diff --git a/.forgejo/workflows/build_keycloak.yml b/.forgejo/workflows/build_keycloak.yml
deleted file mode 100644
index 7403007..0000000
--- a/.forgejo/workflows/build_keycloak.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: Build Keycloak
-
-on:
-  workflow_dispatch: {}
-  push: {}
-  schedule:
-    - cron: "@daily"
-
-jobs:
-  build-container:
-    name: Build Keycloak Image
-    runs-on: docker
-    container:
-      image: ghcr.io/osscontainertools/kaniko:alpine
-    strategy:
-      matrix:
-         # renovate: datasource=docker depName=quay.io/keycloak/keycloak
-        keycloak-version: [ 26.6.0 ]
-    steps:
-      - name: Install required system packages
-        run: apk add --no-cache nodejs maven git
-
-      - name: Checkout Source Code
-        uses: actions/checkout@v6
-
-      - name: Build attribute-endpoints-provider
-        run: |
-          git clone https://git.hamburg.ccc.de/CCCHH/keycloak-attribute-endpoints-provider.git
-          cd keycloak-attribute-endpoints-provider
-          mvn -f attribute-endpoints-provider verify
-          cp attribute-endpoints-provider/target/attribute-endpoints-provider-1.0-SNAPSHOT.jar ${{ forgejo.workspace }}/keycloak/attribute-endpoints-provider.jar
-
-      - name: Build Container
-        env:
-          KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
-          KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions
-          KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }}
-        run: /kaniko/executor
-          --dockerfile="${{forgejo.workspace }}/keycloak/Containerfile"
-          --context="dir://${{ forgejo.workspace }}/keycloak"
-          --build-arg=TAG=${{ matrix.keycloak-version }}
-          --destination=git.hamburg.ccc.de/ccchh/oci-images/keycloak:${{ matrix.keycloak-version }}
-          --no-push-cache
-          --credential-helpers=env
-          --annotation=org.opencontainers.image.ref.name=keycloak
-          --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}
-          --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}
diff --git a/.forgejo/workflows/build_nextcloud.yml b/.forgejo/workflows/build_nextcloud.yml
deleted file mode 100644
index e2538a9..0000000
--- a/.forgejo/workflows/build_nextcloud.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-name: Build Nextcloud
-
-on:
-  workflow_dispatch: {}
-  push: {}
-  schedule:
-    - cron: "@daily"
-
-jobs:
-  build-container:
-    name: Build Nextcloud ${{ matrix.nextcloud-version }} Image
-    runs-on: docker
-    container:
-      image: ghcr.io/osscontainertools/kaniko:alpine
-    strategy:
-      matrix:
-        nextcloud-version: [ 32, 33 ]
-    steps:
-      - name: Install required system packages
-        run: apk add --no-cache nodejs
-
-      - name: Checkout Source Code
-        uses: actions/checkout@v6
-
-      - name: Build Container
-        env:
-          KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
-          KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions
-          KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }}
-        run: /kaniko/executor
-          --dockerfile="${{forgejo.workspace }}/nextcloud/Containerfile"
-          --context="dir://${{ forgejo.workspace }}/nextcloud"
-          --build-arg=TAG=${{ matrix.nextcloud-version }}
-          --destination=git.hamburg.ccc.de/ccchh/oci-images/nextcloud:${{ matrix.nextcloud-version }}
-          --no-push-cache
-          --credential-helpers=env
-          --annotation=org.opencontainers.image.ref.name=nextcloud
-          --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}
-          --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}
diff --git a/.forgejo/workflows/build_penpot.yml b/.forgejo/workflows/build_penpot.yml
deleted file mode 100644
index c067263..0000000
--- a/.forgejo/workflows/build_penpot.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-name: Build Penpot
-
-on:
-  workflow_dispatch: {}
-  push: {}
-  schedule:
-    - cron: "@daily"
-
-jobs:
-  build-container:
-    name: Build Image penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }}
-    runs-on: docker
-    container:
-      image: ghcr.io/osscontainertools/kaniko:alpine
-    strategy:
-      matrix:
-        penpot-version: [ "2.1.2" ]
-        image-type: [ frontend, backend, exporter ]
-    steps:
-      - name: Install required system packages
-        run: apk add --no-cache nodejs git curl
-
-      - name: Clone penpot repo
-        run: |
-          git clone --branch="${{ matrix.penpot-version }}" https://github.com/penpot/penpot.git "${{ forgejo.workspace }}/penpot"
-          cd "${{ forgejo.workspace }}/penpot"
-          git submodule update --init --recursive
-
-      - name: Patch penpot to work with kaniko
-        run: |
-          cd "${{ forgejo.workspace }}/penpot"
-          
-          # Get build system patch allowing for building images with kaniko.
-          # https://github.com/penpot/penpot/pull/4945
-          # https://github.com/penpot/penpot/pull/4945/commits/752574bac789cc90cc218004bb9545cc6239895d
-          curl -sSL https://github.com/penpot/penpot/commit/752574bac789cc90cc218004bb9545cc6239895d.patch > 0001-move-entire-image-build-process-into-Dockerfiles.patch
-
-          # Get patch disallowing registration with invitation token, when disable-login-with-password flag is set.
-          # https://github.com/penpot/penpot/issues/4975
-          # https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0
-          curl -sSL https://github.com/june128/penpot/commit/f799da132bf5a51015859031f45154172fbf7cd0.patch > 0002-hotfix-dont-allow-registration-with-invite-if-password-login-
-
-          # apply patches
-          git config user.name "Woodpecker"
-          git config user.email "woodpecker@woodpecker.invalid"
-          git am *.patch
-
-      - name: Build Container
-        env:
-          KANIKO_NO_PUSH: ${{ forgejo.ref_name != 'main' }}
-          KANIKO_GIT_HAMBURG_CCC_DE_USER: forgejo-actions
-          KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.PACKAGES_TOKEN }}
-        run: /kaniko/executor
-          --dockerfile="${{forgejo.workspace }}/penpot/docker/images/Dockerfile.${{ matrix.image-type }}"
-          --context="dir://${{ forgejo.workspace }}/penpot/"
-          --destination=git.hamburg.ccc.de/ccchh/oci-images/penpot-${{ matrix.image-type }}:${{ matrix.penpot-version }}
-          --no-push-cache
-          --credential-helpers=env
-          --annotation=org.opencontainers.image.ref.name=penpot-${{ matrix.image-type }}
-          --annotation=org.opencontainers.image.url=${{ forgejo.server_url }}/${{ forgejo.repository }}
-          --annotation=org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}
diff --git a/.woodpecker/keycloak.yaml b/.woodpecker/keycloak.yaml
new file mode 100644
index 0000000..eb11f8c
--- /dev/null
+++ b/.woodpecker/keycloak.yaml
@@ -0,0 +1,69 @@
+when:
+  - event: push
+  - event: cron
+    cron: daily
+
+# Manually set a workspace path, so we can use it literally, without using
+# ${CI_WORKSPACE}, when running kaniko, since using ${CI_WORKSPACE} doesn't work.
+# https://github.com/woodpecker-ci/woodpecker/issues/3982
+workspace:
+  path: src
+
+# Use matrix to set KEYCLOAK_VERSION instead of setting the KEYCLOAK_VERSION as
+# an environment variable in the build-images step, since string substitution
+# doesn't work for custom environment variables.
+# https://github.com/woodpecker-ci/woodpecker/issues/3983
+# Also because global environment variables aren't a thing.
+matrix:
+  KEYCLOAK_VERSION:
+    - 25.0
+  IMAGE_NAME:
+  - git.hamburg.ccc.de/ccchh/oci-images/keycloak
+
+steps:
+  - name: setup-image-path
+    image: alpine
+    commands:
+      - mkdir /woodpecker/images
+  - name: test
+    image: debian
+    commands:
+      - echo "miau" > test
+  - name: test-2
+    image: debian
+    environment:
+      MY_COOL_TEST_VAR: test
+    entrypoint:
+      - /usr/bin/cat
+      - $${MY_COOL_TEST_VAR}"
+  - name: build-image
+    image: gcr.io/kaniko-project/executor
+    environment:
+      MY_COOL_TEST_VAR: 25.0
+    entrypoint:
+      - /kaniko/executor
+      - --context=dir:///woodpecker/src/keycloak
+      - --dockerfile=./Containerfile
+      - --build-arg=TAG=$${MY_COOL_TEST_VAR}
+      - --destination=${IMAGE_NAME}:$${MY_COOL_TEST_VAR}
+      - --no-push
+      - --tar-path=/woodpecker/images/keycloak.tar
+  - name: publish-image
+    image: alpine
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane push /woodpecker/images/keycloak.tar $IMAGE_NAME:$CI_COMMIT_BRANCH
+  - name: tag-version-and-latest
+    image: alpine
+    when:
+      - branch: main
+    secrets:
+      - GIT_API_TOKEN
+    commands:
+      - apk -u add crane
+      - crane auth login git.hamburg.ccc.de -u woodpecker -p $GIT_API_TOKEN
+      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH $KEYCLOAK_VERSION
+      - crane tag $IMAGE_NAME:$CI_COMMIT_BRANCH latest
diff --git a/README.md b/README.md
index 557f82b..0daf4ba 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,3 @@ Tools in use:
 ## Images
 
 - `git.hamburg.ccc.de/CCCHH/oci-images/keycloak`
-- `git.hamburg.ccc.de/CCCHH/oci-images/nextcloud`
-- `git.hamburg.ccc.de/CCCHH/oci-images/penpot/frontend`
-- `git.hamburg.ccc.de/CCCHH/oci-images/penpot/backend`
-- `git.hamburg.ccc.de/CCCHH/oci-images/penpot/exporter`
diff --git a/keycloak/Containerfile b/keycloak/Containerfile
index f3f6c1e..7f5fa4c 100644
--- a/keycloak/Containerfile
+++ b/keycloak/Containerfile
@@ -2,10 +2,8 @@ ARG TAG=latest
 FROM quay.io/keycloak/keycloak:${TAG} as builder
 
 ENV KC_DB=postgres
-ENV KC_FEATURES=declarative-ui
 
 WORKDIR /opt/keycloak
-ADD --chown=keycloak:keycloak --chmod=644 attribute-endpoints-provider.jar /opt/keycloak/providers/attribute-endpoints-provider.jar
 RUN /opt/keycloak/bin/kc.sh build
 
 FROM quay.io/keycloak/keycloak:${TAG}
diff --git a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
index 9a31b32..1ad56c4 100644
--- a/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
+++ b/keycloak/themes/ccchh/login/resources/css/ccchh/login.css
@@ -2,15 +2,4 @@
     background: url("../../img/blur-more-blur-edit.jpg") no-repeat center center fixed;
     background-size: cover;
     height: 100%;
-}
-
-div.kc-logo-text {
-    background: url("../../img/CCCHH.svg") no-repeat center center;
-    background-size: contain;
-    filter: invert(1);
-    height: 100px;
-}
-
-div.kc-logo-text span {
-    display: none;
 }
\ No newline at end of file
diff --git a/keycloak/themes/ccchh/login/resources/img/CCCHH.svg b/keycloak/themes/ccchh/login/resources/img/CCCHH.svg
deleted file mode 100644
index 750d341..0000000
--- a/keycloak/themes/ccchh/login/resources/img/CCCHH.svg
+++ /dev/null
@@ -1,123 +0,0 @@
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
-<svg xmlns="http://www.w3.org/2000/svg"  xmlns:xlink="http://www.w3.org/1999/xlink" width='270.000mm' height='78.923mm' viewBox="0 0 270.000 78.923">
-
-<title>Exported SVG</title>
-
-<style><![CDATA[
-polygon {
-shape-rendering:crispEdges;
-stroke-width:0.270000;
-}
-.s1 {
-stroke:#000000;
-stroke-width:0.245682;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s2 {
-stroke:#19b219;
-stroke-width:0.245682;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s3 {
-stroke:#7f4c00;
-stroke-width:0.245682;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s4 {
-stroke:#00cc00;
-stroke-width:0.245682;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s5 {
-stroke:#000000;
-stroke-width:0.163788;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s6 {
-stroke:#ff19ff;
-stroke-width:0.163788;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s7 {
-stroke:#ff0000;
-stroke-width:0.245682;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s8 {
-stroke:#ffff00;
-stroke-width:0.245682;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.s9 {
-stroke:#001919;
-stroke-width:0.163788;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.sa {
-stroke:#006666;
-stroke-width:0.163788;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.sb {
-stroke:#00ffff;
-stroke-width:0.491365;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.sc {
-stroke:#ff0000;
-stroke-width:1.310307;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.sd {
-stroke:#191919;
-stroke-width:0.163788;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-.se {
-stroke:#000000;
-stroke-width:0.163788;
-stroke-linecap:round;
-stroke-linejoin:round;
-stroke-dasharray:2.457,2.457;
-fill:none;
-}
-.sf {
-stroke:#000000;
-stroke-width:0.491365;
-stroke-linecap:round;
-stroke-linejoin:round;
-fill:none;
-}
-]]></style>
-<path d='M62.272 26.962 A30.000,30.000 0 0,0 28.603,10.152 A30.000,30.000 0 0,0 5.000,39.462 A30.000,30.000 0 0,0 28.603,68.772 A30.000,30.000 0 0,0 62.272,51.962 L56.651,51.962 A25.000,25.000 0 0,1 28.530,63.610 A25.000,25.000 0 0,1 10.000,39.462 A25.000,25.000 0 0,1 28.530,15.313 A25.000,25.000 0 0,1 56.651,26.962 L62.272,26.962 ' class='s0' />
-<path d='M53.540 31.962 A20.000,20.000 0 0,0 31.180,19.830 A20.000,20.000 0 0,0 15.000,39.462 A20.000,20.000 0 0,0 31.180,59.093 A20.000,20.000 0 0,0 53.540,46.962 L65.953,46.962 A30.000,30.000 0 0,0 92.347,69.344 A30.000,30.000 0 0,0 122.272,51.962 L116.651,51.962 A25.000,25.000 0 0,1 89.747,63.903 A25.000,25.000 0 0,1 70.125,41.962 L49.790,41.962 A15.000,15.000 0 0,1 33.746,54.409 A15.000,15.000 0 0,1 20.000,39.462 A15.000,15.000 0 0,1 33.746,24.514 A15.000,15.000 0 0,1 49.790,36.962 L70.125,36.962 A25.000,25.000 0 0,1 89.747,15.020 A25.000,25.000 0 0,1 116.651,26.962 L122.272,26.962 A30.000,30.000 0 0,0 92.347,9.579 A30.000,30.000 0 0,0 65.953,31.962 L53.540,31.962 ' class='s0' />
-<path d='M113.540 31.962 A20.000,20.000 0 0,0 91.180,19.830 A20.000,20.000 0 0,0 75.000,39.462 A20.000,20.000 0 0,0 91.180,59.093 A20.000,20.000 0 0,0 113.540,46.962 L125.953,46.962 A30.000,30.000 0 0,0 152.347,69.344 A30.000,30.000 0 0,0 182.272,51.962 L176.651,51.962 A25.000,25.000 0 0,1 149.747,63.903 A25.000,25.000 0 0,1 130.125,41.962 L109.790,41.962 A15.000,15.000 0 0,1 93.746,54.409 A15.000,15.000 0 0,1 80.000,39.462 A15.000,15.000 0 0,1 93.746,24.514 A15.000,15.000 0 0,1 109.790,36.962 L130.125,36.962 A25.000,25.000 0 0,1 149.747,15.020 A25.000,25.000 0 0,1 176.651,26.962 L182.272,26.962 A30.000,30.000 0 0,0 152.347,9.579 A30.000,30.000 0 0,0 125.953,31.962 L113.540,31.962 ' class='s0' />
-<path d='M173.540 31.962 A20.000,20.000 0 0,0 151.180,19.830 A20.000,20.000 0 0,0 135.000,39.462 A20.000,20.000 0 0,0 151.180,59.093 A20.000,20.000 0 0,0 173.540,46.962 L190.000,46.962 L190.000,69.462 L205.000,69.462 L205.000,46.962 L220.000,46.962 L220.000,69.462 L235.000,69.462 L235.000,46.962 L250.000,46.962 L250.000,69.462 L265.000,69.462 L265.000,9.462 L250.000,9.462 L250.000,31.962 L235.000,31.962 L235.000,9.462 L220.000,9.462 L220.000,31.962 L205.000,31.962 L205.000,9.462 L190.000,9.462 L190.000,31.962 L173.540,31.962 M169.790 36.962 L195.000,36.962 L195.000,14.462 L200.000,14.462 L200.000,36.962 L225.000,36.962 L225.000,14.462 L230.000,14.462 L230.000,36.962 L255.000,36.962 L255.000,14.462 L260.000,14.462 L260.000,64.462 L255.000,64.462 L255.000,41.962 L230.000,41.962 L230.000,64.462 L225.000,64.462 L225.000,41.962 L200.000,41.962 L200.000,64.462 L195.000,64.462 L195.000,41.962 L169.790,41.962 A15.000,15.000 0 0,1 153.746,54.409 A15.000,15.000 0 0,1 140.000,39.462 A15.000,15.000 0 0,1 153.746,24.514 A15.000,15.000 0 0,1 169.790,36.962 ' class='s0' />
-
-</svg>
diff --git a/nextcloud/.keep b/nextcloud/.keep
deleted file mode 100644
index e69de29..0000000
diff --git a/nextcloud/Containerfile b/nextcloud/Containerfile
deleted file mode 100644
index d139a4d..0000000
--- a/nextcloud/Containerfile
+++ /dev/null
@@ -1,16 +0,0 @@
-ARG TAG=latest
-FROM docker.io/library/nextcloud:${TAG}
-
-RUN apt-get update \
-    && apt-get install -y supervisor \
-    && rm -rf /var/lib/apt/lists/* \
-    && mkdir -p /var/log/supervisord /var/run/supervisord 
-
-# We need to copy a file to the supervisord folder in /var/run so it exists when the container starts.
-COPY .keep /var/run/supervisord/
-
-COPY supervisord.conf /
-
-ENV NEXTCLOUD_UPDATE=1
-
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
\ No newline at end of file
diff --git a/nextcloud/supervisord.conf b/nextcloud/supervisord.conf
deleted file mode 100644
index 836a08a..0000000
--- a/nextcloud/supervisord.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-[supervisord]
-nodaemon=true
-logfile=/var/log/supervisord/supervisord.log
-pidfile=/var/run/supervisord/supervisord.pid
-childlogdir=/var/log/supervisord/
-logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
-logfile_backups=10                              ; number of backed up logfiles
-loglevel=error
-
-[program:apache2]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=apache2-foreground
-
-[program:cron]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=/cron.sh
diff --git a/renovate.json b/renovate.json
deleted file mode 100644
index 7f0cc8d..0000000
--- a/renovate.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:recommended"
-  ],
-  "customManagers": [
-    // Custom manager using regex for letting Renovate find dependencies in woodpecker Matrix variables.
-    {
-      "customType": "regex",
-      "managerFilePatterns": [
-        "/^\\.woodpecker/.*\\.ya?ml$/"
-      ],
-      "matchStrings": [
-        "# renovate: datasource=(?<datasource>[a-zA-Z0-9-._]+?) depName=(?<depName>[^\\s]+?)(?: packageName=(?<packageName>[^\\s]+?))?(?: versioning=(?<versioning>[^\\s]+?))?\\s*-\\s*[\"']?(?<currentValue>.+?)[\"']?\\s"
-      ]
-    }
-  ]
-}