diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6ea181f6ccdc3f220f0383c5dc26ade746eb83a4..aa90b4db56afa172185739401bcf5d1d25049953 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -195,3 +195,19 @@ push-postgres:
   needs:
     - job: build-postgres
       artifacts: true
+
+# toolbx latest image:
+
+build-toolbx:
+  extends: .container-build-base
+  variables:
+    CONTEXT: toolbx
+
+push-toolbx:
+  extends: .container-push-base
+  variables:
+    CONTEXT: toolbx
+    IMAGE: toolbx
+  needs:
+    - job: build-toolbx
+      artifacts: true
diff --git a/toolbx/.dockerignore b/toolbx/.dockerignore
new file mode 100644
index 0000000000000000000000000000000000000000..9c6750b0d499c1a1938ff69f1a6e54778844f382
--- /dev/null
+++ b/toolbx/.dockerignore
@@ -0,0 +1,3 @@
+*
+!preferences.d/*
+!sources.d/*
diff --git a/toolbx/Dockerfile b/toolbx/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..b1614d2f0c8c5d59aadaf9c578fc3e4d2fbb5a43
--- /dev/null
+++ b/toolbx/Dockerfile
@@ -0,0 +1,38 @@
+FROM docker.io/debian:testing-backports
+SHELL ["/bin/bash", "-o", "pipefail", "-xc"]
+# hadolint ignore=DL3008
+RUN rm /etc/apt/apt.conf.d/docker-* && \
+    apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        gnupg \
+        libnss-myhostname \
+    && \
+    export GNUPGHOME=/tmp/gnupghome && \
+    mkdir --mode=0700 "$GNUPGHOME" && \
+    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg > \
+    /usr/share/keyrings/google-cloud.gpg && \
+    curl https://pgp.mongodb.com/server-5.0.asc | \
+    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/mongodb.gpg && \
+    curl https://cli-assets.heroku.com/apt/release.key | \
+    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/heroku.gpg && \
+    curl https://apt.releases.hashicorp.com/gpg | \
+    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/hashicorp.gpg && \
+    curl https://dl.cloudsmith.io/public/cloudposse/packages/gpg.7333C6FDEFA717CC.key | \
+    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/cloudposse.gpg && \
+    curl https://repo.charm.sh/apt/gpg.key | \
+    gpg --no-default-keyring --import --batch --keyring /usr/share/keyrings/charm.gpg && \
+    gpg --no-default-keyring --keyring /usr/share/keyrings/percona.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9334A25F8507EFA5 && \
+    gpg --no-default-keyring --keyring /usr/share/keyrings/clickhouse.gpg --keyserver hkp://keyserver.ubuntu.com:80  --recv-keys 8919F6BD2B48D754 && \
+    ln --symbolic --target /usr/local/bin/ /usr/libexec/flatpak-xdg-utils/* && \
+    #mkdir /etc/krb5.conf.d && \
+    echo 'VARIANT_ID=container' >> /etc/os-release && \
+    touch /etc/localtime && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+COPY --chown=root:root sources.d/* /etc/apt/sources.list.d/
+COPY --chown=root:root preferences.d/* /etc/apt/preferences.d/
+# Testing that apt-get update works correctly.
+RUN apt-get update && \
+    rm -rf /tmp/* /var/tmp/* /var/lib/apt/lists/* /var/cache/apt/archives/*
+LABEL com.github.containers.toolbox="true"
diff --git a/toolbx/README.md b/toolbx/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..e536df89e58586456354549acf8b18e598bbe0e0
--- /dev/null
+++ b/toolbx/README.md
@@ -0,0 +1,26 @@
+# Toolbx
+
+Base image for [Toolbx](https://containertoolbx.org/) images. It has the
+following changes it make more interactive use oriented and suitable for
+Toolbox:
+
+- Removed Docker specific settings in APT.
+- Use Flatpak XDG utils and add `flatpak-spawn` as they're more useful inside a
+  toolbx container.
+- Set the `VARIANT_ID` in `/etc/os-release`.
+- Install `myhostname` nss plugin for cleaner hostname resolution.
+
+Also. the following APT repositories are added:
+
+- Heroku.
+- Google Cloud.
+- MongoDB.
+- Hashicorp.
+- [Cloud Posse](https://github.com/cloudposse/packages).
+- [Charms](https://charm.sh/).
+- Percona.
+- ClickHouse.
+
+This image is based in part on the [toolbx
+image](https://github.com/toolbx-images/images) and my own
+[workbench image](https://git.shore.co.il/shore/workbench).
diff --git a/toolbx/preferences.d/cloudposse b/toolbx/preferences.d/cloudposse
new file mode 100644
index 0000000000000000000000000000000000000000..f116112980dcc30dcb4f5ca59e29d085a99b5756
--- /dev/null
+++ b/toolbx/preferences.d/cloudposse
@@ -0,0 +1,3 @@
+Package: *
+Pin: release o=https://cloudsmith.io
+Pin-Priority: 400
diff --git a/toolbx/sources.d/charm.sources b/toolbx/sources.d/charm.sources
new file mode 100644
index 0000000000000000000000000000000000000000..f9aa3d43204b18f44b8d89e397481b3fa4b84047
--- /dev/null
+++ b/toolbx/sources.d/charm.sources
@@ -0,0 +1,5 @@
+Types: deb
+URIs:https://repo.charm.sh/apt/
+Suites: *
+Components: *
+Signed-By: /usr/share/keyrings/charm.gpg
diff --git a/toolbx/sources.d/clickhouse.sources b/toolbx/sources.d/clickhouse.sources
new file mode 100644
index 0000000000000000000000000000000000000000..7ff6432a883c663294ff68f19e388b5ec85584ad
--- /dev/null
+++ b/toolbx/sources.d/clickhouse.sources
@@ -0,0 +1,5 @@
+Types: deb
+URIs: https://packages.clickhouse.com/deb
+Suites: stable
+Components: main
+Signed-By: /usr/share/keyrings/clickhouse.gpg
diff --git a/toolbx/sources.d/cloudposse.sources b/toolbx/sources.d/cloudposse.sources
new file mode 100644
index 0000000000000000000000000000000000000000..4dd3a48b3001293826cec24b5de62519ee9917e5
--- /dev/null
+++ b/toolbx/sources.d/cloudposse.sources
@@ -0,0 +1,5 @@
+Types: deb deb-src
+URIs: https://dl.cloudsmith.io/public/cloudposse/packages/deb/debian
+Suites: any-version
+Components: main
+Signed-By: /usr/share/keyrings/cloudposse.gpg
diff --git a/toolbx/sources.d/google-cloud.sources b/toolbx/sources.d/google-cloud.sources
new file mode 100644
index 0000000000000000000000000000000000000000..fc8038f3d50c8cc564f19a63dfed208d39bc1f5f
--- /dev/null
+++ b/toolbx/sources.d/google-cloud.sources
@@ -0,0 +1,5 @@
+Types: deb
+URIs: https://packages.cloud.google.com/apt
+Suites: cloud-sdk
+Components: main
+Signed-By: /usr/share/keyrings/google-cloud.gpg
diff --git a/toolbx/sources.d/hashicorp.sources b/toolbx/sources.d/hashicorp.sources
new file mode 100644
index 0000000000000000000000000000000000000000..f01300c8b64145a7f73aedddcda34cff8feef990
--- /dev/null
+++ b/toolbx/sources.d/hashicorp.sources
@@ -0,0 +1,5 @@
+Types: deb
+URIs: https://apt.releases.hashicorp.com
+Suites: buster
+Components: main
+Signed-By: /usr/share/keyrings/hashicorp.gpg
diff --git a/toolbx/sources.d/heroku.list b/toolbx/sources.d/heroku.list
new file mode 100644
index 0000000000000000000000000000000000000000..2f2aa5fe159b5d54e62e505266e213a33639f472
--- /dev/null
+++ b/toolbx/sources.d/heroku.list
@@ -0,0 +1 @@
+deb [ signed-by=/usr/share/keyrings/heroku.gpg ] https://cli-assets.heroku.com/apt ./
diff --git a/toolbx/sources.d/mongodb.sources b/toolbx/sources.d/mongodb.sources
new file mode 100644
index 0000000000000000000000000000000000000000..bb92c98122981a68f5ec8c9a1601a021cfbb237f
--- /dev/null
+++ b/toolbx/sources.d/mongodb.sources
@@ -0,0 +1,5 @@
+Types: deb
+URIs: https://repo.mongodb.org/apt/debian
+Suites: buster/mongodb-org/5.0
+Components: main
+Signed-By: /usr/share/keyrings/mongodb.gpg
diff --git a/toolbx/sources.d/percona.sources b/toolbx/sources.d/percona.sources
new file mode 100644
index 0000000000000000000000000000000000000000..b6dea9bd8da287b72ed7b37cf58f8ddb8839c0e5
--- /dev/null
+++ b/toolbx/sources.d/percona.sources
@@ -0,0 +1,5 @@
+Types: deb
+URIs: https://repo.percona.com/apt/
+Suites: bullseye
+Components: main
+Signed-By: /usr/share/keyrings/percona.gpg