diff --git a/docker-compose.yml b/docker-compose.yml
index bdc763f..61931d3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -92,6 +92,34 @@ services:
     ports:
       - "22:22"
 
+  drone-server:
+    image: drone/drone:1
+    container_name: drone-server
+    restart: unless-stopped
+    env_file:
+      - ./drone/drone.env
+      - ./drone/drone.env.secret
+    volumes:
+      - ./drone:/data
+    expose:
+      - 8080
+    depends_on:
+      - gitea
+
+  drone-agent:
+    image: drone/agent:1
+    container_name: drone-agent
+    restart: unless-stopped
+    env_file:
+      - ./drone/drone-agent.env
+      - ./drone/drone-agent.env.secret
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+      - 3030:3000
+    depends_on:
+      - drone-server
+
   pyload:
     image: linuxserver/pyload
     container_name: pyload
diff --git a/drone/drone-agent.env b/drone/drone-agent.env
new file mode 100644
index 0000000..cb1de9f
--- /dev/null
+++ b/drone/drone-agent.env
@@ -0,0 +1,4 @@
+DRONE_RPC_HOST=drone.belanyi.fr
+DRONE_RPC_PROTO=https
+# Put into a secret environment file
+#DRONE_RPC_SECRET=FIXME-CHANGE-THIS
diff --git a/drone/drone.env b/drone/drone.env
new file mode 100644
index 0000000..895e2da
--- /dev/null
+++ b/drone/drone.env
@@ -0,0 +1,16 @@
+# Basic config
+DRONE_SERVER_HOST=drone.belanyi.fr
+DRONE_SERVER_PROTO=https
+# Put into a secret environment file
+#DRONE_RPC_SECRET=FIXME-CHANGE-THIS
+
+
+DRONE_AGENTS_ENABLED=true
+
+# DRONE_GIT_ALWAYS_AUTH=true
+
+# Gitea configuration
+# Put into a secret environment file
+#DRONE_GITEA_SERVER=FIXME-CHANGE-THIS
+#DRONE_GITEA_CLIENT_ID=FIXME-CHANGE-THIS
+#DRONE_GITEA_CLIENT_SECRET=FIXME-CHANGE-THIS
diff --git a/letsencrypt/nginx/proxy-confs/drone.subdomain.conf b/letsencrypt/nginx/proxy-confs/drone.subdomain.conf
new file mode 100644
index 0000000..86727fc
--- /dev/null
+++ b/letsencrypt/nginx/proxy-confs/drone.subdomain.conf
@@ -0,0 +1,33 @@
+# make sure that your dns has a cname set for drone and that your drone container is not using a base url
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name drone.*;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    # enable for ldap auth, fill in ldap details in ldap.conf
+    #include /config/nginx/ldap.conf;
+
+    location / {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /login;
+
+        include /config/nginx/proxy.conf;
+        resolver 127.0.0.11 valid=30s;
+        set $upstream_app drone-server;
+        set $upstream_port 80;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+
+    }
+}