diff --git a/.env b/.env
new file mode 100644
index 0000000..0e605e6
--- /dev/null
+++ b/.env
@@ -0,0 +1,3 @@
+COMPOSE_PROJECT_NAME=pxe-stack
+# this repo will be cloned on every restart of the container
+GIT_REPO_URL=https://git.mailbro.de/angestoepselt/LinuxPXE.git
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 118be86..a4ec3a2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,6 +24,14 @@ services:
       start_period: 20s
       timeout: 10s
 
+  git-init:
+    image: codeberg.org/angestoepselt/git-alpine:latest
+    security_opt:
+      - no-new-privileges:true
+    container_name: git-init
+    volumes:
+      - tftp-data:/git
+
   nginx:
     <<: *common-keys-core # see variables at the top of the yml file
     image: nginx:mainline-alpine3.17-slim
@@ -48,19 +56,10 @@ services:
       - "69:69/udp"
     volumes:
       - tftp-data:/var/tftp
+    depends_on:
+      - git-init
     # this image has a build in healthcheck
 
-  git-init:
-    image: codeberg.org/angestoepselt/git-alpine:latest
-    security_opt:
-      - no-new-privileges:true
-    container_name: git-init
-    volumes:
-      - tftp-data:/git
-    environment:
-    # this repo will be cloned on every restart of the container
-      - GIT_REPO_URL=https://git.mailbro.de/angestoepselt/LinuxPXE.git
-
 volumes:
   cache:
   config:
diff --git a/tftp/Dockerfile b/tftp/Dockerfile
index 8b81028..43c8cc8 100644
--- a/tftp/Dockerfile
+++ b/tftp/Dockerfile
@@ -9,14 +9,21 @@ ENV ADDR="127.0.0.1" \
 RUN apk update ; \
     apk upgrade ; \
     apk add --no-cache --update tftp-hpa ; \
-    rm /var/cache/apk/*
-
-VOLUME /var/tftp
+    rm /var/cache/apk/* \
+    ; \
+    adduser -D -u 1000 non-privileged ; \
+    mkdir $ROOT ; \
+    chown -R 1000:1000 $ROOT
+    
+VOLUME $ROOT
 
 EXPOSE 69/udp
 
 COPY tftp.conf /etc/init/
 
+# Switch to the non-privileged user
+USER 1000
+
 ENTRYPOINT ["in.tftpd"]
 CMD ["-Lv", "-s", "/var/tftp"]