diff --git a/inventory/my-cluster/group_vars/all.yml b/inventory/my-cluster/group_vars/all.yml
index 0814d77..3de3ae8 100644
--- a/inventory/my-cluster/group_vars/all.yml
+++ b/inventory/my-cluster/group_vars/all.yml
@@ -288,4 +288,63 @@ minio_root_pwd: !vault |
           6561393463646163380a333333313038316165653939386438396264653738376564613161393264
           66323635653065313463623532313832613931393161353466666133663361386261323865353531
           39633030333164666361343139663566656534623539353939653932656631376130613436636234
-          313132666561333238303632643836656361
\ No newline at end of file
+          313132666561333238303632643836656361
+
+outline_secret_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65353235386537316131393230383061663333353461343931323935643338333835353965626436
+          3335333334343966356664626331353466376435363131340a653261656339336136323866616637
+          31383238323730353364376666643333616430366134343965313063623166383334643234353763
+          3639616332366439340a303033626164393765303462616332653239656135633937323636656164
+          61393534396334633665313061663030613535633031666230643662653231373132323261633937
+          34353836663436323835633363663761663534656331333931366566656631396462623866366134
+          37333235633038386165303261623432633637333834383737643361366435623061386539366135
+          64646231356631383031
+
+outline_utils_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          63353837326536343330396362343761396236633165353965373138646562346266613138666162
+          3966343638336539663533646565356138303137663135640a313339663265333862343862333561
+          31653235303236643364383566653664373533336534353139623030333535646264623562633264
+          3536643165616462350a373830643963646365303731313636316166623437623066633639616164
+          34306135386265636563323736616332636331636564643934326663623136326230313365376464
+          33393633613365366364356239663965353963393337646532616137633830323238326339336431
+          62636634396263303562393635633161666434346635633138626631313834303633623262643939
+          34613763643561373038
+
+outline_aws_access_key_id: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          39373131326262363733303161383261316337663765346635373866393634343763626361633030
+          6236653436633839333333366562343365643231633232340a636636396265383063363561303135
+          36366361333664663663303761653037663233373639303034346433393536636363626164613730
+          6539333366626533390a313437336466323139326637383331633336653861306366646134383338
+          30666634346639633063383239376434393162353139666464653733346638303632
+
+outline_aws_secret_access_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          33663834363831653062366239336461643939633761313037323333333762343762343331326134
+          3033646130323533636538363830633132646435366566350a623965626239643036613666386238
+          38373962656666323034643463653634353031613162623165393333306239633033666663363664
+          6364306530386631340a343862316332356231653333626464613235323666343765373935393334
+          31663436303964616336326636633564616235393130306435316131383234643033373634663564
+          6630613863333062323533666633636263336538353263646332
+
+outline_oidc_client_id: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62616137383734393734323631383464643762306266356330396238373364663732653366663736
+          6165393964666562363365343239323663373063643162360a393337323932373462323032363166
+          35626138656537343134316231393834356662313336353633373139313932616261326661643530
+          6262383165336434390a626566303563303536653539303562643530336135633330616630653362
+          35663135333963656530323032373836663238396434636334653063366237623863663336373033
+          37626132383266643734653533636261343130656464656536613235373764346536346137383533
+          303465323266633438633261373665316130
+
+outline_oidc_client_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30643230643335323036323239336334386465393732333865303632663461323761323635333631
+          3037393965303036643661303834323264333334323036330a376538386461326665383435653538
+          36616239636138633838643830393830316335643263303230356639373833336263633564306163
+          3139366165363466610a623239613131646466616161633163366336623937343830363361396331
+          64313137366365356138646465353737393437383666313237633931323363643165653535323632
+          38363636306436663033353636353966353861333665343739383665373932616464313136363536
+          626161313635316364666462646563313636
diff --git a/inventory/my-cluster/host_vars/outline b/inventory/my-cluster/host_vars/outline
new file mode 100644
index 0000000..8a1accb
--- /dev/null
+++ b/inventory/my-cluster/host_vars/outline
@@ -0,0 +1,6 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.2.36
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+vmid: 636
diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini
index e91a03a..8e63ba3 100644
--- a/inventory/my-cluster/hosts.ini
+++ b/inventory/my-cluster/hosts.ini
@@ -17,6 +17,7 @@ gitea
 paperless
 nextcloud
 minio
+outline
 
 [baremetal]
 mipha
diff --git a/playbook-outline.yml b/playbook-outline.yml
new file mode 100644
index 0000000..d70c168
--- /dev/null
+++ b/playbook-outline.yml
@@ -0,0 +1,23 @@
+---
+- hosts: localhost
+  become: yes
+  roles:
+    - role: outline/provision/delete
+    - role: outline/provision/create
+    - role: outline/provision/start
+      vars:
+        vmid: 636
+
+- hosts: impa
+  become: yes
+  roles:
+    - role: outline/enable-ssh
+      vars:
+        vmid: 636
+
+- hosts: outline
+  become: yes
+  roles:
+    - role: outline/update
+    - role: outline/install-docker
+    - role: outline/install-app
diff --git a/roles/outline/enable-ssh/tasks/main.yml b/roles/outline/enable-ssh/tasks/main.yml
new file mode 100644
index 0000000..1e5008b
--- /dev/null
+++ b/roles/outline/enable-ssh/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
+
+- name: Pause for 10 seconds to wait for SSH server
+  ansible.builtin.pause:
+    seconds: 10
+
+- name: Allow SSH into LXC
+  ansible.builtin.command: lxc-attach -n 636 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+
+- name: Restart SSH Service
+  ansible.builtin.command: lxc-attach -n 636 service ssh restart
diff --git a/roles/outline/install-app/tasks/main.yml b/roles/outline/install-app/tasks/main.yml
new file mode 100644
index 0000000..98d60c2
--- /dev/null
+++ b/roles/outline/install-app/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: Create directory for docker-compose
+  ansible.builtin.file:
+    path: /root/docker/
+    state: directory
+    mode: "0755"
+
+- name: Copy .env file
+  template:
+    src: ".env"
+    dest: /root/docker/.env
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Copy docker-compose file
+  template:
+    src: "docker-compose.yml"
+    dest: /root/docker/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Run docker-compose
+  ansible.builtin.shell:
+  args:
+    cmd: docker compose up -d
+    chdir: /root/docker/
diff --git a/roles/outline/install-app/templates/.env b/roles/outline/install-app/templates/.env
new file mode 100644
index 0000000..17c9e39
--- /dev/null
+++ b/roles/outline/install-app/templates/.env
@@ -0,0 +1,31 @@
+SECRET_KEY={{ outline_secret_key }}
+UTILS_SECRET={{ outline_utils_secret }}
+DATABASE_URL=postgres://user:pass@outline-postgres:5432/outline
+DATABASE_URL_TEST=postgres://user:pass@outline-postgres:5432/outline-test
+REDIS_URL=redis://outline-redis:6379
+URL=https://outline.lino.cooking
+AWS_ACCESS_KEY_ID={{ outline_aws_access_key_id }}
+AWS_SECRET_ACCESS_KEY={{ outline_aws_secret_access_key }}
+AWS_S3_UPLOAD_BUCKET_URL=http://10.0.2.35
+AWS_S3_UPLOAD_BUCKET_NAME=outline
+AWS_S3_ACL=private
+FORCE_HTTPS=false
+ENABLE_UPDATES=true
+WEB_CONCURRENCY=2
+MAXIMUM_IMPORT_SIZE=5120000
+DEBUG=http
+DEFAULT_LANGUAGE=en_US
+OIDC_CLIENT_ID={{ outline_oidc_client_id }}
+OIDC_CLIENT_SECRET={{ outline_oidc_client_secret }}
+OIDC_AUTH_URI=https://authelia.lino.cooking/api/oidc/authorize
+OIDC_TOKEN_URI=https://authelia.lino.cooking/api/oidc/token
+OIDC_USERINFO_URI=https://authelia.lino.cooking/api/oidc/userinfo
+OIDC_DISPLAY_NAME=Authelia
+OIDC_SCOPES="openid profile email"
+
+NODE_ENV=production
+PGSSLMODE=disable
+
+# Configure lowest severity level for server logs. Should be one of
+# error, warn, info, http, verbose, debug and silly
+LOG_LEVEL=info
diff --git a/roles/outline/install-app/templates/docker-compose.yml b/roles/outline/install-app/templates/docker-compose.yml
new file mode 100644
index 0000000..ef17b35
--- /dev/null
+++ b/roles/outline/install-app/templates/docker-compose.yml
@@ -0,0 +1,44 @@
+version: "3"
+services:
+
+  outline:
+    image: outlinewiki/outline
+    container_name: outline
+    ports:
+      - 3000:3000
+    restart: always
+    env_file:
+      - .env
+    depends_on:
+      - postgres
+      - redis
+
+  redis:
+    image: redis
+    container_name: outline-redis
+    restart: always
+    volumes:
+      - /data/outline/redis.conf:/redis.conf
+    command: ["redis-server", "/redis.conf"]
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 30s
+      retries: 3
+
+  postgres:
+    image: postgres
+    container_name: outline-postgres
+    restart: always
+    volumes:
+      - /data/outline/db:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 30s
+      timeout: 20s
+      retries: 3
+    environment:
+      POSTGRES_USER: user
+      POSTGRES_PASSWORD: pass
+      POSTGRES_DB: outline
+      PGSSLMODE: "disable"
diff --git a/roles/outline/install-docker/tasks/main.yml b/roles/outline/install-docker/tasks/main.yml
new file mode 100644
index 0000000..d5baba9
--- /dev/null
+++ b/roles/outline/install-docker/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Get convenience script
+  uri:
+    url: "https://get.docker.com"
+    method: GET
+    dest: /tmp/get-docker.sh
+    mode: a+x
+    creates: /tmp/get-docker.sh
+
+- name: Execute script
+  ansible.builtin.shell: /tmp/get-docker.sh
+
+- name: Ensure group "docker" exists
+  ansible.builtin.group:
+    name: docker
+    state: present
+
+- name: Add root user to docker group
+  ansible.builtin.user:
+    name: root
+    groups: docker
+    append: yes
+
+- name: Enable docker on startup
+  ansible.builtin.shell: |
+    systemctl enable docker.service
+    systemctl enable containerd.service
diff --git a/roles/outline/provision/create/tasks/main.yml b/roles/outline/provision/create/tasks/main.yml
new file mode 100644
index 0000000..9236896
--- /dev/null
+++ b/roles/outline/provision/create/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: Create container
+  community.general.proxmox:
+    vmid: 636
+    node: impa
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    password: "{{ lxc_password }}"
+    hostname: outline
+    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+    netif: "{'net0':'name=eth0,\
+      gw=10.0.0.1,\
+      ip=10.0.2.36/21,\
+      hwaddr=cc:c6:cf:de:20:36,\
+      bridge=vmbr0'}"
+    cores: 2
+    memory: 2048
+    unprivileged: no
+    swap: 0
+    searchdomain: "home"
+    onboot: 1
+    features:
+      - nesting=1
+      - keyctl=1
+    mounts: '{
+      "mp0":"nvme:30,mp=/data,backup=1"
+      }'
+    disk: nvme:10
+    force: yes
diff --git a/roles/outline/provision/delete/tasks/main.yml b/roles/outline/provision/delete/tasks/main.yml
new file mode 100644
index 0000000..f425920
--- /dev/null
+++ b/roles/outline/provision/delete/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Stop container
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: stopped
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: absent
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove .ssh/known_hosts lines
+  ansible.builtin.lineinfile:
+    path: /Users/lino.silva/.ssh/known_hosts
+    state: absent
+    regexp: "^10.0.2.36"
diff --git a/roles/outline/provision/start/tasks/main.yml b/roles/outline/provision/start/tasks/main.yml
new file mode 100644
index 0000000..de86b9b
--- /dev/null
+++ b/roles/outline/provision/start/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: Start deployments
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: started
diff --git a/roles/outline/update/tasks/main.yml b/roles/outline/update/tasks/main.yml
new file mode 100644
index 0000000..8227bf4
--- /dev/null
+++ b/roles/outline/update/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Update all packages to their latest version
+  become: true
+  ansible.builtin.apt:
+    update_cache: yes
+    upgrade: full
diff --git a/roles/swag/install-app/templates/minio.subdomain.conf b/roles/swag/install-app/templates/minio.subdomain.conf
index 36e7c03..0d4de0e 100755
--- a/roles/swag/install-app/templates/minio.subdomain.conf
+++ b/roles/swag/install-app/templates/minio.subdomain.conf
@@ -33,7 +33,7 @@ server {
 
         include /config/nginx/proxy.conf;
         include /config/nginx/resolver.conf;
-        set $upstream_app minio;
+        set $upstream_app 10.0.2.35;
         set $upstream_port 80;
         set $upstream_proto http;
         proxy_pass $upstream_proto://$upstream_app:$upstream_port;
diff --git a/roles/swag/install-app/templates/outline.subdomain.conf b/roles/swag/install-app/templates/outline.subdomain.conf
new file mode 100755
index 0000000..b03af17
--- /dev/null
+++ b/roles/swag/install-app/templates/outline.subdomain.conf
@@ -0,0 +1,42 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name outline.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth (requires ldap-location.conf in the location block)
+    #include /config/nginx/ldap-server.conf;
+
+    # enable for Authelia (requires authelia-location.conf in the location block)
+    include /config/nginx/authelia-server.conf;
+
+    # enable for Authentik (requires authentik-location.conf in the location block)
+    #include /config/nginx/authentik-server.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable for ldap auth (requires ldap-server.conf in the server block)
+        #include /config/nginx/ldap-location.conf;
+
+        # enable for Authelia (requires authelia-server.conf in the server block)
+        include /config/nginx/authelia-location.conf;
+
+        # enable for Authentik (requires authentik-server.conf in the server block)
+        #include /config/nginx/authentik-location.conf;
+
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app 10.0.2.36;
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}