diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..1df0fe9
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,17 @@
+ARG ALPINE=3.18
+FROM golang:1.20-alpine${ALPINE} AS build
+WORKDIR /app
+COPY go.mod go.sum .
+RUN go mod download
+
+ADD . /app
+RUN go build -o ./authentricity-webui ./cmd/authentricity-webui 
+RUN go build -o ./authentricity-admin ./cmd/authentricity-admin 
+
+FROM alpine:${ALPINE}
+
+WORKDIR /bin
+COPY --from=build /app/authentricity-webui /app/authentricity-admin .
+
+WORKDIR /
+CMD ["/bin/authentricity-webui"]
diff --git a/README.md b/README.md
index 8a5e1d1..ecf5c38 100644
--- a/README.md
+++ b/README.md
@@ -17,8 +17,52 @@ Unix logins. This component implements the systemd
 [User/Group Varlink API](https://systemd.io/USER_GROUP_API/) to support user and group
 lookups.
 
+It is intended to be deployed as a systemd service. See [module.nix](./module.nix), which
+can be used to deploy this on NixOS for details 
+
+For both performance and resilience resaons, user information is cached locally:
+
+ * Information less than 60s old is considered up-to-date and Consul is not re-queried for it,
+   speeding up user information requests and reducing Consul load, and
+ * In cases where Consul is unable to service requests, then the cache will be considered valid
+   indefinitely
+
+A future version may limit the amount of time locally cached information is considered valid.
+
+TODO: Provide raw systemd unit files
+
 #### authentricity-webui
-SSO portal and user administration UI
+This implements
+
+ * A login system, and single-domain shared cookie SSO system
+ * A portal which lets users add & remove SSH keys, change their password, etc,
+   and
+ * A UI which lets users explore other users and groups, and which lets admins manage
+   users and groups
+ * A UI which lets admins manipulate users and groups
+
+This can be deployed as either
+
+ * A systemd service (see [module.nix](./module.nix)), or
+ * A [container](https://git.shinra.systems/authentricity/-/packages/container/authentricity/)
+
+TODO: Provide raw systemd unit files
+TODO: Provide example Kubernetes manifests/Kustomize chart?
 
 #### authentricity-admin
-Command line administation tool (performing direct database accesses)
\ No newline at end of file
+Command line administation tool (performing direct database accesses)
+
+### Future Components
+ * Radius server
+ 	* Likely minimal feature set at first (PAP, no EAP, etc)
+ * TACACS+ server
+ 	* For networking appliances
+ * Separate cookie used for the Web UI from the auth proxy
+ 	* We can then domain scope the Web UI cookie down to just the UI itself,
+ 	  protecting better against Cookie theft attacks
+ 	* We can use asymmetric crypto for the domain-wide cookie and distribute the public
+ 	  keys to auth proxies via Consul
+ * JWT/OAuth 2.0/OpenID Connect issuer
+ * Integration of tokens into the Unix auth flow
+    * Return something like a Kerberos TGT that can be exchanged for service JWTs?
+ * Minimal authentication proxy without the Web UI?
diff --git a/go.mod b/go.mod
index a81533a..9143520 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module go.e43.eu/authentricity
 
-go 1.17
+go 1.20
 
 require (
 	github.com/GehirnInc/crypt v0.0.0-20200316065508-bb7000b8a962