diff --git a/common/default.nix b/common/default.nix
index f72be2b..62e5071 100644
--- a/common/default.nix
+++ b/common/default.nix
@@ -102,5 +102,5 @@
   security.acme.defaults.email = "zuckerberg@neet.dev";
 
   # Enable Desktop Environment if this is a PC (machine role is "personal")
-  de.enable = lib.mkDefault (config.thisMachine.hasRole."personal");
+  de.enable = lib.mkDefault (config.thisMachine.hasRole."personal" && !config.boot.isContainer);
 }
diff --git a/common/nix-builder.nix b/common/nix-builder.nix
index 7706d4e..5558a43 100644
--- a/common/nix-builder.nix
+++ b/common/nix-builder.nix
@@ -12,7 +12,7 @@ let
 in
 lib.mkMerge [
   # configure builder
-  (lib.mkIf thisMachineIsABuilder {
+  (lib.mkIf (thisMachineIsABuilder && !config.boot.isContainer) {
     users.users.${builderUserName} = {
       description = "Distributed Nix Build User";
       group = builderUserName;
diff --git a/common/server/atticd.nix b/common/server/atticd.nix
index 029f1be..7158311 100644
--- a/common/server/atticd.nix
+++ b/common/server/atticd.nix
@@ -1,7 +1,7 @@
 { config, lib, ... }:
 
 {
-  config = lib.mkIf (config.thisMachine.hasRole."binary-cache") {
+  config = lib.mkIf (config.thisMachine.hasRole."binary-cache" && !config.boot.isContainer) {
     services.atticd = {
       enable = true;
       environmentFile = config.age.secrets.atticd-credentials.path;