diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index b8a6dc5d..2a6fa903 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -91,6 +91,8 @@ jobs:
       rust_targets: ${{vars.RUST_TARGETS}}
       sys_targets: ${{vars.sys_TARGETS}}
       machines: ${{vars.MACHINES}}
+      excludes: '[{"feat_set": "none"}]'
+      docker_id: ${{vars.DOCKER_ID}}
     secrets:
-      dockerhub_token: ${{ secrets.dockerhub_token }}
-      ghcr_token: ${{ secrets.ghcr_token }}
+      ghcr_token: ${{ secrets.GHCR_TOKEN }}
+      dockerhub_token: ${{ secrets.DOCKERHUB_TOKEN }}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 8d745302..b1366f48 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -36,18 +36,22 @@ on:
         type: string
         default: '[]'
         description: Matrix inclusions
+      docker_id:
+        type: string
+        description: DockerHub ID
     secrets:
-      dockerhub_token:
       ghcr_token:
+      dockerhub_token:
 
 jobs:
   containers:
-    if: ${{ !failure() && !cancelled() }}
-    name: Publish via Github
+    if: ${{ !failure() && !cancelled() && inputs.docker_id }}
+    name: Publish containers
     runs-on: ${{matrix.machine}}
     permissions: write-all
+    continue-on-error: false
     strategy:
-      fail-fast: false
+      fail-fast: true
       matrix:
         bake_target: ${{fromJSON('["github", "dockerhub"]')}}
         cargo_profile: ${{fromJSON(inputs.cargo_profiles)}}
@@ -69,12 +73,11 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.ghcr_token }}
 
-      - uses: actions/checkout@v4
       - name: DockerHub Login
         uses: docker/login-action@v3
         with:
           registry: docker.io
-          username: ${{ github.actor }}
+          username: ${{ inputs.docker_id }}
           password: ${{ secrets.dockerhub_token }}
 
       - name: Bake
@@ -90,9 +93,7 @@ jobs:
           machine: ${{matrix.machine}}
           acct: ${{github.actor}}
           repo: ${{github.repository}}
-          CI_VERBOSE_ENV: ${{inputs.verbose_env}}
-          CI_SILENT_BAKE: ${{inputs.silent_bake}}
-          CI_PRINT_BAKE: ${{inputs.print_bake}}
+          docker_repo: ${{inputs.docker_id}}
 
         run: |
           docker/bake.sh ${{matrix.bake_target}}
diff --git a/docker/bake.hcl b/docker/bake.hcl
index 124e29a9..a10d3f2b 100644
--- a/docker/bake.hcl
+++ b/docker/bake.hcl
@@ -1,8 +1,23 @@
-variable "acct" {}
-variable "repo" {}
-variable GITHUB_REF {}
-variable GITHUB_REF_SHA {}
-variable GITHUB_REF_NAME {}
+variable "acct" {
+	default = "$GITHUB_ACTOR"
+}
+
+variable "repo" {
+	default = "$GITHUB_REPOSITORY"
+}
+variable "docker_repo" {
+	default = "$DOCKER_ID"
+}
+
+variable "git_ref" {
+	default = "$GITHUB_REF"
+}
+variable "git_ref_sha" {
+	default = "$GITHUB_REF_SHA"
+}
+variable "git_ref_name" {
+	default = "$GITHUB_REF_NAME"
+}
 
 cargo_feat_sets = {
     none = ""
@@ -194,11 +209,11 @@ group "publish" {
 target "github" {
     name = elem("github", [cargo_profile, rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target])
     tags = [
-        "ghcr.io/matrix-construct/tuwunel:${GITHUB_REF_NAME}-${cargo_profile}-${feat_set}-${sys_target}",
+        "ghcr.io/${repo}:${git_ref_name}-${cargo_profile}-${feat_set}-${sys_target}",
         (cargo_profile == "release" && feat_set == "all")?
-            "ghcr.io/matrix-construct/tuwunel:${GITHUB_REF_NAME}": "",
-        (GITHUB_REF_NAME == "main" && cargo_profile == "release" && feat_set == "all")?
-            "ghcr.io/matrix-construct/tuwunel:latest": "",
+            "ghcr.io/${repo}:${git_ref_name}": "",
+        (git_ref_name == "main" && cargo_profile == "release" && feat_set == "all")?
+            "ghcr.io/${repo}:latest": "",
     ]
     output = ["type=registry,compression=zstd,mode=min"]
     matrix = cargo_rust_feat_sys
@@ -210,11 +225,11 @@ target "github" {
 target "dockerhub" {
     name = elem("dockerhub", [cargo_profile, rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target])
     tags = [
-        "jevolk/tuwunel:${GITHUB_REF_NAME}-${cargo_profile}-${feat_set}-${sys_target}",
+        "${docker_repo}:${git_ref_name}-${cargo_profile}-${feat_set}-${sys_target}",
         (cargo_profile == "release" && feat_set == "all")?
-            "jevolk/tuwunel:${GITHUB_REF_NAME}": "",
-        (GITHUB_REF_NAME == "main" && cargo_profile == "release" && feat_set == "all")?
-            "jevolk/tuwunel:latest": "",
+            "${docker_repo}:${git_ref_name}": "",
+        (git_ref_name == "main" && cargo_profile == "release" && feat_set == "all")?
+            "${docker_repo}:latest": "",
     ]
     output = ["type=registry,compression=zstd,mode=min"]
     matrix = cargo_rust_feat_sys