diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 465868a..b2a2b5e 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -11,45 +11,24 @@ jobs:
     name: End to end testing
     strategy:
       fail-fast: false
-    runs-on: ubuntu-24.04
+    runs-on:
+      - self-hosted
+      - cpu-4
+      - mem-4G
+      - disk-100G
+      - arch-amd64
+      - image-debian-12
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Setup tmate session
-        uses: mxschmitt/action-tmate@v3
-        with:
-          detached: true
-
-      - name: Performance tuning
-        run: |
-          set -eux
-          # optimize ext4 FSes for performance, not reliability
-          for fs in $(findmnt --noheading --type ext4 --list --uniq | awk '{print $1}'); do
-            # nombcache and data=writeback cannot be changed on remount
-            sudo mount -o remount,noatime,barrier=0,commit=6000 "${fs}" || true
-          done
-
-          # disable dpkg from calling sync()
-          echo "force-unsafe-io" | sudo tee /etc/dpkg/dpkg.cfg.d/force-unsafe-io
-
-      - name: Reclaim some space
+      - name: Install dependencies
         run: |
-          set -eux
-
-          sudo apt-get autopurge --yes snapd moby-containerd docker
-          sudo ip link delete docker0
-          sudo nft flush ruleset
-
-          # This was inspired from https://github.com/easimon/maximize-build-space
-          df -h /
-          # dotnet
-          sudo rm -rf /usr/share/dotnet
-          # android
-          sudo rm -rf /usr/local/lib/android
-          # haskell
-          sudo rm -rf /opt/ghc
-          df -h /
+          sudo apt-get install --yes \
+            debian-archive-keyring \
+            make \
+            pipx \
+            qemu-utils
 
       - name: Setup Incus
         run: |
@@ -61,14 +40,9 @@ jobs:
         run: |
           pipx install git+https://github.com/systemd/mkosi.git
 
-      - name: Install dependencies
-        run: |
-          sudo apt-get install --yes \
-            debian-archive-keyring \
-            qemu-utils
-
       - name: Build initial image
         run: |
+          export PATH=${PATH}:/root/.local/bin
           make
 
       - name: Start Incus OS
@@ -76,17 +50,63 @@ jobs:
           qemu-img convert -f raw -O qcow2 $(ls mkosi.output/IncusOS_*.raw | grep -v usr | grep -v esp | sort | tail -1) os-image.qcow2
           incus image import --alias incus-os test/metadata.tar.xz os-image.qcow2
 
-          incus init --vm incus-os test-incus-os \
+          incus create --quiet --vm incus-os test-incus-os \
             -c security.secureboot=false \
-            -c limits.cpu=4 \
-            -c limits.memory=8GiB \
+            -c limits.cpu=2 \
+            -c limits.memory=2GiB \
             -d root,size=50GiB
           incus config device add test-incus-os vtpm tpm
           incus start test-incus-os
 
           while :; do
             sleep 3
-            incus exec test-incus-os -- /usr/bin/true && break
+            incus exec test-incus-os -- /usr/bin/true >/dev/null 2>&1 && break
           done
 
           incus list
+
+      - name: Load the extensions
+        run: |
+          incus exec test-incus-os -- mkdir -p /var/lib/extensions
+          incus file push --quiet mkosi.output/debug.raw test-incus-os/var/lib/extensions/
+          incus file push --quiet mkosi.output/incus.raw test-incus-os/var/lib/extensions/
+          incus exec test-incus-os -- systemd-sysext list
+          incus exec test-incus-os -- systemd-sysext merge
+
+      - name: Initialize Incus
+        run: |
+          incus exec test-incus-os -- systemd-sysusers
+          incus exec test-incus-os -- systemctl enable --now incus-lxcfs incus-startup incus incus.socket
+          incus exec test-incus-os -- incus admin init --auto
+
+      - name: Test Incus
+        run: |
+          incus exec test-incus-os -- incus launch --quiet images:debian/12 c1
+          incus exec test-incus-os -- incus launch --quiet images:debian/12 v1 --vm
+
+          incus exec test-incus-os -- sleep 30s
+          incus exec test-incus-os -- incus list
+
+      - name: Build a newer version of the image
+        run: |
+          export PATH=${PATH}:/root/.local/bin
+          make
+
+      - name: Apply the update
+        run: |
+          incus file pull --quiet test-incus-os/usr/lib/os-release -
+
+          incus file create test-incus-os/var/lib/updates/ --type=directory
+          incus file push --quiet $(ls mkosi.output/IncusOS_*.efi | sort | tail -1) test-incus-os/var/lib/updates/
+          incus file push --quiet $(ls mkosi.output/IncusOS_*.usr-x86-64.* | sort | tail -1) test-incus-os/var/lib/updates/
+          incus file push --quiet $(ls mkosi.output/IncusOS_*.usr-x86-64-verity.* | sort | tail -1) test-incus-os/var/lib/updates/
+          incus file push --quiet $(ls mkosi.output/IncusOS_*.usr-x86-64-verity-sig.* | sort | tail -1) test-incus-os/var/lib/updates/
+          incus exec test-incus-os -- systemctl start boot.mount
+          incus exec test-incus-os -- unshare -m -- sh -c "mount /dev/mapper/usr /usr && /usr/lib/systemd/systemd-sysupdate && /usr/lib/systemd/systemd-sysupdate update && /usr/lib/systemd/systemd-sysupdate && /usr/lib/systemd/systemd-sysupdate reboot"
+
+          while :; do
+            sleep 3
+            incus exec test-incus-os -- /usr/bin/true >/dev/null 2>&1 && break
+          done
+
+          incus file pull --quiet test-incus-os/usr/lib/os-release -