diff --git a/docker.nix b/docker.nix
index a79ea5e..ea1c6f0 100644
--- a/docker.nix
+++ b/docker.nix
@@ -2,19 +2,53 @@
 
 let
 name = "node-red";
+packages =
+  with pkgs;
+  with nodePackages;
+  with dockerTools;
+[
+  less
+  bashInteractive
+  coreutils
+  nodejs
+  npm
+  node-red
+  #usrBinEnv
+  #binSh
+  #caCertificates
+  #fakeNss
+  #ungoogled-chromium
+];
 entrypoint = pkgs.writeShellApplication {
   name = "entrypoint";
 
-  runtimeInputs = with pkgs; with nodePackages; [
-    node-red
-    #ungoogled-chromium
-  ];
+  runtimeInputs = packages;
 
   text = ''
-    node-red -u "''${DATA-/data}" -s "''${SETTINGS-/data/settings.js}"
+    DATA="''${DATA-/data}"
+    cd "$DATA"
+    node-red -u "$DATA" -s "''${SETTINGS-/data/settings.js}"
   '';
 };
 in pkgs.dockerTools.streamLayeredImage {
       inherit name;
+      contents = packages;
       config.Cmd = [ "${entrypoint}/bin/entrypoint" ];
+      config.Workdir = "/data";
+      config.Env = [ "HOME=/data" ];
+
+      fakeRootCommands = ''
+        #!${pkgs.runtimeShell}
+        mkdir -p /tmp
+        chmod 1777 /tmp
+        ${pkgs.dockerTools.shadowSetup}
+        groupadd -r node-red
+        useradd -r -g node-red node-red
+        mkdir -p /data
+        chown -R node-red:node-red /data
+        chmod -R 750 /data
+      '';
+      extraCommands = ''
+        find / > files-that-existed-at-extraCommands-time.txt || true
+      '';
 }