diff --git a/.gitignore b/.gitignore
index 03bc8e9..41c75b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,9 @@
-# Secrets
+cat > .gitignore <<'EOF'
+# secrets
 .env
 *.env
 
-# App data / volumes
+# volumes / app data
 **/db/
 **/db_data/
 **/postgres_data/
@@ -11,10 +12,10 @@
 **/html/
 **/wp_data/
 **/n8n_data/
-**/vaultwarden-data/
 **/logs/
 
-# OS/Editor
+# editor / os
 .DS_Store
 .idea/
 .vscode/
+EOF
diff --git a/stacks/gitea/docker-compose.yml b/stacks/gitea/docker-compose.yml
new file mode 100644
index 0000000..71a05be
--- /dev/null
+++ b/stacks/gitea/docker-compose.yml
@@ -0,0 +1,33 @@
+services:
+  db:
+    image: postgres:16
+    container_name: gitea-db
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: gitea
+      POSTGRES_USER: gitea
+      POSTGRES_PASSWORD: zbr#1efs0ks%SdHy*7pZ
+    volumes:
+      - ./db:/var/lib/postgresql/data
+
+  gitea:
+    image: gitea/gitea:1.22
+    container_name: gitea
+    restart: unless-stopped
+    depends_on:
+      - db
+    ports:
+      - "127.0.0.1:3002:3000"
+    environment:
+      GITEA__database__DB_TYPE: postgres
+      GITEA__database__HOST: db:5432
+      GITEA__database__NAME: gitea
+      GITEA__database__USER: gitea
+      GITEA__database__PASSWD: zbr#1efs0ks%SdHy*7pZ
+
+      GITEA__server__DOMAIN: git.bartschatten.de
+      GITEA__server__ROOT_URL: https://git.bartschatten.de/
+      GITEA__server__HTTP_PORT: 3000
+      GITEA__server__PROTOCOL: http
+    volumes:
+      - ./data:/data
diff --git a/stacks/n8n/.env.example b/stacks/n8n/.env.example
new file mode 100644
index 0000000..9a80a17
--- /dev/null
+++ b/stacks/n8n/.env.example
@@ -0,0 +1,12 @@
+N8N_BASIC_AUTH_USER=mfredrich
+N8N_BASIC_AUTH_PASSWORD=CHANGEME
+N8N_HOST=automation.bartschatten.de
+N8N_PORT=5678
+N8N_PROTOCOL=https
+WEBHOOK_URL=https://automation.bartschatten.de/
+N8N_EDITOR_BASE_URL=https://automation.bartschatten.de/
+GENERIC_TIMEZONE=Europe/Berlin
+
+DB_POSTGRESDB_DATABASE=n8n
+DB_POSTGRESDB_USER=n8n
+DB_POSTGRESDB_PASSWORD=CHANGEME
diff --git a/stacks/n8n/docker-compose.yml b/stacks/n8n/docker-compose.yml
new file mode 100644
index 0000000..3e01c12
--- /dev/null
+++ b/stacks/n8n/docker-compose.yml
@@ -0,0 +1,36 @@
+services:
+  db:
+    image: postgres:16
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${DB_POSTGRESDB_DATABASE}
+      POSTGRES_USER: ${DB_POSTGRESDB_USER}
+      POSTGRES_PASSWORD: ${DB_POSTGRESDB_PASSWORD}
+    volumes:
+      - ./postgres_data:/var/lib/postgresql/data
+
+  n8n:
+    image: n8nio/n8n:latest
+    restart: unless-stopped
+    depends_on:
+      - db
+    ports:
+      - "127.0.0.1:5678:5678"
+    environment:
+      - N8N_BASIC_AUTH_ACTIVE=true
+      - N8N_BASIC_AUTH_USER=${N8N_BASIC_AUTH_USER}
+      - N8N_BASIC_AUTH_PASSWORD=${N8N_BASIC_AUTH_PASSWORD}
+      - N8N_HOST=${N8N_HOST}
+      - N8N_PORT=${N8N_PORT}
+      - N8N_PROTOCOL=${N8N_PROTOCOL}
+      - WEBHOOK_URL=${WEBHOOK_URL}
+      - GENERIC_TIMEZONE=${GENERIC_TIMEZONE}
+      - N8N_SECURE_COOKIE=false
+      - DB_TYPE=postgresdb
+      - DB_POSTGRESDB_HOST=db
+      - DB_POSTGRESDB_PORT=5432
+      - DB_POSTGRESDB_DATABASE=${DB_POSTGRESDB_DATABASE}
+      - DB_POSTGRESDB_USER=${DB_POSTGRESDB_USER}
+      - DB_POSTGRESDB_PASSWORD=${DB_POSTGRESDB_PASSWORD}
+    volumes:
+      - ./n8n_data:/home/node/.n8n
diff --git a/stacks/nextcloud/.env.example b/stacks/nextcloud/.env.example
new file mode 100644
index 0000000..1bfbfa9
--- /dev/null
+++ b/stacks/nextcloud/.env.example
@@ -0,0 +1,4 @@
+MYSQL_DATABASE=nextcloud
+MYSQL_USER=nextclouduser
+MYSQL_PASSWORD=CHANGEME
+MYSQL_ROOT_PASSWORD=CHANGEME
diff --git a/stacks/nextcloud/docker-compose.yml b/stacks/nextcloud/docker-compose.yml
new file mode 100644
index 0000000..8239972
--- /dev/null
+++ b/stacks/nextcloud/docker-compose.yml
@@ -0,0 +1,59 @@
+services:
+  db:
+    image: mariadb:11
+    container_name: nextcloud-db
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    restart: unless-stopped
+    environment:
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+    volumes:
+      - ./db:/var/lib/mysql
+    healthcheck:
+      test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -u$$MYSQL_USER -p$$MYSQL_PASSWORD || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+
+  redis:
+    image: redis:7-alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    command: redis-server --save 60 1 --loglevel warning
+    volumes:
+      - ./redis:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 3s
+      retries: 10
+
+  app:
+    image: nextcloud:apache
+    container_name: nextcloud-app
+    restart: unless-stopped
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    ports:
+      - "127.0.0.1:8080:80"
+    environment:
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      MYSQL_HOST: db
+      REDIS_HOST: redis
+      # optional, aber oft hilfreich hinter Reverse Proxy:
+      TRUSTED_PROXIES: 127.0.0.1
+      # OVERWRITEPROTOCOL: https
+    volumes:
+      - ./html:/var/www/html
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsS http://127.0.0.1/status.php | grep -q 'installed'"]
+      interval: 30s
+      timeout: 5s
+      retries: 10
diff --git a/stacks/portainer/docker-compose.yml b/stacks/portainer/docker-compose.yml
new file mode 100644
index 0000000..f1e2b35
--- /dev/null
+++ b/stacks/portainer/docker-compose.yml
@@ -0,0 +1,10 @@
+services:
+  portainer:
+    image: portainer/portainer-ce:latest
+    container_name: portainer
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:9000:9000"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./data:/data
diff --git a/stacks/uptime-kuma/docker-compose.yml b/stacks/uptime-kuma/docker-compose.yml
new file mode 100644
index 0000000..0b9cfbe
--- /dev/null
+++ b/stacks/uptime-kuma/docker-compose.yml
@@ -0,0 +1,9 @@
+services:
+  uptime-kuma:
+    image: louislam/uptime-kuma:1
+    container_name: uptime-kuma
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:3001:3001"
+    volumes:
+      - ./data:/app/data
diff --git a/stacks/vaultwarden/.env.example b/stacks/vaultwarden/.env.example
new file mode 100644
index 0000000..fedc180
--- /dev/null
+++ b/stacks/vaultwarden/.env.example
@@ -0,0 +1,8 @@
+# Externer Domainname (so wie du ihn später im Browser aufrufst)
+BW_DOMAIN=https://bitwarden.bartschatten.de
+
+# Admin-Panel aktivieren (starker Token!)
+BW_ADMIN_TOKEN='CHANGEME'
+
+# Optional: Registrierung erlauben oder nicht
+BW_SIGNUPS_ALLOWED=false
diff --git a/stacks/vaultwarden/docker-compose.yml b/stacks/vaultwarden/docker-compose.yml
new file mode 100644
index 0000000..4c8b8e1
--- /dev/null
+++ b/stacks/vaultwarden/docker-compose.yml
@@ -0,0 +1,20 @@
+services:
+  bitwarden:
+    image: vaultwarden/server:latest
+    container_name: bitwarden
+    restart: always
+    env_file:
+      - .env
+    environment:
+      # Domain / URL
+      - DOMAIN=${BW_DOMAIN}
+      # Websockets für bessere Sync-Performance
+      - WEBSOCKET_ENABLED=true
+      # Registrierung erlauben oder verbieten
+      - SIGNUPS_ALLOWED=${BW_SIGNUPS_ALLOWED}
+      # Admin-Panel
+      - ADMIN_TOKEN=${BW_ADMIN_TOKEN}
+    volumes:
+      - ./data:/data
+    ports:
+      - "127.0.0.1:8888:80"
diff --git a/stacks/wordpress/.env.example b/stacks/wordpress/.env.example
new file mode 100644
index 0000000..51df90f
--- /dev/null
+++ b/stacks/wordpress/.env.example
@@ -0,0 +1,8 @@
+WP_DB_NAME=wordpress
+WP_DB_USER=wpuser
+WP_DB_PASSWORD=CHANGEME
+WP_DB_ROOT_PASSWORD=CHANGEME
+
+WP_PORT=8085
+
+WP_URL=https://www.bartschatten.de
diff --git a/stacks/wordpress/docker-compose.yml b/stacks/wordpress/docker-compose.yml
new file mode 100644
index 0000000..cd63602
--- /dev/null
+++ b/stacks/wordpress/docker-compose.yml
@@ -0,0 +1,40 @@
+services:
+  db:
+    image: mariadb:11
+    container_name: wordpress-db
+    restart: unless-stopped
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    environment:
+      MYSQL_DATABASE: ${WP_DB_NAME}
+      MYSQL_USER: ${WP_DB_USER}
+      MYSQL_PASSWORD: ${WP_DB_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${WP_DB_ROOT_PASSWORD}
+    volumes:
+      - ./db_data:/var/lib/mysql
+    healthcheck:
+      test: ["CMD-SHELL", "mariadb-admin ping -h 127.0.0.1 -u$$MYSQL_USER -p$$MYSQL_PASSWORD || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+
+  wordpress:
+    image: wordpress:php8.2-apache
+    container_name: wordpress-app
+    restart: unless-stopped
+    depends_on:
+      db:
+        condition: service_healthy
+    ports:
+      - "127.0.0.1:${WP_PORT}:80"
+    environment:
+      WORDPRESS_DB_HOST: db:3306
+      WORDPRESS_DB_NAME: ${WP_DB_NAME}
+      WORDPRESS_DB_USER: ${WP_DB_USER}
+      WORDPRESS_DB_PASSWORD: ${WP_DB_PASSWORD}
+    volumes:
+      - ./wp_data:/var/www/html
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsS http://127.0.0.1/wp-login.php >/dev/null || exit 1"]
+      interval: 30s
+      timeout: 5s
+      retries: 10