diff --git a/.idea/.gitignore b/.idea/.gitignore
new file mode 100644
index 0000000..30cf57e
--- /dev/null
+++ b/.idea/.gitignore
@@ -0,0 +1,10 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Ignored default folder with query files
+/queries/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
diff --git a/.idea/homelab.iml b/.idea/homelab.iml
new file mode 100644
index 0000000..d6ebd48
--- /dev/null
+++ b/.idea/homelab.iml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..a20905f
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager" version="2" project-jdk-name="25" project-jdk-type="JavaSDK">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..c5ebe51
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/homelab.iml" filepath="$PROJECT_DIR$/.idea/homelab.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..35eb1dd
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/stacks/mattermost/docker-compose.yaml b/stacks/mattermost/docker-compose.yaml
new file mode 100644
index 0000000..298b8b7
--- /dev/null
+++ b/stacks/mattermost/docker-compose.yaml
@@ -0,0 +1,66 @@
+services:
+  app:
+    image: mattermost/mattermost-enterprise-edition:11.5.1@sha256:816d2fe91fd3e605fd8cc4d1756974da496acc8735528f81203554d7563e9f9e
+    container_name: mattermost
+    restart: unless-stopped
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        export MM_SQLSETTINGS_DATASOURCE="postgres://mattermost:$$(cat /run/secrets/mattermost_postgres_password)@postgres:5432/mattermost?sslmode=disable"
+        export MM_OPENIDCONNECTSETTINGS_SECRET="$$(cat /run/secrets/mattermost_oidc_secret)"
+        exec /entrypoint.sh mattermost
+    environment:
+      MM_SQLSETTINGS_DRIVERNAME: postgres
+      MM_BLEVESETTINGS_INDEXDIR: /mattermost/bleve-indexes
+      MM_OPENIDCONNECTSETTINGS_ENABLE: "true"
+      MM_OPENIDCONNECTSETTINGS_ID: ${MATTERMOST_OIDC_CLIENT_ID}
+      MM_OPENIDCONNECTSETTINGS_DISCOVERYENDPOINT: ${MATTERMOST_OIDC_DISCOVERY_URL}
+      MM_OPENIDCONNECTSETTINGS_BUTTONTEXT: Login with Authentik
+      MM_EMAILSETTINGS_ENABLESIGNINWITHEMAIL: "false"
+    volumes:
+      - mattermost_data:/mattermost/data
+      - mattermost_logs:/mattermost/logs
+      - mattermost_config:/mattermost/config
+      - mattermost_plugins:/mattermost/plugins
+      - mattermost_client_plugins:/mattermost/client/plugins
+      - mattermost_bleve:/mattermost/bleve-indexes
+    networks:
+      - homelab_apps
+      - homelab_db
+    secrets:
+      - mattermost_postgres_password
+      - mattermost_oidc_secret
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=homelab_apps
+      - traefik.http.routers.mattermost.rule=Host(`${MATTERMOST_DOMAIN}`)
+      - traefik.http.routers.mattermost.entrypoints=websecure
+      - traefik.http.routers.mattermost.tls=true
+      - traefik.http.routers.mattermost.tls.certresolver=le
+      - traefik.http.services.mattermost.loadbalancer.server.port=8065
+
+volumes:
+  mattermost_data:
+    driver: local
+  mattermost_logs:
+    driver: local
+  mattermost_config:
+    driver: local
+  mattermost_plugins:
+    driver: local
+  mattermost_client_plugins:
+    driver: local
+  mattermost_bleve:
+    driver: local
+
+networks:
+  homelab_apps:
+    external: true
+  homelab_db:
+    external: true
+
+secrets:
+  mattermost_postgres_password:
+    environment: MATTERMOST_POSTGRES_PASSWORD
+  mattermost_oidc_secret:
+    environment: MATTERMOST_OIDC_CLIENT_SECRET
diff --git a/stacks/postgres/docker-compose.yaml b/stacks/postgres/docker-compose.yaml
index 9ae1aef..de6d087 100644
--- a/stacks/postgres/docker-compose.yaml
+++ b/stacks/postgres/docker-compose.yaml
@@ -16,6 +16,7 @@ services:
       - postgres_password
       - authentik_postgres_password
       - gitea_postgres_password
+      - mattermost_postgres_password
     healthcheck:
       interval: 30s
       retries: 5
@@ -40,3 +41,5 @@ secrets:
     environment: AUTHENTIK_POSTGRES_PASSWORD
   gitea_postgres_password:
     environment: GITEA_POSTGRES_PASSWORD
+  mattermost_postgres_password:
+    environment: MATTERMOST_POSTGRES_PASSWORD