diff --git a/stacks/mealie/docker-compose.yaml b/stacks/mealie/docker-compose.yaml
new file mode 100644
index 0000000..4831877
--- /dev/null
+++ b/stacks/mealie/docker-compose.yaml
@@ -0,0 +1,48 @@
+services:
+  mealie:
+    image: ghcr.io/mealie-recipes/mealie:v3.11.0@sha256:599c5cd87449e3cfc0cc02e373c145d029bb681d5a7ce7994b51cbb2e1d9e272
+    container_name: mealie
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/Warsaw
+      - BASE_URL=https://${MEALIE_DOMAIN}
+      
+      - ALLOW_SIGNUP=false
+      - ALLOW_PASSWORD_LOGIN=false
+      - PUID=1000
+      - PGID=1000
+
+      - OIDC_AUTH_ENABLED=true
+      - OIDC_PROVIDER_NAME=Authentik
+      - OIDC_CLIENT_ID_FILE=/run/secrets/mealie_oidc_client_id
+      - OIDC_CLIENT_SECRET_FILE=/run/secrets/mealie_oidc_client_secret
+      - OIDC_CONFIGURATION_URL=https://authentik-server:9000/application/o/authentik/.well-known/openid-configuration
+      - OIDC_ADMIN_GROUP=mealie-admins
+      - OIDC_USER_GROUP=mealie-users
+      - OIDC_AUTO_REDIRECT=false
+      - OIDC_REMEMBER_ME=true
+    networks:
+      - homelab_apps
+    volumes:
+      - mealie_data:/app/data/
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.mealie.rule=Host(`${MEALIE_DOMAIN}`)"
+      - "traefik.http.routers.mealie.entrypoints=websecure"
+      - "traefik.http.routers.mealie.tls=true"
+      - "traefik.http.routers.mealie.tls.certresolver=le"
+      - "traefik.http.services.mealie.loadbalancer.server.port=9000"
+
+volumes:
+  mealie_data:
+    driver: local
+
+networks:
+  homelab_apps:
+    external: true
+
+secrets:
+  mealie_oidc_client_id:
+    environment: MEALIE_OIDC_CLIENT_ID
+  mealie_oidc_client_secret:
+    environment: MEALIE_OIDC_CLIENT_SECRET
\ No newline at end of file