diff --git a/README.md b/README.md
index 5fe449d..67392eb 100644
--- a/README.md
+++ b/README.md
@@ -13,18 +13,21 @@ and services operated by Free I.T. Athens (FRITA).
    - [Traefik Dashboard](https://traefik.local.freeitathens.org:9443/dashboard/#/)
    - [WordPress](https://www.local.freeitathens.org)
    - [Nextcloud](https://cloud.local.freeitathens.org)
+   - [Mediawiki](https://wiki.local.freeitathens.org)
 4. Click through the HTTPS security warning
 
 ## Production
 
-1. Clone [production-env](https://github.com/freeitathens/production-env/) to `./environments`
+1. Clone [production-env](https://github.com/freeitathens/production-env/) to
+   `./environments`
 
    ```
    mkdir -p environments
    git clone git@github.com:freeitathens/production-env.git ./environments
    ```
 
-2. Run `./scripts/vault-key.sh` from the root of the project to obtain the Ansible Vault password
+2. Run `./scripts/vault-key.sh` from the root of the project to obtain the
+   Ansible Vault password
 3. Enter the Bitwarden Master Password
 4. Run `ansible-playbook` against the production servers, e.g.,
 
@@ -51,11 +54,13 @@ To submit, press `CTRL+d` twice.
   ansible-vault encrypt --vault-pass-file .ansible_vault
   ```
 
-  - e.g., `pwgen -s 100 1 | ansible-vault encrypt --vault-pass-file .ansible_vault`
+  - e.g.,
+    `pwgen -s 100 1 | ansible-vault encrypt --vault-pass-file .ansible_vault`
 
 ## Authors
 
-- **Kris Lamoureux** - _Project Founder_ - [@krislamo](https://github.com/krislamo)
+- **Kris Lamoureux** - _Project Founder_ -
+  [@krislamo](https://github.com/krislamo)
 
 ## Copyrights and Licenses
 
@@ -65,9 +70,9 @@ This program is free software: you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
 Foundation, version 3 of the License.
 
-This program is distributed in the hope that it will be useful, but WITHOUT
-ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+This program is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE. See the GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License along with
 this program. If not, see <https://www.gnu.org/licenses/>.
diff --git a/dev/vars/webserver.yml b/dev/vars/webserver.yml
index 3995bb4..a0fe802 100644
--- a/dev/vars/webserver.yml
+++ b/dev/vars/webserver.yml
@@ -7,6 +7,7 @@ secret:
   WORDPRESS_DB_PASSWORD: WPpa55w0rd!
   NEXTCLOUD_MYSQL_PASSWORD: NCdbpa55w0rd!
   NEXTCLOUD_ADMIN_PASSWORD: NCadm1npa55w0rd!
+  MEDIAWIKI_MYSQL_PASSWORD: MWdbpa55w0rd!
 
 ##############
 ### Common ###
@@ -26,6 +27,8 @@ databases:
     pass: "{{ secret.WORDPRESS_DB_PASSWORD }}"
   - name: nextcloud
     pass: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}"
+  - name: mediawiki
+    pass: "{{ secret.MEDIAWIKI_MYSQL_PASSWORD }}"
 
 #######################
 ### Webserver Stack ###
@@ -69,3 +72,9 @@ webserver:
   # NEXTCLOUD_ADMIN: admin
   NEXTCLOUD_ADMIN_PASSWORD: "{{ secret.NEXTCLOUD_ADMIN_PASSWORD }}"
   NEXTCLOUD_MYSQL_PASSWORD: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}"
+
+  #################
+  ### MediaWiki ###
+  #################
+  # MEDIAWIKI_VERSION: stable
+  # MEDIAWIKI_DOMAIN: wiki.local.freeitathens.org
diff --git a/roles/webserver/files/docker-compose.yml b/roles/webserver/files/docker-compose.yml
index 0ce993d..0794181 100644
--- a/roles/webserver/files/docker-compose.yml
+++ b/roles/webserver/files/docker-compose.yml
@@ -1,6 +1,7 @@
 volumes:
   wordpress:
   nextcloud:
+  mediawiki:
 
 networks:
   traefik:
@@ -60,7 +61,9 @@ services:
       WORDPRESS_DB_USER: ${WORDPRESS_DB_USER:-wordpress}
       WORDPRESS_DB_PASSWORD: ${WORDPRESS_DB_PASSWORD}
     labels:
-      traefik.http.routers.wordpress.rule: Host(`${WORDPRESS_DOMAIN:-www.local.freeitathens.org}`) || Host(`${TRAEFIK_ACME_DOMAIN_MAIN:-local.freeitathens.org}`)
+      traefik.http.routers.wordpress.rule:
+        Host(`${WORDPRESS_DOMAIN:-www.local.freeitathens.org}`) ||
+        Host(`${TRAEFIK_ACME_DOMAIN_MAIN:-local.freeitathens.org}`)
       traefik.http.routers.wordpress.entrypoints: websecure
       traefik.http.routers.wordpress.middlewares: "wwwredirect"
       traefik.http.routers.wordpress.tls: true
@@ -108,3 +111,24 @@ services:
       - traefik
     extra_hosts:
       - host.docker.internal:host-gateway
+
+  mediawiki:
+    image: ${MEDIAWIKI_IMAGE:-docker.io/library/mediawiki}:${MEDIAWIKI_VERSION:-stable}
+    restart: always
+    labels:
+      traefik.http.routers.mediawiki.rule: "Host(`${MEDIAWIKI_DOMAIN:-wiki.local.freeitathens.org}`)"
+      traefik.http.routers.mediawiki.entrypoints: websecure
+      traefik.http.routers.mediawiki.tls: true
+      traefik.http.routers.mediawiki.tls.certresolver: letsencrypt
+      traefik.http.routers.mediawiki.tls.domains[0].main: ${TRAEFIK_ACME_DOMAIN_MAIN:-local.freeitathens.org}
+      traefik.http.routers.mediawiki.tls.domains[0].sans: "${TRAEFIK_ACME_DOMAIN_SANS:-*.local.freeitathens.org}"
+      traefik.http.services.mediawiki.loadbalancer.server.port: 80
+      traefik.docker.network: traefik
+      traefik.enable: ${MEDIAWIKI_WEB_ENABLED:-true}
+    volumes:
+      - ./LocalSettings.php:/var/www/html/LocalSettings.php
+      - mediawiki:/var/www/html/images
+    networks:
+      - traefik
+    extra_hosts:
+      - host.docker.internal:host-gateway