diff --git a/compose/authentik/.env b/compose/authentik/.env
new file mode 100644
index 0000000..a982c89
--- /dev/null
+++ b/compose/authentik/.env
@@ -0,0 +1,4 @@
+POSTGRES_DB=
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+AUTHENTIK_SECRET_KEY=
\ No newline at end of file
diff --git a/compose/authentik/docker-compose.yml b/compose/authentik/docker-compose.yml
new file mode 100644
index 0000000..22562b8
--- /dev/null
+++ b/compose/authentik/docker-compose.yml
@@ -0,0 +1,113 @@
+services:
+  postgresql:
+    image: docker.io/library/postgres:12-alpine
+    security_opt:
+      - apparmor:unconfined
+    container_name: authentik-postgresql
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - /docker/appdata/authentik-postgresql:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_DB=${POSTGRES_DB}
+    networks:
+      - backend
+
+  redis:
+    image: docker.io/library/redis:alpine
+    security_opt:
+      - apparmor:unconfined
+    container_name: authentik-redis
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - /docker/appdata/authentik-redis:/data
+    networks:
+      - backend
+
+  server:
+    image: ghcr.io/goauthentik/server:2024.2.2
+    security_opt:
+      - apparmor:unconfined
+    container_name: authentik-server
+    restart: unless-stopped
+    command: server
+    environment:
+      - AUTHENTIK_REDIS__DB=1
+      - AUTHENTIK_REDIS__HOST=redis
+      - AUTHENTIK_POSTGRESQL__HOST=postgresql
+      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
+      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=true
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+    volumes:
+      - /docker/appdata/authentik/media:/media
+      - /docker/appdata/authentik/custom-templates:/templates
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.authentik.rule=Host(`example.domain.com`)
+      - traefik.http.routers.authentik.entrypoints=websecure
+      - traefik.http.routers.authentik.tls=true
+      - traefik.http.routers.authentik.service=authentik
+      - traefik.http.routers.authentik.tls.certresolver=production
+      - traefik.http.services.authentik.loadBalancer.server.port=9000
+    depends_on:
+      - postgresql
+      - redis
+    networks:
+      - backend
+      - frontend
+
+  worker:
+    image: ghcr.io/goauthentik/server:2024.2.2
+    security_opt:
+      - apparmor:unconfined
+    container_name: authentik-worker
+    restart: unless-stopped
+    command: worker
+    environment:
+      - AUTHENTIK_REDIS__DB=1
+      - AUTHENTIK_REDIS__HOST=redis
+      - AUTHENTIK_POSTGRESQL__HOST=postgresql
+      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
+      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=true
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /docker/appdata/authentik/media:/media
+      - /docker/appdata/authentik/certs:/certs
+      - /docker/appdata/authentik/custom-templates:/templates
+    depends_on:
+      - postgresql
+      - redis
+    networks:
+      - backend
+
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local
+
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true