diff --git a/Dockerfile b/Dockerfile
index 84efe74..55212d9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,9 +2,26 @@ FROM ubuntu
 
 LABEL maintainer="Roman Vanicek <roman.vanicek@ivasoft.cz>"
 
+# Produced using curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o nodesource.gpg
+COPY nodesource.gpg /usr/share/keyrings/nodesource.gpg
+
 RUN set -x -e; \
-    apt update; \
-    apt install -y supervisor openssh-server wget gpg nano git git-lfs chromium; \
+		# Install -up-to-date nodejs repo
+		apt update -y; \
+		apt install -y --no-install-recommends --no-install-suggests apt-transport-https ca-certificates; \
+		node_version="20.x"; \
+		arch=$(dpkg --print-architecture); \
+		chmod 644 /usr/share/keyrings/nodesource.gpg; \
+		echo "deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$node_version nodistro main" | tee /etc/apt/sources.list.d/nodesource.list > /dev/null; \
+		echo "Package: nsolid" | tee /etc/apt/preferences.d/nsolid > /dev/null; \
+    echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nsolid > /dev/null; \
+    echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nsolid > /dev/null; \
+    echo "Package: nodejs" | tee /etc/apt/preferences.d/nodejs > /dev/null; \
+    echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nodejs > /dev/null; \
+    echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nodejs > /dev/null; \
+		# Install packages
+    apt update -y; \
+    apt install -y --no-install-recommends --no-install-suggests supervisor openssh-server wget gpg nano git git-lfs chromium nodejs ffmpeg; \
     git lfs install; \
     mkdir /run/sshd /config /config/workspace; \
     # Install dotnet manually as packaged dotnet does not have all the workloads
diff --git a/entrypoint.sh b/entrypoint.sh
index c6f33d9..4b36155 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,10 +1,15 @@
 #!/bin/bash
 set -e
 
+is_enabled () {
+    echo "$1" | grep -q -i -E "^(yes|on|true|1)$"
+}
+
 CODE_UUID="${BACKUPPC_UUID:-1001}"
 CODE_GUID="${BACKUPPC_GUID:-1001}"
 CODE_USERNAME=$(getent passwd "$CODE_UUID" | cut -d: -f1)
 CODE_GROUPNAME=$(getent group "$CODE_GUID" | cut -d: -f1)
+USER_SUDO="${USER_SUDO:-false}"
 
 if [ -f /firstrun ]; then
 	echo 'First run of the container. Code will be configured.'
@@ -45,6 +50,13 @@ if [ -f /firstrun ]; then
 	rm -rf /firstrun
 fi
 
+# Add or remove user from sudo group
+if is_enabled "${USER_SUDO}"; then
+    groups "${CODE_USERNAME}" | tr " " "\n" | grep -q "^sudo$" || usermod -aG sudo "${CODE_USERNAME}"
+else
+    ! groups "${CODE_USERNAME}" | tr " " "\n" | grep -q "^sudo$" || gpasswd -d "${CODE_USERNAME}" sudo
+fi
+
 export CODE_USERNAME
 
 cd /home/code
diff --git a/nodesource.gpg b/nodesource.gpg
new file mode 100644
index 0000000..a8c38d4
Binary files /dev/null and b/nodesource.gpg differ