diff --git a/compose-files/.gitignore b/compose-files/.gitignore
index 85df6d1..c8e8ca2 100644
--- a/compose-files/.gitignore
+++ b/compose-files/.gitignore
@@ -13,3 +13,4 @@ appdata/
 # OS files
 .DS_Store
 Thumbs.db
+*.env
diff --git a/compose-files/databases/mealie/docker-compose.yml b/compose-files/databases/mealie/docker-compose.yml
index 6b3d641..426bfd8 100644
--- a/compose-files/databases/mealie/docker-compose.yml
+++ b/compose-files/databases/mealie/docker-compose.yml
@@ -5,6 +5,8 @@ services:
     restart: unless-stopped
     ports:
       - "9925:9000"
+    # Override entrypoint to trust X-Forwarded headers from reverse proxy
+    entrypoint: uvicorn mealie.app:app --host 0.0.0.0 --port 9000 --forwarded-allow-ips=*
     environment:
       # Core settings
       - PUID=1000
@@ -18,10 +20,18 @@ services:
       # Database - external shared PostgreSQL
       - DB_ENGINE=postgres
       - POSTGRES_USER=mealie
-      - POSTGRES_PASSWORD=RCN8ept.vxr2jfy.dpn_mealie
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
       - POSTGRES_SERVER=192.168.1.81
       - POSTGRES_PORT=5432
       - POSTGRES_DB=mealie
+      # OIDC - Authentik
+      - OIDC_AUTH_ENABLED=true
+      - OIDC_SIGNUP_ENABLED=true
+      - OIDC_CONFIGURATION_URL=https://id.3ddbrewery.com/application/o/mealie/.well-known/openid-configuration
+      - OIDC_CLIENT_ID=${OIDC_CLIENT_ID}
+      - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
+      - OIDC_AUTO_REDIRECT=false
+      - OIDC_PROVIDER_NAME=Authentik
       # SMTP
       - SMTP_HOST=smtp.gmail.com
       - SMTP_PORT=587
@@ -29,10 +39,10 @@ services:
       - SMTP_FROM_NAME=Mealie
       - SMTP_FROM_EMAIL=xoppaw@gmail.com
       - SMTP_USER=xoppaw@gmail.com
-      - SMTP_PASSWORD=tgkyhtjozefgsxsj
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
       # AI config
       - OPENAI_BASE_URL=http://192.168.1.70:11434/v1
-      - OPENAI_API_KEY=56
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
       - OPENAI_SEND_DATABASE_DATA=true
       - OPENAI_MODEL=tinyllama
     volumes:
diff --git a/playbooks/deploy-mealie.yml b/playbooks/deploy-mealie.yml
index 3eb5f22..b64f535 100644
--- a/playbooks/deploy-mealie.yml
+++ b/playbooks/deploy-mealie.yml
@@ -4,7 +4,7 @@
   become: true
   vars:
     mealie_dir: /home/docker/appdata/mealie
-    compose_src: "{{ playbook_dir }}/../compose-files/databases/mealie/docker-compose.yml"
+    compose_src: "{{ playbook_dir }}/../compose-files/databases/mealie"
 
   tasks:
     - name: Create mealie directories
@@ -22,21 +22,23 @@
 
     - name: Copy docker-compose.yml
       copy:
-        src: "{{ compose_src }}"
+        src: "{{ compose_src }}/docker-compose.yml"
         dest: "{{ mealie_dir }}/docker-compose.yml"
         mode: '0644'
 
-    - name: Pull Mealie image
-      community.docker.docker_image:
-        name: ghcr.io/mealie-recipes/mealie:latest
-        source: pull
+    - name: Copy .env file
+      copy:
+        src: "{{ compose_src }}/.env"
+        dest: "{{ mealie_dir }}/.env"
+        mode: '0600'
 
-    - name: Start Mealie stack
+    - name: Restart Mealie stack
       community.docker.docker_compose_v2:
         project_src: "{{ mealie_dir }}"
         state: present
+        recreate: always
       register: compose_output
 
     - name: Show deployment result
       debug:
-        msg: "Mealie deployed! Access at https://food.3ddbrewery.com (after Traefik update)"
+        msg: "Mealie deployed with OIDC! Access at https://food.3ddbrewery.com"