diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..ef85752
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,37 @@
+---
+kind: pipeline
+type: docker
+name: pull_request
+image_pull_secrets:
+  - dockerconfigjson
+steps:
+  - name: lint yaml
+    image: registry.fedy95.com/baseimage-yamllint:latest
+    commands:
+      - yamllint -c /yamllint/relaxed.yaml docker-compose.yml
+    when:
+      event: pull_request
+---
+kind: pipeline
+type: ssh
+name: master_push
+clone:
+  disable: true
+server:
+  host:
+    from_secret: host
+  user:
+    from_secret: user
+  password:
+    from_secret: password
+steps:
+  - name: deploy
+    commands:
+      - cd /home/fedy95/infra/autossl-udm
+      - git pull
+trigger:
+  branch:
+    - master
+  event:
+    - push
+...
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7eb71ca
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/env/instance.env
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..e1633ad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,10 @@
+FROM registry.fedy95.com/baseimage-autossl:latest
+ARG EMAIL
+ARG DOMAIN
+ARG GD_Key
+ARG GD_Secret
+
+RUN export ${GD_Key} && export ${GD_Secret}
+
+COPY init.sh .
+ENTRYPOINT ["./init.sh"]
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..9c85dc7
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,16 @@
+MAKEFLAGS += --silent
+.PHONY: *
+
+REGISTRY=registry.fedy95.com
+YAMLLINT_TAG=baseimage-yamllint:latest
+
+LINT-YAML-CMD=docker run --rm -it -v $(PWD):/data ${REGISTRY}/${YAMLLINT_TAG}
+lint-yaml:
+	docker pull ${REGISTRY}/${YAMLLINT_TAG}
+	$(LINT-YAML-CMD) docker-compose.yml
+
+run:
+	docker-compose down
+	docker-compose up -d --build
+
+.DEFAULT_GOAL := lint-yaml
diff --git a/README.md b/README.md
index 781ca69..b0665dc 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,13 @@
-### template [![Build Status](https://drone.fedy95.com/api/badges/infra/template/status.svg)](https://drone.fedy95.com/infra/template)
+### autossl-udm [![Build Status](https://drone.fedy95.com/api/badges/infra/autossl-udm/status.svg)](https://drone.fedy95.com/infra/autossl-udm)
+
+### how it works
+
+- https://github.com/acmesh-official/acme.sh
+- https://github.com/acmesh-official/acme.sh/wiki/dnsapi#4-use-godaddycom-domain-api-to-automatically-issue-cert
+
+---
+
+### services
+
+- https://gitea.fedy95.com/baseimage/autossl
 
-Base repository for new infra-repos
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..83cf780
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,13 @@
+---
+version: "3"
+services:
+  instance:
+    build:
+      context: .
+    container_name: autossl-udm
+    hostname: autossl-udm
+
+    env_file: env/instance.env
+    volumes:
+      - ./etc/instance/mnt/data/unifi-os/unifi-core/config/:/mnt/data/unifi-os/unifi-core/config/
+...
diff --git a/env/instance.env-dist b/env/instance.env-dist
new file mode 100644
index 0000000..c479e6a
--- /dev/null
+++ b/env/instance.env-dist
@@ -0,0 +1,4 @@
+EMAIL=
+DOMAIN=
+GD_Key=
+GD_Secret=
diff --git a/etc/instance/mnt/data/unifi-os/unifi-core/config/.gitignore b/etc/instance/mnt/data/unifi-os/unifi-core/config/.gitignore
new file mode 100644
index 0000000..d6b7ef3
--- /dev/null
+++ b/etc/instance/mnt/data/unifi-os/unifi-core/config/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/init.sh b/init.sh
new file mode 100755
index 0000000..0e1f8b3
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+./acme.sh --install -m "${EMAIL}"
+./acme.sh --issue --debug --dns dns_gd -d "${DOMAIN}" \
+ --cert-file /mnt/data/unifi-os/unifi-core/config/unifi-core.crt \
+ --key-file /mnt/data/unifi-os/unifi-core/config/unifi-core.key \
+ --fullchain-file /mnt/data/unifi-os/unifi-core/config/fullchain.pem \
+ --capath /mnt/data/unifi-os/unifi-core/config/ca-cert.pem