diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 5f9a87b..10f6a6d 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,4 +1,4 @@
-name: Publish Docker Image
+name: Publish Docker Artifacts
 
 on:
   push:
@@ -24,6 +24,7 @@ jobs:
 
     env:
       IMAGE_NAME: ${{ vars.DOCKERHUB_IMAGE }}
+      COMPOSE_FILE: docker-compose.oci.yml
 
     steps:
       - name: Checkout
@@ -31,6 +32,11 @@ jobs:
         with:
           ref: ${{ inputs.ref || github.ref }}
 
+      - name: Set up Docker Compose
+        uses: docker/setup-compose-action@v1
+        with:
+          version: latest
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -65,6 +71,22 @@ jobs:
 
           echo "BRANCH_TAG=$tag" >> "$GITHUB_ENV"
 
+      - name: Resolve compose artifact name
+        run: |
+          override="${{ vars.DOCKERHUB_COMPOSE_ARTIFACT }}"
+          if [ -n "$override" ]; then
+            artifact="$override"
+          else
+            image="${IMAGE_NAME}"
+            if [[ "$image" == */* ]]; then
+              artifact="${image%/*}/${image##*/}-compose"
+            else
+              artifact="${image}-compose"
+            fi
+          fi
+
+          echo "COMPOSE_ARTIFACT_NAME=$artifact" >> "$GITHUB_ENV"
+
       - name: Docker metadata
         id: meta
         uses: docker/metadata-action@v5
@@ -84,3 +106,24 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+      - name: Validate publish compose file
+        run: docker compose -f "$COMPOSE_FILE" config >/dev/null
+
+      - name: Publish compose artifact (main)
+        if: github.ref == 'refs/heads/main'
+        env:
+          HOMESEC_IMAGE: ${{ env.IMAGE_NAME }}:latest
+        run: docker compose -f "$COMPOSE_FILE" publish "${COMPOSE_ARTIFACT_NAME}:latest"
+
+      - name: Publish compose artifact (release)
+        if: github.event_name == 'release'
+        env:
+          HOMESEC_IMAGE: ${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+        run: docker compose -f "$COMPOSE_FILE" publish "${COMPOSE_ARTIFACT_NAME}:${RELEASE_VERSION}"
+
+      - name: Publish compose artifact (manual)
+        if: github.event_name == 'workflow_dispatch'
+        env:
+          HOMESEC_IMAGE: ${{ env.IMAGE_NAME }}:${{ env.BRANCH_TAG }}
+        run: docker compose -f "$COMPOSE_FILE" publish "${COMPOSE_ARTIFACT_NAME}:${BRANCH_TAG}"
diff --git a/docker-compose.oci.yml b/docker-compose.oci.yml
new file mode 100644
index 0000000..bbcba2b
--- /dev/null
+++ b/docker-compose.oci.yml
@@ -0,0 +1,40 @@
+services:
+  homesec:
+    image: ${HOMESEC_IMAGE:-leva/homesec:latest}
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    ports:
+      - "${HOMESEC_PORT:-8081}:8081"
+    volumes:
+      - homesec_config:/config
+      - homesec_recordings:/data/recordings
+      - homesec_storage:/data/storage
+      - homesec_yolo_cache:/app/yolo_cache
+    environment:
+      DB_DSN: postgresql+asyncpg://${POSTGRES_USER:-homesec}:${POSTGRES_PASSWORD:-homesec}@postgres:5432/${POSTGRES_DB:-homesec}
+
+  postgres:
+    image: ${POSTGRES_IMAGE:-postgres:16}
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER:-homesec}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-homesec}
+      POSTGRES_DB: ${POSTGRES_DB:-homesec}
+    ports:
+      - "${POSTGRES_PORT:-5432}:5432"
+    volumes:
+      - homesec_pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-homesec} -d ${POSTGRES_DB:-homesec}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+volumes:
+  homesec_config:
+  homesec_recordings:
+  homesec_storage:
+  homesec_yolo_cache:
+  homesec_pgdata: