diff --git a/app/backup/build/backup-psql/backup-psql.py b/app/backup/build/backup-psql/backup-psql.py
index fa0b94e..291cf50 100755
--- a/app/backup/build/backup-psql/backup-psql.py
+++ b/app/backup/build/backup-psql/backup-psql.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-import shutil,sys,os,datetime,minio
+import shutil,sys,os,datetime,minio,subprocess
 
 working_directory = "."
 if 'CACHE_DIR' in os.environ: working_directory = os.environ['CACHE_DIR']
@@ -44,20 +44,22 @@ if not client.bucket_exists(bucket):
   abort(f"Bucket {bucket} does not exist or its access is forbidden, aborting")
 
 # Perform the backup locally
-ret = os.system(f"""
-pg_basebackup \
-  --host={psql_host} \
-  --username={psql_user} \
-  --pgdata={working_directory} \
-  --format=tar \
-  --wal-method=stream \
-  --gzip \
-  --compress=6 \
-  --progress \
-  --max-rate=5M
-""")
-if ret != 0:
-  abort(f"pg_baseckup exit code is {ret}, 0 expected. aborting")
+try:
+  ret = subprocess.run(["pg_basebackup",
+    f"--host={psql_host}",
+    f"--username={psql_user}",
+    f"--pgdata={working_directory}",
+    f"--format=tar",
+    "--wal-method=stream",
+    "--gzip",
+    "--compress=6",
+    "--progress",
+    "--max-rate=5M",
+  ])
+  if ret.returncode != 0:
+    abort(f"pg_basebackup exited, expected return code 0, got {ret.returncode}. aborting")
+except Exception as e:
+  abort(f"pg_basebackup raised exception {e}. aborting")
 
 # Check that the expected files are here
 for p in clear_paths:
@@ -68,9 +70,12 @@ for p in clear_paths:
 # Cipher them
 for c, e in zip(clear_paths, crypt_paths):
   print(f"Ciphering {c} to {e}")
-  ret = os.system(f"age -r {pubkey} -o {e} {c}")
-  if ret != 0:
-    abort(f"age exit code is {ret}, 0 expected. aborting")
+  try:
+    ret = subprocess.run(["age", "-r", pubkey, "-o", e, c])
+    if ret.returncode != 0:
+      abort(f"age exit code is {ret}, 0 expected. aborting")
+  except Exception as e:
+    abort(f"aged raised an exception. {e}. aborting")
 
 # Upload the backup to S3
 for p, k in zip(crypt_paths, s3_keys):
diff --git a/app/backup/build/backup-psql/default.nix b/app/backup/build/backup-psql/default.nix
index 5d2dec7..2cd8d93 100644
--- a/app/backup/build/backup-psql/default.nix
+++ b/app/backup/build/backup-psql/default.nix
@@ -18,7 +18,10 @@ in
     buildPhase = ''
       cat > backup-psql <<EOF
       #!${pkgs.bash}/bin/bash
+
       export PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages}
+      export PATH=${python-with-my-packages}/bin:${pkgs.age}/bin:${pkgs.postgresql_14}/bin
+
       ${python-with-my-packages}/bin/python3 $out/lib/backup-psql.py
       EOF
 
diff --git a/app/backup/build/backup-psql/docker.nix b/app/backup/build/backup-psql/docker.nix
index 001cada..693943a 100644
--- a/app/backup/build/backup-psql/docker.nix
+++ b/app/backup/build/backup-psql/docker.nix
@@ -3,7 +3,7 @@ let
   app = import ./default.nix;
   pkgs = import common.pkgsSrc {};
 in
-  pkgs.dockerTools.buildLayeredImage {
+  pkgs.dockerTools.buildImage {
     name = "superboum/backup-psql-docker";
     config = {
       Cmd = [ "${app}/bin/backup-psql" ];
diff --git a/app/backup/deploy/backup-weekly.hcl b/app/backup/deploy/backup-weekly.hcl
index 9c1a0b0..3447a5d 100644
--- a/app/backup/deploy/backup-weekly.hcl
+++ b/app/backup/deploy/backup-weekly.hcl
@@ -15,7 +15,7 @@ job "backup_weekly" {
       driver = "docker"
 
       config {
-        image = "superboum/backup-psql-docker:kldrj9xlbda1s4v963jhpgardg6qczgl"
+        image = "superboum/backup-psql-docker:gyr3aqgmhs0hxj0j9hkrdmm1m07i8za2"
         volumes = [
           // Mount a cache on the hard disk to avoid filling the SSD
           "/mnt/storage/tmp_bckp_psql:/mnt/cache"