diff --git a/authentik/.env b/authentik/.env
new file mode 100644
index 0000000..53b4a18
--- /dev/null
+++ b/authentik/.env
@@ -0,0 +1,21 @@
+POSTGRES_DB=
+POSTGRES_USER=
+POSTGRES_PASSWORD=
+VALKEY_PASSWORD=
+AUTHENTIK_SECRET_KEY=
+AUTHENTIK_ERROR_REPORTING__ENABLED=
+AUTHENTIK_EMAIL__HOST=
+AUTHENTIK_EMAIL__PORT=
+AUTHENTIK_EMAIL__USERNAME=
+AUTHENTIK_EMAIL__PASSWORD=
+AUTHENTIK_EMAIL__USE_TLS=
+AUTHENTIK_EMAIL__USE_SSL=
+AUTHENTIK_EMAIL__TIMEOUT=
+AUTHENTIK_EMAIL__FROM=
+
+APPDATA_PATH=
+
+POSTGRES_PORT=
+VALKEY_PORT=
+AUTHENTIK_HTTP_PORT=
+AUTHENTIK_HTTPS_PORT=
\ No newline at end of file
diff --git a/authentik/compose.yaml b/authentik/compose.yaml
new file mode 100644
index 0000000..1bda07e
--- /dev/null
+++ b/authentik/compose.yaml
@@ -0,0 +1,101 @@
+services:
+  authentik_postgres:
+    image: postgres:17.5
+    container_name: authentik_postgres
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+    volumes:
+      - ${APPDATA_PATH}/authentik/db:/var/lib/postgresql/data
+    ports:
+      - ${POSTGRES_PORT}:5432
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+
+  authentik_valkey:
+    image: valkey/valkey:8.1.2
+    container_name: authentik_valkey
+    command: valkey-server --save 60 1 --loglevel warning --requirepass ${VALKEY_PASSWORD}
+    volumes:
+      - ${APPDATA_PATH}/authentik/valkey:/data
+    ports:
+      - ${VALKEY_PORT}:6379
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "echo 'auth ${VALKEY_PASSWORD}\nping' | valkey-cli | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+
+  authentik_server:
+    image: ghcr.io/goauthentik/server:2025.6.2
+    container_name: authentik_server
+    depends_on:
+      authentik_postgres:
+        condition: service_healthy
+      authentik_valkey:
+        condition: service_healthy
+    command: server
+    environment:
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
+      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+      - AUTHENTIK_REDIS__HOST=authentik_valkey
+      - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
+      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
+      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
+      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
+      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
+      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
+      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
+      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
+    volumes:
+      - ${APPDATA_PATH}/authentik/media:/media
+      - ${APPDATA_PATH}/authentik/custom-templates:/templates
+    ports:
+      - ${AUTHENTIK_HTTP_PORT}:9000
+      - ${AUTHENTIK_HTTPS_PORT}:9443
+    restart: unless-stopped
+
+  authentik_worker:
+    image: ghcr.io/goauthentik/server:2025.6.2
+    container_name: authentik_worker
+    depends_on:
+      authentik_postgres:
+        condition: service_healthy
+      authentik_valkey:
+        condition: service_healthy
+    command: worker
+    environment:
+      - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY}
+      - AUTHENTIK_POSTGRESQL__HOST=authentik_postgres
+      - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB}
+      - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER}
+      - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD}
+      - AUTHENTIK_REDIS__HOST=authentik_valkey
+      - AUTHENTIK_REDIS__PASSWORD=${VALKEY_PASSWORD}
+      - AUTHENTIK_ERROR_REPORTING__ENABLED=${AUTHENTIK_ERROR_REPORTING__ENABLED}
+      - AUTHENTIK_EMAIL__HOST=${AUTHENTIK_EMAIL__HOST}
+      - AUTHENTIK_EMAIL__PORT=${AUTHENTIK_EMAIL__PORT}
+      - AUTHENTIK_EMAIL__USERNAME=${AUTHENTIK_EMAIL__USERNAME}
+      - AUTHENTIK_EMAIL__PASSWORD=${AUTHENTIK_EMAIL__PASSWORD}
+      - AUTHENTIK_EMAIL__USE_TLS=${AUTHENTIK_EMAIL__USE_TLS}
+      - AUTHENTIK_EMAIL__USE_SSL=${AUTHENTIK_EMAIL__USE_SSL}
+      - AUTHENTIK_EMAIL__TIMEOUT=${AUTHENTIK_EMAIL__TIMEOUT}
+      - AUTHENTIK_EMAIL__FROM=${AUTHENTIK_EMAIL__FROM}
+    volumes:
+      - ${APPDATA_PATH}/authentik/media:/media
+      - ${APPDATA_PATH}/authentik/certs:/certs
+      - ${APPDATA_PATH}/authentik/custom-templates:/templates
+    restart: unless-stopped