diff --git a/Dockerfile b/Dockerfile
index 7baafb5..61669ea 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.24 as builder
+FROM golang:1.24 AS builder
 
 WORKDIR /app
 
@@ -10,14 +10,18 @@ COPY web ./web
 
 RUN CGO_ENABLED=0 GOOS=linux go build -o ./server
 
-FROM gcr.io/distroless/base-debian11 AS build-release-stage
+FROM alpine:3.21.3
 
-COPY --from=builder /app/server /app/server
+ARG uid
+ARG gid
+RUN apk add --no-cache tzdata && addgroup -g ${gid} -S nonroot && adduser -u ${uid} -S nonroot -G nonroot
+
+COPY --from=builder --chown=nonroot:nonroot /app/server /app/server
+WORKDIR /app
+RUN chown -R nonroot:nonroot /app
 
 USER nonroot:nonroot
 
-WORKDIR /app
-
 EXPOSE 8080
 
 ENTRYPOINT ["./server"]
diff --git a/docker-compose.yml b/docker-compose.yml
index 707a32a..9bab1c9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,8 +2,14 @@ services:
   server:
     build:
       dockerfile: ./Dockerfile
-    env_file:
-      - .env
+      args:
+        uid: $UID
+        gid: $GID
+    environment:
+      GEMINI_API_KEY: $GEMINI_API_KEY
+      OPEN_WEATHER_MAP_API_KEY: $OPEN_WEATHER_MAP_API_KEY
+      VAPID_PRIVATE_KEY_BASE64: $VAPID_PRIVATE_KEY_BASE64
+      VAPID_PUBLIC_KEY_BASE64: $VAPID_PUBLIC_KEY_BASE64
     ports:
       - "8080:8080"
     volumes:
diff --git a/main.go b/main.go
index f80d6b0..63294b3 100644
--- a/main.go
+++ b/main.go
@@ -417,6 +417,12 @@ func handleHTTPRequest(state *state) http.HandlerFunc {
 }
 
 func initDB() (*sql.DB, error) {
+	f, err := os.OpenFile("data/data.sqlite", os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		log.Fatal(err)
+	}
+	f.Close()
+
 	db, err := sql.Open("sqlite", "file:data/data.sqlite")
 	if err != nil {
 		log.Fatalln("failed to initialize database")