diff --git a/automation/docker-compose.yaml b/automation/docker-compose.yaml
index fafa5e0..50892df 100644
--- a/automation/docker-compose.yaml
+++ b/automation/docker-compose.yaml
@@ -9,6 +9,8 @@ networks:
 volumes:
   semaphore:
     name: semaphore
+  mattermost-config:
+    name: mattermost-config
 
 services:
   semaphore:
@@ -25,12 +27,12 @@ services:
       SEMAPHORE_ADMIN_NAME: Christian Steinle
       SEMAPHORE_ADMIN_EMAIL: christiansteinle@arcor.de
       SEMAPHORE_ADMIN: chris
+    restart: unless_stopped
     networks:
       - proxy
       - internal
     volumes:
       - semaphore:/home/semaphore:rw
-
     depends_on:
       - mysql8
     labels:
@@ -40,21 +42,49 @@ services:
       - "traefik.http.routers.semaphore.service=semaphore"
       - "traefik.http.services.semaphore.loadbalancer.server.port=3000"
 
-  watchtower:
-    image: containrrr/watchtower
-    container_name: watchtower
+  mattermost:
+    image: mattermost/mattermost-team-edition:6.1
+    container_name: mattermost
     environment:
-      TZ: Europe/Berlin
-      WATCHTOWER_CLEANUP: true
+      MM_USERNAME: mattermost
+      MM_PASSWORD: ^dyCW*Wxb6Ukba4^54EC
+      MM_DBNAME: mattermost
+      DB_HOST: psql14
+      DB_PORT_NUMBER: 5432
     restart: unless-stopped
     networks:
       - proxy
       - internal
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - mattermost-config:/mattermost/config:rw
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.semaphore.entrypoints=web"
-      - "traefik.http.routers.semaphore.rule=Host(`watchtower.lan`)"
-      - "traefik.http.routers.semaphore.service=semaphore"
-      - "traefik.http.services.semaphore.loadbalancer.server.port=80"
+      - "traefik.http.routers.mattermost.entrypoints=web"
+      - "traefik.http.routers.mattermost.rule=Host(`cs-mm.ddnss.de`)"
+      - "traefik.http.routers.mattermost.middlewares=mattermost"
+      - "traefik.http.middlewares.mattermost.redirectscheme.scheme=https"
+      - "traefik.http.routers.mattermost-secure.entrypoints=websecure"
+      - "traefik.http.routers.mattermost-secure.rule=Host(`cs-mm.ddnss.de`)"
+      - "traefik.http.routers.mattermost-secure.service=mattermost-secure"
+      - "traefik.http.routers.mattermost-secure.tls=true"
+      - "traefik.http.routers.mattermost-secure.tls.certresolver=myresolver"
+      - "traefik.http.routers.mattermost-secure.tls.domains[0].main=cs-mm.ddnss.de"
+      - "traefik.http.services.mattermost-secure.loadbalancer.server.port=8065"
+
+  watchtower:
+    image: containrrr/watchtower
+    container_name: watchtower
+    restart: unless-stopped
+    networks:
+      - proxy
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      WATCHTOWER_INCLUDE_STOPPED: true
+      WATCHTOWER_MONITOR_ONLY: true
+      WATCHTOWER_SCHEDULE: "0 50 9 * * *"
+      WATCHTOWER_NOTIFICATIONS: "shoutrrr"
+      WATCHTOWER_NOTIFICATION_URL: "mattermost://chris@cs-mm.ddnss.de/og4ckuqet7fafb8kjuaigzuh7c"
+      WATCHTOWER_NOTIFICATION_TEMPLATE: "{{range .}}{{.Time.Format \"2006-01-02 15:04:05\"}} ({{.Level}}): {{.Message}}{{println}}{{end}}"
+
diff --git a/postgres_databases.sql b/postgres_databases.sql
index eb20379..57ce956 100644
--- a/postgres_databases.sql
+++ b/postgres_databases.sql
@@ -3,9 +3,14 @@ CREATE DATABASE nextcloud;
 
 CREATE DATABASE gitea;
 
+CREATE DATABASE mattermost;
+
 -- create users and privileges
 CREATE USER nextcloud WITH PASSWORD 'jX9hKI2POvt1VrjVbBs4';
 GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
 
 CREATE USER gitea WITH PASSWORD 'sadlkf0234lsdf';
-GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
\ No newline at end of file
+GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
+
+CREATE USER mattermost WITH PASSWORD 'skdr02439spfgojsl';
+GRANT ALL PRIVILEGES ON DATABASE mattermost TO mattermost;