diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..2d6b21b
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,79 @@
+version: '3.8'
+
+services:
+  forgejo:
+    image: codeberg.org/forgejo/forgejo:7
+    container_name: forgejo
+    restart: unless-stopped
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+
+      # DB
+      - FORGEJO__database__DB_TYPE=postgres
+      - FORGEJO__database__HOST=forgejo-db:5432
+      - FORGEJO__database__NAME=forgejo
+      - FORGEJO__database__USER=forgejo
+      - FORGEJO__database__PASSWD=forgejo_password
+      - FORGEJO__service__DISABLE_REGISTRATION=true
+
+      # 🔐 LFS + JWT (needed for LFS auth)
+      - FORGEJO__server__LFS_START_SERVER=true
+      - FORGEJO__server__LFS_CONTENT_PATH=/data/lfs
+      # Generate some long random string here:
+      - FORGEJO__security__JWT_SECRET=change_me_to_a_long_random_string
+
+      # Optional: allow larger uploads through web UI (not LFS, just normal uploads)
+      - FORGEJO__repository__UPLOAD__ENABLED=true
+      - FORGEJO__repository__UPLOAD__FILE_MAX_SIZE=512  # MB, for normal uploads
+      # ✅ Correct external URL (very important for clone URLs, webhooks, etc.)
+      - FORGEJO__server__ROOT_URL=https://forgejo.rozic-dev.com/
+      # ✅ LFS: use [lfs] PATH instead of deprecated LFS_CONTENT_PATH
+      - FORGEJO__server__LFS_START_SERVER=true
+      - FORGEJO__lfs__PATH=/data/lfs
+    volumes:
+      - ./forgejo/data:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - traefik_default
+      - forgejo-internal
+    depends_on:
+      - forgejo-db
+    labels:
+      - "traefik.enable=true"
+
+     # HTTP → HTTPS redirect
+      - "traefik.http.routers.forgejo.entrypoints=web"
+      - "traefik.http.routers.forgejo.rule=Host(`forgejo.rozic-dev.com`)"
+      - "traefik.http.middlewares.forgejo-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.forgejo.middlewares=forgejo-https-redirect"
+
+      # Secure HTTPS Router
+      - "traefik.http.routers.forgejo-secure.entrypoints=websecure"
+      - "traefik.http.routers.forgejo-secure.rule=Host(`forgejo.rozic-dev.com`)"
+      - "traefik.http.routers.forgejo-secure.tls=true"
+      - "traefik.http.routers.forgejo-secure.tls.certresolver=letsencrypt"
+      # Service
+      - "traefik.http.routers.forgejo-secure.service=forgejo"
+      - "traefik.http.services.forgejo.loadbalancer.server.port=3000"
+      - "traefik.docker.network=traefik_default"
+
+  forgejo-db:
+    image: postgres:15-alpine
+    container_name: forgejo-db
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=forgejo
+      - POSTGRES_PASSWORD=forgejo_password
+      - POSTGRES_DB=forgejo
+    volumes:
+      - ./forgejo/postgres:/var/lib/postgresql/data
+    networks:
+      - forgejo-internal
+
+networks:
+  traefik_default:
+    external: true
+  forgejo-internal:
+    driver: bridge