diff --git a/.env.example b/.env.example
index e72cd98..67db7d5 100644
--- a/.env.example
+++ b/.env.example
@@ -27,6 +27,12 @@ UMAMI_APP_SECRET=your_64_character_random_secret_here
 # Website ID from Umami dashboard (use placeholder initially, update after setup)
 UMAMI_WEBSITE_ID=placeholder-website-id
 
+## pgAdmin
+# Default email for pgAdmin login
+PGADMIN_DEFAULT_EMAIL=admin@your-domain.com
+# Strong password for pgAdmin login
+PGADMIN_DEFAULT_PASSWORD=your_strong_pgadmin_password
+
 ## Grafana
 # Admin username for Grafana dashboard
 GRAFANA_ADMIN_USER=admin
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8c776ee
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,71 @@
+# Environment variables
+.env
+.env.local
+.env.production
+.env.staging
+
+# Docker volumes and data
+data/
+volumes/
+**/data/
+**/volumes/
+
+# Logs
+logs/
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Dependency directories
+node_modules/
+
+# SSL certificates (if stored locally)
+certs/
+ssl/
+*.pem
+*.crt
+*.key
+
+# Backup files
+*.backup
+*.bak
+*.tmp
+
+# IDE and editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Traefik specific
+acme.json
+traefik.log
+access.log
+
+# Database dumps
+*.sql
+*.dump
+
+# Temporary files
+*.temp
+*.cache
+
+# Docker override files (optional)
+docker-compose.override.yml
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 4675699..33b7292 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ volumes:
   portainer_data:
   uptime_kuma_data:
   umami_data:
+  pgadmin_data:
 
 ########################
 # Services
@@ -67,6 +68,7 @@ services:
       - --entrypoints.sieve.address=:4190
 
       # Dashboard/API (internal)
+      - --api=true
       - --api.dashboard=true
 
       # ACME via HTTP-01 (no registrar API needed)
@@ -196,3 +198,26 @@ services:
       POSTGRES_PASSWORD: ${UMAMI_DB_PASS}
     volumes:
       - umami_data:/var/lib/postgresql/data
+
+  ## ─────────────────────────────────────────────
+  ## pgAdmin — PostgreSQL administration
+  ## ─────────────────────────────────────────────
+  pgadmin:
+    image: dpage/pgadmin4:latest
+    container_name: pgadmin
+    restart: unless-stopped
+    networks: [traefik_proxy]
+    environment:
+      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
+      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
+      PGADMIN_CONFIG_SERVER_MODE: 'False'
+      PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED: 'False'
+    volumes:
+      - pgadmin_data:/var/lib/pgadmin
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.pgadmin.rule=Host(`pgadmin.gate.${DOMAIN}`)
+      - traefik.http.routers.pgadmin.entrypoints=websecure
+      - traefik.http.routers.pgadmin.tls.certresolver=le
+      - traefik.http.routers.pgadmin.middlewares=basic-auth,security-headers
+      - traefik.http.services.pgadmin.loadbalancer.server.port=80