diff --git a/docker/Dockerfile b/docker/Dockerfile
index 6a80ca0..8cf35ee 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,6 +1,9 @@
 FROM alpine:3.7
 LABEL maintainer "me@jowj.net"
 
+ARG username=colove
+ARG homedir=/home/$username
+
 # make container livable
 RUN apk update \
     && apk add \
@@ -36,5 +39,20 @@ RUN apk add \
     && python3 -m pip install --upgrade pip \
     && python3 -m pip install \
         ansible
-    
+
+# configure a user
+RUN addgroup -S "$username" \
+    && adduser -S -G "$username" -s /bin/bash "$username"
+
+ARG enablesudo="true"
+RUN if test "$enablesudo"; then true \
+        && echo "ENABLING PASSWORDLESS SUDO" >&2 \
+        && echo "sudo should only be enabled in development, since root privs in your container can probably be leveraged to root privs on your host" >&2 \
+        && echo "$username ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/$username" \
+        && chmod 0440 "/etc/sudoers.d/$username" \
+; fi
+
+
+USER $username
+WORKDIR $homedir
 CMD /bin/bash -i
\ No newline at end of file