diff --git a/authentik/.env b/authentik/.env
new file mode 100644
index 0000000..b22d0c4
--- /dev/null
+++ b/authentik/.env
@@ -0,0 +1,22 @@
+AUTHENTIK_SECRET_KEY=
+
+AUTHENTIK_EMAIL__HOST=mail.serguzim.me
+AUTHENTIK_EMAIL__PORT=587
+AUTHENTIK_EMAIL__USERNAME=auth@serguzim.me
+AUTHENTIK_EMAIL__PASSWORD=
+AUTHENTIK_EMAIL__USE_TLS=true
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__TIMEOUT=10
+AUTHENTIK_EMAIL__FROM=auth@serguzim.me
+
+AUTHENTIK_AVATARS=none
+
+AUTHENTIK_REDIS__HOST=redis
+
+AUTHENTIK_POSTGRESQL__HOST=node002.serguzim.net
+AUTHENTIK_POSTGRESQL__USER=authentik
+AUTHENTIK_POSTGRESQL__NAME=authentik
+AUTHENTIK_POSTGRESQL__PASSWORD=
+
+GEOIPUPDATE_EDITION_IDS="GeoLite2-City"
+GEOIPUPDATE_FREQUENCY="8"
diff --git a/authentik/.gitignore b/authentik/.gitignore
new file mode 100644
index 0000000..d44ce91
--- /dev/null
+++ b/authentik/.gitignore
@@ -0,0 +1,2 @@
+backups/
+certs/
diff --git a/authentik/docker-compose.yml b/authentik/docker-compose.yml
new file mode 100644
index 0000000..be881e8
--- /dev/null
+++ b/authentik/docker-compose.yml
@@ -0,0 +1,68 @@
+---
+version: '3.2'
+
+services:
+  server:
+    image: goauthentik.io/server:2022.1.3
+    restart: unless-stopped
+    command: server
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+      - geoip:/geoip
+    env_file:
+      - .env
+      - .secret.env
+    depends_on:
+      - redis
+    networks:
+      local-net:
+      services:
+        aliases:
+          - authentik
+
+  worker:
+    image: goauthentik.io/server:2022.1.3
+    restart: unless-stopped
+    command: worker
+    user: root
+    volumes:
+      - ./backups:/backups
+      - ./media:/media
+      - ./certs:/certs
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./custom-templates:/templates
+      - geoip:/geoip
+    env_file:
+      - .env
+      - .secret.env
+    depends_on:
+      - redis
+    networks:
+      local-net:
+
+  geoipupdate:
+    image: "maxmindinc/geoipupdate:latest"
+    volumes:
+      - "geoip:/usr/share/GeoIP"
+    env_file:
+      - .env
+      - .secret.env
+    depends_on:
+      - redis
+    networks:
+      local-net:
+
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    networks:
+      local-net:
+
+volumes:
+  geoip:
+
+networks:
+  local-net:
+  services:
+    external: true
diff --git a/tt-rss/docker-compose.yml b/tt-rss/docker-compose.yml
index 71514ce..7592f14 100644
--- a/tt-rss/docker-compose.yml
+++ b/tt-rss/docker-compose.yml
@@ -12,7 +12,7 @@ services:
     volumes:
       - app:/var/www/html
     networks:
-      tt-rss:
+      local-net:
         aliases:
           - tt-rss-app
 
@@ -30,7 +30,7 @@ services:
       - app
     command: /opt/tt-rss/updater.sh
     networks:
-      tt-rss:
+      local-net:
 
   web-nginx:
     image: cthulhoo/ttrss-web-nginx
@@ -43,7 +43,7 @@ services:
     depends_on:
       - app
     networks:
-      tt-rss:
+      local-net:
       services:
         aliases:
           - tt-rss
@@ -52,6 +52,6 @@ volumes:
   app:
 
 networks:
-  tt-rss:
+  local-net:
   services:
     external: true