diff --git a/TARGETS.sh b/TARGETS.sh
index 42b2ea3..27978ab 100644
--- a/TARGETS.sh
+++ b/TARGETS.sh
@@ -19,4 +19,5 @@ psql:.psqlrc
 docker:.docker/cli-plugins
 ipython:.ipython/profile_default/ipython_config.py
 gdb:.config/gdb
+sandbox:
 all:%less %t %tmux %zsh %nvim %git"
\ No newline at end of file
diff --git a/install-hooks/sandbox/post-install b/install-hooks/sandbox/post-install
new file mode 100755
index 0000000..5c7d101
--- /dev/null
+++ b/install-hooks/sandbox/post-install
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+
+sudo useradd -M -s /opt/bin/sandbox sandbox
+sudo usermod -aG docker sandbox
+echo "/opt/bin/sandbox" | sudo tee -a /etc/shells  # for pam
+
+
+set -eu
+
+
+cd "$(mktemp -d)"
+cat > Dockerfile << EOF
+FROM debian:bookworm-slim
+
+
+RUN apt update -y && apt upgrade -y && apt install -y neovim zsh git wget && \
+    useradd -Um -s /bin/zsh sandbox
+
+WORKDIR /home/sandbox
+USER sandbox
+
+RUN git clone https://github.com/thek4n/dotfiles && cd dotfiles && ./install zsh && zsh -i
+
+ENTRYPOINT ["zsh"]
+EOF
+
+docker build -t sandbox .
\ No newline at end of file
diff --git a/opt/bin/sandbox b/opt/bin/sandbox
index cb54362..6513a0d 100755
--- a/opt/bin/sandbox
+++ b/opt/bin/sandbox
@@ -1,5 +1,2 @@
 #!/bin/sh
-# useradd -md /home/sandbox -s $0 sandbox
-# usermod -aG docker sandbox
-# echo "$0" | sudo tee -a /etc/shells  # for pam
-exec docker run --rm -it -v sandbox:/root -w /root --network none alpine
\ No newline at end of file
+exec docker run --rm -it --network none sandbox
\ No newline at end of file