diff --git a/ansible/roles/deploy_container_immich/defaults/main.yml b/ansible/roles/deploy_container_immich/defaults/main.yml
new file mode 100644
index 0000000..51611d3
--- /dev/null
+++ b/ansible/roles/deploy_container_immich/defaults/main.yml
@@ -0,0 +1,9 @@
+##########
+# Immich #
+##########
+container_immich_version: release # https://github.com/immich-app/immich/releases
+container_immich_domain: immich.heyer.systems
+container_immich_tz: Europe/Berlin
+container_immich_db_user: postgres
+container_immich_db_password: your_strong_password_here
+container_immich_db_name: immmich
\ No newline at end of file
diff --git a/ansible/roles/deploy_container_immich/files/.gitkeep b/ansible/roles/deploy_container_immich/files/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/deploy_container_immich/handlers/main.yml b/ansible/roles/deploy_container_immich/handlers/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/deploy_container_immich/meta/main.yml b/ansible/roles/deploy_container_immich/meta/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/deploy_container_immich/tasks/main.yml b/ansible/roles/deploy_container_immich/tasks/main.yml
new file mode 100644
index 0000000..d37ba72
--- /dev/null
+++ b/ansible/roles/deploy_container_immich/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_base_dir }}/data/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "library"
+    - "postgres"
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_base_dir }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_base_dir }}"
+    pull: always
+    recreate: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false
diff --git a/ansible/roles/deploy_container_immich/templates/.env.j2 b/ansible/roles/deploy_container_immich/templates/.env.j2
new file mode 100644
index 0000000..3064d5b
--- /dev/null
+++ b/ansible/roles/deploy_container_immich/templates/.env.j2
@@ -0,0 +1,6 @@
+IMMICH_VERSION={{ container_immich_version }}
+IMMICH_DOMAIN={{ container_immich_domain }}
+TZ={{ container_immich_tz }}
+DB_USERNAME={{ container_immich_db_username }}
+DB_PASSWORD={{ container_immich_db_password }}
+DB_DATABASE_NAME={{ container_immich_db_name }}
\ No newline at end of file
diff --git a/ansible/roles/deploy_container_immich/templates/docker-compose.yml.j2 b/ansible/roles/deploy_container_immich/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..92f820c
--- /dev/null
+++ b/ansible/roles/deploy_container_immich/templates/docker-compose.yml.j2
@@ -0,0 +1,82 @@
+---
+name: immich
+
+services:
+  immich-server:
+    image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release}
+    container_name: immich_server
+    networks:
+      - traefik
+      - immich
+    # extends:
+    #   file: hwaccel.transcoding.yml
+    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
+    volumes:
+      - ./data/library:/usr/src/app/upload
+      - /etc/localtime:/etc/localtime:ro
+    env_file:
+      - .env
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.immich.entrypoints=http"
+      - "traefik.http.routers.immich.rule=Host(`${IMMICH_DOMAIN}`)"
+      - "traefik.http.middlewares.immich-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.immich.middlewares=immich-https-redirect"
+      - "traefik.http.routers.immich-secure.entrypoints=https"
+      - "traefik.http.routers.immich-secure.rule=Host(`${IMMICH_DOMAIN}`)"
+      - "traefik.http.routers.immich-secure.tls=true"
+      - "traefik.http.routers.immich-secure.service=immich"
+      - "traefik.http.services.immich.loadbalancer.server.port=2283"
+    depends_on:
+      - redis
+      - database
+    restart: always
+    healthcheck:
+      disable: false
+
+  immich-machine-learning:
+    image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release}
+    container_name: immich_machine_learning
+    networks:
+      - immich
+    volumes:
+      - model-cache:/cache
+    env_file:
+      - .env
+    restart: always
+    healthcheck:
+      disable: false
+
+  redis:
+    container_name: immich_redis
+    image: docker.io/valkey/valkey:8-bookworm@sha256:ff21bc0f8194dc9c105b769aeabf9585fea6a8ed649c0781caeac5cb3c247884
+    networks:
+      - immich
+    healthcheck:
+      test: redis-cli ping || exit 1
+    restart: always
+
+  database:
+    container_name: immich_postgres
+    image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0@sha256:fa4f6e0971f454cd95fec5a9aaed2ed93d8f46725cc6bc61e0698e97dba96da1
+    networks:
+      - immich
+    environment:
+      POSTGRES_PASSWORD: ${DB_PASSWORD}
+      POSTGRES_USER: ${DB_USERNAME}
+      POSTGRES_DB: ${DB_DATABASE_NAME}
+      POSTGRES_INITDB_ARGS: '--data-checksums'
+      DB_STORAGE_TYPE: 'HDD'
+    volumes:
+      - ./data/postgres:/var/lib/postgresql/data
+    restart: always
+
+networks:
+  immich:
+    driver: bridge
+  traefik:
+    external: true
+
+volumes:
+  model-cache:
\ No newline at end of file
diff --git a/ansible/roles/deploy_container_immich/vars/main.yml b/ansible/roles/deploy_container_immich/vars/main.yml
new file mode 100644
index 0000000..9fc8de7
--- /dev/null
+++ b/ansible/roles/deploy_container_immich/vars/main.yml
@@ -0,0 +1 @@
+container_base_dir: /opt/docker/immich
\ No newline at end of file