diff --git a/README.md b/README.md
index a37040f..ca7f6e7 100644
--- a/README.md
+++ b/README.md
@@ -31,3 +31,28 @@ This container should listen to external connections, in order to allow
 **Let's Encrypt** certificates to be assigned and renewed. It's strongly
 suggested to protect it using **fail2ban**, Geo-IP restrictions, or
 other security measures.
+
+## Further configuration
+
+Some of these steps could be handled by Ansible as well:
+
+* Setup port redirect from host to container, according to the sequence:
+
+```sh
+lxc config device add newodoocontainer ssh_redir proxy \
+    listen=tcp:0.0.0.0:23025 connect=tcp:127.0.0.1:22
+```
+
+* Add authorized public keys to `/home/odoo/.ssh/authorized_keys` file
+* Return file ownership of `/opt/odoo` to odoo user:
+
+```sh
+chown -R odoo:odoo /opt/odoo
+```
+
+* Allow odoo to run `sudo` without a password:
+
+```sh
+echo "odoo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/10-odoo
+```
+