diff --git a/internals/vikunja/docker-compose.yaml b/internals/vikunja/docker-compose.yaml
new file mode 100644
index 0000000..08ab3ab
--- /dev/null
+++ b/internals/vikunja/docker-compose.yaml
@@ -0,0 +1,57 @@
+services:
+  vikunja:
+    image: vikunja/vikunja
+    environment:
+      VIKUNJA_SERVICE_PUBLICURL: https://todo.net.enpls.org
+      VIKUNJA_DATABASE_HOST: db
+      VIKUNJA_DATABASE_PASSWORD: vikunja
+      VIKUNJA_DATABASE_TYPE: postgres
+      VIKUNJA_DATABASE_USER: vikunja
+      VIKUNJA_DATABASE_DATABASE: vikunja
+      VIKUNJA_SERVICE_ENABLEREGISTRATION: false
+      VIKUNJA_AUTH_OPENID_ENABLED: true
+      VIKUNJA_AUTH_OPENID_PROVIDERS_IDM_NAME: "Kanidm"
+      VIKUNJA_AUTH_OPENID_PROVIDERS_IDM_URL: "https://idm.enpls.org/oauth2/openid/vikunja"
+      VIKUNJA_AUTH_OPENID_PROVIDERS_IDM_SCOPE: "openid profile email"
+
+    volumes: 
+      - vikunja:/app/vikunja/files
+    networks:
+      - vikunja
+    ports:
+      - 3456:3456
+    depends_on:
+      db:
+        condition: service_healthy
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.vikunja.rule=Host(`todo.net.enpls.org`)"
+      - "traefik.http.routers.vikunja.entrypoints=websecure"
+      - "traefik.http.routers.vikunja.entrypoints=websecure"
+      - "traefik.http.routers.vikunja.service=woodpecker-service"
+      - "traefik.http.routers.vikunja.middlewares=proxyHeader@file,proxyError@file"
+
+  db:
+    image: postgres:17
+    environment:
+      POSTGRES_PASSWORD: vikunja
+      POSTGRES_USER: vikunja
+    volumes:
+      - pgdata2:/var/lib/postgresql/data
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
+      interval: 2s
+    networks:
+      - vikunja
+
+volumes:
+  pgdata2:
+    driver: local
+  vikunja:
+    driver: local
+
+networks:
+  vikunja:
+    external: false