diff --git a/.dockerignore b/.dockerignore
index f0f644e..815eb8e 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,4 @@
+Dockerfile
 LICENSE
 README.md
+*.yaml
diff --git a/.gitignore b/.gitignore
index c52dc6d..602e3bd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,4 @@ package-lock.json
 fly.toml
 *.fiber.gz
 soundcloak.json
-compose.yml
\ No newline at end of file
+compose.yaml
diff --git a/Dockerfile b/Dockerfile
index ed30e29..13d0038 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,7 +9,9 @@ WORKDIR /build
 COPY . .
 RUN go install github.com/a-h/templ/cmd/templ@latest && \
   templ generate && \
-  CGO_ENABLED=0 GOARCH=${TARGETARCH} GOOS=${TARGETOS} go build -ldflags "-s -w -extldflags '-static'" -o ./app
+  CGO_ENABLED=0 GOARCH=${TARGETARCH} GOOS=${TARGETOS} go build -ldflags "-s -w -extldflags '-static'" -o ./app && \
+  echo "soundcloak:x:5000:5000:Soundcloak user:/:/sbin/nologin" > /etc/minimal-passwd && \
+  echo "soundcloak:x:5000:" > /etc/minimal-group
 
 FROM node:${NODE_VERSION} AS node
 WORKDIR /hls.js
@@ -22,7 +24,11 @@ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=build /build/assets /assets
 COPY --from=build /build/app /app
 COPY --from=node /hls.js/node_modules/hls.js/dist/hls.light.min.js /node_modules/hls.js/dist/hls.light.min.js
+COPY --from=build /etc/minimal-passwd /etc/passwd
+COPY --from=build /etc/minimal-group /etc/group
 
 EXPOSE 4664
 
+USER soundcloak
+
 ENTRYPOINT ["/app"]