diff --git a/newt/compose.yaml b/newt/compose.yaml
new file mode 100644
index 0000000..84bdde8
--- /dev/null
+++ b/newt/compose.yaml
@@ -0,0 +1,10 @@
+services:
+  newt:
+    container_name: newt
+    image: fosrl/newt:1.12.2
+    restart: unless-stopped
+    environment:
+      - PANGOLIN_ENDPOINT=${PANGOLIN_ENDPOINT}
+      - NEWT_ID=${NEWT_ID}
+      - NEWT_SECRET=${NEWT_SECRET}
+    network_mode: host
diff --git a/pangolin/compose-local.yaml b/pangolin/compose-local.yaml
new file mode 100644
index 0000000..57ceb80
--- /dev/null
+++ b/pangolin/compose-local.yaml
@@ -0,0 +1,45 @@
+name: pangolin
+services:
+  pangolin:
+    container_name: pangolin
+    image: ghcr.io/fosrl/pangolin:1.16.2
+    restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 1g
+        reservations:
+          memory: 256m
+    volumes:
+      - ./config:/app/config
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
+      interval: "10s"
+      timeout: "10s"
+      retries: 15
+
+  traefik:
+    container_name: traefik
+    image: ghcr.io/traefik/traefik:3.6.10
+    restart: unless-stopped
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --configFile=/etc/traefik/traefik_config.yml
+    environment:
+      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
+    volumes:
+      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
+      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
+      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
+    ports:
+      - 443:443
+      - 80:80
+      - 22:22
+      - 2222:2222
+
+networks:
+  default:
+    driver: bridge
+    name: pangolin
diff --git a/pangolin/compose.yaml b/pangolin/compose.yaml
new file mode 100644
index 0000000..e70975e
--- /dev/null
+++ b/pangolin/compose.yaml
@@ -0,0 +1,66 @@
+name: pangolin
+services:
+  pangolin:
+    container_name: pangolin
+    image: ghcr.io/fosrl/pangolin:1.16.2
+    restart: unless-stopped
+    volumes:
+      - ./config:/app/config
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3001/api/v1/"]
+      interval: "10s"
+      timeout: "10s"
+      retries: 15
+
+  gerbil:
+    container_name: gerbil
+    image: ghcr.io/fosrl/gerbil:1.3.0
+    restart: unless-stopped
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --reachableAt=http://gerbil:3004
+      - --generateAndSaveKeyTo=/var/config/key
+      - --remoteConfig=http://pangolin:3001/api/v1/
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    volumes:
+      - ./config/:/var/config
+    ports:
+      - 51820:51820/udp
+      - 21820:21820/udp
+      - 443:443
+      - 80:80
+
+  traefik:
+    container_name: traefik
+    image: ghcr.io/traefik/traefik:3.6.10
+    restart: unless-stopped
+    depends_on:
+      pangolin:
+        condition: service_healthy
+    command:
+      - --configFile=/etc/traefik/traefik_config.yml
+    environment:
+      - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
+    volumes:
+      - ./config/traefik:/etc/traefik:ro # Volume to store the Traefik configuration
+      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
+      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
+    network_mode: service:gerbil # Ports appear on the gerbil service
+
+  webfinger:              # For Tailscale
+    container_name: webfinger
+    image: nginx:1.30.0-alpine
+    volumes:
+      - ./webfinger/webfinger.json:/usr/share/nginx/html/.well-known/webfinger:ro
+      - ./webfinger/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    restart: unless-stopped
+
+networks:
+  default:
+    driver: bridge
+    name: pangolin
+    enable_ipv6: true # activate if your system supports IPv6