diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..6cb6e38
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+*
+!Cargo.toml
+!Cargo.lock
+!core/
+!server/
+!sqlite/
+!docker-entrypoint.sh
diff --git a/Dockerfile b/Dockerfile
index f9542af..b2d3438 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,19 +1,25 @@
 # Versions must be major.minor
-ARG RUST_VERSION
-ARG ALPINE_VERSION
+# Default versions are as below
+ARG RUST_VERSION=1.78
+ARG ALPINE_VERSION=3.19
 
 FROM docker.io/rust:${RUST_VERSION}-alpine${ALPINE_VERSION} AS builder
-COPY . /data
+COPY Cargo.lock Cargo.toml /data/
+COPY core /data/core/
+COPY server /data/server/
+COPY sqlite /data/sqlite/
 RUN apk -U add libc-dev && \
   cd /data && \
   cargo build --release
 
 FROM docker.io/alpine:${ALPINE_VERSION}
 COPY --from=builder /data/target/release/taskchampion-sync-server /bin
-RUN adduser -S -D -H -h /var/lib/taskchampion-sync-server -s /sbin/nologin -G users \
+RUN apk add --no-cache su-exec && \
+  adduser -u 1092 -S -D -H -h /var/lib/taskchampion-sync-server -s /sbin/nologin -G users \
   -g taskchampion taskchampion && \
-  install -d -m755 -o100 -g100 "/var/lib/taskchampion-sync-server"
+  install -d -m1755 -o1092 -g1092 "/var/lib/taskchampion-sync-server"
 EXPOSE 8080
-VOLUME "/var/lib/taskchampion-sync-server"
-USER taskchampion
-ENTRYPOINT [ "taskchampion-sync-server" ]
+VOLUME /var/lib/task-champion-sync-server/data
+COPY docker-entrypoint.sh /bin
+ENTRYPOINT [ "/bin/docker-entrypoint.sh" ]
+CMD [ "/bin/taskchampion-sync-server" ]
diff --git a/docker-compose.yml b/docker-compose.yml
index 0cd1e05..fa474db 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,16 +1,13 @@
 volumes:
   data:
 
+
 services:
-  # Make the necessary subdirectories of the `data` volume, and set ownership of the
-  # `tss/taskchampion-sync-server` directory, as the server runs as user 100.
   mkdir:
     image: caddy:2-alpine
     command: |
       /bin/sh -c "
-        mkdir -p /data/caddy/data /data/caddy/config /data/tss/taskchampion-sync-server &&
-        chown -R 100:100 /data/tss/taskchampion-sync-server
-      "
+      mkdir -p /data/caddy/data /data/caddy/config /data/tss/taskchampion-sync-server"
     volumes:
       - type: volume
         source: data
@@ -48,18 +45,18 @@ services:
   tss:
     image: ghcr.io/gothenburgbitfactory/taskchampion-sync-server:0.5.0
     restart: unless-stopped
+    environment:
+      - "RUST_LOG=info"
+      - "DATA_DIR=/var/lib/taskchampion-sync-server/data"
+      - "LISTEN=0.0.0.0:8080"
     volumes:
       - type: volume
         source: data
-        target: /tss
+        target: /var/lib/taskchampion-sync-server/data
         read_only: false
         volume:
           nocopy: true
-          subpath: tss
-    environment:
-      - "RUST_LOG=info"
-      - "DATA_DIR=/tss/taskchampion-sync-server"
-      - "LISTEN=0.0.0.0:8080"
+          subpath: tss/taskchampion-sync-server
     depends_on:
       mkdir:
         condition: service_completed_successfully
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 0000000..09e2ab1
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+echo "starting entrypoint script..."
+if [ "$1" = "/bin/taskchampion-sync-server" ]; then
+    echo "setting data directories"
+    mkdir -p "/var/lib/taskchampion-sync-server/data"
+    chown -R 1092:1092 "/var/lib/taskchampion-sync-server/data"
+    chmod -R 700 "/var/lib/taskchampion-sync-server/data"
+    if [ "$(id -u)" = "0" ]; then
+        echo "switching to user 'taskchampion'"
+        exec su-exec taskchampion "$@"
+    fi
+fi