diff --git a/swarm/README.md b/swarm/README.md
new file mode 100644
index 0000000..ada70c5
--- /dev/null
+++ b/swarm/README.md
@@ -0,0 +1,35 @@
+# How to deploy
+
+This deployment uses docker-stack-deploy to make secret and configuration management easier. See https://github.com/neuroforgede/docker-stack-deploy.
+
+This assumes you have a Docker swarm running. Once set up, you will need a
+traefik instance configured to work with constraint `traefik-public` and a network `traefik-public`.
+
+This also expects encryption to be handled outside of docker swarm by a LB that has access to the Swarm.
+
+Also, Geo-IP is not supported yet (but being worked on).
+
+## 1. Adapt passwords in plausible
+
+Admin users are users that are allowed to create new passwords.
+To manage these users, simply adapt the file `secrets/admin_users.sh`
+
+## 2. Adapt values in swarm/secrets/plausible_analytics/plausible-conf.env
+
+Replace all variables with `<placeholders>` according to your needs.
+
+## 3. Adapt values in swarm/plausible.yml
+
+Replace all variables with `<placeholders>` according to your needs.
+
+## 4. Run deploy
+
+```
+bash deploy.sh
+```
+
+## 5. Use it
+
+You can now find your plausible application under the domain you configured in `swarm/secrets/plausible_analytics/plausible-conf.env`.
+
+Creating new passwords will require the login from login from `swarm/secrets/plausible_analytics/plausible-conf.env`.
\ No newline at end of file
diff --git a/swarm/configs/clickhouse/clickhouse-config.xml b/swarm/configs/clickhouse/clickhouse-config.xml
new file mode 100644
index 0000000..3ea62a3
--- /dev/null
+++ b/swarm/configs/clickhouse/clickhouse-config.xml
@@ -0,0 +1,14 @@
+<yandex>
+    <logger>
+        <level>warning</level>
+        <console>true</console>
+    </logger>
+
+    <!-- Stop all the unnecessary logging -->
+    <query_thread_log remove="remove"/>
+    <query_log remove="remove"/>
+    <text_log remove="remove"/>
+    <trace_log remove="remove"/>
+    <metric_log remove="remove"/>
+    <asynchronous_metric_log remove="remove"/>
+</yandex>
\ No newline at end of file
diff --git a/swarm/configs/clickhouse/clickhouse-user-config.xml b/swarm/configs/clickhouse/clickhouse-user-config.xml
new file mode 100644
index 0000000..d618f54
--- /dev/null
+++ b/swarm/configs/clickhouse/clickhouse-user-config.xml
@@ -0,0 +1,8 @@
+<yandex>
+    <profiles>
+        <default>
+            <log_queries>0</log_queries>
+            <log_query_threads>0</log_query_threads>
+        </default>
+    </profiles>
+</yandex>
\ No newline at end of file
diff --git a/swarm/deploy.sh b/swarm/deploy.sh
new file mode 100644
index 0000000..353504c
--- /dev/null
+++ b/swarm/deploy.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+docker-sdp stack deploy -c plausible.yml plausible
diff --git a/swarm/plausible.yml b/swarm/plausible.yml
new file mode 100644
index 0000000..30cc2e2
--- /dev/null
+++ b/swarm/plausible.yml
@@ -0,0 +1,162 @@
+version: "3.3"
+services:
+  mail:
+    image: bytemark/smtp
+    networks:
+      - plausible_network
+    deploy:
+      mode: replicated
+      replicas: 1
+
+  plausible_db:
+    image: postgres:12
+    networks:
+      plausible_network:
+        aliases:
+          - postgres.plausible.local
+    volumes:
+      - db-data:/data/postgres
+    environment:
+      - POSTGRES_PASSWORD=<postgres-password>
+      - PGDATA=/data/postgres/pgdata
+      - POSTGRES_USER=plausible
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints: 
+          - node.labels.hetzner_location == nbg1
+      resources:
+        limits:
+          cpus: "1.00"
+          memory: 2048M
+        reservations:
+          cpus: "0.25"
+          memory: 512M
+
+  plausible_events_db:
+    image: clickhouse/clickhouse-server:22.5.3.21
+    networks:
+      - plausible_network
+    configs:
+      - source: clickhouse_config_xml
+        target: /etc/clickhouse-server/config.d/logging.xml
+        uid: "1000"
+        gid: "1000"
+        mode: 0444
+      - source: clickhouse_user_config_xml
+        target: /etc/clickhouse-server/users.d/logging.xml
+        uid: "1000"
+        gid: "1000"
+        mode: 0444
+    volumes:
+      - event-data:/var/lib/clickhouse
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints: 
+          - node.labels.hetzner_location == nbg1
+      resources:
+        limits:
+          cpus: "1.00"
+          memory: 2048M
+        reservations:
+          cpus: "0.25"
+          memory: 512M
+
+  plausible_init:
+    image: plausible/analytics:v1.4.4
+    command: sh -c "source /var/run/secrets/plausible_env && sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh db init-admin"   
+    secrets:
+      - source: plausible_env
+        target: plausible_env
+        uid: '1000'
+        gid: '1000'
+        mode: 0400
+    networks:
+      - plausible_network
+    deploy:
+      mode: replicated
+      replicas: 1
+      restart_policy:
+        condition: "none"
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+
+  plausible:
+    image: plausible/analytics:v1.4.4
+    command: sh -c "source /var/run/secrets/plausible_env && exec /entrypoint.sh run"   
+    secrets:
+      - source: plausible_env
+        target: plausible_env
+        uid: '1000'
+        gid: '1000'
+        mode: 0400
+    networks:
+      - plausible_network
+      - traefik-public
+    deploy:
+      mode: replicated
+      replicas: 1
+      resources:
+        limits:
+          cpus: "1.00"
+          memory: 2048M
+        reservations:
+          cpus: "0.25"
+          memory: 512M
+      placement:
+        constraints: 
+          - node.labels.hetzner_location == nbg1
+      
+      labels:
+        - "traefik.docker.network=traefik-public"
+
+        - "traefik.enable=true"
+        - "traefik.http.routers.plausible-frontend.rule=Host(`<base-domain>`)"
+        - "traefik.http.routers.plausible-frontend.entrypoints=http"
+        - "traefik.http.services.plausible-frontend.loadbalancer.server.port=8000"
+        - "traefik.http.routers.plausible-frontend.service=plausible-frontend"
+
+        - "traefik.constraint-label=traefik-public"
+
+secrets:
+  plausible_env: 
+    file: ./secrets/plausible_analytics/plausible-conf.env
+
+configs:
+  clickhouse_config_xml:
+    file: ./configs/clickhouse/clickhouse-config.xml
+
+  clickhouse_user_config_xml:
+    file: ./configs/clickhouse/clickhouse-user-config.xml
+
+
+networks:
+  plausible_network:
+    driver: overlay
+    attachable: true
+    driver_opts:
+      encrypted: ""
+  traefik-public:
+    external: true
+
+volumes:
+  db-data:
+    driver: hetzner-volume
+    driver_opts:
+      size: '20'
+      fstype: ext4
+  event-data:
+    driver: hetzner-volume
+    driver_opts:
+      size: '20'
+      fstype: ext4
+  geoip:
+    driver: hetzner-volume
+    driver_opts:
+      size: '20'
+      fstype: ext4
\ No newline at end of file
diff --git a/swarm/secrets/geoip/geoip.conf b/swarm/secrets/geoip/geoip.conf
new file mode 100644
index 0000000..26e4840
--- /dev/null
+++ b/swarm/secrets/geoip/geoip.conf
@@ -0,0 +1,2 @@
+GEOIPUPDATE_ACCOUNT_ID=<your-account-id>
+GEOIPUPDATE_LICENSE_KEY=<your-license-key>
\ No newline at end of file
diff --git a/swarm/secrets/plausible_analytics/plausible-conf.env b/swarm/secrets/plausible_analytics/plausible-conf.env
new file mode 100644
index 0000000..55d0ec0
--- /dev/null
+++ b/swarm/secrets/plausible_analytics/plausible-conf.env
@@ -0,0 +1,6 @@
+export ADMIN_USER_EMAIL="<admin-user-email>"
+export ADMIN_USER_NAME=admin
+export ADMIN_USER_PWD="<admin-user-pwd>"
+export BASE_URL="https://<base-domain>"
+export SECRET_KEY_BASE="<secret-key-base>"
+export DATABASE_URL="postgres://plausible:<postgres-password>@postgres.plausible.local:5432/plausible"
\ No newline at end of file