diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..3587265
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,38 @@
+---
+kind: pipeline
+name: deploy to swarm-test.autonomic.zone
+steps:
+  - name: deployment
+    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    settings:
+      host: swarm-test.autonomic.zone
+      stack: {{ .Name }}
+      generate_secrets: true
+      purge: true
+      deploy_key:
+        from_secret: drone_ssh_swarm_test
+      networks:
+        - proxy
+    environment:
+      DOMAIN: {{ .Name }}.swarm-test.autonomic.zone
+      STACK_NAME: {{ .Name }}
+      LETS_ENCRYPT_ENV: production
+trigger:
+  branch:
+    - main
+---
+kind: pipeline
+name: generate recipe catalogue
+steps:
+  - name: release a new version
+    image: plugins/downstream
+    settings:
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag
diff --git a/.env.sample b/.env.sample
new file mode 100644
index 0000000..d5b21d6
--- /dev/null
+++ b/.env.sample
@@ -0,0 +1,37 @@
+TYPE=engelsystem
+COMPOSE_FILE="compose.yml"
+
+DOMAIN=engelsystem.example.com
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.engelsystem.example.com`'
+
+LETS_ENCRYPT_ENV=production
+
+DB_PASSWORD_VERSION=v1
+DB_ROOT_PASSWORD_VERSION=v1
+SMTP_PASSWORD_VERSION=v1
+ADMIN_PASSWORD_VERSION=v1
+
+# for complete documentation check https://github.com/engelsystem/engelsystem/blob/main/config/config.default.php
+# general settings
+#DEFAULT_LOCALE=en_US
+#CONTACT_EMAIL=mail@example.com
+#THEME=1
+#GOODIE_TYPE=none
+#ENABLE_VOUCHER=false
+
+# mail setup
+#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
+#MAIL_DRIVER=smtp
+#MAIL_FROM_ADDRESS=mail@example.com
+#MAIL_FROM_NAME=orga
+#MAIL_HOST=mail.example.com
+#MAIL_PORT=587
+#MAIL_TLS=true
+#MAIL_USERNAME=user123
+
+
+
+
+
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7a6353d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.envrc
diff --git a/README.md b/README.md
index e69de29..b153e7a 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1,25 @@
+# engelsystem
+
+Shift system for volunteers at mid to large events
+
+<!-- metadata -->
+
+* **Category**: Apps
+* **Status**: 3
+* **Code**: [`Github`](https://github.com/engelsystem)
+* **Image**: [`engelsystem`](https://chaos.expert/engelsystem/engelsystem/container_registry), 4, upstream
+* **Healthcheck**: No
+* **Backups**: Yes
+* **Email**: Yes
+* **Tests**: No
+* **SSO**: No
+
+<!-- endmetadata -->
+
+## Quick start
+
+* `abra app new engelsystem --secrets`
+* `abra app config <app-name>`
+* `abra app deploy <app-name>`
+
+For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
diff --git a/abra.sh b/abra.sh
new file mode 100644
index 0000000..45f7b5a
--- /dev/null
+++ b/abra.sh
@@ -0,0 +1 @@
+export ENGELSYSTEM_ENTRYPOINT_VERSION=v1
\ No newline at end of file
diff --git a/compose.smtp.yml b/compose.smtp.yml
new file mode 100644
index 0000000..61360c3
--- /dev/null
+++ b/compose.smtp.yml
@@ -0,0 +1,21 @@
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - smtp_password
+    environment:
+      - MAIL_DRIVER
+      - MAIL_FROM_ADDRESS
+      - MAIL_FROM_NAME
+      - MAIL_HOST
+      - MAIL_PORT
+      - MAIL_TLS
+      - MAIL_USERNAME
+      - MAIL_PASSWORD
+      - MAIL_PASSWORD_FILE=/run/secrets/smtp_password
+
+secrets:
+  smtp_password:
+    name: ${STACK_NAME}_smtp_password_${SMTP_PASSWORD_VERSION}
+    external: true
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..be2e981
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,95 @@
+---
+version: "3.8"
+services:
+  app:
+    image: ${IMAGE:-docker.chaos.expert/engelsystem/engelsystem/engelsystem}
+    environment:
+      - MYSQL_HOST=db
+      - MYSQL_USER=engelsystem
+      - MYSQL_PASSWORD
+      - MYSQL_PASSWORD_FILE=/run/secrets/db_password
+      - MYSQL_DATABASE=engelsystem
+      - CONTACT_EMAIL
+      - SETUP_ADMIN_PASSWORD
+      - SETUP_ADMIN_PASSWORD_FILE=/run/secrets/admin_password
+      - THEME
+      - GOODIE_TYPE
+      - ENABLE_VOUCHER
+      - DEFAULT_LOCALE
+    networks:
+      - database
+      - proxy
+    depends_on:
+      - db
+    secrets:
+      - db_password
+      - admin_password
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "coop-cloud.${STACK_NAME}.version=0.1.0"
+        - "backupbot.backup=true"
+    configs:
+      - source: engelsystem_entrypoint
+        target: /abra-entrypoint.sh
+        mode: 0555
+    entrypoint: /abra-entrypoint.sh
+
+  db:
+    image: mariadb:11.3
+    environment:
+      MYSQL_DATABASE: engelsystem
+      MYSQL_USER: engelsystem
+      MYSQL_PASSWORD_FILE: /run/secrets/db_password
+      MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
+      MYSQL_INITDB_SKIP_TZINFO: "yes"
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - database
+    secrets:
+      - db_root_password
+      - db_password
+    deploy:
+      labels:
+        backupbot.backup: "true"
+        backupbot.backup.pre-hook: "sh -c 'mariadb-dump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" engelsystem | gzip > /var/lib/mysql/dump.sql.gz'"
+        backupbot.backup.path: "/var/lib/mysql/dump.sql.gz"
+        backupbot.backup.post-hook: "rm -f /var/lib/mysql/dump.sql.gz"
+        backupbot.restore: "true"
+        backupbot.restore.post-hook: "sh -c 'gzip -d /var/lib/mysql/dump.sql.gz && mariadb -u root -p\"$$(cat /run/secrets/db_root_password)\" engelsystem < /var/lib/mysql/dump.sql && rm -f /var/lib/mysql/dump.sql'"
+
+
+volumes:
+  db: {}
+
+secrets:
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${DB_PASSWORD_VERSION}
+  db_root_password:
+    external: true
+    name: ${STACK_NAME}_db_root_password_${DB_ROOT_PASSWORD_VERSION}
+  admin_password:
+    external: true
+    name: ${STACK_NAME}_admin_password_${ADMIN_PASSWORD_VERSION}
+
+networks:
+  database:
+  proxy:
+    external: true
+
+configs:
+  engelsystem_entrypoint:
+    name: ${STACK_NAME}_engelsystem_entrypoint_${ENGELSYSTEM_ENTRYPOINT_VERSION}
+    file: entrypoint.sh
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..297e889
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+bin/migrate up
+
+/entrypoint.sh
\ No newline at end of file