diff --git a/config/ansible/tasks/servers/server.yml b/config/ansible/tasks/servers/server.yml
index bc9f7de..1f314b0 100644
--- a/config/ansible/tasks/servers/server.yml
+++ b/config/ansible/tasks/servers/server.yml
@@ -22,6 +22,7 @@
     - name: Include services tasks
       ansible.builtin.include_tasks: services/services.yml
       vars:
+        caddy_enabled: true
         hoarder_enabled: true
         golink_enabled: true
         immich_enabled: false
diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
new file mode 100644
index 0000000..65457f9
--- /dev/null
+++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2
@@ -0,0 +1,4 @@
+hoarder.mvl.sh {
+    reverse_proxy hoarder:{{ hoarder_port }}
+    tls {{ caddy_email }}
+}
diff --git a/config/ansible/tasks/servers/services/caddy/caddy.yml b/config/ansible/tasks/servers/services/caddy/caddy.yml
new file mode 100644
index 0000000..7565462
--- /dev/null
+++ b/config/ansible/tasks/servers/services/caddy/caddy.yml
@@ -0,0 +1,40 @@
+- name: Deploy Caddy service
+  block:
+    - name: Set Caddy directories
+      ansible.builtin.set_fact:
+        caddy_service_dir: "{{ ansible_env.HOME }}/services/caddy"
+        caddy_data_dir: "/mnt/services/caddy"
+        caddy_email: "{{ lookup('community.general.onepassword', 'qwvcr4cuumhqh3mschv57xdqka', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='email') }}"
+        hoarder_port: 3500
+
+    - name: Create Caddy directory
+      ansible.builtin.file:
+        path: "{{ caddy_service_dir }}"
+        state: directory
+        mode: "0755"
+
+    - name: Create Caddy network
+      ansible.builtin.command: docker network create caddy_default
+      register: create_caddy_network
+      failed_when:
+        - create_caddy_network.rc != 0
+        - "'already exists' not in create_caddy_network.stderr"
+      changed_when: create_caddy_network.rc == 0
+
+    - name: Deploy Caddy docker-compose.yml
+      ansible.builtin.template:
+        src: docker-compose.yml.j2
+        dest: "{{ caddy_service_dir }}/docker-compose.yml"
+        mode: "0644"
+      register: caddy_compose
+
+    - name: Deploy Caddy Caddyfile
+      ansible.builtin.template:
+        src: Caddyfile.j2
+        dest: "{{ caddy_service_dir }}/Caddyfile"
+        mode: "0644"
+      register: caddy_file
+
+    - name: Start Caddy service
+      ansible.builtin.command: docker compose -f "{{ caddy_service_dir }}/docker-compose.yml" up -d
+      when: caddy_compose.changed or caddy_file.changed
diff --git a/config/ansible/tasks/servers/services/caddy/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/caddy/docker-compose.yml.j2
new file mode 100644
index 0000000..6bbdb53
--- /dev/null
+++ b/config/ansible/tasks/servers/services/caddy/docker-compose.yml.j2
@@ -0,0 +1,16 @@
+services:
+  caddy:
+    image: caddy:2.9.1-alpine
+    container_name: caddy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - {{caddy_data_dir}}/data:/data
+      - {{caddy_data_dir}}/config:/config
+    environment:
+      - TZ=Europe/Amsterdam
+      - PUID=1000
+      - PGID=100
diff --git a/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2
index 2f48862..38e8d26 100644
--- a/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/hoarder/docker-compose.yml.j2
@@ -8,6 +8,9 @@ services:
       - 3500:3000
     env_file:
       - .env
+    networks:
+      - hoarder
+      - caddy_network
 
   chrome:
     image: zenika/alpine-chrome:124
@@ -19,6 +22,8 @@ services:
       - --remote-debugging-address=0.0.0.0
       - --remote-debugging-port=9222
       - --hide-scrollbars
+    networks:
+      - hoarder
 
   meilisearch:
     image: getmeili/meilisearch:v1.11.1
@@ -27,4 +32,11 @@ services:
       - .env
     volumes:
       - {{ hoarder_data_dir }}/meilisearch:/meili_data
+    networks:
+      - hoarder
 
+networks:
+  hoarder:
+  caddy_network:
+    external: true
+    name: caddy_default
diff --git a/config/ansible/tasks/servers/services/hoarder/dotenv.j2 b/config/ansible/tasks/servers/services/hoarder/dotenv.j2
index 7e2cd46..8e4075e 100644
--- a/config/ansible/tasks/servers/services/hoarder/dotenv.j2
+++ b/config/ansible/tasks/servers/services/hoarder/dotenv.j2
@@ -7,6 +7,10 @@ NEXTAUTH_URL=http://localhost:3000
 
 DATA_DIR=/data
 
+TZ=Europe/Amsterdam
+PUID=1000
+PGID=100
+
 NEXTAUTH_SECRET="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='NEXTAUTH_SECRET') }}"
 MEILI_MASTER_KEY="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='MEILI_MASTER_KEY') }}"
 OPENAI_API_KEY="{{ lookup('community.general.onepassword', 'osnzlfidxonvetmomdgn7vxu5a', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='OPENAI_API_KEY') }}"
diff --git a/config/ansible/tasks/servers/services/immich/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/immich/docker-compose.yml.j2
index 82a31fe..4ef50d4 100644
--- a/config/ansible/tasks/servers/services/immich/docker-compose.yml.j2
+++ b/config/ansible/tasks/servers/services/immich/docker-compose.yml.j2
@@ -13,11 +13,15 @@ services:
       - redis
       - database
     environment:
+      - TZ=Europe/Amsterdam
       - PUID=1000
-      - PGID=1000
+      - PGID=100
     restart: unless-stopped
     healthcheck:
       disable: false
+    networks:
+      - immich
+      - caddy_network
 
   machine-learning:
     image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
@@ -28,6 +32,8 @@ services:
     restart: unless-stopped
     healthcheck:
       disable: false
+    networks:
+      - immich
 
   redis:
     container_name: immich_redis
@@ -35,6 +41,8 @@ services:
     healthcheck:
       test: redis-cli ping || exit 1
     restart: unless-stopped
+    networks:
+      - immich
 
   database:
     container_name: immich_postgres
@@ -71,6 +79,14 @@ services:
         'wal_compression=on',
       ]
     restart: unless-stopped
+    networks:
+      - immich
 
 volumes:
   model-cache:
+
+networks:
+  immich:
+  caddy_network:
+    external: true
+    name: caddy_default
diff --git a/config/ansible/tasks/servers/services/services.yml b/config/ansible/tasks/servers/services/services.yml
index 8868159..2cde176 100644
--- a/config/ansible/tasks/servers/services/services.yml
+++ b/config/ansible/tasks/servers/services/services.yml
@@ -1,5 +1,8 @@
 - name: Deploy docker services
   block:
+    - name: Include caddy tasks
+      ansible.builtin.include_tasks: caddy/caddy.yml
+      when: caddy_enabled|bool
     - name: Include golink tasks
       ansible.builtin.include_tasks: golink/golink.yml
       when: golink_enabled|bool