diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 3fa91c2..fe6a2f0 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -2,9 +2,9 @@ name: Build container
 on:
   push:
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
   schedule:
-    - cron: '0 16 * * FRI'
+    - cron: "0 16 * * FRI"
 
 jobs:
   build:
@@ -18,7 +18,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ github.actor }}
+          username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build and push base container
         uses: docker/build-push-action@v5
@@ -26,18 +26,18 @@ jobs:
           context: ./containers/base
           file: ./containers/base/Containerfile
           push: true
-          tags: ghcr.io/${{ github.actor }}/base:latest
+          tags: ghcr.io/${{ github.repository_owner }}/base:latest
       - name: Build and push go container
         uses: docker/build-push-action@v5
         with:
           context: ./containers/go
           file: ./containers/go/Containerfile
           push: true
-          tags: ghcr.io/${{ github.actor }}/go:latest
-      - name: Build and push kube container
+          tags: ghcr.io/${{ github.repository_owner }}/go:latest
+      - name: Build and push infra container
         uses: docker/build-push-action@v5
         with:
-          context: ./containers/kube
-          file: ./containers/kube/Containerfile
+          context: ./containers/infra
+          file: ./containers/infra/Containerfile
           push: true
-          tags: ghcr.io/${{ github.actor }}/kube:latest
+          tags: ghcr.io/${{ github.repository_owner }}/infra:latest
diff --git a/containers/base/Containerfile b/containers/base/Containerfile
index e9d2a74..d27623e 100644
--- a/containers/base/Containerfile
+++ b/containers/base/Containerfile
@@ -16,5 +16,6 @@ USER user
 WORKDIR /home/user
 RUN mkdir .config .local .cache
 COPY --chown=user:user config/bashrc .bashrc
+COPY --chown=user:user config/git .config/git/config
 COPY config/bin /usr/local/bin
 VOLUME /home/user
diff --git a/containers/base/config/bashrc b/containers/base/config/bashrc
index 0deba25..ad834ec 100644
--- a/containers/base/config/bashrc
+++ b/containers/base/config/bashrc
@@ -1,9 +1,5 @@
 . /etc/bashrc
 
-# === container enter logic - cd to ENTER_DIR ===
-ENTER_DIR="${ENTER_DIR/#\~/$HOME}"
-[ -d "$ENTER_DIR" ] && cd "$ENTER_DIR"
-
 # === environment ===
 export EDITOR=nvim \
   WAYLAND_DISPLAY=wayland-0 \
diff --git a/containers/base/config/bin/host b/containers/base/config/bin/host
index 19c9db1..e991bc4 100755
--- a/containers/base/config/bin/host
+++ b/containers/base/config/bin/host
@@ -1,6 +1,3 @@
 #!/bin/bash
-if [ "$(basename "$0")" != "host" ]; then
-  host-spawn -cwd "${PWD/#$HOME/$HOST_HOME}" $(basename "$0") "$@"
-else
-  host-spawn -cwd "${PWD/#$HOME/$HOST_HOME}" "$@"
-fi
+host-spawn -cwd "${PWD/#$HOME/$HOST_HOME}" \
+  $([ "$(basename "$0")" != "host" ] && echo "$(basename "$0")") "$@"
diff --git a/containers/base/config/git b/containers/base/config/git
new file mode 100644
index 0000000..f241fc9
--- /dev/null
+++ b/containers/base/config/git
@@ -0,0 +1,12 @@
+[user]
+	email = job@plabble.org
+	name = Job79
+	signingKey = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsqM6ABAaCTQZ+llFXD3CXrYYuIHDEnvz8IBbXddYEc job@plabble.org
+[gpg]
+	format = ssh
+[commit]
+	gpgSign = true
+[push]
+	autoSetupRemote = true
+[init]
+	defaultBranch = main
diff --git a/containers/go/config.sh b/containers/go/config.sh
deleted file mode 100644
index 923eea6..0000000
--- a/containers/go/config.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-for dir in "Code" "Documents" "Downloads" ".config/devcontainer"; do
-  arg "-v $HOME/$dir:/home/user/$dir"
-done
diff --git a/containers/kube/Containerfile b/containers/infra/Containerfile
similarity index 100%
rename from containers/kube/Containerfile
rename to containers/infra/Containerfile
diff --git a/containers/kube/config.sh b/containers/kube/config.sh
deleted file mode 100644
index 32ff678..0000000
--- a/containers/kube/config.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-for dir in "Code" "Downloads" ".config/devcontainer"; do
-  arg "-v $HOME/$dir:/home/user/$dir"
-done
diff --git a/devc.sh b/devc.sh
new file mode 100755
index 0000000..0296a32
--- /dev/null
+++ b/devc.sh
@@ -0,0 +1,91 @@
+#!/bin/bash
+# =============================================== #
+# devc.sh v2.0; job79                             #
+# Dev container enter script. Handles setting up  #
+# different dev containers, resuming sessions and #
+# automatic container updates.                    #
+#                                                 #
+# TODO:                                           #
+# - Remove security-opt label=disable             #
+#   when possible.                                #
+# - Look into removeing userns=keep-id.           #
+# - Isolate ssh keys to containers.               #
+# =============================================== #
+set -eu
+log() { printf '\e[%sm%s\e[0m %s\n' "${3:-36}" "${2:-○}" "$1"; }
+arg() { echo -n " $@"; }
+
+# run_args returns the podman run arguments required for
+# starting a new container.
+default_args() {
+  arg "--name $name"
+  arg "--hostname $name"
+  arg "--pull=newer"
+
+  # Disable some security settings so host directories can
+  # be mounted without problems.
+  arg "--security-opt label=disable" # disable labeling so mounts don't need to be labeled.
+  arg "--userns=keep-id"             # required for ~/.ssh which is usually 700.
+
+  # Mount the wayland socket. Required to get the system
+  # clipboard (wl-copy) and gui applications working.
+  [ -e "/run/user/$UID/wayland-0" ] && arg "-v /run/user/$UID/wayland-0:/run/user/1000/wayland-0"
+
+  # Mount the ssh socket to get ssh commands working.
+  [ -e "$SSH_AUTH_SOCK" ] && arg "-v $SSH_AUTH_SOCK:/run/user/1000/ssh-auth-sock"
+
+  # Add a volume for the home directory so it survives
+  # container updates.
+  arg "-v $name:/home/user:copy"
+}
+
+# param_args returns the podman run arguments based on the
+# arguments provided to this script.
+param_args() {
+  while test $# -gt 0; do
+    case "$1" in
+    -gpu) # Enable gpu acceleration.
+      arg "--device /dev/dri" ;;
+    -host-spawn) # Enable spawning host commands from inside the container using host-spawn.
+      arg "-v /run/user/$UID/bus:/tmp/bus" ;;
+    *) # Use argument as is.
+      echo "$1" ;;
+    esac
+    shift
+  done
+}
+
+### MAIN ###
+script_dir="$(dirname "$(realpath "$0")")"
+
+# Get container registry from DEVC_REGISTRY env variable.
+if [ -n "${DEVC_REGISTRY:-}" ]; then
+  registry="$DEVC_REGISTRY"
+  echo "$registry" >"$script_dir/state/registry"
+else
+  log "registry unknown; set the DEVC_REGISTRY environment variable" 'x' 31
+  exit 1
+fi
+
+# Get the devcontainer name from the first argument. If not
+# provided, use the last used name when possible.
+if [[ $# -gt 0 ]] && [[ ${1:-} != -* ]]; then
+  name="$1"
+  echo "$name" >"$script_dir/state/last-name"
+  shift
+elif [ -f "$script_dir/state/last-name" ]; then
+  name=$(<"$script_dir/state/last-name")
+else
+  log "no container name specified" 'x' 31
+  exit 1
+fi
+
+# Create a new container when the container is not running or
+# when any arguments are provided.
+if [ "$(podman container inspect "$name" -f {{.State.Running}} 2>&1)" != 'true' ] || [[ $# -gt 0 ]]; then
+  log "starting devcontainer..."
+  podman container rm -f -t 0 "$name" 1>/dev/null
+  podman run -td $(default_args) $(param_args $@) "$registry/$name"
+fi
+
+podman exec -it "$name" bash -l
diff --git a/enter.sh b/enter.sh
deleted file mode 100755
index de5ad08..0000000
--- a/enter.sh
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/bin/bash
-# =============================================== #
-# enter.sh v2.0; job79                            #
-# Dev container enter script. Handles setting up  #
-# different dev containers, resuming sessions and #
-# automatic container updates.                    #
-# =============================================== #
-set -eu
-log() { printf '\e[%sm%s\e[0m %s\n' "${3:-36}" "${2:-○}" "$1"; }
-arg() { echo -n " $@"; }
-
-# run_args returns the podman run arguments required for
-# starting a new container.
-run_args() {
-  arg "--name $name"
-  arg "--hostname $name"
-
-  # Disable some security settings so host directories can
-  # be mounted without problems.
-  arg "--security-opt label=disable" # disable labeling so mounts don't need to be labeled.
-  arg "--userns=keep-id"             # required for ~/.ssh which is usually 700.
-
-  # Configure options to get host-spawn to work inside the
-  # container.
-  [ -e "/run/user/$UID/bus" ] && arg "-v /run/user/$UID/bus:/tmp/bus" # Use host dbus.
-  arg "-e HOST_HOME=$HOME"                                            # Used to translate container path to host.
-
-  # Use host networking.
-  arg "--net=host"
-
-  # Mount the wayland socket. Required to get the system
-  # clipbard (wl-copy) and gui applications working.
-  [ -e "/run/user/$UID/wayland-0" ] && arg "-v /run/user/$UID/wayland-0:/run/user/1000/wayland-0"
-  arg "--device /dev/dri" # mount gpu devices for gpu acceleration.
-
-  # Mount the ssh socket, directory and the git config
-  # directory. This gets the host ssh and git configuration
-  # working inside the container.
-  [ -e "$SSH_AUTH_SOCK" ] && arg "-v $SSH_AUTH_SOCK:/run/user/1000/ssh-auth-sock"
-  [ -d "$HOME/.ssh" ] && arg "-v $HOME/.ssh:/home/user/.ssh"
-  [ -d "$HOME/.config/git" ] && arg "-v $HOME/.config/git:/home/user/.config/git"
-
-  # Add a volume for the home directory so it survives
-  # container updates.
-  arg "-v $name:/home/user:copy"
-
-  # Add custom user configuration.
-  config_file="$script_dir/containers/$name/config.sh"
-  [ -f "${config_file}" ] && source "${config_file}"
-}
-
-### MAIN ###
-script_dir="$(dirname "$(realpath "$0")")"
-name=$(<"$script_dir/state/last-name")
-registry=$(<"$script_dir/state/registry")
-pull=false
-
-while test $# -gt 0; do
-  case "$1" in
-  -p) pull=true ;;
-  -*) log "unknown argument '$1'" 'x' 31 ;;
-  *)
-    name="$1"
-    echo "$1" >"$script_dir/state/last-name"
-    ;;
-  esac
-  shift
-done
-
-if [ "$(podman container inspect "$name" -f {{.State.Running}} 2>&1)" != 'true' ] || [ "$pull" = true ]; then
-  log "fetching devcontainer updates..."
-  if [ "$(podman container inspect "$name" -f {{.Image}} 2>&1)" != "$(podman pull -q "$registry/$name" 2>&1)" ] || [ "$pull" = true ]; then
-    if [ $? -eq 0 ]; then
-      log "container image downloaded" '✓' 32
-    else
-      log "failed to download container image" 'x' 31
-    fi
-    podman container rm -f -t 1 "$name" 1>/dev/null
-    podman run -td $(run_args) "$registry/$name"
-  else
-    log "no updates available" '✓' 32
-  fi
-fi
-
-podman start "$name" 1>/dev/null
-podman exec -e ENTER_DIR="${PWD/#$HOME/\~}" --detach-keys "ctrl-@" -it "$name" bash -l
diff --git a/state/last-args b/state/last-args
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/state/last-args
@@ -0,0 +1 @@
+
diff --git a/state/last-name b/state/last-name
index 4023f20..0f5feb8 100644
--- a/state/last-name
+++ b/state/last-name
@@ -1 +1 @@
-go
+kube
diff --git a/state/registry b/state/registry
index 25e26d3..367edf5 100644
--- a/state/registry
+++ b/state/registry
@@ -1 +1 @@
-ghcr.io/job79
+github.com/job79