diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ec7f71d
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,117 @@
+services:
+  # http proxy
+  http-proxy:
+    image: traefik:v2.6
+    volumes:
+     - /var/run/docker.sock:/var/run/docker.sock:ro
+
+     - http-proxy-acme:/acme:rw
+
+    ports:
+     - 80:80
+     - 443:443
+    networks:
+     - web
+    command: 
+      --providers.docker
+      
+      --entryPoints.web.address=:80
+      --entrypoints.web.http.redirections.entryPoint.to=websecure
+      --entrypoints.web.http.redirections.entryPoint.scheme=https
+      --entrypoints.web.http.redirections.entrypoint.permanent=true
+
+      --certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json
+
+      --certificatesresolvers.letsencrypt.acme.email=admin@local-company.com
+      --certificatesresolvers.letsencrypt.acme.dnschallenge=true
+      --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
+
+      --entryPoints.websecure.address=:443
+      --entrypoints.websecure.http.tls=true
+      --entrypoints.websecure.http.tls.certResolver=letsencrypt
+      --entrypoints.websecure.http.tls.domains[0].main=skyw.me
+      --entrypoints.websecure.http.tls.domains[0].sans=*.skyw.me
+
+    environment:
+      - CF_DNS_API_TOKEN=${DNS_CHALLENGE_CLOUDFLARE_API_KEY}
+
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
+    restart: unless-stopped
+
+  # ldap
+  ldap-server:
+    extends:
+      file: ldap-server/docker-compose.yml
+      service: ldap-server
+    networks:
+     - web
+    ports:
+      - 389:389
+
+  ldap-passwd-webui:
+    extends:
+      file: ldap-server/docker-compose.yml
+      service: ldap-passwd-webui
+    networks:
+     - web
+    labels:
+      - traefik.http.routers.ldap-passwd-webui.rule=Host(`passwd.skyw.me`)
+      - traefik.http.routers.ldap-passwd-webui.entrypoints=websecure
+      - traefik.http.routers.ldap-passwd-webui.tls.certresolver=letsencrypt
+      - traefik.http.services.ldap-passwd-webui.loadbalancer.server.port=8080
+
+  # wireguard server
+  wg-server:
+    extends:
+      file: wg-server/docker-compose.yml
+      service: wg-server
+    # host network
+    # networks:
+    #  - web
+    labels:
+      - traefik.http.routers.wg-server.rule=Host(`wg.skyw.me`)
+      - traefik.http.routers.wg-server.entrypoints=websecure
+      - traefik.http.routers.wg-server.tls.certresolver=letsencrypt
+      - traefik.http.services.wg-server.loadbalancer.server.port=8123
+      - traefik.http.services.wg-server.loadbalancer.server.url=http://host.docker.internal:8123
+
+  # wiki
+  wiki-db:
+    extends:
+      file: wiki/docker-compose.yml
+      service: wiki-db
+    networks:
+     - web
+  
+  wiki-server:
+    extends:
+      file: wiki/docker-compose.yml
+      service: wiki-server
+    networks:
+     - web
+    labels:
+      - traefik.http.routers.wiki-server.rule=Host(`skyw.me`) || Host(`www.skyw.me`) || Host(`wiki.skyw.me`)
+      - traefik.http.routers.wiki-server.entrypoints=websecure
+      - traefik.http.routers.wiki-server.tls.certresolver=letsencrypt
+      - traefik.http.services.wiki-server.loadbalancer.server.port=3000
+
+volumes:
+  # http proxy
+  http-proxy-acme:
+
+  # ldap
+  ldap-server-db:
+  ldap-server-config:
+
+  # wg
+  wg-server-ui-data:
+
+  # wiki
+  wiki-db-data:
+
+networks:
+  # global network for web services
+  web:
+    name: "web"
diff --git a/ldap-server/bootstrap-ldif/01-force-password-hash.ldif b/ldap-server/bootstrap-ldif/01-force-password-hash.ldif
new file mode 100644
index 0000000..bafc932
--- /dev/null
+++ b/ldap-server/bootstrap-ldif/01-force-password-hash.ldif
@@ -0,0 +1,13 @@
+# Load the ppolicy module
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: ppolicy
+
+# Enable the overlay and its hash_cleartext policy
+dn: olcOverlay={2}ppolicy,olcDatabase={1}{{ LDAP_BACKEND }},cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: {2}ppolicy
+olcPPolicyHashCleartext: TRUE
diff --git a/ldap-server/bootstrap-ldif/02-objects.ldif b/ldap-server/bootstrap-ldif/02-objects.ldif
new file mode 100644
index 0000000..696ee8b
--- /dev/null
+++ b/ldap-server/bootstrap-ldif/02-objects.ldif
@@ -0,0 +1,61 @@
+################# people #################
+dn: ou=people,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: organizationalUnit
+objectClass: top
+
+################# groups #################
+dn: ou=groups,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: organizationalUnit
+objectClass: top
+
+# groups: admins
+dn: cn=admins,ou=groups,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+
+# groups: users
+dn: cn=users,ou=groups,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+
+################# posix_groups #################
+dn: ou=posix_groups,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: organizationalUnit
+objectClass: top
+
+# posix_groups: ldap_users
+dn: cn=ldap_users,ou=posix_groups,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: top
+objectClass: posixGroup
+gidNumber: 10000
+
+################# dummy account #################
+dn: uid=dummy,ou=people,{{ LDAP_BASE_DN }}
+changetype: add
+uid: dummy
+mail: dummy@company.local
+cn: Dummy Account
+givenName: Dummy
+sn: Account
+homeDirectory: /home/dummy
+uidNumber: 10000
+gidNumber: 10000
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+objectClass: posixAccount
+
+# add dummy to users group
+dn: cn=users,ou=groups,{{ LDAP_BASE_DN }}
+changetype: modify
+add: uniqueMember
+uniqueMember: uid=dummy,ou=people,{{ LDAP_BASE_DN }}
diff --git a/ldap-server/config/ldap-passwd-settings.ini b/ldap-server/config/ldap-passwd-settings.ini
new file mode 100644
index 0000000..7a79fe2
--- /dev/null
+++ b/ldap-server/config/ldap-passwd-settings.ini
@@ -0,0 +1,17 @@
+[html]
+page_title = Change your password
+
+[ldap]
+host = ldap-server
+port = 389
+use_ssl = false
+base = ou=people,dc=company,dc=local
+search_filter = uid={uid}
+
+bind_dn = %(LDAP_BIND_DN)s
+bind_password = %(LDAP_BIND_PASSWORD)s
+
+[server]
+server = auto
+host = localhost
+port = 8080
diff --git a/ldap-server/docker-compose.yml b/ldap-server/docker-compose.yml
new file mode 100644
index 0000000..1943145
--- /dev/null
+++ b/ldap-server/docker-compose.yml
@@ -0,0 +1,42 @@
+services:
+  ldap-server:
+    image: osixia/openldap:1.5.0
+
+    environment:
+      - LDAP_ORGANISATION=Local Company
+      - LDAP_DOMAIN=company.local
+
+      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
+      - LDAP_CONFIG_PASSWORD=${LDAP_CONFIG_PASSWORD}
+
+      - LDAP_TLS=false
+
+      - LDAP_READONLY_USER=true
+      - LDAP_READONLY_USER_USERNAME=${LDAP_READONLY_USER_USERNAME}
+      - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
+    volumes:
+      # bootstrap
+      - ./bootstrap-ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom:ro
+      # database
+      - ldap-server-db:/var/lib/ldap:rw
+      - ldap-server-config:/etc/ldap/slapd.d:rw
+
+    command:
+      - "--copy-service"  # do not modify bootstrap file
+
+    restart: unless-stopped
+
+  ldap-passwd-webui:
+    build: ./ldap-passwd-webui
+
+    environment:
+      - LDAP_BIND_DN=cn=${LDAP_READONLY_USER_USERNAME},dc=company,dc=local
+      - LDAP_BIND_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
+    volumes:
+      - ./config/ldap-passwd-settings.ini:/opt/ldap-passwd-webui/settings.ini:ro
+
+    restart: unless-stopped
+
+volumes:
+  ldap-server-db:
+  ldap-server-config:
diff --git a/wg-server/docker-compose.yml b/wg-server/docker-compose.yml
new file mode 100644
index 0000000..0b81114
--- /dev/null
+++ b/wg-server/docker-compose.yml
@@ -0,0 +1,47 @@
+services:
+  wg-server:
+    build: ./wg-portal
+
+    cap_add:
+      - NET_ADMIN
+    network_mode: host
+
+    volumes:
+      - ./initial_config:/initial_config:ro
+      - wg-server-ui-data:/app/data:rw
+
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
+    environment:
+      # Listen settings
+      - LISTENING_ADDRESS=host.docker.internal:8123
+      # WireGuard Settings
+      - WG_DEVICES=wg-server
+      - WG_DEFAULT_DEVICE=wg-server
+
+      - CREATE_DEFAULT_PEER=true
+      - DEFAULT_PEER_NAMES=PC,Server,Laptop,Mobile,Tablet
+      # Core Settings
+      - EXTERNAL_URL=https://vpn.company.com
+      - WEBSITE_TITLE=WireGuard VPN
+      - COMPANY_NAME=Your Company Name
+      - ADMIN_USER=${WG_ADMIN_USER}
+      - ADMIN_PASS=${WG_ADMIN_PASSWORD}
+      # LDAP Settings
+      - LDAP_ENABLED=true
+      - LDAP_URL=ldap://127.0.0.1:389
+      - LDAP_STARTTLS=false
+
+      - LDAP_USER=cn=${LDAP_READONLY_USER_USERNAME},dc=company,dc=local
+      - LDAP_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
+
+      - LDAP_BASEDN=dc=company,dc=local
+      - LDAP_ADMIN_GROUP=cn=admins,ou=groups,dc=company,dc=local
+      - LDAP_LOGIN_FILTER=(&(objectClass=organizationalPerson)(|(uid={{login_identifier}})(mail={{login_identifier}})))
+      - LDAP_SYNC_FILTER=(&(objectClass=organizationalPerson)(uid=*))
+
+    restart: unless-stopped
+
+volumes:
+  wg-server-ui-data:
diff --git a/wiki/docker-compose.yml b/wiki/docker-compose.yml
new file mode 100644
index 0000000..595b4a2
--- /dev/null
+++ b/wiki/docker-compose.yml
@@ -0,0 +1,30 @@
+services:
+  # db
+  wiki-db:
+    image: postgres:14-alpine
+    environment:
+      POSTGRES_DB: ${WIKI_DB_USER}
+      POSTGRES_USER: ${WIKI_DB_USER}
+      POSTGRES_PASSWORD: ${WIKI_DB_PASSWORD}
+
+    restart: unless-stopped
+
+    volumes:
+      - wiki-db-data:/var/lib/postgresql/data
+
+  # server
+  wiki-server:
+    image: requarks/wiki:2
+
+    environment:
+      DB_TYPE: postgres
+      DB_HOST: wiki-db
+      DB_PORT: 5432
+      DB_USER: ${WIKI_DB_USER}
+      DB_NAME: ${WIKI_DB_USER}
+      DB_PASS: ${WIKI_DB_PASSWORD}
+
+    restart: unless-stopped
+
+volumes:
+  wiki-db-data: