diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..a609fef
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,2 @@
+DOMAIN=
+ADMIN_TOKEN=
diff --git a/.gitinore b/.gitignore
similarity index 100%
rename from .gitinore
rename to .gitignore
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..09870c8
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,36 @@
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    restart: unless-stopped
+    environment:
+      - DOMAIN=${DOMAIN}
+      - SIGNUPS_ALLOWED=false
+      - ADMIN_TOKEN=${ADMIN_TOKEN}
+      - WEBSOCKET_ENABLED=true
+      # Limite de tentatives de connexion
+      - LOGIN_RATELIMIT_MAX_BURST=10
+      - LOGIN_RATELIMIT_SECONDS=60
+      # Limite d'envoi d'emails (récupération mot de passe)
+      - EMAIL_ATTEMPTS_LIMIT=3
+      - EMAIL_EXPIRATION_TIME=600
+      # Timeout de session
+      - EXTENDED_LOGGING=true
+
+      # Notifications
+      - SENDS_ALLOWED=true
+      # - EMERGENCY_ACCESS_ALLOWED=true
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ntfy.rule=Host(`${DOMAIN}`)"
+      - "traefik.http.routers.ntfy.entrypoints=websecure"
+      - "traefik.http.routers.ntfy.tls=true"
+      - "traefik.http.routers.ntfy.tls.certresolver=letsencrypt"
+      - "traefik.http.services.ntfy.loadbalancer.server.port=80"
+    volumes:
+      - ./data:/data
+    networks:
+      - traefik-net
+networks:
+  traefik-net:
+    external: true