diff --git a/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2 b/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2
index dc8c2ba..adf2288 100644
--- a/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2
+++ b/ansible/roles/forgejo_runner/templates/forgejo-runner.plist.j2
@@ -11,17 +11,17 @@
-c
/dev/null || true
-docker rm {{ forgejo_runner_container_name }} 2>/dev/null || true
+/usr/local/bin/docker stop {{ forgejo_runner_container_name }} 2>/dev/null || true
+/usr/local/bin/docker rm {{ forgejo_runner_container_name }} 2>/dev/null || true
# Run the forgejo-runner daemon in a container
# - On tailnet-jobs network (can reach Forgejo via Tailscale gateway)
-# - Mounts docker socket to spawn job containers
+# - Mounts /usr/local/bin/docker socket to spawn job containers
# - Mounts config and data directories
-exec docker run --rm \
+exec /usr/local/bin/docker run --rm \
--name {{ forgejo_runner_container_name }} \
--network {{ forgejo_runner_network }} \
- -v /var/run/docker.sock:/var/run/docker.sock \
+ -v /var/run//usr/local/bin/docker.sock:/var/run//usr/local/bin/docker.sock \
-v {{ forgejo_runner_config_dir }}/config.yaml:/config.yaml:ro \
-v {{ forgejo_runner_data_dir }}:/data \
{{ forgejo_runner_image }} \
diff --git a/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2 b/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2
index d3fe652..287c120 100644
--- a/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2
+++ b/ansible/roles/tailscale_ci_gateway/templates/tailscale-ci-gateway.plist.j2
@@ -11,11 +11,11 @@
-c
/dev/null || true
-docker rm {{ tailscale_ci_gateway_container_name }} 2>/dev/null || true
+/usr/local/bin/docker stop {{ tailscale_ci_gateway_container_name }} 2>/dev/null || true
+/usr/local/bin/docker rm {{ tailscale_ci_gateway_container_name }} 2>/dev/null || true
# Run the container (foreground so launchd manages lifecycle)
-exec docker run --rm \
+exec /usr/local/bin/docker run --rm \
--name {{ tailscale_ci_gateway_container_name }} \
--hostname {{ tailscale_ci_gateway_hostname }} \
--network {{ tailscale_ci_gateway_network }} \