diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml
new file mode 100644
index 0000000..d3c3761
--- /dev/null
+++ b/.github/workflows/docker-build-push.yml
@@ -0,0 +1,50 @@
+name: Docker Build and Push
+
+on:
+  push:
+    branches: [master, main]
+  pull_request:
+    branches: [master, main]
+
+jobs:
+  docker:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v30
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+            accept-flake-config = true
+
+      - name: Build Docker Image
+        run: |
+          nix build .#docker --print-build-logs
+          ls -la result
+
+      - name: Push Docker Image with Commit SHA
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        run: |
+          nix-shell -p skopeo --run "skopeo copy \
+            docker-archive:./result \
+            docker://wholelottahoopla/mcp-exec:${{ github.sha }} \
+            --dest-creds \"\$DOCKER_USERNAME:\$DOCKER_PASSWORD\""
+
+      - name: Push Docker Image with Latest Tag
+        if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        run: |
+          nix-shell -p skopeo --run "skopeo copy \
+            docker-archive:./result \
+            docker://wholelottahoopla/mcp-exec:latest \
+            --dest-creds \"\$DOCKER_USERNAME:\$DOCKER_PASSWORD\""
diff --git a/flake.nix b/flake.nix
index c25f980..93d8178 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,8 +12,30 @@
     (flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system:
       let
         pkgs = import nixpkgs { inherit system; };
+        mcp-exec = pkgs.callPackage ./nix/package.nix { };
       in {
-        packages.default = pkgs.callPackage ./nix/package.nix { };
+        packages.default = mcp-exec;
+
+        packages.docker = pkgs.dockerTools.buildLayeredImage {
+          name = "wholelottahoopla/mcp-exec";
+          tag = "latest";
+          contents = [
+            mcp-exec
+            pkgs.bashInteractive
+            pkgs.coreutils
+            pkgs.inetutils
+          ];
+          config = {
+            Cmd = [ "${mcp-exec}/bin/mcp-exec" ];
+            ExposedPorts = {
+              "8080/tcp" = {};
+            };
+            Env = [
+              "PATH=/bin:${mcp-exec}/bin:${pkgs.bashInteractive}/bin:${pkgs.coreutils}/bin:${pkgs.inetutils}/bin"
+            ];
+          };
+        };
+
         devShells.default = import ./shell.nix { inherit pkgs; };
 
         checks = {