diff --git a/.env b/.env
new file mode 100644
index 0000000..e50d6fe
--- /dev/null
+++ b/.env
@@ -0,0 +1,18 @@
+TZ=America/Chicago
+
+POSTGRES_PASSWORD=nu8Vohx1ot1eesoono5teshu6bohn9eiteich6Bu
+AUTHENTIK_SECRET_KEY=7kIHbomK9MV4lEvObyOGGvzF222eLZ1RC6fKn28EDEIB4iF8kC
+
+# SMTP Host Emails are sent to
+AUTHENTIK_EMAIL__HOST=smtp.gmail.com
+AUTHENTIK_EMAIL__PORT=587
+# Optionally authenticate (don't add quotation marks to your password)
+AUTHENTIK_EMAIL__USERNAME=akanealw@gmail.com
+AUTHENTIK_EMAIL__PASSWORD=dqtqnqvdmtgtvwjf
+# Use StartTLS
+AUTHENTIK_EMAIL__USE_TLS=true
+# Use SSL
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__TIMEOUT=10
+# Email address authentik will send from, should have a correct @domain
+AUTHENTIK_EMAIL__FROM=akanealw@gmail.com
diff --git a/docker-compose.yml b/docker-compose.yml
index c7b6cda..19c194b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,106 @@
 services:
+  authentik-server:
+    image: ghcr.io/goauthentik/server:2025.2.2
+    container_name: authentik-server
+    command: server
+    environment:
+      - AUTHENTIK_REDIS__HOST=authentik-redis
+      - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
+      - AUTHENTIK_POSTGRESQL__USER=authentik
+      - AUTHENTIK_POSTGRESQL__NAME=authentik
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
+      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
+      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
+      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
+      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
+      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
+      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
+      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
+    ports:
+      - 9000:9000
+      - 9443:9443
+    networks:
+      - authentik
+      - reverseproxy
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+    depends_on:
+      - authentik-postgres
+      - authentik-redis
+    restart: unless-stopped
+
+  authentik-worker:
+    image: ghcr.io/goauthentik/server:2025.2.2
+    container_name: authentik-worker
+    command: worker
+    environment:
+      - AUTHENTIK_REDIS__HOST=authentik-redis
+      - AUTHENTIK_POSTGRESQL__HOST=authentik-postgres
+      - AUTHENTIK_POSTGRESQL__USER=authentik
+      - AUTHENTIK_POSTGRESQL__NAME=authentik
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
+      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
+      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
+      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
+      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
+      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
+      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
+      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
+    networks:
+      - authentik
+      - reverseproxy
+    user: root
+    volumes:
+      - /run/docker.sock:/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+    depends_on:
+      - authentik-postgres
+      - authentik-redis
+    restart: unless-stopped
+
+  authentik-redis:
+    image: docker.io/library/redis:7.4.2
+    container_name: authentik-redis
+    command: --save 60 1 --loglevel warning
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    networks:
+      - authentik
+    volumes:
+      - ./redis:/data
+    restart: unless-stopped
+
+  authentik-postgres:
+    image: docker.io/library/postgres:17.4
+    container_name: authentik-postgres
+    environment:
+      - POSTGRES_USER=authentik
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=authentik
+      - TZ=${TZ}
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -U "authentik"']
+      start_period: 30s
+      interval: 10s
+      timeout: 10s
+      retries: 5
+    networks:
+        - authentik
+    volumes:
+      - ./postgres:/var/lib/postgresql/data
+    restart: unless-stopped
+
   pangolin:
     image: fosrl/pangolin:1.3.1
     container_name: pangolin
@@ -33,6 +135,8 @@ services:
       - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
 
 networks:
+  authentik:
+    name: authentik
   reverseproxy:
     name: reverseproxy
     
\ No newline at end of file