diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index b2665a6..323209b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,11 +6,11 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule: {interval: monthly}
-    reviewers: [jacobalberty]
-    assignees: [jacobalberty]
+    reviewers: [jklap]
+    assignees: [jklap]
 
   - package-ecosystem: docker
     directory: /
     schedule: {interval: monthly}
-    reviewers: [jacobalberty]
-    assignees: [jacobalberty]
+    reviewers: [jklap]
+    assignees: [jklap]
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 847bcbf..8a25ba5 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,8 +1,9 @@
 name: Build Docker image
 
 on:
-  pull_request:
-    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+#  pull_request:
+#    types: [opened, synchronize, reopened]
 
 env:
   TEST_TAG: jacobalberty/unifi:test
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 1b2a0bf..e599817 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,12 +1,13 @@
 name: Publish Docker image
 on:
-  push:
-    branches:
-      - 'master'
-      - 'beta'
-      - 'hotfix/*'
-    tags:
-      - 'v*.*.*'
+  workflow_dispatch:
+#  push:
+#    branches:
+#      - 'master'
+#      - 'beta'
+#      - 'hotfix/*'
+#    tags:
+#      - 'v*.*.*'
 
 env:
   TEST_TAG: jacobalberty/unifi:test
@@ -51,7 +52,7 @@ jobs:
           docker stop unifitest
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           tags: |
             type=raw,value=latest,enable={{is_default_branch}}
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 5007a24..99872f9 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,7 +1,8 @@
 name: 'Close stale issues and PRs'
 on:
-  schedule:
-    - cron: '30 1 * * *'
+  workflow_dispatch:
+#  schedule:
+#    - cron: '30 1 * * *'
 
 jobs:
   stale:
diff --git a/Dockerfile b/Dockerfile
index 0668fd8..e5fe652 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,22 @@
-FROM golang:1.24-bullseye AS permset
+# https://hub.docker.com/_/golang/tags?page=1&name=bullseye
+FROM golang:1.24.6-bullseye AS permset
 WORKDIR /src
 RUN git clone https://github.com/jacobalberty/permset.git /src && \
     mkdir -p /out && \
     go build -ldflags "-X main.chownDir=/unifi" -o /out/permset
 
-FROM ubuntu:20.04
+FROM ubuntu:24.04
 
 LABEL maintainer="Jacob Alberty <jacob.alberty@foundigital.com>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-ARG PKGURL=https://dl.ui.com/unifi/9.5.21/unifi_sysvinit_all.deb
+# https://ui.com/download/software/uxg-lite
+# https://community.ui.com/releases
+# Unifi Network Application
+# Debian/Ubuntu package
+#ARG PKGURL=https://dl.ui.com/unifi/9.4.19-0f76duk082/unifi_sysvinit_all.deb
+ARG PKGURL=https://dl.ui.com/unifi/9.5.21-6nxxr6v29z/unifi_sysvinit_all.deb
 
 ENV BASEDIR=/usr/lib/unifi \
     DATADIR=/unifi/data \
@@ -34,9 +40,9 @@ ENV BASEDIR=/usr/lib/unifi \
 # This should be integrated with the main run because it duplicates a lot of the steps there
 # but for now while shoehorning gosu in it is seperate
 RUN set -eux; \
-	apt-get update; \
-	apt-get install -y gosu; \
-	rm -rf /var/lib/apt/lists/*
+    apt-get update; \
+    apt-get install -y gosu; \
+    rm -rf /var/lib/apt/lists/*
 
 RUN mkdir -p /usr/unifi \
      /usr/local/unifi/init.d \
diff --git a/docker-build.sh b/docker-build.sh
index 09e80b5..e4e5097 100755
--- a/docker-build.sh
+++ b/docker-build.sh
@@ -3,27 +3,6 @@
 # fail on error
 set -e
 
-# Retry 5 times with a wait of 10 seconds between each retry
-tryfail() {
-    for i in $(seq 1 5);
-        do [ $i -gt 1 ] && sleep 10; $* && s=0 && break || s=$?; done;
-    (exit $s)
-}
-
-# Try multiple keyservers in case of failure
-addKey() {
-    for server in $(shuf -e ha.pool.sks-keyservers.net \
-        hkp://p80.pool.sks-keyservers.net:80 \
-        keyserver.ubuntu.com \
-        hkp://keyserver.ubuntu.com:80 \
-        pgp.mit.edu) ; do \
-        if apt-key adv --keyserver "$server" --recv "$1"; then
-            exit 0
-        fi
-    done
-    return 1
-}
-
 if [ "x${1}" == "x" ]; then
     echo please pass PKGURL as an environment variable
     exit 0
@@ -36,12 +15,40 @@ apt-get install -qy --no-install-recommends \
     dirmngr \
     gpg \
     gpg-agent \
-    openjdk-17-jre-headless \
+    openjdk-21-jre-headless \
     procps \
     libcap2-bin \
     tzdata
-echo 'deb https://www.ui.com/downloads/unifi/debian stable ubiquiti' | tee /etc/apt/sources.list.d/100-ubnt-unifi.list
-tryfail apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 06E85760C0A52C50
+
+echo 'deb [signed-by=/usr/share/keyrings/unifi-repo.gpg] https://www.ui.com/downloads/unifi/debian stable ubiquiti' | tee /etc/apt/sources.list.d/100-ubnt-unifi.list
+curl -L -o /usr/share/keyrings/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg
+
+#echo 'deb [signed-by=/usr/share/keyrings/mongodb-server-3.6.pgp] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/3.6 multiverse' | tee /etc/apt/sources.list.d/100-mongodb-server.list
+#curl -s -N https://pgp.mongodb.com/server-3.6.asc | gpg --dearmor > /usr/share/keyrings/mongodb-server-3.6.pgp
+# need to set trusted because signature has expired and EOL'ed
+#echo 'deb [trusted=yes] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse' | tee /etc/apt/sources.list.d/100-mongodb-server.list
+#echo 'deb [signed-by=/usr/share/keyrings/mongodb-server-4.2.pgp] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse' | tee /etc/apt/sources.list.d/100-mongodb-server.list
+#curl -s -N https://pgp.mongodb.com/server-4.2.asc | gpg --dearmor > /usr/share/keyrings/mongodb-server-4.2.pgp
+
+#echo 'deb [signed-by=/usr/share/keyrings/mongodb-server-4.4.pgp] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse' | tee /etc/apt/sources.list.d/100-mongodb-server.list
+#curl -s -N https://pgp.mongodb.com/server-4.4.asc | gpg --dearmor > /usr/share/keyrings/mongodb-server-4.4.pgp
+
+#echo 'deb [signed-by=/usr/share/keyrings/mongodb-server-5.0.pgp] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/5.0 multiverse' | tee /etc/apt/sources.list.d/100-mongodb-server.list
+#curl -s -N https://pgp.mongodb.com/server-5.0.asc | gpg --dearmor > /usr/share/keyrings/mongodb-server-5.0.pgp
+
+#echo 'deb [signed-by=/usr/share/keyrings/mongodb-server-6.0.pgp] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/6.0 multiverse' | tee /etc/apt/sources.list.d/100-mongodb-server.list
+#curl -s -N https://pgp.mongodb.com/server-6.0.asc | gpg --dearmor > /usr/share/keyrings/mongodb-server-6.0.pgp
+
+#echo 'deb [signed-by=/usr/share/keyrings/mongodb-server-7.0.pgp] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/7.0 multiverse' | tee /etc/apt/sources.list.d/100-mongodb-server.list
+#curl -s -N https://pgp.mongodb.com/server-7.0.asc | gpg --dearmor > /usr/share/keyrings/mongodb-server-7.0.pgp
+
+echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list
+curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
+
+#echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-8.0.list
+#curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | gpg --dearmor > /usr/share/keyrings/mongodb-server-8.0.gpg
+
+apt-get update
 
 if [ -d "/usr/local/docker/pre_build/$(dpkg --print-architecture)" ]; then
     find "/usr/local/docker/pre_build/$(dpkg --print-architecture)" -type f -exec '{}' \;