diff --git a/.woodpecker.yml b/.woodpecker.yml
index dbb3642..6d5d655 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -3,7 +3,7 @@ pipeline:
     image: plugins/docker
     registry: registry.nulo.in
     repo: registry.nulo.in/sutty/haini.sh
-    tags: latest
+    tags: latest,root
     dockerfile: Containerfile
     username: sutty
     secrets:
@@ -11,3 +11,15 @@ pipeline:
     when:
       branch: container-ci
       event: push
+  publish-rootless:
+    image: plugins/docker
+    registry: registry.nulo.in
+    repo: registry.nulo.in/sutty/haini.sh
+    tags: rootless
+    dockerfile: Containerfile.rootless
+    username: sutty
+    secrets:
+      - docker_password
+    when:
+      branch: container-ci
+      event: push
diff --git a/Containerfile b/Containerfile
index 1308963..b6906c9 100644
--- a/Containerfile
+++ b/Containerfile
@@ -10,13 +10,4 @@ COPY packages /root/packages
 RUN apk add --no-cache $(cat "/root/packages" | tr "\n" " ")
 RUN sed -re "s/#(@platforms = )/\1/" -i "/usr/lib/ruby/2.7.0/rubygems.rb"
 
-RUN mkdir -p /home && \
-    adduser \
-        --disabled-password \
-        --gecos "" \
-        --home /home/suttier \
-        suttier && \
-    echo "suttier ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
-USER suttier
-
-COPY .gemrc /home/suttier/.gemrc
+COPY .gemrc /root/.gemrc
diff --git a/Containerfile.rootless b/Containerfile.rootless
new file mode 100644
index 0000000..319372f
--- /dev/null
+++ b/Containerfile.rootless
@@ -0,0 +1,13 @@
+FROM registry.nulo.in/sutty/haini.sh:root
+
+RUN mkdir -p /home && \
+    adduser \
+        --disabled-password \
+        --gecos "" \
+        --home /home/suttier \
+        suttier && \
+    cp /root/.gemrc /home/suttier/.gemrc && \
+    chown suttier:suttier /home/suttier/.gemrc && \
+    echo "suttier ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+USER suttier
+