diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 59de64f3..2fe90bf7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -34,7 +34,7 @@ before_script:
 
 ci:
   stage: ci
-  image: nixos/nix:2.19.2
+  image: nixos/nix:2.20.4
   script:
     - direnv exec . engage
   cache:
@@ -45,7 +45,7 @@ ci:
 
 static:x86_64-unknown-linux-musl:
   stage: artifacts
-  image: nixos/nix:2.19.2
+  image: nixos/nix:2.20.4
   script:
     # Push artifacts and build requirements to binary cache
     - ./bin/nix-build-and-cache .#static-x86_64-unknown-linux-musl
@@ -58,7 +58,7 @@ static:x86_64-unknown-linux-musl:
 
 static:aarch64-unknown-linux-musl:
   stage: artifacts
-  image: nixos/nix:2.19.2
+  image: nixos/nix:2.20.4
   script:
     # Push artifacts and build requirements to binary cache
     - ./bin/nix-build-and-cache .#static-aarch64-unknown-linux-musl
@@ -74,7 +74,7 @@ static:aarch64-unknown-linux-musl:
 # all containerized anyway.
 oci-image:x86_64-unknown-linux-gnu:
   stage: artifacts
-  image: nixos/nix:2.19.2
+  image: nixos/nix:2.20.4
   script:
     # Push artifacts and build requirements to binary cache
     #
@@ -96,7 +96,7 @@ oci-image:aarch64-unknown-linux-musl:
     # Wait for the static binary job to finish before starting so we don't have
     # to build that twice for no reason
     - static:aarch64-unknown-linux-musl
-  image: nixos/nix:2.19.2
+  image: nixos/nix:2.20.4
   script:
     # Push artifacts and build requirements to binary cache
     - ./bin/nix-build-and-cache .#oci-image-aarch64-unknown-linux-musl