diff --git a/Dockerfile b/Dockerfile
index 55d5b00..d7ea972 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,56 +24,30 @@ ENV DOCKER_USER=coder \
     PASSWORD=undefined \
     HASHED_PASSWORD=undefined
 
-# Base packages
-RUN apt-get update -y && apt-get upgrade -y && apt-get install --no-install-recommends -y \
-    bash \
-    bash-completion \
-    ca-certificates \
-    curl \
-    dbus \
-    default-jre \
-    doas \
-    dos2unix \
-    dumb-init \
-    file \
-    fuse3 \
-    git \
-    gnupg \
-    iproute2 \
-    iptables \
-    jq \
-    lsb-release \
-    lsof \
-    make \
-    nano \
-    net-tools \
-    nodejs \
-    npm \
-    openssh-client \
-    passwd \
-    patch \
-    pipx \
-    python3 \
-    python3-pip \
-    python3-venv \
-    shellcheck \
-    siege \
-    sudo \
-    tar \
-    tree \
-    uidmap \
-    unzip \
-    virtualenv \
-    wget \
-    xz-utils && \
-    curl -fsSL https://aquasecurity.github.io/trivy-repo/deb/public.key | \
-    gpg --dearmor > /usr/share/keyrings/trivy.gpg && \
-    echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" > /etc/apt/sources.list.d/trivy.list && \
-    apt-get update -y && apt-get install --no-install-recommends -y trivy && \
-    apt-get clean && rm -rf /var/lib/apt/lists/*
-
-# Docker
-RUN curl -fsSL https://get.docker.com | sh && dockerd --version
+# Base packages + Trivy + Docker
+RUN set -eux; \
+  apt-get update && \
+  apt-get upgrade -y && \
+  apt-get install --no-install-recommends -y \
+    bash bash-completion ca-certificates curl dbus default-jre doas dos2unix dumb-init file \
+    fuse3 git gnupg iproute2 iptables jq lsb-release lsof make nano net-tools nodejs npm \
+    openssh-client passwd patch pipx python3 python3-pip python3-venv shellcheck siege \
+    sudo tar tree uidmap unzip virtualenv wget xz-utils; \
+  \
+  # Trivy
+  curl -fsSL https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor > /usr/share/keyrings/trivy.gpg && \
+  echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" > /etc/apt/sources.list.d/trivy.list && \
+  apt-get update && apt-get install --no-install-recommends -y trivy; \
+  \
+  # Docker
+  install -m 0755 -d /etc/apt/keyrings && \
+  curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc && \
+  chmod a+r /etc/apt/keyrings/docker.asc && \
+  echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list && \
+  apt-get update && \
+  apt-get install --no-install-recommends -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin; \
+  \
+  apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # AWS CLI (handle arch manually)
 RUN set -e; \