diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..249cda9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/data
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 8184915..2eff95b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,7 @@ RUN apt-get update && \
       clang \
       llvm \
       libclang-dev \
-      libssl-dev \ 
+      libssl-dev \
       pkg-config \
       ca-certificates \
     && rm -rf /var/lib/apt/lists/*
@@ -32,9 +32,23 @@ FROM debian:bookworm-slim
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
       ca-certificates \
+      gosu \
     && rm -rf /var/lib/apt/lists/*
 
-# Copy the compiled binary
-COPY --from=builder /src/freenet/target/release/freenet /usr/local/bin/freenet
+# Create default non-root user
+RUN useradd -m -u 1000 -s /bin/bash freenetuser && \
+    mkdir -p /data && \
+    chown freenetuser:freenetuser /data
 
-CMD ["freenet", "-b", "0.0.0.0"]
\ No newline at end of file
+# Copy binary and entrypoint
+COPY --from=builder /src/freenet/target/release/freenet /usr/local/bin/
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Environment variables
+ENV DATA_DIR="/data/data" \
+    CONFIG_DIR="/data/config"
+
+VOLUME ["/data"]
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["freenet"]
\ No newline at end of file
diff --git a/Readme.md b/Readme.md
index 2904b26..8f26a0c 100644
--- a/Readme.md
+++ b/Readme.md
@@ -1,36 +1,18 @@
-# README for Docker Image Build and Publish Workflows
+# Freenet Core Docker Container
 
-## Overview
+Minimal Docker image for [Freenet Core](https://github.com/freenet/freenet-core).
 
-This repository contains two GitHub Actions workflows that automate the building and publishing of Docker images to an OCI registry. 
+## Quick Start
 
-### Workflows
+Make sure to expose the ports you need for the service to work, I dont know which ones are needed as I just recently found out about Freenet
+```bash
+docker run -v freenet_data:/data git.merith.xyz/oci/freenet
+```
 
-1. **On Commit to Main**
-   - **Trigger:** Activates on commits to the `main` branch (tags are excluded).
-   - **Purpose:** Builds and publishes a Docker image for each commit.
+## Features
+- Root/non-root support (`RUN_AS=UID:GID`)
+- Persistent `/data` volume
 
-2. **On Tag Push**
-   - **Trigger:** Activates when a new tag is pushed.
-   - **Purpose:** Builds and publishes a Docker image for the tag and tags it as `latest`.
-
-## Prerequisites
-
-- **Secrets Needed:**
-  - `OCI_TOKEN`: Your OCI registry token.
-  - `OCI_USER`: Your OCI registry username.
-
-## How to Use
-
-1. **Clone the Repository:** Get a local copy of this repository.
-2. **Modify Dockerfile:** Update the `Dockerfile` for your application.
-3. **Push Changes:** Push changes to the `main` branch or create a new tag.
-4. **Check Workflow Status:** View the Actions tab in Forgjo to monitor workflow runs.
-
-## Notes
-
-- Ensure your Docker environment is compatible with multi-platform builds if necessary.
-
-## License
-
-This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
\ No newline at end of file
+## Configuration
+- Data: `/data/{data,config}`
+- Custom args: Append to `docker run`
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..05c86da
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,15 @@
+
+services:
+  freenet:
+    # image: git.merith.xyz/oci/freenet:nightly
+    build: ./
+    container_name: freenet
+    ports:
+      # Opening all ports I see in the log, I dont know much about them
+      - "31337:31337"
+      - "40185:40185"
+      - "43841:43841"
+      - "50509:50509"
+
+    volumes:
+      - ./data:/data
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..1f56d2d
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+set -e
+
+# Create data directories
+mkdir -p "${DATA_DIR}" "${CONFIG_DIR}"
+
+# Default command if none provided
+DEFAULT_CMD="freenet"
+CMD=${@:-$DEFAULT_CMD}
+
+# Check if we're root
+if [ "$(id -u)" = "0" ]; then
+    # If RUN_AS is set, run as that user
+    if [ -n "${RUN_AS}" ]; then
+        USER_ID=$(echo "${RUN_AS}" | cut -d: -f1)
+        GROUP_ID=$(echo "${RUN_AS}" | cut -d: -f2)
+        
+        echo "Running as ${RUN_AS}"
+        echo "User ID: ${USER_ID}"
+        echo "Group ID: ${GROUP_ID}"
+
+        # Create user if it doesn't exist
+        if ! getent group "${GROUP_ID}" >/dev/null; then
+            groupadd -g "${GROUP_ID}" freenetuser
+        fi
+        
+        if ! id "${USER_ID}" >/dev/null 2>&1; then
+            useradd -l -u "${USER_ID}" -g "${GROUP_ID}" freenetuser -d /home/freenetuser
+        fi
+
+        # Fix permissions
+        chown -R "${USER_ID}:${GROUP_ID}" /data
+        export HOME="/home/freenetuser"
+
+        echo "Executing command: ${CMD}"
+        exec gosu "${USER_ID}:${GROUP_ID}" ${CMD}
+    else
+        # Run as root if no RUN_AS specified
+        echo "Executing as root: ${CMD}"
+        exec ${CMD}
+    fi
+else
+    # Already non-root
+    echo "Executing as $(id -u): ${CMD}"
+    exec ${CMD}
+fi
\ No newline at end of file