diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
index 19cf08b..fd4ec71 100644
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -17,8 +17,7 @@ jobs:
       matrix:
         channel:
           - nixos-unstable
-          - nixos-24.05
-          - nixos-24.11
+          - nixos-25.05
         system:
           - aarch64-linux
           - x86_64-linux
@@ -65,8 +64,7 @@ jobs:
       matrix:
         channel:
           - nixos-unstable
-          - nixos-24.05
-          - nixos-24.11
+          - nixos-25.05
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7367dc9..baed4d5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,5 +10,4 @@ build:
       - NIXPKGS_CHANNEL: nixos-unstable
         IMAGE_TAG: latest
       - NIXPKGS_CHANNEL:
-          - nixos-24.05
-          - nixos-24.11
+          - nixos-25.05
diff --git a/README.md b/README.md
index 58522ff..5da449c 100644
--- a/README.md
+++ b/README.md
@@ -39,8 +39,7 @@ nixpkgs channel describes.
 
 | Channel        | Image Tag   | Description                                       |
 | ---            | ---         | ---                                               |
-| nixos-24.05    | nixos-24.05 | only minor versions that include security updates |
-| nixos-24.11    | nixos-24.11 | only minor versions that include security updates |
+| nixos-25.05    | nixos-25.05 | only minor versions that include security updates |
 | nixos-unstable | latest      | latest and greatest, major versions might change  |
 
 ## List of images
diff --git a/images/attic/default.nix b/images/attic/default.nix
new file mode 100644
index 0000000..05e953f
--- /dev/null
+++ b/images/attic/default.nix
@@ -0,0 +1,10 @@
+{ docker-nixpkgs
+, attic-client
+}:
+(docker-nixpkgs.nix.override {
+  extraContents = [ attic-client ];
+}).overrideAttrs (prev: {
+  meta = (prev.meta or { }) // {
+    description = "Nix and Attic client image";
+  };
+})
diff --git a/images/devcontainer/default.nix b/images/devcontainer/default.nix
index 3b993f6..c3127a0 100644
--- a/images/devcontainer/default.nix
+++ b/images/devcontainer/default.nix
@@ -14,7 +14,7 @@
 , gnutar
 , gzip
 , iana-etc
-, iproute
+, iproute2
 , less
 , lib
 , nix
@@ -42,7 +42,11 @@ let
       nix
 
       # runtime dependencies of nix
-      cacert
+      # HACK: don't include the "hashed" output. It has overlapping files with
+      #       the "unbundled" output, and that breaks the build.
+      (cacert // {
+        outputs = builtins.filter (x: x != "hashed") cacert.outputs;
+      })
       gitReallyMinimal
       gnutar
       gzip
@@ -61,7 +65,7 @@ let
       (gcc-unwrapped // {
         outputs = builtins.filter (x: x != "libgcc") gcc-unwrapped.outputs;
       })
-      iproute
+      iproute2
     ];
   };
 
diff --git a/images/devenv/default.nix b/images/devenv/default.nix
index e562ce2..c0e6aef 100644
--- a/images/devenv/default.nix
+++ b/images/devenv/default.nix
@@ -3,7 +3,7 @@
 }:
 (docker-nixpkgs.nix.override {
   # only available since 24.05
-  extraContents = if devenv == null then [] else [ devenv ];
+  extraContents = [ devenv ];
 }).overrideAttrs (prev: {
   meta = (prev.meta or { }) // {
     description = "Nix and devenv image";
diff --git a/images/maddy/default.nix b/images/maddy/default.nix
new file mode 100644
index 0000000..6596ace
--- /dev/null
+++ b/images/maddy/default.nix
@@ -0,0 +1,6 @@
+{ buildCLIImage
+, maddy
+}:
+buildCLIImage {
+  drv = maddy;
+}
diff --git a/images/nix-flakes/default.nix b/images/nix-flakes/default.nix
index 00e9bfa..9fb8673 100644
--- a/images/nix-flakes/default.nix
+++ b/images/nix-flakes/default.nix
@@ -1,10 +1,10 @@
 { docker-nixpkgs
-, nixFlakes
+, nixVersions
 , writeTextFile
 , extraContents ? [ ]
 }:
 docker-nixpkgs.nix.override {
-  nix = nixFlakes;
+  nix = nixVersions.stable;
   extraContents = [
     (writeTextFile {
       name = "nix.conf";
@@ -12,6 +12,7 @@ docker-nixpkgs.nix.override {
       text = ''
         accept-flake-config = true
         experimental-features = nix-command flakes
+        max-jobs = auto
       '';
     })
   ] ++ extraContents;
diff --git a/images/nix-unstable-static/default.nix b/images/nix-unstable-static/default.nix
index f494ce0..a018073 100644
--- a/images/nix-unstable-static/default.nix
+++ b/images/nix-unstable-static/default.nix
@@ -84,11 +84,12 @@ let
     mkdir -p libexec/nix
     ln -s /bin/nix libexec/nix/build-remote
 
-    # Enable flakes
+    # Enable flakes and parallel building
     mkdir -p etc/nix
     cat <<NIX_CONFIG > etc/nix/nix.conf
     accept-flake-config = true
     experimental-features = nix-command flakes
+    max-jobs = auto
     NIX_CONFIG
 
     # Add run-as-user script
diff --git a/images/nix-unstable/default.nix b/images/nix-unstable/default.nix
index 008e7ec..792acc5 100644
--- a/images/nix-unstable/default.nix
+++ b/images/nix-unstable/default.nix
@@ -1,7 +1,6 @@
 { docker-nixpkgs
 , pkgs
-, nixUnstable
 }:
 docker-nixpkgs.nix.override {
-  nix = pkgs.nixVersions.latest or pkgs.nixUnstable;
+  nix = pkgs.nixVersions.latest;
 }
diff --git a/images/pocket-id/default.nix b/images/pocket-id/default.nix
new file mode 100644
index 0000000..d73832f
--- /dev/null
+++ b/images/pocket-id/default.nix
@@ -0,0 +1,6 @@
+{ buildCLIImage
+, pocket-id
+}:
+buildCLIImage {
+  drv = pocket-id;
+}