diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..5f90b7c
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+node_modules
+npm-debug.log
+.dockerignore
+.git
+.gitignore
+Dockerfile
+README.md
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..d9dc57c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,64 @@
+FROM node:21
+
+# install system dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    openssh-client \
+    rsync \
+    curl \
+    php-cli \
+    php-mbstring \
+    php-xml \
+    jq \
+    && rm -rf /var/lib/apt/lists/*
+
+# set working directory
+WORKDIR /workdir
+
+# build time args
+ARG GIT_REPO
+ARG GIT_BRANCH=main
+
+# clone source
+RUN git clone --depth 1 --branch ${GIT_BRANCH} ${GIT_REPO} app
+
+# move into app directory
+WORKDIR /workdir/app
+
+# build-time env vars
+ARG POSTGREST_API_KEY
+ARG POSTGREST_URL
+
+# export vars for build staps
+ENV POSTGREST_API_KEY=${POSTGREST_API_KEY}
+ENV POSTGREST_URL=${POSTGREST_URL}
+
+# clean npm cache
+RUN npm cache clean --force
+
+# install node deps
+RUN npm install
+
+# install php deps
+RUN curl -sS https://getcomposer.org/installer | php && \
+    mv composer.phar /usr/bin/composer && \
+    chmod +x /usr/bin/composer
+
+RUN composer install --no-dev --optimize-autoloader
+
+# build
+RUN npm run build
+
+# set runtime env vars
+ARG SERVER_IP
+ENV SERVER_IP=${SERVER_IP}
+
+# deploy and manage container healthcheck
+CMD bash -c "\
+    mkdir -p ~/.ssh && \
+    echo \"${SSH_PRIVATE_KEY}\" > ~/.ssh/id_rsa && \
+    chmod 600 ~/.ssh/id_rsa && \
+    ssh-keyscan -H \"${SERVER_IP}\" >> ~/.ssh/known_hosts && \
+    rsync -avz --delete dist/ root@\"${SERVER_IP}\":/var/www/coryd.dev/ && \
+    echo \"✅ Deployed successfully\" && \
+    tail -f /dev/null"
diff --git a/README.md b/README.md
index 51ceeef..0f3ef51 100644
--- a/README.md
+++ b/README.md
@@ -45,4 +45,6 @@ NAVIDROME_API_TOKEN        # server
 ARTIST_IMPORT_TOKEN        # server
 COOLIFY_REBUILD_TOKEN      # server
 COOLIFY_REBUILD_URL        # server
+GIT_REPO                   # build
+SERVER_URL                 # build
 ```
diff --git a/nixpacks.toml b/nixpacks.toml
deleted file mode 100644
index 4580bb6..0000000
--- a/nixpacks.toml
+++ /dev/null
@@ -1,15 +0,0 @@
-[phases.setup]
-aptPkgs = [
-  "curl",
-  "wget",
-  "zip",
-  "unzip",
-  "php-cli",
-  "php-mbstring",
-  "openssh-client",
-  "rsync",
-  "jq"
-]
-cmds = [
-  "curl -sS https://getcomposer.org/installer | php && mv composer.phar /usr/bin/composer && chmod +x /usr/bin/composer",
-]
diff --git a/package-lock.json b/package-lock.json
index fc8e13f..10078f8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "coryd.dev",
-  "version": "3.3.4",
+  "version": "3.4.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "coryd.dev",
-      "version": "3.3.4",
+      "version": "3.4.0",
       "license": "MIT",
       "dependencies": {
         "html-minifier-terser": "7.2.0",
diff --git a/package.json b/package.json
index a924eb7..9671892 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "coryd.dev",
-  "version": "3.3.4",
+  "version": "3.4.0",
   "description": "The source for my personal site. Built using 11ty (and other tools).",
   "type": "module",
   "engines": {
diff --git a/scripts/setup.sh b/scripts/setup.sh
index 7df1678..4abdb0c 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -30,7 +30,9 @@ SECRETS_JSON='{
   "NAVIDROME_API_URL": "{{ op://Private/coryd.dev secrets/NAVIDROME_API_URL }}",
   "NAVIDROME_API_TOKEN": "{{ op://Private/coryd.dev secrets/NAVIDROME_API_TOKEN }}",
   "COOLIFY_REBUILD_TOKEN": "{{ op://Private/coryd.dev secrets/COOLIFY_REBUILD_TOKEN }}",
-  "COOLIFY_REBUILD_URL": "{{ op://Private/coryd.dev secrets/COOLIFY_REBUILD_URL }}"
+  "COOLIFY_REBUILD_URL": "{{ op://Private/coryd.dev secrets/COOLIFY_REBUILD_URL }}",
+  "GIT_REPO": "{{ op://Private/coryd.dev secrets/GIT_REPO }}",
+  "SERVER_IP": "{{ op://Private/coryd.dev secrets/SERVER_IP }}"
 }'
 
 SECRETS=$(echo "$SECRETS_JSON" | op inject)
@@ -77,6 +79,8 @@ for file in scripts/templates/*.template; do
   sed -i '' -e "s|{{NAVIDROME_API_TOKEN}}|$(escape_special_chars "$NAVIDROME_API_TOKEN")|g" "$new_file"
   sed -i '' -e "s|{{COOLIFY_REBUILD_TOKEN}}|$(escape_special_chars "$COOLIFY_REBUILD_TOKEN")|g" "$new_file"
   sed -i '' -e "s|{{COOLIFY_REBUILD_URL}}|$(escape_special_chars "$COOLIFY_REBUILD_URL")|g" "$new_file"
+  sed -i '' -e "s|{{GIT_REPO}}|$(escape_special_chars "$GIT_REPO")|g" "$new_file"
+  sed -i '' -e "s|{{SERVER_IP}}|$(escape_special_chars "$SERVER_IP")|g" "$new_file"
 done
 
 echo "${COLOR_BLUE}all configurations generated in the 'generated' folder.${COLOR_RESET}"