diff --git a/core/docker-compose.yml b/core/docker-compose.yml
new file mode 100644
index 0000000..d42b3de
--- /dev/null
+++ b/core/docker-compose.yml
@@ -0,0 +1,100 @@
+services:
+  periphery:
+    image: ghcr.io/moghtech/komodo-periphery:latest
+    container_name: komodo-periphery
+    cpus: 2.0
+    mem_limit: "2048m"
+    mem_reservation: "512m"
+    ports:
+      - "8120:8120"
+    user: root
+    labels:
+      - "komodo.skip=true"
+    restart: unless-stopped
+    #env_file: ./.env
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /root/.docker/config.json:/root/.docker/config.json:ro
+      - /proc:/proc
+      - /docker/periphery/etc:/etc/komodo
+    environment:
+      - PERIPHERY_ID=${HOSTNAME}
+
+  dns:
+    image: technitium/dns-server:latest
+    container_name: dns-${NODE_ID}  # Becomes dns-1 or dns-2
+    restart: unless-stopped
+    ports:
+      - "53:53/udp"
+      - "53:53/tcp"
+      - "5381:5380/tcp" 
+    environment:
+      - TZ=America/Edmonton
+      - DNS_SERVER_DOMAIN=dns${NODE_ID}.mapletree.email # dns1... or dns2...
+      - DNS_SERVER_ADMIN_PASSWORD=${DNS_ADMIN_PASSWORD}
+    volumes:
+      # Updated path to match your new 'infrastructure' folder structure
+      - /docker/core/dns/config:/etc/dns
+    networks:
+      dns_external
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=dns_external"
+      # Dynamic Router Name (dns1 vs dns2)
+      - "traefik.http.routers.dns${NODE_ID}.rule=Host(`dns${NODE_ID}.mapletree.email`)"
+      - "traefik.http.routers.dns${NODE_ID}.entrypoints=web,websecure"
+      - "traefik.http.routers.dns${NODE_ID}.tls.certresolver=myresolver"
+      - "traefik.http.services.dns${NODE_ID}.loadbalancer.server.port=5380"
+
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    cpus: 1.0
+    mem_limit: "1024m"
+    mem_reservation: "128m"
+    restart: always
+    ports:
+      - "80:80"     # HTTP
+      - "443:443"   # HTTPS
+      - "888:8080" # Traefik Dashboard (optional, password-protect in production!)
+    command:
+      - "--api.dashboard=true"
+      - "--api.insecure=true"  # Remove or secure in prod
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker.network=web,request"
+      - "--providers.file.directory=/etc/traefik/dynamic"
+      - "--providers.file.watch=true"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=admin@mapletree.email"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "/docker/traefik/letsencrypt:/letsencrypt"
+      - "/docker/traefik/dynamic:/etc/traefik/dynamic"
+    networks:
+      - web
+      - request
+      - music
+      - media
+      - jellyfin
+      - syncthing
+      - guac_external
+      - komodo_external
+      - ansible_external
+      - dns_external
+      - homepage_external
+
+  networks:
+    guac_external:
+      external: true
+    komodo_external:
+      external: true
+    ansible_external:
+      external: true
+    dns_external:
+      external: true
+    homepage_external:
+      external: true