diff --git a/site.yml b/site.yml
index a532b27a159d8fcee3dfc1511e1f41b7de5067fb..834fff2e11119e99cf63a1e7fc537d0880116b65 100644
--- a/site.yml
+++ b/site.yml
@@ -60,6 +60,12 @@
         basedir: "/srv/{{ servicename }}",
         domain: "grafana.test-warpzone.de"
       }
+    - { 
+        role: testserver/docker_hackmd, tags: [ test_hackmd, docker_services ],
+        servicename: "hackmd",
+        basedir: "/srv/{{ servicename }}",
+        domain: "md.test-warpzone.de"
+      }
     - { 
         role: testserver/docker_nextcloud, tags: [ test_nextcloud, docker_services ],
         servicename: "nextcloud",
diff --git a/testserver/docker_hackmd/Documentation.md b/testserver/docker_hackmd/Documentation.md
new file mode 100644
index 0000000000000000000000000000000000000000..55aa2ae3a0e9abb539fd4c72b7c983c9f5186a97
--- /dev/null
+++ b/testserver/docker_hackmd/Documentation.md
@@ -0,0 +1,32 @@
+
+# Overview 
+
+* Authentication to Hackmd (CodiMD, Hedgedoc) is only possible with an account in uffd, regular authentication is disabled 
+* All users with group 'hackmd_access' can access the Application
+
+# Setup OIDC Authentication via uffd 
+
+Uffd Reference: https://git.cccv.de/uffd
+
+
+## Setup in HackDM
+
+All setup is done in the docker-compose.yml
+Reference: https://docs.hedgedoc.org/guides/auth/oauth/
+
+
+## Setup in uffd
+
+Create Groups:
+
+- hackmd_access: General Access to Hackmd 
+
+Create a Service / OAuth Client: 
+
+Only Users with goup hackmd_access can access Wordpress 
+
+Client-ID: hackmd
+Client-Secret: from file oauth_client_secret on the server
+Redirect-URIs: 
+* https://md.test-warpzone.de/auth/oauth2/callback
+
diff --git a/testserver/docker_hackmd/tasks/main.yml b/testserver/docker_hackmd/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..75ffba40e75de49b59590c5b269ef423d3184de4
--- /dev/null
+++ b/testserver/docker_hackmd/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/hackmd/mysql_root_pass,  length: 24 }
+   - { path: /srv/hackmd/mysql_user_pass,  length: 12 }
+   - { path: /srv/hackmd/hackmd_session_secret,  length: 32 }
+   - { path: /srv/hackmd/oauth_client_secret,  length: 32 }
+
+
+- name: create folder struct for hackmd
+  file:
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - /srv/hackmd/
+    - /srv/hackmd/db/
+
+
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/hackmd/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - mysql-utf8.cnf
+  register: configs
+
+- name: stop hackmd docker
+  community.docker.docker_compose_v2:
+    project_src: /srv/hackmd
+    state: absent
+  when: configs.changed
+
+- name: start hackmd docker
+  community.docker.docker_compose_v2:
+    project_src: /srv/hackmd/
+    state: present
diff --git a/testserver/docker_hackmd/templates/docker-compose.yml b/testserver/docker_hackmd/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e9a7011eee9cb8d5916de16b7df05bdf9391c5ae
--- /dev/null
+++ b/testserver/docker_hackmd/templates/docker-compose.yml
@@ -0,0 +1,54 @@
+services:
+
+  app:
+    image: quay.io/hedgedoc/hedgedoc:latest
+    restart: always
+    depends_on:
+      - db
+    environment:
+      CMD_DOMAIN: "{{ domain }}"
+      CMD_PROTOCOL_USESSL: "true"
+      CMD_URL_ADDPORT: "false"
+      CMD_DB_URL: "mariadb://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
+      CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
+      CMD_ALLOW_ANONYMOUS: "true"
+      CMD_ALLOW_ANONYMOUS_EDITS: "true"
+      CMD_DEFAULT_PERMISSION: "freely"
+      CMD_ALLOW_FREEURL: "true"
+      CMD_EMAIL: "false"
+      CMD_OAUTH2_USER_PROFILE_URL: "{{ oauth_global.userinfo_url }}"
+      CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: "preferred_username"
+      CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: "preferred_username"
+      CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: "email"
+      CMD_OAUTH2_TOKEN_URL: "{{ oauth_global.token_url }}"
+      CMD_OAUTH2_AUTHORIZATION_URL: "{{ oauth_global.authorize_url }}"
+      CMD_OAUTH2_CLIENT_ID: "hackmd"
+      CMD_OAUTH2_CLIENT_SECRET: "{{ oauth_client_secret }}"
+      CMD_OAUTH2_PROVIDERNAME: "Keycloak"
+      CMD_OAUTH2_SCOPE: "openid email profile"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
+    networks:
+      - default
+      - web
+
+  db:
+    image: mariadb:11
+    restart: always
+    volumes:
+      - /srv/hackmd/db:/var/lib/mysql
+      - /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf
+    environment:
+      MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
+      MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+      MYSQL_DATABASE: "hackmd"
+      MYSQL_USER: "hackmd"
+    networks:
+      - default
+
+networks:
+  web:
+    external: true
diff --git a/testserver/docker_hackmd/templates/mysql-utf8.cnf b/testserver/docker_hackmd/templates/mysql-utf8.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..367210a9c7b5d70ae9f27b5946bb448eb0b111b9
--- /dev/null
+++ b/testserver/docker_hackmd/templates/mysql-utf8.cnf
@@ -0,0 +1,11 @@
+[client]
+default-character-set=utf8
+
+[mysql]
+default-character-set=utf8
+
+
+[mysqld]
+collation-server = utf8_unicode_ci
+init-connect='SET NAMES utf8'
+character-set-server = utf8
diff --git a/webserver/docker_hackmd/templates/docker-compose.yml b/webserver/docker_hackmd/templates/docker-compose.yml
index 959a2dfef148077a37d31044099cff2aeca3cb38..d9fe915aecb86dfaf110a047eb0adcc394a394ec 100644
--- a/webserver/docker_hackmd/templates/docker-compose.yml
+++ b/webserver/docker_hackmd/templates/docker-compose.yml
@@ -34,7 +34,7 @@ services:
       - web
 
   db:
-    image: mariadb:11.2.2
+    image: mariadb:11
     restart: always
     volumes:
       - /srv/hackmd/db:/var/lib/mysql