diff --git a/flake.lock b/flake.lock
index 052db93..d10c523 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1087,11 +1087,11 @@
         "treefmt-nix": "treefmt-nix_4"
       },
       "locked": {
-        "lastModified": 1738570996,
-        "narHash": "sha256-sdZBfKqV6zw097DAL0wMECDuPj1/qC8qSIIHOyR8q70=",
+        "lastModified": 1739081745,
+        "narHash": "sha256-FGaxXNmvDd6fL22fvbVS9eb+Lr+4UR+xZtkKkUoYuKI=",
         "ref": "main",
-        "rev": "b1c3f6b628a3d317db2d1be0ea07db7feb710dbf",
-        "revCount": 88,
+        "rev": "0d764189384d5fa7d9850b4d2f35ed98a0598871",
+        "revCount": 89,
         "type": "git",
         "url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
       },
diff --git a/machines/orbi/configuration.nix b/machines/orbi/configuration.nix
index 49db785..0b2db15 100644
--- a/machines/orbi/configuration.nix
+++ b/machines/orbi/configuration.nix
@@ -58,6 +58,7 @@
   components.network.wifi.enable = false;
   components.virtualisation.enable = true; # we only enable this stuff where we need it explicitly
   components.virtualisation.podman.enable = false;
+  virtualisation.oci-containers.backend = "docker";
 
   features.network.fail2ban.enable = true;
   features.boot.ssh.enable = true;