diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..9868f40
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,36 @@
+---
+kind: pipeline
+name: sanity check
+steps:
+  - name: docker-compose up & down
+    image: docker/compose:1.25.5
+    commands:
+      - docker-compose up -d
+      - sleep 10
+      - docker-compose ps
+      - docker-compose down
+
+---
+kind: pipeline
+name: deploy to swarm.autonomic.zone
+steps:
+  - name: deployment
+    image: decentral1se/drone-stack:19.03.8-override-compose
+    settings:
+      compose: docker-compose.yml
+      host: tcp://swarm.autonomic.zone:2376
+      override_compose: docker-compose.production.yml
+      stack_name: portainer
+      tlsverify: true
+    environment:
+      PLUGIN_CACERT:
+        from_secret: docker_cacert
+      PLUGIN_CERT:
+        from_secret: docker_cert
+      PLUGIN_KEY:
+        from_secret: docker_key
+trigger:
+  branch:
+    - master
+depends_on:
+  - sanity check
diff --git a/Makefile b/Makefile
deleted file mode 100644
index 1e2b734..0000000
--- a/Makefile
+++ /dev/null
@@ -1,19 +0,0 @@
-STACK        := portainer
-COMPOSE_FILE := docker-compose.yml
-NETWORK      := proxy
-
-default: deploy
-
-deploy:
-	@docker stack deploy -c $(COMPOSE_FILE) $(STACK)
-
-down:
-	@docker stack rm $(STACK)
-
-network:
-	@docker network create --driver=overlay $(NETWORK)
-
-logs:
-	@docker service logs -f $(STACK)_$(STACK)
-
-.PHONY: deploy
diff --git a/README.md b/README.md
index 880e5f2..35c24d7 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,23 @@
 # portainer
 
 > https://portainer.readthedocs.io
+
+> https://portainer.swarm.autonomic.zone
+
+## Development
+
+```bash
+$ git clone https://git.autonomic.zone/autonomic-cooperative/portainer && cd portainer
+$ python3 -m venv .venv && source .venv/bin/activate
+$ pip install -U pip setuptools docker-compose
+$ docker-compose up
+```
+
+Portainer dashboard
+
+> http://localhost:9000
+
+## Production
+
+1. Our [drone.autonomic.zone](https://drone.autonomic.zone/autonomic-cooperative/portainer/) configuration automatically deploys.
+1. For a manual deploy guide, see [this documentation](https://git.autonomic.zone/autonomic-cooperative/organising/wiki/working-with-docker-swarm).
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
new file mode 100644
index 0000000..cce1526
--- /dev/null
+++ b/docker-compose.override.yml
@@ -0,0 +1,7 @@
+---
+version: "3.7"
+
+services:
+  portainer:
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
diff --git a/docker-compose.production.yml b/docker-compose.production.yml
new file mode 100644
index 0000000..e4d118e
--- /dev/null
+++ b/docker-compose.production.yml
@@ -0,0 +1,48 @@
+---
+version: "3.7"
+
+services:
+  agent:
+    image: portainer/agent
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "/var/lib/docker/volumes:/var/lib/docker/volumes"
+    networks:
+      - agent_network
+    deploy:
+      mode: global
+    placement:
+      constraints:
+        - node.role == manager
+
+  portainer:
+    command: "-H tcp://tasks.agent:9001 --tlsskipverify"
+    volumes:
+      - "portainer_data:/data"
+    networks:
+      - agent_network
+      - proxy
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        failure_action: rollback
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
+        - "traefik.http.routers.portainer.rule=Host(`portainer.swarm.autonomic.zone`)"
+        - "traefik.http.routers.portainer.entrypoints=web-secure"
+        - "traefik.http.routers.portainer.tls.certresolver=staging"
+
+networks:
+  agent_network:
+    driver: overlay
+    attachable: true
+  proxy:
+    external: true
+
+volumes:
+  portainer_data:
diff --git a/docker-compose.yml b/docker-compose.yml
index 1d888c9..110485a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,52 +1,9 @@
 ---
-version: "3.3"
+version: "3.7"
 
 services:
-  agent:
-    image: portainer/agent
-    restart: always
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /var/lib/docker/volumes:/var/lib/docker/volumes
-    networks:
-      - agent_network
-    deploy:
-      mode: global
-      placement:
-        constraints:
-          - node.platform.os == linux
-
   portainer:
     image: portainer/portainer
-    restart: "always"
-    command: -H tcp://tasks.agent:9001 --tlsskipverify
     ports:
       - "9000:9000"
       - "8000:8000"
-    volumes:
-      - portainer_data:/data
-    networks:
-      - agent_network
-      - proxy
-    deploy:
-      mode: replicated
-      replicas: 1
-      placement:
-        constraints:
-          - node.role == manager
-      labels:
-        - "traefik.enable=true"
-        - "traefik.http.services.portainer.loadbalancer.server.port=9000"
-        - "traefik.http.routers.portainer.rule=Host(`portainer.swarm.autonomic.zone`)"
-        - "traefik.http.routers.portainer.entrypoints=web-secure"
-        - "traefik.http.routers.portainer.tls.certresolver=staging"
-
-networks:
-  agent_network:
-    driver: overlay
-    attachable: true
-  proxy:
-    external: true
-
-volumes:
-  portainer_data:
diff --git a/portainer_data/.git-dont-delete-me b/portainer_data/.git-dont-delete-me
deleted file mode 100644
index e69de29..0000000