diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix
index d39c59b..5cfcc9a 100755
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@@ -29,6 +29,8 @@
     ./containers/navidrome
     ./containers/conduwuit
     ./containers/zond
+    ./containers/authentik
+    ./containers/outline-wiki
     ./containers/teisu.nix
     ./containers/bots/pcre-sub-bot.nix
     ./containers/bots/channel-logger-bot.nix
diff --git a/hosts/koi/containers/outline-wiki/default.nix b/hosts/koi/containers/outline-wiki/default.nix
new file mode 100644
index 0000000..6fb5f5b
--- /dev/null
+++ b/hosts/koi/containers/outline-wiki/default.nix
@@ -0,0 +1,85 @@
+{ abs, pkgs, config, ... }@inputs:
+
+let 
+  secrets = import (abs "lib/secrets.nix");
+  trivial = import (abs "lib/trivial.nix") inputs;
+
+  UID = 1111;
+  context = trivial.storeDirectory ./image;
+in {
+  imports = [
+    (secrets.declare [{
+      name = "outline-wiki-env";
+      owner = "outline-wiki";
+    }])
+  ];
+
+  users.users.outline-wiki = {
+    isNormalUser = true;
+    uid = UID;
+  };
+
+  services.postgresql.ensureUsers = [
+    { name = "outline-wiki"; ensureDBOwnership = true; }
+  ];
+  services.postgresql.ensureDatabases = [ "outline-wiki" ];
+  desu.postgresql.ensurePasswords.outline-wiki = "outline-wiki";
+
+  virtualisation.oci-containers.containers.outline-wiki-redis = {
+    image = "docker.io/redis:7.0-alpine";
+    volumes = [
+      "/srv/outline-wiki/redis:/data"
+    ];
+    user = builtins.toString UID;
+  };
+
+  systemd.services.docker-outline-wiki.serviceConfig.ExecStartPre = [
+    (pkgs.writeShellScript "build-outline-wiki" ''
+      docker build -t local/outline-wiki ${context}
+    '')
+  ];
+  virtualisation.oci-containers.containers.outline-wiki = {
+    dependsOn = [ "outline-wiki-redis" ];
+    image = "local/outline-wiki";
+    volumes = [
+      "/srv/outline-wiki/media:/var/lib/outline/data"
+    ];
+    environment = {
+      NODE_ENV = "production";
+      PORT = "80";
+      DATABASE_URL = "postgres://outline-wiki:outline-wiki@172.17.0.1:5432/outline-wiki";
+      PGSSLMODE = "disable";
+      REDIS_URL = "redis://outline-wiki-redis.docker:6379";
+      URL = "https://lore.stupid.fish";
+      COLLABORATION_URL = "https://lore.stupid.fish";
+      FILE_STORAGE = "local";
+      FILE_STORAGE_LOCAL_ROOT_DIR = "/var/lib/outline/data";
+      FILE_STORAGE_UPLOAD_MAX_SIZE = "262144000";
+      ENABLE_UPDATES = "false";
+      WEB_CONCURRENCY = "1";
+      LOG_LEVEL = "info";
+      # fake license key
+      LICENSE_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjYXRnaXJscyA6MyIsImV4cCI6MTc5ODc1MDgwMCwiY3VzdG9tZXJJZCI6ImNhdGdpcmxzIDozIiwic2VhdENvdW50Ijo5OTk5OTksImlzVHJpYWwiOmZhbHNlLCJpYXQiOjE3MjY0ODg2MDV9.msuM1RpFYcEpD1FMfO55PZ6-DRn1q0EIu1zjAz-oHI8";
+    };
+    environmentFiles = [
+      # oidc related config + SECRET_KEY, UTILS_SECRET
+      (secrets.file config "outline-wiki-env")
+    ];
+    user = builtins.toString UID;
+  };
+  systemd.services.docker-outline-wiki.after = [ "postgresql.service" ];
+
+  systemd.tmpfiles.rules = [
+    "d /srv/outline-wiki 0777 root root -"
+  ];
+
+  services.nginx.virtualHosts."lore.stupid.fish" = {
+    forceSSL = true;
+    useACMEHost = "stupid.fish";
+
+    locations."/" = {
+      proxyPass = "http://outline-wiki.docker$request_uri";
+      proxyWebsockets = true;
+    };
+  };
+}
\ No newline at end of file
diff --git a/hosts/koi/containers/outline-wiki/image/Dockerfile b/hosts/koi/containers/outline-wiki/image/Dockerfile
new file mode 100644
index 0000000..906f342
--- /dev/null
+++ b/hosts/koi/containers/outline-wiki/image/Dockerfile
@@ -0,0 +1,8 @@
+FROM outlinewiki/outline-enterprise:0.79.1
+
+USER root
+RUN apt-get update && apt-get install -y patch
+USER nodejs
+
+COPY license.patch /license.patch
+RUN patch /opt/outline/build/server/utils/LicenseHelper.js < /license.patch
\ No newline at end of file
diff --git a/hosts/koi/containers/outline-wiki/image/license.patch b/hosts/koi/containers/outline-wiki/image/license.patch
new file mode 100644
index 0000000..0c43fe2
--- /dev/null
+++ b/hosts/koi/containers/outline-wiki/image/license.patch
@@ -0,0 +1,6 @@
+22,24c22
+<       const decoded = _jsonwebtoken.default.verify(process.env.LICENSE_KEY || "", this.publicKey, {
+<         ignoreExpiration: true
+<       });
+---
+>       const decoded = _jsonwebtoken.default.decode(process.env.LICENSE_KEY || "");
diff --git a/secrets/outline-wiki-env.age b/secrets/outline-wiki-env.age
new file mode 100644
index 0000000..9fee747
Binary files /dev/null and b/secrets/outline-wiki-env.age differ