diff --git a/navidrome/Caddyfile b/navidrome/Caddyfile
new file mode 100644
index 0000000..ece9648
--- /dev/null
+++ b/navidrome/Caddyfile
@@ -0,0 +1,6 @@
+https://music.lan.poldebra.me {
+        tls /cert.crt /key.key
+        reverse_proxy 172.20.0.5:4533 {
+        }
+}
+
diff --git a/navidrome/docker-compose.yml b/navidrome/docker-compose.yml
new file mode 100644
index 0000000..79806d4
--- /dev/null
+++ b/navidrome/docker-compose.yml
@@ -0,0 +1,60 @@
+services:
+  tailscale:
+    hostname: music
+    image: tailscale/tailscale:latest
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "tailscale status"]
+      interval: 1s
+      timeout: 5s
+      retries: 60
+    volumes:
+      - /srv/docker/navidrome/tailscale:/var/lib
+      - /lib/modules:/lib/modules:ro
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - net_admin
+      - sys_module
+      - net_raw
+    command: tailscaled
+    networks:
+      - internal
+
+  reverse_proxy:
+    image: caddy:alpine
+    restart: unless-stopped
+    network_mode: service:tailscale
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - /srv/docker/navidrome/certs/fullchain.pem:/cert.crt:ro
+      - /srv/docker/navidrome/certs/key.pem:/key.key:ro
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "https://music.lan.poldebra.me"]
+      interval: 5s
+      timeout: 10s
+      retries: 3
+    depends_on:
+      app:
+        condition: service_started
+      tailscale:
+        condition: service_healthy
+
+  app:
+    image: deluan/navidrome:latest
+    user: 1000:1000 # should be owner of volumes
+    hostname: app
+    container_name: navidrome
+    restart: unless-stopped
+    volumes:
+      - /srv/docker/navidrome/data:/data
+      - /opt/bak/davide/backup_poldebra_nas/:/music:ro
+    networks:
+      internal:
+        ipv4_address: 172.20.0.5
+
+networks:
+  internal:
+    ipam:
+      config:
+        - subnet: 172.20.0.0/24