diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..be539b2
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,43 @@
+services:
+  ntfy:
+    container_name: ntfy
+    networks:
+      - traefik-public
+    labels:
+      - "com.centurylinklabs.watchtower.monitor-only=true"
+      - "traefik.enable=true"
+      - "traefik.http.routers.immich.rule=Host(`photos.speerfam.net`)"
+      - "traefik.http.routers.immich.entrypoints=websecure"
+      - "traefik.http.routers.immich.tls.certresolver=myresolver"
+      
+      # Pulling the security rules dynamically from our file provider setup
+      - "traefik.http.routers.immich.middlewares=geoblock-policy@file,crowdsec-policy@file,secure-headers@file"
+      - "traefik.http.services.immich.loadbalancer.server.port=2283"
+
+    image: binwiederhier/ntfy
+    restart: always
+    environment:
+      NTFY_BASE_URL: https://ntfy.speerfam.net
+      NTFY_CACHE_FILE: /var/lib/ntfy/cache.db
+      NTFY_AUTH_FILE: /var/lib/ntfy/auth.db
+      NTFY_AUTH_DEFAULT_ACCESS: deny-all
+      NTFY_BEHIND_PROXY: true
+      NTFY_ATTACHMENT_CACHE_DIR: /var/lib/ntfy/attachments
+      NTFY_ENABLE_LOGIN: true
+      NTFY_UPSTREAM_BASE_URL: https://ntfy.sh
+      NTFY_WEB_PUSH_FILE: /var/lib/ntfy/webpush.db
+      NTFY_WEB_PUSH_EMAIL_ADDRESS: <email>
+      TZ: America/Chicago
+      PID: 1000
+      GID: 1000
+    volumes:
+      - /home/mattspeer/docker/ntfy:/var/lib/ntfy
+      - /home/mattspeer/docker/ntfy/cache:/var/cache/ntfy
+      - /home/mattspeer/docker/ntfy/config:/etc/ntfy
+    ports:
+      - 8085:80
+    command: serve
+
+networks:
+  traefik-public:
+    external: true
\ No newline at end of file