diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 35fc36a..bd01571 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -6,7 +6,7 @@ timezone: Europe/Berlin
 rclone_config: "/root/.config/rclone/"
 puid: "1000"
 pgid: "1000"
-pk_path: "/media/veracrypt1/genesis"
+pk_path: "/mnt/veracrypt1/genesis"
 
 local_domain: borg.land
 local_subdomains: "@"
@@ -87,6 +87,13 @@ mysql_user: user
 aya01_host: "aya01"
 aya01_ip: "192.168.20.12"
 
+#
+# mii
+#
+
+mii_host: "mii"
+mii_ip: "192.168.200.2"
+
 #
 # ZoneMinder
 #
@@ -401,3 +408,27 @@ snmp_exporter_port: "9116"
 snmp_exporter_target: "192.168.20.1"
 snmp_exporter_config: "{{ docker_dir }}/snmp_exporter/"
 snmp_exporter_host: "snmp_exporter"
+
+#
+# Gitlab
+#
+
+gitlab:
+  host: "gitlab"
+  restart: "unless-stopped"
+  puid: 998
+  pgid: 998
+  paths:
+    config: "{{ docker_dir }}/gitlab/config/"
+    logs: "{{ docker_data_dir }}/gitlab/logs/"
+    data: "{{ docker_data_dir }}/gitlab/data/"
+  ports:
+    ssh:
+      local: 22
+      remote: 23232
+    http:
+      local: 80
+      remote: 8084
+    https:
+      local: 443
+      remote: 8444
diff --git a/host_vars/aya01.yml b/host_vars/aya01.yml
index 4c1a11d..b036ce9 100644
--- a/host_vars/aya01.yml
+++ b/host_vars/aya01.yml
@@ -2,4 +2,4 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.12
 ansible_port: 22
 ansible_ssh_private_key_file: '{{ pk_path }}'
-ansible_become_pass: '{{ vault_aya01_tudattr_password }}'
+ansible_become_pass: '{{ vault.aya01.sudo }}'
diff --git a/host_vars/mii.yml b/host_vars/mii.yml
index 795db6e..28857d0 100644
--- a/host_vars/mii.yml
+++ b/host_vars/mii.yml
@@ -2,4 +2,4 @@ ansible_user: "{{ user }}"
 ansible_host: 202.61.207.139
 ansible_port: 22
 ansible_ssh_private_key_file: '{{ pk_path }}'
-ansible_become_pass: '{{ vault_mii_tudattr_password }}'
+ansible_become_pass: '{{ vault.mii.sudo }}'
diff --git a/host_vars/pi.yml b/host_vars/pi.yml
index 5d8c542..2f1775b 100644
--- a/host_vars/pi.yml
+++ b/host_vars/pi.yml
@@ -2,4 +2,4 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.11
 ansible_port: 22
 ansible_ssh_private_key_file: '{{ pk_path }}'
-ansible_become_pass: '{{ vault_pi_tudattr_password }}'
+ansible_become_pass: '{{ vault.pi.sudo }}'
diff --git a/roles/docker/tasks/aya01_compose.yml b/roles/docker/tasks/aya01_compose.yml
index 6880a60..fd58320 100644
--- a/roles/docker/tasks/aya01_compose.yml
+++ b/roles/docker/tasks/aya01_compose.yml
@@ -75,3 +75,7 @@
 - include_tasks: grafana.yml
   tags:
     - grafana
+
+- include_tasks: gitlab.yml
+  tags:
+    - gitlab
diff --git a/roles/docker/tasks/gitlab.yml b/roles/docker/tasks/gitlab.yml
new file mode 100644
index 0000000..0351ed8
--- /dev/null
+++ b/roles/docker/tasks/gitlab.yml
@@ -0,0 +1,14 @@
+---
+
+- name: Create gitlab-config
+  file:
+    path: "{{ item }}"
+    owner: "{{ gitlab.puid }}"
+    group: "{{ gitlab.pgid }}"
+    mode: '755'
+    state: directory
+  become: yes
+  loop:
+    - "{{ gitlab.paths.config }}"
+    - "{{ gitlab.paths.logs }}"
+    - "{{ gitlab.paths.data }}"
diff --git a/roles/docker/templates/aya01/compose.yaml b/roles/docker/templates/aya01/compose.yaml
index 1643685..95634c1 100644
--- a/roles/docker/templates/aya01/compose.yaml
+++ b/roles/docker/templates/aya01/compose.yaml
@@ -474,6 +474,29 @@ services:
       - "traefik.http.routers.{{ grafana_host }}.rule=Host(`{{ grafana_host }}.{{ aya01_host }}.{{ local_domain }}`)"
       - "traefik.http.services.{{ grafana_host }}.loadbalancer.server.port={{ grafana_port }}"
 
+  {{ gitlab.host }}:
+    image: gitlab/gitlab-ce:latest
+    container_name: {{ gitlab.host }}
+    restart: {{ gitlab.restart }}
+    depends_on:
+      - {{ pihole_host }}
+    networks:
+      - net
+    environment:
+      - TZ={{ timezone }}
+    volumes:
+      - {{ gitlab.paths.config }}:/etc/gitlab/
+      - {{ gitlab.paths.logs}}:/var/log/gitlab/
+      - {{ gitlab.paths.data}}:/var/opt/gitlab/
+    ports:
+      - {{ gitlab.ports.ssh.remote }}:{{ gitlab.ports.ssh.local }}
+      - {{ gitlab.ports.http.remote }}:{{ gitlab.ports.http.local }}
+      - {{ gitlab.ports.https.remote }}:{{ gitlab.ports.https.local }}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.{{ gitlab.host }}.rule=Host(`{{ gitlab.host }}.{{ aya01_host }}.{{ local_domain }}`)"
+      - "traefik.http.services.{{ gitlab.host }}.loadbalancer.server.port={{ gitlab.ports.http.local }}"
+
 networks:
   zoneminder:
     driver: bridge
diff --git a/roles/docker/templates/aya01/prometheus/prometheus.yml.j2 b/roles/docker/templates/aya01/prometheus/prometheus.yml.j2
index 4def80d..49eacec 100644
--- a/roles/docker/templates/aya01/prometheus/prometheus.yml.j2
+++ b/roles/docker/templates/aya01/prometheus/prometheus.yml.j2
@@ -23,6 +23,8 @@ scrape_configs:
       insecure_skip_verify: true
     static_configs:
     - targets: ['{{ aya01_ip }}:{{node_exporter_port}}']
+    - targets: ['{{ mii_ip }}:{{node_exporter_port}}']
+    - targets: ['{{ pi_ip }}:{{node_exporter_port}}']
   - job_name: Mikrotik
     static_configs:
       - targets: