diff --git a/.github/workflows/ci-main-daily.yml b/.github/workflows/ci-main-daily.yml
index 7ead405f5f..bb74ae96fc 100644
--- a/.github/workflows/ci-main-daily.yml
+++ b/.github/workflows/ci-main-daily.yml
@@ -9,6 +9,7 @@ on:
 
 jobs:
   test-container:
+    if: ${{ github.repository != 'goauthentik/authentik-internal' }}
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index f6f8c8f3c3..6e06e1e8dc 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -251,7 +251,7 @@ jobs:
     uses: ./.github/workflows/_reusable-docker-build.yaml
     secrets: inherit
     with:
-      image_name: ghcr.io/goauthentik/dev-server
+      image_name: ${{ github.repository == 'goauthentik/authentik-internal' && 'ghcr.io/goauthentik/internal-server' || 'ghcr.io/goauthentik/dev-server' }}
       release: false
   pr-comment:
     needs:
diff --git a/.github/workflows/ci-outpost.yml b/.github/workflows/ci-outpost.yml
index ffe1cf90da..95e246a509 100644
--- a/.github/workflows/ci-outpost.yml
+++ b/.github/workflows/ci-outpost.yml
@@ -59,6 +59,7 @@ jobs:
         with:
           jobs: ${{ toJSON(needs) }}
   build-container:
+    if: ${{ github.repository != 'goauthentik/authentik-internal' }}
     timeout-minutes: 120
     needs:
       - ci-outpost-mark
diff --git a/.github/workflows/ci-website.yml b/.github/workflows/ci-website.yml
index f445894b1f..60da9aef5d 100644
--- a/.github/workflows/ci-website.yml
+++ b/.github/workflows/ci-website.yml
@@ -63,6 +63,7 @@ jobs:
         working-directory: website/
         run: npm run ${{ matrix.job }}
   build-container:
+    if: ${{ github.repository != 'goauthentik/authentik-internal' }}
     runs-on: ubuntu-latest
     permissions:
       # Needed to upload container images to ghcr.io
diff --git a/.github/workflows/repo-mirror-cleanup.yml b/.github/workflows/repo-mirror-cleanup.yml
new file mode 100644
index 0000000000..92b046e3bf
--- /dev/null
+++ b/.github/workflows/repo-mirror-cleanup.yml
@@ -0,0 +1,21 @@
+name: "authentik-repo-mirror-cleanup"
+
+on:
+  workflow_dispatch:
+
+jobs:
+  to_internal:
+    if: ${{ github.repository != 'goauthentik/authentik-internal' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - if: ${{ env.MIRROR_KEY != '' }}
+        uses: BeryJu/repository-mirroring-action@5cf300935bc2e068f73ea69bcc411a8a997208eb
+        with:
+          target_repo_url: git@github.com:goauthentik/authentik-internal.git
+          ssh_private_key: ${{ secrets.GH_MIRROR_KEY }}
+          args: --tags --force --prune
+        env:
+          MIRROR_KEY: ${{ secrets.GH_MIRROR_KEY }}
diff --git a/.github/workflows/repo-mirror.yml b/.github/workflows/repo-mirror.yml
index f9e64b7546..44d7ba33a5 100644
--- a/.github/workflows/repo-mirror.yml
+++ b/.github/workflows/repo-mirror.yml
@@ -11,11 +11,10 @@ jobs:
         with:
           fetch-depth: 0
       - if: ${{ env.MIRROR_KEY != '' }}
-        uses: pixta-dev/repository-mirroring-action@v1
+        uses: BeryJu/repository-mirroring-action@5cf300935bc2e068f73ea69bcc411a8a997208eb
         with:
-          target_repo_url:
-            git@github.com:goauthentik/authentik-internal.git
-          ssh_private_key:
-            ${{ secrets.GH_MIRROR_KEY }}
+          target_repo_url: git@github.com:goauthentik/authentik-internal.git
+          ssh_private_key: ${{ secrets.GH_MIRROR_KEY }}
+          args: --tags --force
         env:
           MIRROR_KEY: ${{ secrets.GH_MIRROR_KEY }}