diff --git a/stack.production.yml b/stack.production.yml
index c8a36cb..5bfc0b1 100644
--- a/stack.production.yml
+++ b/stack.production.yml
@@ -1,46 +1,49 @@
 networks:
   traefik:
     external: true
+  portainer_network:
+    driver: overlay
+
+volumes:
+  portainer_agent_data:
+    driver: local
 
 services:
-  firefox:
-    image: git.nixc.us/nixius/marketing-browser:production
-#    image: jlesage/firefox
-    environment:
-#      DISPLAY_WIDTH: '1280'
-#      DISPLAY_HEIGHT: '720'
-#      KEEP_APP_RUNNING: '1'
-#      KASM_PORT: 80
-      PUID: 1000
-      GUID: 1000
-    tmpfs:
-      - /tmp:size=2G
+  portainer:
+    image: git.nixc.us/nixius/portainer:production
     volumes:
-      - '/mnt/tank/persist/nixc.us/marketing-browser/production/config:/config:rw'
-      - '/etc/localtime:/etc/localtime:ro'
-      # - "istock:/config/Downloads"
-      - type: tmpfs
-        target: /dev/shm
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /mnt/tank/persist/nixc.us/portainer/data:/data
+      - /etc/localtime:/etc/localtime:ro
     deploy:
       placement:
         constraints:
           - node.hostname == macmini14
       replicas: 1
       labels:
-        - "traefik.enable=true"
-        - "traefik.http.routers.istock_firefox.tls=true"
-        - "traefik.http.services.istock_firefox.loadbalancer.server.port=3000"
-        - "traefik.http.routers.istock_firefox.rule=Host(`marketing-browser.nixc.us`)"
-        - "traefik.http.routers.istock_firefox.entrypoints=websecure"
-        - "traefik.http.routers.istock_firefox.tls.certresolver=letsencryptresolver"
-        - "traefik.http.routers.istock_firefox.service=istock_firefox"
-        - "traefik.docker.network=traefik"
-        - 'traefik.http.routers.istock_firefox.middlewares=authelia_authelia@docker'
+        traefik.enable: true
+        traefik.http.routers.portainer.rule: Host(`portainer.nixc.us`)
+        traefik.http.routers.portainer.entrypoints: websecure
+        traefik.http.routers.portainer.service: portainer
+        traefik.http.routers.portainer.tls: true
+        traefik.http.routers.portainer.tls.certresolver: letsencryptresolver
+        traefik.http.services.portainer.loadbalancer.server.port: 9443
+        traefik.docker.network: traefik
+        traefik.http.routers.portainer.middlewares: authelia_authelia@docker
     networks:
       - traefik
-    dns:
-      - 1.1.1.1
-      - 8.8.8.8
-# volumes:
-#   istock:
-#     external: true
\ No newline at end of file
+      - portainer_network
+
+  portainer_agent:
+    image: portainer/agent:latest
+    environment:
+      - AGENT_CLUSTER_ADDR=portainer  # Explicitly set to connect to Portainer
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_agent_data:/data
+    deploy:
+      mode: global
+      labels:
+        - "traefik.enable=false"
+    networks:
+      - portainer_network