diff --git a/cicd/pipeline.yaml b/cicd/pipeline.yaml
index 5288e92..67852ff 100644
--- a/cicd/pipeline.yaml
+++ b/cicd/pipeline.yaml
@@ -35,7 +35,7 @@ steps:
     commands:
       - |
         echo "Build image..."
-        buildah --storage-driver=$${STORAGE_DRIVER} bud --format=$${FORMAT} \
+        buildah --build-arg BUILD_UID=1000 --build-arg BUILD_GID=1000 --storage-driver=$${STORAGE_DRIVER} bud --format=$${FORMAT} \
         --tls-verify=$${TLSVERIFY} -f $${CONTAINERFILE} \
         -t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:latest \
         -t $${REGISTRY_HOST}/$${DRONE_REPO_NAME}:$${DRONE_BUILD_NUMBER} \
diff --git a/deploy/container/Containerfile b/deploy/container/Containerfile
index a7b2460..46a1700 100644
--- a/deploy/container/Containerfile
+++ b/deploy/container/Containerfile
@@ -1 +1,61 @@
-FROM docker.io/tomsquest/docker-radicale
+FROM alpine:3.14
+
+ARG COMMIT_ID
+ENV COMMIT_ID ${COMMIT_ID}
+
+ARG VERSION
+ENV VERSION ${VERSION:-3.1.8}
+
+ARG BUILD_UID
+ENV BUILD_UID ${BUILD_UID:-1000}
+
+ARG BUILD_GID
+ENV BUILD_GID ${BUILD_GID:-1000}
+
+ARG TAKE_FILE_OWNERSHIP
+ENV TAKE_FILE_OWNERSHIP ${TAKE_FILE_OWNERSHIP:-true}
+
+LABEL maintainer="Thomas Queste <tom@tomsquest.com>" \
+    org.label-schema.name="Radicale Docker Image" \
+    org.label-schema.description="Enhanced Docker image for Radicale, the CalDAV/CardDAV server" \
+    org.label-schema.url="https://github.com/Kozea/Radicale" \
+    org.label-schema.version=$VERSION \
+    org.label-schema.vcs-ref=$COMMIT_ID \
+    org.label-schema.vcs-url="https://github.com/tomsquest/docker-radicale" \
+    org.label-schema.schema-version="1.0"
+
+RUN apk add --no-cache --virtual=build-dependencies \
+    gcc \
+    musl-dev \
+    libffi-dev \
+    python3-dev \
+    && apk add --no-cache \
+    curl \
+    git \
+    openssh \
+    shadow \
+    su-exec \
+    tzdata \
+    wget \
+    python3 \
+    py3-tz \
+    py3-pip \
+    && python3 -m pip install --upgrade pip \
+    && python3 -m pip install radicale==$VERSION passlib[bcrypt] \
+    && apk del --purge build-dependencies \
+    && addgroup -g $BUILD_GID radicale \
+    && adduser -D -s /bin/false -H -u $BUILD_UID -G radicale radicale \
+    && mkdir -p /config /data \
+    && chmod -R 770 /data \
+    && chown -R radicale:radicale /data \
+    && rm -fr /root/.cache
+
+COPY config /config/config
+
+HEALTHCHECK --interval=30s --retries=3 CMD curl --fail http://localhost:5232 || exit 1
+VOLUME /config /data
+EXPOSE 5232
+
+COPY docker-entrypoint.sh /usr/local/bin
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["radicale", "--config", "/config/config"]
\ No newline at end of file
diff --git a/src/config b/src/config
new file mode 100644
index 0000000..64a2dc5
--- /dev/null
+++ b/src/config
@@ -0,0 +1,122 @@
+# -*- mode: conf -*-
+# vim:ft=cfg
+
+# Config file for Radicale - A simple calendar server
+#
+# Place it into /etc/radicale/config (global)
+# or ~/.config/radicale/config (user)
+#
+# The current values are the default ones
+
+
+[server]
+
+# CalDAV server hostnames separated by a comma
+# IPv4 syntax: address:port
+# IPv6 syntax: [address]:port
+# For example: 0.0.0.0:9999, [::]:9999
+#hosts = localhost:5232
+hosts = 0.0.0.0:5232
+
+# Max parallel connections
+#max_connections = 8
+
+# Max size of request body (bytes)
+#max_content_length = 100000000
+
+# Socket timeout (seconds)
+#timeout = 30
+
+# SSL flag, enable HTTPS protocol
+#ssl = False
+
+# SSL certificate path
+#certificate = /etc/ssl/radicale.cert.pem
+
+# SSL private key
+#key = /etc/ssl/radicale.key.pem
+
+# CA certificate for validating clients. This can be used to secure
+# TCP traffic between Radicale and a reverse proxy
+#certificate_authority =
+
+
+[encoding]
+
+# Encoding for responding requests
+#request = utf-8
+
+# Encoding for storing local collections
+#stock = utf-8
+
+
+[auth]
+
+# Authentication method
+# Value: none | htpasswd | remote_user | http_x_remote_user
+#type = none
+
+# Htpasswd filename
+#htpasswd_filename = /etc/radicale/users
+
+# Htpasswd encryption method
+# Value: plain | bcrypt | md5
+# bcrypt requires the installation of radicale[bcrypt].
+#htpasswd_encryption = md5
+
+# Incorrect authentication delay (seconds)
+#delay = 1
+
+# Message displayed in the client when a password is needed
+#realm = Radicale - Password Required
+
+
+[rights]
+
+# Rights backend
+# Value: none | authenticated | owner_only | owner_write | from_file
+#type = owner_only
+
+# File for rights management from_file
+#file = /etc/radicale/rights
+
+
+[storage]
+
+# Storage backend
+# Value: multifilesystem | multifilesystem_nolock
+#type = multifilesystem
+
+# Folder for storing local collections, created if not present
+#filesystem_folder = /var/lib/radicale/collections
+filesystem_folder = /data/collections
+
+# Delete sync token that are older (seconds)
+#max_sync_token_age = 2592000
+
+# Command that is run after changes to storage
+# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
+#hook =
+
+
+[web]
+
+# Web interface backend
+# Value: none | internal
+#type = internal
+
+
+[logging]
+
+# Threshold for the logger
+# Value: debug | info | warning | error | critical
+#level = warning
+
+# Don't include passwords in logs
+#mask_passwords = True
+
+
+[headers]
+
+# Additional HTTP headers
+#Access-Control-Allow-Origin = *
\ No newline at end of file
diff --git a/src/entrypoint.sh b/src/docker-entrypoint.sh
similarity index 100%
rename from src/entrypoint.sh
rename to src/docker-entrypoint.sh