diff --git a/Dockerfile b/Dockerfile
index 061204b..6360a66 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,4 +4,16 @@ FROM ubuntu@sha256:d050ed7278c16ff627e4a70d7d353f1a2ec74d8a0b66e5a865356d92f5f6d
 ADD ./sources.list /etc/apt/sources.list
 ADD https://sneak.cloud/authorized_keys /root/.ssh/authorized_keys
 
-RUN apt update && apt -y upgrade && apt -y install runit build-essential
+COPY ./root /tmp/rootoverlay
+
+# we only install essential system packages here
+ARG SYSTEM_PACKAGES="runit build-essential rsync ca-certificates"
+
+RUN \
+    apt update && \
+    apt -y upgrade && \
+    apt -y install $SYSTEM_PACKAGES && \
+    rsync -avP /tmp/rootoverlay/ / && \
+    rm -rf /tmp/rootoverlay
+
+EXPOSE 22
diff --git a/root/etc/cron.hourly/.keep b/root/etc/cron.hourly/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/root/etc/datavibe/common/.keep b/root/etc/datavibe/common/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/root/etc/service/sshd/run b/root/etc/service/sshd/run
new file mode 100644
index 0000000..4586a48
--- /dev/null
+++ b/root/etc/service/sshd/run
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+set -e
+exec /usr/sbin/sshd -D
diff --git a/run.sh b/run.sh
index 7a5d9d4..4539319 100644
--- a/run.sh
+++ b/run.sh
@@ -1,6 +1,20 @@
 #!/bin/bash
 
+# nonessential packages
+PACKAGES="
+    weechat
+    irssi
+    python3
+    python3-pip
+"
+
+for PKG in $PACKAGES ; do
+    apt install -y $PKG
+done
+
+pip3 install --upgrade youtube_dl
+
 cp /etc/passwd /etc/passwd.dist
 cp /etc/shadow /etc/shadow.dist
 
-mkdir -p /etc/datavibe/host
+chmod +x /etc/service/*/run