diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bff742c..e8c146c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -55,3 +55,5 @@ stages:
 - build-images
 - build
 - trigger
+variables:
+  NIX_CI_IMAGE: $CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA
diff --git a/docs/index.md b/docs/index.md
index 214fbf3..14f7da3 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -9,3 +9,14 @@ This project provides a Nix flake module that allows you to generate your `.gitl
 - **Modularity:** Define and manage your CI configurations in a structured and modular way using Nix modules, making it easier to share and reuse CI logic across multiple projects.
 
 This documentation will guide you through setting up and using Nix GitLab CI for your projects.
+
+## Warnings
+
+To save you from frantically searching these docs if something doesn't work as expected, here are the most important warnings ;)
+
+!!! warning
+
+    Do not put Nix store paths into global/pipeline variables. They will simply be passed through,
+    resulting in bad portability (if two runners have different archs for example, one cannot find the path).
+    If you need any Nix store path in env variables, always do it on the job level, there
+    it will automatically be computed at runtime, thus will always work no matter which runner it runs on.
diff --git a/lib/VERSION b/lib/VERSION
index cb2b00e..fd2a018 100644
--- a/lib/VERSION
+++ b/lib/VERSION
@@ -1 +1 @@
-3.0.1
+3.1.0
diff --git a/lib/impl/helpers.nix b/lib/impl/helpers.nix
index 48a79fc..754cead 100644
--- a/lib/impl/helpers.nix
+++ b/lib/impl/helpers.nix
@@ -50,7 +50,7 @@ in rec {
   filterJobVariables = shouldContain: job:
     concatMapAttrs (
       name: value:
-        optionalAttrs ((hasInfix "/nix/store/" value) == shouldContain) {
+        optionalAttrs ((hasInfix builtins.storeDir value) == shouldContain) {
           ${name} = value;
         }
     )
diff --git a/lib/impl/jobPatched.nix b/lib/impl/jobPatched.nix
index c7134fb..367a374 100644
--- a/lib/impl/jobPatched.nix
+++ b/lib/impl/jobPatched.nix
@@ -11,13 +11,13 @@ in
     pipelineName,
     nixConfig,
   }:
-    (builtins.removeAttrs job ["variables" "cache"])
-    // (optionalAttrs nixConfig.enable (
-      (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
+    if ! nixConfig.enable
+    then job
+    else
+      (builtins.removeAttrs job ["variables" "cache"])
+      // (prependToBeforeScript ["source setup_nix_ci \"gitlab-ci:pipeline:${pipelineName}:job-deps:${key}\""] job)
       // (appendToAfterScript ["finalize_nix_ci"] job)
-    ))
-    // optionalAttrs nixConfig.enable (
-      (let
+      // (let
         variables =
           (filterJobVariables false job)
           // optionalAttrs nixConfig.enableRunnerCache {
@@ -40,4 +40,3 @@ in
         optionalAttrs (cache != []) {
           inherit cache;
         })
-    )
diff --git a/nix/repo/ci.nix b/nix/repo/ci.nix
index a76c0d8..157ede7 100644
--- a/nix/repo/ci.nix
+++ b/nix/repo/ci.nix
@@ -10,6 +10,7 @@ in
       # the child pipeline can then use the built images to test them
       extraData = {
         stages = ["build-images" "build" "trigger"];
+        variables.NIX_CI_IMAGE = "$CI_REGISTRY_IMAGE/nix-ci:$CI_COMMIT_SHORT_SHA";
         "build:image" = {
           stage = "build-images";
           parallel.matrix = [
diff --git a/tests/cilib_test.nix b/tests/cilib_test.nix
index 78e99a3..3b76fb8 100644
--- a/tests/cilib_test.nix
+++ b/tests/cilib_test.nix
@@ -64,6 +64,22 @@
           nixConfig.enable = false;
         };
       }
+      {
+        name = "jobPatched nix disabled with variables and cache";
+        expected = {
+          variables."HELLO" = "world";
+          cache = [{key = "example";}];
+        };
+        actual = mkJobPatched {
+          key = "test";
+          pipelineName = "test";
+          job = {
+            variables."HELLO" = "world";
+            cache = [{key = "example";}];
+          };
+          nixConfig.enable = false;
+        };
+      }
       {
         name = "jobPatched without runner cache";
         expected = {
@@ -129,7 +145,7 @@
           # sh
           ''
             set -euo pipefail
-            ${ntlib.helpers.path [pkgs.jq pkgs.gnugrep pkgs.coreutils]}
+            ${ntlib.helpers.path (with pkgs; [jq gnugrep coreutils])}
             echo "two keys, one json one pretty"
             jq 'keys | length == 2' "${pipeline}" | grep -q true
             echo "key[0] is exactly 'gitlab-ci:pipeline:test'"
@@ -145,10 +161,13 @@
           '';
       }
       {
-        name = "handle store paths in variables";
+        name = "ignore store paths in variables with nix disabled";
         expected = {
           stages = ["test"];
-          test.stage = "test";
+          test = {
+            stage = "test";
+            variables."TEST" = "${pkgs.hello}";
+          };
         };
         actual =
           (mkPipeline {
@@ -163,6 +182,28 @@
             };
           }).finalConfig;
       }
+      {
+        # it doesn't make much sense to have any nix store path in variables, but we ignore it for global variables
+        name = "ignore store paths in global variables";
+        expected = {
+          variables = {
+            HELLO = "world";
+            CURL = toString pkgs.curl;
+          };
+        };
+        actual =
+          (mkPipeline {
+            name = "test";
+            nixConfig.enable = true;
+            pipeline = {
+              variables = {
+                HELLO = "world";
+                CURL = toString pkgs.curl;
+              };
+              jobs = {};
+            };
+          }).finalConfig;
+      }
     ];
   };
 }