icewind1991/attic-action@v1
+        with:
+          name: ci
+          instance: https://cache.icewind.me
+          authToken: '${{ secrets.ATTIC_TOKEN }}'
+      - run: nix build --option system ${{ matrix.machine.platform }} .#demostf-api-docker
+
   docker:
     runs-on: ubuntu-latest
-    needs: [build, build-parser, api, phpunit]
+    needs: [build-docker, api, phpunit]
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -177,9 +201,9 @@ jobs:
         with:
           name: ci
           instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#docker
-      - name: Push image
+      - run: nix run .#dockerManifest
         if: github.ref == 'refs/heads/master'
-        run: |
-          skopeo copy --dest-creds="${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" "docker-archive:$(nix build .#docker --print-out-paths)" "docker://demostf/api"
+        env:
+          VERSION: "1.0.0"
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/flake.lock b/flake.lock
index d805023..113bf72 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,46 @@
 {
   "nodes": {
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1701473968,
+        "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flocken": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1704105102,
+        "narHash": "sha256-c4VWO9plhINjQzYPHSKURWgQ2D2q24aI3OIN0MTPjz0=",
+        "owner": "mirkolenz",
+        "repo": "flocken",
+        "rev": "3a846dfca17f989805d9f4177de85c96dc0f8542",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mirkolenz",
+        "ref": "v2",
+        "repo": "flocken",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1710523508,
@@ -15,8 +56,27 @@
         "type": "indirect"
       }
     },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1701253981,
+        "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
+        "flocken": "flocken",
         "nixpkgs": "nixpkgs",
         "utils": "utils"
       }
@@ -36,9 +96,24 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1710146030,
diff --git a/flake.nix b/flake.nix
index 32293c8..663fbc9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,14 +2,20 @@
   inputs = {
     nixpkgs.url = "nixpkgs/release-23.11";
     utils.url = "github:numtide/flake-utils";
+    flocken = {
+      url = "github:mirkolenz/flocken/v2";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = {
     self,
     nixpkgs,
     utils,
+    flocken,
   }:
     utils.lib.eachDefaultSystem (system: let
+      inherit (builtins) getEnv;
       overlays = [
         (import ./overlay.nix)
       ];
@@ -22,11 +28,26 @@
       nodeLd = pkgs.writeShellScriptBin "node" ''
         LD=$CC ${pkgs.nodejs_20}/bin/node $@
       '';
+      inherit (flocken.legacyPackages.${system}) mkDockerManifest;
     in rec {
       packages = rec {
         inherit (pkgs) demostf-api demostf-api-docker demostf-parser;
         docker = demostf-api-docker;
         default = demostf-api;
+
+        dockerManifest = mkDockerManifest {
+          tags = ["latest"];
+          registries = {
+            "docker.io" = {
+              enable = true;
+              repo = "demostf/api";
+              username = "$DOCKERHUB_USERNAME";
+              password = "$DOCKERHUB_TOKEN";
+            };
+          };
+          version = "1.0.0";
+          images = with self.packages; [x86_64-linux.demostf-api-docker aarch64-linux.demostf-api-docker];
+        };
       };
       devShells.default = pkgs.mkShell {
         nativeBuildInputs = with pkgs; [