diff --git a/authentik/compose.yml b/authentik/compose.yml
new file mode 100644
index 0000000..4632675
--- /dev/null
+++ b/authentik/compose.yml
@@ -0,0 +1,67 @@
+# /services/authentik/compose.yml
+
+services:
+  authentik_server:
+    image: authentik/server:2025.10
+    container_name: authentik_server
+    restart: always
+    command: server
+    depends_on:
+      authentik_db:
+        condition: service_healthy
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: authentik_db
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+    networks:
+      - default
+      - traefik
+    volumes:
+      - ./data/media:/media
+      - ./data/templates:/templates
+
+  authentik_worker:
+    image: authentik/server:2025.10
+    container_name: authentik_worker
+    restart: always
+    command: worker
+    depends_on:
+      authentik_db:
+        condition: service_healthy
+    environment:
+      AUTHENTIK_POSTGRESQL__HOST: authentik_db
+      AUTHENTIK_POSTGRESQL__NAME: authentik
+      AUTHENTIK_POSTGRESQL__USER: authentik
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
+      AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
+    networks:
+      - default
+    volumes:
+      - ./certs:/certs
+      - ./data/media:/media
+      - ./data/templates:/templates
+      - /var/run/docker.sock:/var/run/docker.sock
+
+  authentik_db:
+    image: postgres:16
+    container_name: authentik_db
+    restart: always
+    environment:
+      POSTGRES_DB: authentik
+      POSTGRES_USER: authentik
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+    healthcheck:
+      test: pg_isready
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    networks:
+      - default
+    volumes:
+      - ./db:/var/lib/postgresql/data
+
+networks:
+  traefik:
+    external: true
\ No newline at end of file