diff --git a/build-docker.sh b/build-docker.sh
index b8aaed7556..3380fc8ef8 100755
--- a/build-docker.sh
+++ b/build-docker.sh
@@ -20,9 +20,10 @@ fi
 
 CONTAINER_NAME=${CONTAINER_NAME:-trezor-firmware-env.nix}
 ALPINE_CDN=${ALPINE_CDN:-http://dl-cdn.alpinelinux.org/alpine}
-ALPINE_RELEASE=${ALPINE_RELEASE:-3.13}
-ALPINE_VERSION=${ALPINE_VERSION:-3.13.2}
+ALPINE_RELEASE=${ALPINE_RELEASE:-3.14}
+ALPINE_VERSION=${ALPINE_VERSION:-3.14.0}
 ALPINE_TARBALL=${ALPINE_FILE:-alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz}
+NIX_VERSION=${NIX_VERSION:-2.3.14}
 CONTAINER_FS_URL=${CONTAINER_FS_URL:-"$ALPINE_CDN/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/$ALPINE_TARBALL"}
 
 VARIANTS_core=(0 1)
@@ -58,7 +59,7 @@ else
   fi
 fi
 
-docker build --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" -t "$CONTAINER_NAME" ci/
+docker build --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg NIX_VERSION="$NIX_VERSION" -t "$CONTAINER_NAME" ci/
 
 # stat under macOS has slightly different cli interface
 USER=$(stat -c "%u" . 2>/dev/null || stat -f "%u" .)
diff --git a/ci/Dockerfile b/ci/Dockerfile
index 471935dfa4..eb829f65f3 100644
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@@ -1,7 +1,7 @@
 # install the latest Alpine linux from scratch
 
 FROM scratch
-ARG ALPINE_VERSION=3.12.3
+ARG ALPINE_VERSION=3.14.0
 ARG ALPINE_ARCH=x86_64
 ADD alpine-minirootfs-${ALPINE_VERSION}-${ALPINE_ARCH}.tar.gz /
 
@@ -9,10 +9,10 @@ ADD alpine-minirootfs-${ALPINE_VERSION}-${ALPINE_ARCH}.tar.gz /
 
 # Enable HTTPS support in wget and set nsswitch.conf to make resolution work within containers
 RUN apk add --no-cache --update openssl \
-  && echo hosts: dns files > /etc/nsswitch.conf
+  && echo hosts: files dns > /etc/nsswitch.conf
 
 # Download Nix and install it into the system.
-ARG NIX_VERSION=2.3.10
+ARG NIX_VERSION=2.3.14
 RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
   && tar xf nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
   && addgroup -g 30000 -S nixbld \
diff --git a/ci/environment.yml b/ci/environment.yml
index 76ea20091f..8b6f9d3444 100644
--- a/ci/environment.yml
+++ b/ci/environment.yml
@@ -5,15 +5,16 @@ environment:
   variables:
     GIT_SUBMODULE_STRATEGY: none  # no need to fetch submodules
     CONTAINER_NAME: "$CI_REGISTRY/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix"
-    ALPINE_RELEASE: "3.12"
+    ALPINE_RELEASE: "3.14"
     ALPINE_ARCH: "x86_64"
-    ALPINE_VERSION: "3.12.3"
+    ALPINE_VERSION: "3.14.0"
+    NIX_VERSION: "2.3.14"
   services:
     - docker:dind
   before_script:
     - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
   script:
     - wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz
-    - docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg FULLDEPS_TESTING=1 ci/
+    - docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg NIX_VERSION="$NIX_VERSION" --build-arg FULLDEPS_TESTING=1 ci/
     - docker push $CONTAINER_NAME:$CI_COMMIT_SHA
     - docker push $CONTAINER_NAME:latest