diff --git a/.gitea/workflows/build-arch-builder.yaml b/.gitea/workflows/build-arch-builder.yaml
index 9e6f6a1..de21652 100644
--- a/.gitea/workflows/build-arch-builder.yaml
+++ b/.gitea/workflows/build-arch-builder.yaml
@@ -32,7 +32,6 @@ jobs:
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:base"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:buildx          
           target: base
       -
         name: Build and push arch-builder kernel images
@@ -45,7 +44,6 @@ jobs:
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:kernel"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:buildx          
           target: kernel
       -
         name: Build and push arch-builder rust images
@@ -58,7 +56,6 @@ jobs:
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:rust"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:buildx          
           target: rust
       -
         name: Build and push arch-builder rust full images
@@ -71,22 +68,7 @@ jobs:
           tags: |
             "gitea.woggioni.net/woggioni/arch-builder:rust-full"
           cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:buildx          
           target: rust-full
-      -
-        name: Build and push arch-builder rust full rootless images
-        uses: docker/build-push-action@v6
-        with:
-          context: "{{defaultContext}}:arch-builder"
-          platforms: linux/amd64
-          push: true
-          pull: true
-          tags: |
-            "gitea.woggioni.net/woggioni/arch-builder:rust-full-rootless"
-            "gitea.woggioni.net/woggioni/arch-builder:latest"
-          cache-from: type=registry,ref=gitea.woggioni.net/woggioni/arch-builder:buildx
-          cache-to: type=registry,mode=max,compression=zstd,image-manifest=true,oci-mediatypes=true,ref=gitea.woggioni.net/woggioni/arch-builder:buildx          
-          target: rust-full-rootless
       -
         name: Build and push arch-builder gitea_act_runner images
         uses: docker/build-push-action@v6
diff --git a/arch-builder/Dockerfile b/arch-builder/Dockerfile
index 48980d0..e705098 100644
--- a/arch-builder/Dockerfile
+++ b/arch-builder/Dockerfile
@@ -4,47 +4,42 @@ COPY mirrorlist /etc/pacman.d/mirrolist
 
 RUN pacman-key --init
 RUN pacman-key --refresh-keys
-RUN pacman -Syu --noconfirm
-RUN pacman -S --noconfirm --needed curl rustup
+
+RUN curl --retry 3 -OJ https://gitea.woggioni.net/api/packages/woggioni/arch/repository.key
+
+RUN pacman-key --add repository.key
+RUN pacman-key --lsign-key 0D28BF66FDB45D18D8EBEE5D4C91DADCD00B3F77
+
+RUN --mount=type=bind,source=pacman-gitea-repository.conf,target=pacman-gitea-repository.conf cat pacman-gitea-repository.conf  >> /etc/pacman.conf
+
+RUN rm repository.key
+RUN --mount=type=cache,target=/var/cache/pacman pacman -Syu --noconfirm
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed \
+    curl \
+    aarch64-unknown-linux-musl-gcc x86_64-unknown-linux-musl-gcc \
+    arm-unknown-linux-musleabihf-gcc \
+    arm-unknown-linux-musleabi-gcc \
+    x86_64-unknown-linux-musl-gcc \
+    x86_64-w64-mingw32-gcc \
+    aarch64-unknown-linux-musl-gcc x86_64-unknown-linux-musl-zlib \
+    arm-unknown-linux-musleabihf-zlib \
+    arm-unknown-linux-musleabi-zlib \
+    x86_64-unknown-linux-musl-zlib \
+    x86_64-w64-mingw32-zlib
+
 
 RUN mkdir downloads
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/aarch64-unknown-linux-musl-gcc/13.2.0/aarch64-unknown-linux-musl-gcc-13.2.0-1-x86_64.pkg.tar.zst \
-    -o downloads/aarch64-unknown-linux-musl-gcc-13.2.0-1-x86_64.pkg.tar.zst
 RUN ln -s /opt/x-tools/aarch64-unknown-linux-musl/bin/aarch64-unknown-linux-musl-gcc /usr/local/bin/aarch64-linux-musl-gcc 
-
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/x86_64-unknown-linux-musl-gcc/14.2.0/x86_64-unknown-linux-musl-gcc-14.2.0-1-x86_64.pkg.tar.zst \
-    -o downloads/x86_64-unknown-linux-musl-gcc-14.2.0-1-x86_64.pkg.tar.zst
 RUN ln -s /opt/x-tools/x86_64-unknown-linux-musl/bin/x86_64-unknown-linux-musl-gcc /usr/local/bin/x86_64-linux-musl-gcc
-
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/arm-unknown-linux-musleabihf-gcc/13.2.0/arm-unknown-linux-musleabihf-gcc-13.2.0-1-x86_64.pkg.tar.zst \
-    -o downloads/arm-unknown-linux-musleabihf-gcc-13.2.0-1-x86_64.pkg.tar.zst
 RUN ln -s /opt/x-tools/arm-unknown-linux-musleabihf/bin/arm-unknown-linux-musleabihf-gcc /usr/local/bin/arm-linux-musleabihf-gcc
-
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/arm-unknown-linux-musleabi-gcc/13.2.0/arm-unknown-linux-musleabi-gcc-13.2.0-1-x86_64.pkg.tar.zst \
-    -o downloads/arm-unknown-linux-musleabi-gcc-13.2.0-1-x86_64.pkg.tar.zst
 RUN ln -s /opt/x-tools/arm-unknown-linux-musleabihf/bin/arm-unknown-linux-musleabi-gcc /usr/local/bin/arm-linux-musleabi-gcc
-
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/x86_64-w64-mingw32-gcc/13.2.0/x86_64-w64-mingw32-gcc-13.2.0-1-x86_64.pkg.tar.zst \
-    -o downloads/x86_64-w64-mingw32-gcc-13.2.0-1-x86_64.pkg.tar.zst
 RUN ln -s /opt/x-tools/x86_64-w64-mingw32/bin/x86_64-w64-mingw32-gcc /usr/local/bin/x86_64-pc-windows-gnu-gcc
 
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/arm-unknown-linux-musleabi-zlib/1.3.1/arm-unknown-linux-musleabi-zlib-1.3.1-1-x86_64.pkg.tar.zst \
-    -o downloads/arm-unknown-linux-musleabi-zlib-1.3.1-1-x86_64.pkg.tar.zst
-
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/aarch64-unknown-linux-musl-zlib/1.3.1/aarch64-unknown-linux-musl-zlib-1.3.1-1-x86_64.pkg.tar.zst \
-    -o downloads/aarch64-unknown-linux-musl-zlib-1.3.1-1-x86_64.pkg.tar.zst
-
-RUN curl --retry 3 https://gitea.woggioni.net/api/packages/woggioni/generic/x86_64-unknown-linux-musl-zlib/1.3.1/x86_64-unknown-linux-musl-zlib-1.3.1-1-x86_64.pkg.tar.zst \
-    -o downloads/x86_64-unknown-linux-musl-zlib-1.3.1-1-x86_64.pkg.tar.zst
-
-RUN pacman -U downloads/*.pkg.tar.* --noconfirm
-RUN rm -rf downloads
-
 COPY makepkg/* /etc/
 
 RUN useradd luser -G users -u 1000 -s /bin/bash -m -d /home/luser
 
-RUN pacman -S --noconfirm --needed \
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed \
     git \
     cmake \
     base-devel \
@@ -59,7 +54,7 @@ RUN pacman -S --noconfirm --needed \
     upx
 
 FROM base AS kernel
-RUN pacman -S --noconfirm --needed \
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed \
     jre21-openjdk \
     bc \
     cpio \
@@ -84,41 +79,35 @@ WORKDIR /home/luser
 FROM base AS rust
 RUN mkdir -p /etc/cargo
 COPY config.toml /.cargo/
-RUN pacman -S --noconfirm --needed \
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed \
     rustup \
     llvm \
     clang
+
 FROM rust AS rust-full
-RUN pacman -S --noconfirm --needed \
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed \
     hidapi \
     protobuf     
-
-FROM rust-full AS rust-full-rootless
 USER luser
 WORKDIR /home/luser
 RUN mkdir .cargo
-RUN rustup toolchain install stable-x86_64-unknown-linux-gnu
+RUN rustup toolchain install stable-x86_64-unknown-linux-gnu --profile minimal
 RUN rustup target add \
     x86_64-unknown-linux-musl \
     x86_64-unknown-linux-gnu \
     armv7-unknown-linux-musleabihf \
     arm-unknown-linux-musleabi \
     aarch64-unknown-linux-musl \
-    aarch64-unknown-linux-gnu
+    aarch64-unknown-linux-gnu \
+    wasm32-unknown-unknown \
+    wasm32-wasip2
+RUN --mount=type=cache,target=/home/luser/.cargo/registry/,uid=1000,gid=1000 cargo install --locked trunk
 
-FROM rust-full AS gitea_act_runner
-RUN pacman -S --noconfirm nodejs npm docker docker-buildx btrfs-progs
-RUN mkdir /downloads
-WORKDIR /downloads
-RUN curl --retry 3 -OJ https://gitea.woggioni.net/api/packages/woggioni/generic/gitea-act-runner/0.2.10/gitea-act-runner-0.2.10-1-x86_64.pkg.tar.zst
-RUN curl --retry 3 -OJ https://gitea.woggioni.net/api/packages/woggioni/generic/jdk21-graalvm-bin/21.0.6/jdk21-graalvm-bin-21.0.6-1-x86_64.pkg.tar.zst
-RUN curl --retry 3 -OJ https://gitea.woggioni.net/api/packages/woggioni/generic/jdk23-graalvm-bin/23.0.2/jdk23-graalvm-bin-23.0.2-1-x86_64.pkg.tar.zst
-RUN curl --retry 3 -OJ https://gitea.woggioni.net/api/packages/woggioni/generic/jdk21-graalvm-ce-bin/21.0.2/jdk21-graalvm-ce-bin-21.0.2-1-x86_64.pkg.tar.zst
-RUN curl --retry 3 -OJ https://gitea.woggioni.net/api/packages/woggioni/generic/jdk23-graalvm-ce-bin/23.0.2/jdk23-graalvm-ce-bin-23.0.2-1-x86_64.pkg.tar.zst
-RUN pacman -U --noconfirm *.pkg.tar.*
-WORKDIR /
-RUN rm -rf /downloads
+FROM base AS gitea_act_runner
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed nodejs npm docker docker-buildx btrfs-progs hidapi protobuf rustup llvm clang
+RUN --mount=type=cache,target=/var/cache/pacman pacman -S --noconfirm --needed gitea-act-runner jdk21-graalvm-bin jdk23-graalvm-bin jdk21-graalvm-ce-bin jdk23-graalvm-ce-bin
 RUN --mount=type=bind,source=woggioni.net.ca.pem,target=/root.pem trust anchor root.pem
 USER luser
+ENV PATH="/home/luser/.local/bin:/home/luser/.cargo/bin:${PATH}"
 WORKDIR /home/luser
-CMD /usr/lib/gitea/act_runner/act_runner daemon --config /var/lib/gitea/act_runner.yaml
+CMD ["/usr/lib/gitea/act_runner/act_runner", "daemon", "--config", "/var/lib/gitea/act_runner.yaml"]
diff --git a/arch-builder/config.toml b/arch-builder/config.toml
index 1c958dc..c3dfaab 100644
--- a/arch-builder/config.toml
+++ b/arch-builder/config.toml
@@ -1,7 +1,7 @@
 [target.aarch64-unknown-linux-musl]
 linker = "/opt/x-tools/aarch64-unknown-linux-musl/bin/aarch64-unknown-linux-musl-ld"
 [target.x86_64-unknown-linux-musl]
-linker = "/opt/x-tools/x86_64-woggioni-linux-musl/bin/x86_64-woggioni-linux-musl-ld"
+linker = "/opt/x-tools/x86_64-unknown-linux-musl/bin/x86_64-unknown-linux-musl-ld"
 [target.x86_64-pc-windows-gnu]
 linker = "/opt/x-tools/x86_64-w64-mingw32/bin/x86_64-w64-mingw32-gcc"
 [target.armv7-unknown-linux-musleabihf]
diff --git a/arch-builder/pacman-gitea-repository.conf b/arch-builder/pacman-gitea-repository.conf
new file mode 100644
index 0000000..b1f7379
--- /dev/null
+++ b/arch-builder/pacman-gitea-repository.conf
@@ -0,0 +1,4 @@
+
+[woggioni.gitea.woggioni.net]
+SigLevel = Required
+Server = https://gitea.woggioni.net/api/packages/woggioni/arch/default/x86_64