diff --git a/.gitea/workflows/build-and-deploy.yml b/.gitea/workflows/build-and-deploy.yml
index 9bcf126..a3fbbe5 100644
--- a/.gitea/workflows/build-and-deploy.yml
+++ b/.gitea/workflows/build-and-deploy.yml
@@ -25,6 +25,12 @@ jobs:
           docker push $REG/radiusnucleo:${{ github.sha }}
           docker push $REG/radiusnucleo:latest
 
+      - name: Build+push radiusnucleo-freeradius
+        run: |
+          docker build -t $REG/radiusnucleo-freeradius:${{ github.sha }} -t $REG/radiusnucleo-freeradius:latest ./freeradius
+          docker push $REG/radiusnucleo-freeradius:${{ github.sha }}
+          docker push $REG/radiusnucleo-freeradius:latest
+
   #───────────────── deploy ─────────────────
   deploy:
     needs: build
diff --git a/docker-compose.yml b/docker-compose.yml
index a2a6e65..99f4e8f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,7 @@ services:
       - MAX_DOWN=10000000
       - RADIUS_HOST=freeradius
       - RADIUS_AUTH_PORT=1812
-      - RADIUS_SECRET=${RADIUS_SHARED_SECRET:-testing123}
+      - RADIUS_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
       - PGHOST=postgres
       - PGPORT=5432
       - PGDATABASE=radius
@@ -21,7 +21,8 @@ services:
       - principal
 
   freeradius:
-    image: freeradius/freeradius-server:3.2.2
+    build: ./freeradius
+    image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo-freeradius:latest
     depends_on:
       - node
       - postgres
@@ -30,13 +31,8 @@ services:
       - "1813:1813/udp"
       - "3799:3799/udp"
     environment:
-      - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-0.0.0.0/0}
-      - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-testing123}
-    volumes:
-      - ./freeradius/mods-available:/etc/freeradius/mods-available:ro
-      - ./freeradius/mods-enabled:/etc/freeradius/mods-enabled:ro
-      - ./freeradius/sites-enabled:/etc/freeradius/sites-enabled:ro
-      - ./freeradius/clients.conf:/etc/freeradius/clients.conf:ro
+      - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24}
+      - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
     command: ["-X"]
     networks:
       - radius_net
diff --git a/freeradius/Dockerfile b/freeradius/Dockerfile
index 68cc122..dc0506a 100644
--- a/freeradius/Dockerfile
+++ b/freeradius/Dockerfile
@@ -5,5 +5,13 @@ RUN apt-get update \
  && apt-get install -y --no-install-recommends freeradius-postgresql \
  && rm -rf /var/lib/apt/lists/*
 
-# Default command preserved by base image
+# Copy configuration overrides
+COPY --chown=root:freerad clients.conf /etc/freeradius/clients.conf
+COPY --chown=root:freerad mods-available/ /etc/freeradius/mods-available/
+COPY --chown=root:freerad mods-enabled/ /etc/freeradius/mods-enabled/
+COPY --chown=root:freerad sites-enabled/ /etc/freeradius/sites-enabled/
 
+# Ensure world-readable configs
+RUN chmod -R a+r /etc/freeradius
+
+# Default command preserved by base image
diff --git a/freeradius/clients.conf b/freeradius/clients.conf
index 42688ea..8593b87 100644
--- a/freeradius/clients.conf
+++ b/freeradius/clients.conf
@@ -1,5 +1,5 @@
 client unifi {
-    ipaddr = 0.0.0.0/0
+    ipaddr = 192.168.87.0/24
     secret = tamosbien
     require_message_authenticator = no
     nastype = other