diff --git a/.github/workflows/kanidmd-docker_image.yml b/.github/workflows/docker_images.yml
similarity index 75%
rename from .github/workflows/kanidmd-docker_image.yml
rename to .github/workflows/docker_images.yml
index 2041d71d0..7e94ef539 100644
--- a/.github/workflows/kanidmd-docker_image.yml
+++ b/.github/workflows/docker_images.yml
@@ -1,4 +1,4 @@
-name: Kanidmd release
+name: release images
 
 on:
   push:
@@ -13,24 +13,31 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
-
+    strategy:
+      matrix:
+        target: [kanidmd, radiusd]
     steps:
       - uses: actions/checkout@v2
 
       - name: Run tests
-        run: make test/kanidmd
+        run: make test/${{ matrix.target }}
 
   push:
     needs: test
 
     runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        artifact: [kanidmd, radiusd]
+
     if: github.event_name == 'push'
 
     steps:
       - uses: actions/checkout@v2
 
       - name: Build image
-        run: make build/kanidm
+        run: make build/${{ matrix.target }}
 
       - name: Log into registry
         run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
@@ -46,5 +53,5 @@ jobs:
           # Use Docker `latest` tag convention
           [ "$VERSION" == "master" ] && VERSION=latest
 
-          VERSION=$VERSION make push/kanidmd
+          VERSION=$VERSION make push/${{ matrix.target }}
 
diff --git a/.github/workflows/radius-docker_image.yml b/.github/workflows/radius-docker_image.yml
deleted file mode 100644
index ab57b082c..000000000
--- a/.github/workflows/radius-docker_image.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: Radius docker image
-
-on:
-  push:
-    branches:
-      - master
-
-    tags:
-      - v*
-
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Run tests
-        run: make build/radiusd
-
-  push:
-    needs: test
-
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push'
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build image
-        run: make build/radiusd
-
-      - name: Log into registry
-        run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
-
-      - name: Push image
-        run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-
-          # Strip "v" prefix from tag name
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "master" ] && VERSION=latest
-
-          VERSION=$VERSION make push/radiusd
-
diff --git a/Makefile b/Makefile
index 39d70ac21..10a0f0369 100644
--- a/Makefile
+++ b/Makefile
@@ -10,10 +10,6 @@ help:
 build/kanidmd:	## build kanidmd images
 build/kanidmd:
 	@docker build -f kanidmd/Dockerfile -t $(IMAGE_BASE)/server:$(IMAGE_VERSION) .
-	@docker build -f kanidmd/Dockerfile \
-		--target alpine \
-		-t $(IMAGE_BASE)/server:$(IMAGE_VERSION)-alpine \
-		.
 
 build/radiusd:	## build radiusd image
 build/radiusd:
@@ -28,10 +24,11 @@ test/kanidmd:
 		.
 	@docker run --rm $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder cargo test
 
+test/radiusd:	build/radiusd	## test radiusd
+
 push/kanidmd:	## push kanidmd images
 push/kanidmd:
 	@docker push $(IMAGE_BASE)/server:$(IMAGE_VERSION)
-	@docker push $(IMAGE_BASE)/server:$(IMAGE_VERSION)-alpine
 
 push/radiusd:	## push radiusd image
 push/radiusd:
diff --git a/kanidmd/Dockerfile b/kanidmd/Dockerfile
index e024c285d..cd56f592c 100644
--- a/kanidmd/Dockerfile
+++ b/kanidmd/Dockerfile
@@ -1,32 +1,51 @@
-ARG BASE_IMAGE=ekidd/rust-musl-builder:1.43.0
+ARG BASE_IMAGE=opensuse/tumbleweed@sha256:211becaf2c9250ae36eb313abf5db38cd5e159cac2d920e1ef7bb62429a51585
 FROM ${BASE_IMAGE} AS builder
 LABEL mantainer william@blackhats.net.au
 
-ADD --chown=rust:rust . ./
-WORKDIR kanidmd
+RUN zypper mr -d repo-non-oss && \
+    zypper mr -d repo-oss && \
+    zypper mr -d repo-update && \
+    zypper ar https://download.opensuse.org/update/tumbleweed/ repo-update-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/oss/ repo-oss-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss-https && \
+    zypper ref && \
+    zypper install -y \
+        cargo \
+        rust \
+        gcc \
+        automake \
+        autoconf \
+        make \
+        libopenssl-devel \
+        pam-devel && \
+    zypper clean -a
+
+COPY . /usr/src/kanidm
+WORKDIR /usr/src/kanidm
+
 RUN cargo build --release
 
-
-FROM alpine:3.11 AS alpine
+FROM ${BASE_IMAGE}
 LABEL mantainer william@blackhats.net.au
 
-RUN apk --no-cache add ca-certificates
-COPY --from=builder \
-    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
-    /sbin/
-EXPOSE 8443
-VOLUME /data
-CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
-     "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]
-
-FROM scratch
-LABEL mantainer william@blackhats.net.au
-
-COPY --from=builder \
-    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
-    /sbin/
+RUN zypper mr -d repo-non-oss && \
+    zypper mr -d repo-oss && \
+    zypper mr -d repo-update && \
+    zypper ar https://download.opensuse.org/update/tumbleweed/ repo-update-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/oss/ repo-oss-https && \
+    zypper ar https://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss-https && \
+    zypper ref && \
+    zypper install -y \
+        timezone \
+        pam && \
+    zypper clean -a
+
+COPY --from=builder /home/kanidm/target/release/kanidmd /sbin/
+
 EXPOSE 8443
 VOLUME /data
+
+ENV RUST_BACKTRACE 1
 CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
      "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]
 
diff --git a/kanidmd/Dockerfile.scratch b/kanidmd/Dockerfile.scratch
new file mode 100644
index 000000000..e024c285d
--- /dev/null
+++ b/kanidmd/Dockerfile.scratch
@@ -0,0 +1,32 @@
+ARG BASE_IMAGE=ekidd/rust-musl-builder:1.43.0
+FROM ${BASE_IMAGE} AS builder
+LABEL mantainer william@blackhats.net.au
+
+ADD --chown=rust:rust . ./
+WORKDIR kanidmd
+RUN cargo build --release
+
+
+FROM alpine:3.11 AS alpine
+LABEL mantainer william@blackhats.net.au
+
+RUN apk --no-cache add ca-certificates
+COPY --from=builder \
+    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
+    /sbin/
+EXPOSE 8443
+VOLUME /data
+CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
+     "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]
+
+FROM scratch
+LABEL mantainer william@blackhats.net.au
+
+COPY --from=builder \
+    /home/rust/src/target/x86_64-unknown-linux-musl/release/kanidmd \
+    /sbin/
+EXPOSE 8443
+VOLUME /data
+CMD ["/sbin/kanidmd", "server", "-D", "/data/kanidm.db",  "-C", "/data/ca.pem", \
+     "-c", "/data/cert.pem", "-k", "/data/key.pem", "--bindaddr", "0.0.0.0:8443"]
+