diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..43117d4
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,27 @@
+services:
+  monzo-api:
+    image: git.wnd.sh/n/monzo-api:v0.0.8
+    networks: [traefik-public]
+    environment:
+      - MONZO_CALLBACK_URI=https://api.wnd.sh/monzo/callback
+      - MONZO_CLIENT_ID=oauth2client_0000AtdcjWWYX35lpL2REI
+      - MONZO_CLIENT_SECRET=mnzconf.K78nqT+k2QKOlR6oSoF6CHLLSMII9SqWxg5smZfc5wgWDGH94HO1h338SEOFCH8rSy6EDKDtgFvA8qnkiQhpFA==
+    deploy:
+      labels:
+        - traefik.enable=true
+        - "traefik.http.routers.monzo-api.rule=Host(`api.wnd.sh`) && PathPrefix(`/monzo`)"
+        - traefik.http.routers.monzo-api.tls=true
+        - traefik.http.routers.monzo-api.tls.certResolver=rfc2136
+        - traefik.http.routers.monzo-api.entrypoints=websecure
+        - traefik.http.routers.monzo-api.middlewares=monzo-cors,monzo-strip-prefix
+        - traefik.http.services.monzo-api.loadbalancer.server.port=8000
+        - traefik.http.middlewares.monzo-strip-prefix.stripPrefix.prefixes=/monzo
+        - traefik.http.middlewares.monzo-cors.headers.accessControlAllowMethods=GET,OPTIONS,PUT
+        - traefik.http.middlewares.monzo-cors.headers.accessControlAllowHeaders=*
+        - traefik.http.middlewares.monzo-cors.headers.accessControlAllowOriginList=*
+        - traefik.http.middlewares.monzo-cors.headers.accessControlMaxAge=100
+        - traefik.http.middlewares.monzo-cors.headers.addVaryHeader=true
+
+networks:
+  traefik-public:
+    external: true