diff --git a/README.md b/README.md
index c91e81d..f0c3601 100644
--- a/README.md
+++ b/README.md
@@ -3,4 +3,4 @@
 Useful Docker Compose to build project infrastructure on the fly.
 
 - Kafka
-- Nginx + PostgreSQL
+- Navidrome + Nginx + PostgreSQL
diff --git a/Raspberry/docker-compose.yml b/Raspberry/docker-compose.yml
index acdfa56..d2a2506 100644
--- a/Raspberry/docker-compose.yml
+++ b/Raspberry/docker-compose.yml
@@ -1,28 +1,77 @@
-version: '2.4'
+version: "3.8"
+
 services:
-  web:
-    image: nginx:1.19
-    container_name: web
-    mem_limit: 256m
-    restart: on-failure
+  navidrome:
+    image: deluan/navidrome:latest
+    container_name: navidrome
+    restart: unless-stopped
+    expose:
+      - "4533"
+    environment:
+      # Navidrome's database connection URL now references the secret for the password
+      # The secret file content will be mounted at /run/secrets/navidrome_db_password
+      ND_DATABASE_URL: "postgres://navidrome:$(cat /run/secrets/navidrome_db_password)@navidromedb:5432/navidrome_db?sslmode=disable"
+      # Other Navidrome environment variables...
+      ND_SESSIONTIMEOUT: 24h
+      ND_ENABLETRANSCODING: "true"
+      # ND_SCANSCHEDULE: 1h
+      # ND_LOGLEVEL: info
+      # ND_BASEURL: ""
+
     volumes:
-      - $HOME/Volumes/nginx:/usr/share/nginx/html
+      - "/opt/navidrome/data:/data"
+      - "/opt/music:/music:ro"
+    user: "1000:1000" # Ensure this user has proper permissions on host volumes
+    networks:
+      - web
+    depends_on:
+      - navidromedb
+    # --- Declare the secret for Navidrome to use ---
+    secrets:
+      - navidrome_db_password # This name refers to the secret defined at the bottom
+
+  nginx-proxy-manager:
+    image: jc21/nginx-proxy-manager:latest
+    container_name: nginx-proxy-manager
+    restart: unless-stopped
     ports:
       - "80:80"
+      - "443:443"
+      - "81:81"
+    volumes:
+      - "/opt/npm/data:/data"
+      - "/opt/npm/letsencrypt:/etc/letsencrypt"
+    networks:
+      - web
 
-  postgres:
+  navidromedb:
     image: postgres:13
-    container_name: postgres
-    ports: 
-      - "5432:5432"
+    container_name: navidromedb
+    restart: unless-stopped
     mem_limit: 2048m
     environment:
-      - POSTGRES_PASSWORD=docker
-    restart: on-failure
-    volumes: 
-      - $HOME/Volumes/postgres:/var/lib/postgresql/data
+      POSTGRES_DB: "navidrome_db"
+      POSTGRES_USER: "navidrome"
+      # --- Use the secret for the PostgreSQL root password ---
+      # The secret file content will be mounted at /run/secrets/postgres_root_password
+      POSTGRES_PASSWORD_FILE: "/run/secrets/postgres_root_password" # Use _FILE suffix for secret files
+
+    volumes:
+      - "/opt/postgres/data:/var/lib/postgresql/data"
+    networks:
+      - web
+    # --- Declare the secret for Postgres to use ---
+    secrets:
+      - postgres_root_password # This name refers to the secret defined at the bottom
 
 networks:
-  default:
-    external:
-      name: hiyori-net
+  web:
+    external: false
+
+# --- Docker Secrets Definition ---
+secrets:
+  navidrome_db_password: # This name is referenced by the 'navidrome' service
+    file: ./navidrome_db_password.txt # Path to your secret file on the host
+
+  postgres_root_password: # This name is referenced by the 'navidromedb' service
+    file: ./postgres_root_password.txt # Path to your secret file on the host
diff --git a/Raspberry/navidrome_db_password.txt b/Raspberry/navidrome_db_password.txt
new file mode 100644
index 0000000..cb23627
--- /dev/null
+++ b/Raspberry/navidrome_db_password.txt
@@ -0,0 +1 @@
+your_navidrome_db_password_here
diff --git a/Raspberry/postgres_root_password.txt b/Raspberry/postgres_root_password.txt
new file mode 100644
index 0000000..c81d1d4
--- /dev/null
+++ b/Raspberry/postgres_root_password.txt
@@ -0,0 +1 @@
+your_super_secret_postgres_password_here