diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e8de42d51..d8492fb68 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,6 +5,9 @@ on:
       version:
         type: string
         default: today
+      default_modifier:
+        type: string
+        default: ""
       use_kms:
         type: boolean
         default: false
@@ -47,7 +50,7 @@ jobs:
       matrix:
         architecture: [ amd64, arm64 ]
         target: [ kvm, kvm-secureboot, metal, metal-secureboot, gcp, aws, azure, ali, openstack, vmware, pxe, firecracker, github_action_runner, metalv ]
-        modifier: [ "" ]
+        modifier: [ "${{ inputs.default_modifier }}" ]
     steps:
       - uses: actions/checkout@v2
       - uses: actions/download-artifact@v2
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 3189d0870..eb1393b5c 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -10,6 +10,7 @@ jobs:
       id-token: write
     with:
       version: now
+      default_modifier: "-prod"
       use_kms: true
     secrets:
       secureboot_db_kms_arn: ${{ secrets.SECUREBOOT_DB_KMS_ARN }}
diff --git a/Makefile b/Makefile
index 728b1008e..a9089272f 100644
--- a/Makefile
+++ b/Makefile
@@ -51,156 +51,57 @@ all_prod: ali aws gcp azure metal openstack vmware kvm metalv
 
 all_dev: ali-dev aws-dev gcp-dev azure-dev metal-dev openstack-dev vmware-dev kvm-dev metalv-dev
 
-ALI_IMAGE_NAME=$(IMAGE_BASENAME)-ali-$(VERSION)
-ali: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,ali $(BUILDDIR) $(VERSION)
+%: make_targets/% build-environment $(SECUREBOOT_CRT)
+	./build.sh $(BUILD_OPTS) --skip-build --features "$$(cat $<)" $(BUILDDIR) $(VERSION)
+
+%-dev: make_targets/% build-environment $(SECUREBOOT_CRT)
+	./build.sh $(BUILD_OPTS) --skip-build --features "$$(cat $<),_dev" $(BUILDDIR) $(VERSION)
+
+%-prod: make_targets/% build-environment $(SECUREBOOT_CRT)
+	./build.sh $(BUILD_OPTS) --skip-build --features "$$(cat $<),_prod" $(BUILDDIR) $(VERSION)
 
+onmetal: metal
+
+ALI_IMAGE_NAME=$(IMAGE_BASENAME)-ali-$(VERSION)
 ali-upload:
 	aliyun oss cp $(BUILDDIR)/ali-gardener-amd64-$(VERSION)-local/rootfs.qcow2  oss://gardenlinux-development/gardenlinux/$(ALI_IMAGE_NAME).qcow2
 
 ALI_DEV_IMAGE_NAME=$(IMAGE_BASENAME)-dev-ali-$(VERSION)
-ali-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,ali,_dev $(BUILDDIR) $(VERSION)
-
 ali-dev-upload:
 	aliyun oss cp $(BUILDDIR)/ali-gardener_dev-amd64-$(VERSION)-local/rootfs.qcow2  oss://gardenlinux-development/gardenlinux/$(ALI_DEV_IMAGE_NAME).qcow2
 
-
 AWS_IMAGE_NAME=$(IMAGE_BASENAME)-aws-$(VERSION)
-aws: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,aws $(BUILDDIR) $(VERSION)
-
 aws-upload:
 	./bin/make-ec2-ami --bucket gardenlinux-testing --region eu-north-1 --image-name=$(AWS_IMAGE_NAME) $(BUILDDIR)/aws-gardener-amd64-$(VERSION)-local/rootfs.raw --permission-public "$(PUBLIC)" --distribute "$(AWS_DISTRIBUTE)"
 
 AWS_DEV_IMAGE_NAME=$(IMAGE_BASENAME)-dev-aws-$(VERSION)
-aws-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,aws,_dev $(BUILDDIR) ${VERSION}
-
 aws-dev-upload:
 	./bin/make-ec2-ami --bucket ami-debian-image-test --region eu-north-1 --image-name=$(AWS_DEV_IMAGE_NAME) $(BUILDDIR)/aws-gardener_dev-amd64-$(VERSION)-local/rootfs.raw --permission-public "$(PUBLIC)" --distribute "$(AWS_DISTRIBUTE)"
 
 GCP_IMAGE_NAME=$(IMAGE_BASENAME)-gcp-$(VERSION)
-gcp: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,gcp $(BUILDDIR) $(VERSION)
-
 gcp-upload:
 	./bin/make-gcp-ami --bucket garden-linux-test --image-name $(GCP_IMAGE_NAME) --raw-image-path $(BUILDDIR)/gcp-gardener-amd64-$(VERSION)-local/rootfs-gcpimage.tar.gz --permission-public "$(PUBLIC)"
 
 GCP_DEV_IMAGE_NAME=$(IMAGE_BASENAME)-dev-gcp-$(VERSION)
-gcp-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,gcp,_dev $(BUILDDIR) $(VERSION)
-
 gcp-dev-upload:
 	./bin/make-gcp-ami --bucket garden-linux-test --image-name $(GCP_DEV_IMAGE_NAME) --raw-image-path $(BUILDDIR)/gcp-gardener_dev-amd64-$(VERSION)-local/rootfs-gcpimage.tar.gz --permission-public "$(PUBLIC)"
 
 AZURE_IMAGE_NAME=$(IMAGE_BASENAME)-az-$(VERSION)
-azure: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,azure $(BUILDDIR) $(VERSION)
-
 azure-upload:
 	./bin/make-azure-ami --resource-group garden-linux --storage-account-name gardenlinux --image-path=$(BUILDDIR)/azure-gardener-amd64-$(VERSION)-local/rootfs.vhd --image-name=$(AZURE_IMAGE_NAME)
 
 AZURE_DEV_IMAGE_NAME=$(IMAGE_BASENAME)-dev-az-$(VERSION)
-azure-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,azure,_dev $(BUILDDIR) $(VERSION)
-
 azure-dev-upload:
 	./bin/make-azure-ami --resource-group garden-linux --storage-account-name gardenlinuxdev --image-path=$(BUILDDIR)/azure-gardener_dev-amd64-$(VERSION)-local/rootfs.vhd --image-name=$(AZURE_DEV_IMAGE_NAME)
 
-
 OPENSTACK_IMAGE_NAME=$(IMAGE_BASENAME)-openstack-$(VERSION)
-openstack: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,openstack $(BUILDDIR) $(VERSION)
-
 openstack-upload:
 	./bin/upload-openstack $(BUILDDIR)/openstack-gardener-amd64-$(VERSION)-local/rootfs.vmdk $(OPENSTACK_IMAGE_NAME)
 
 OPENSTACK_DEV_IMAGE_NAME=$(IMAGE_BASENAME)-openstack-dev-$(VERSION)
-openstack-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,openstack,_dev $(BUILDDIR) $(VERSION)
-
 openstack-dev-upload:
 	./bin/upload-openstack $(BUILDDIR)/openstack-gardener_dev-amd64-$(VERSION)-local/rootfs.vmdk $(OPENSTACK_DEV_IMAGE_NAME)
 
-openstack-qcow2: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --features server,cloud,gardener,openstack-qcow2 $(BUILDDIR) $(VERSION)
-
-VMWARE_DEV_IMAGE_NAME=$(IMAGE_BASENAME)-vmware-dev-$(VERSION)
-vmware-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,vmware,_dev $(BUILDDIR) $(VERSION)
-
-VMWARE_VMOPERATOR_DEV_IMAGE_NAME=$(IMAGE_BASENAME)-vmware-vmoperator-dev-$(VERSION)
-vmware-vmoperator-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,vmware-vmoperator,_dev $(BUILDDIR)/vmware-vmoperator-dev $(VERSION)
-
-vmware: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,gardener,vmware $(BUILDDIR) $(VERSION)
-
-cloud: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud $(BUILDDIR) $(VERSION)
-
-kvm: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,kvm $(BUILDDIR) $(VERSION)
-
-kvm-secureboot: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,kvm,_secureboot $(BUILDDIR) $(VERSION)
-
-kvm-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,kvm,_dev $(BUILDDIR) $(VERSION)
-
-kvm-secureboot-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,kvm,_secureboot,_dev $(BUILDDIR) $(VERSION)
-
-firecracker: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features firecracker $(BUILDDIR) $(VERSION)
-
-firecracker-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features firecracker,_dev $(BUILDDIR) $(VERSION)
-
-pxe: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features metal,server,_pxe $(BUILDDIR) $(VERSION)
-
-pxe-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features metal,server,_dev,_pxe $(BUILDDIR) $(VERSION)
-
-metal-iso: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features metal,server,_iso $(BUILDDIR) $(VERSION)
-
-anvil: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud-anvil,kvm,_dev $(BUILDDIR) $(VERSION)
-
-onmetal: metal
-metal: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,metal $(BUILDDIR) $(VERSION)
-
-metal-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,metal,_dev $(BUILDDIR) $(VERSION)
-
-metalk: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features metal,khost,_pxe $(BUILDDIR) $(VERSION)
-
-metalk-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features metal,khost,_pxe,_dev $(BUILDDIR) $(VERSION)
-
-metal-secureboot: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,metal,_secureboot $(BUILDDIR) $(VERSION)
-
-metal-secureboot-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,metal,_secureboot,_dev $(BUILDDIR) $(VERSION)
-
-metalv: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,metal,vhost $(BUILDDIR) $(VERSION)
-
-metalv-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,metal,vhost,_dev $(BUILDDIR) $(VERSION)
-
-github_action_runner: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,aws,github_action_runner $(BUILDDIR) $(VERSION)
-
-github_action_runner-dev: build-environment $(SECUREBOOT_CRT)
-	./build.sh $(BUILD_OPTS) --skip-build --features server,cloud,aws,github_action_runner,_dev $(BUILDDIR) $(VERSION)
-
 clean:
 	@echo "emptying $(BUILDDIR)"
 	@rm -rf $(BUILDDIR)/*
diff --git a/features/_prod/info.yaml b/features/_prod/info.yaml
index b6aca9609..b64ea69d4 100644
--- a/features/_prod/info.yaml
+++ b/features/_prod/info.yaml
@@ -2,4 +2,3 @@ type: flag
 features:
   include:
     - _nopkg
-    - _readonly
diff --git a/make_targets/ali b/make_targets/ali
new file mode 100644
index 000000000..c87c4f37d
--- /dev/null
+++ b/make_targets/ali
@@ -0,0 +1 @@
+server,cloud,gardener,ali
diff --git a/make_targets/anvil b/make_targets/anvil
new file mode 100644
index 000000000..76e4fbd7f
--- /dev/null
+++ b/make_targets/anvil
@@ -0,0 +1 @@
+server,cloud-anvil,kvm,_dev
diff --git a/make_targets/aws b/make_targets/aws
new file mode 100644
index 000000000..39f4c3125
--- /dev/null
+++ b/make_targets/aws
@@ -0,0 +1 @@
+server,cloud,gardener,aws
diff --git a/make_targets/azure b/make_targets/azure
new file mode 100644
index 000000000..d6ba3c888
--- /dev/null
+++ b/make_targets/azure
@@ -0,0 +1 @@
+server,cloud,gardener,azure
diff --git a/make_targets/cloud b/make_targets/cloud
new file mode 100644
index 000000000..e2d8e388f
--- /dev/null
+++ b/make_targets/cloud
@@ -0,0 +1 @@
+server,cloud
diff --git a/make_targets/firecracker b/make_targets/firecracker
new file mode 100644
index 000000000..6a49e52d2
--- /dev/null
+++ b/make_targets/firecracker
@@ -0,0 +1 @@
+firecracker
diff --git a/make_targets/gcp b/make_targets/gcp
new file mode 100644
index 000000000..c44bc4af0
--- /dev/null
+++ b/make_targets/gcp
@@ -0,0 +1 @@
+server,cloud,gardener,gcp
diff --git a/make_targets/github_action_runner b/make_targets/github_action_runner
new file mode 100644
index 000000000..fce1e9ca5
--- /dev/null
+++ b/make_targets/github_action_runner
@@ -0,0 +1 @@
+server,cloud,aws,github_action_runner
diff --git a/make_targets/kvm b/make_targets/kvm
new file mode 100644
index 000000000..e3caa4117
--- /dev/null
+++ b/make_targets/kvm
@@ -0,0 +1 @@
+server,cloud,kvm
diff --git a/make_targets/kvm-secureboot b/make_targets/kvm-secureboot
new file mode 100644
index 000000000..122969b2f
--- /dev/null
+++ b/make_targets/kvm-secureboot
@@ -0,0 +1 @@
+server,cloud,kvm,_secureboot
diff --git a/make_targets/metal b/make_targets/metal
new file mode 100644
index 000000000..dda8fb29f
--- /dev/null
+++ b/make_targets/metal
@@ -0,0 +1 @@
+server,metal
diff --git a/make_targets/metal-iso b/make_targets/metal-iso
new file mode 100644
index 000000000..3bcca715d
--- /dev/null
+++ b/make_targets/metal-iso
@@ -0,0 +1 @@
+metal,server,_iso
diff --git a/make_targets/metal-secureboot b/make_targets/metal-secureboot
new file mode 100644
index 000000000..a41c24a9a
--- /dev/null
+++ b/make_targets/metal-secureboot
@@ -0,0 +1 @@
+server,metal,_secureboot
diff --git a/make_targets/metalk b/make_targets/metalk
new file mode 100644
index 000000000..824b29ffc
--- /dev/null
+++ b/make_targets/metalk
@@ -0,0 +1 @@
+metal,khost,_pxe
diff --git a/make_targets/metalv b/make_targets/metalv
new file mode 100644
index 000000000..58ca7c6cc
--- /dev/null
+++ b/make_targets/metalv
@@ -0,0 +1 @@
+server,metal,vhost
diff --git a/make_targets/openstack b/make_targets/openstack
new file mode 100644
index 000000000..707b66e98
--- /dev/null
+++ b/make_targets/openstack
@@ -0,0 +1 @@
+server,cloud,gardener,openstack
diff --git a/make_targets/openstack-qcow2 b/make_targets/openstack-qcow2
new file mode 100644
index 000000000..d5aa43571
--- /dev/null
+++ b/make_targets/openstack-qcow2
@@ -0,0 +1 @@
+server,cloud,gardener,openstack-qcow2
diff --git a/make_targets/pxe b/make_targets/pxe
new file mode 100644
index 000000000..7b684983c
--- /dev/null
+++ b/make_targets/pxe
@@ -0,0 +1 @@
+metal,server,_pxe
diff --git a/make_targets/vmware b/make_targets/vmware
new file mode 100644
index 000000000..05fd9f933
--- /dev/null
+++ b/make_targets/vmware
@@ -0,0 +1 @@
+server,cloud,gardener,vmware