diff --git a/lotus-land-story/linkding.yml b/lotus-land-story/linkding.yml
new file mode 100644
index 0000000..0becb89
--- /dev/null
+++ b/lotus-land-story/linkding.yml
@@ -0,0 +1,40 @@
+- name: Set up linkding
+  hosts: lotus-land-story
+  vars_files:
+    - vars.yml
+  vars:
+    version: 1.36.0-plus
+  tasks:
+
+    - name: Make /mnt/lotus-land-story/linkding
+      ansible.builtin.file:
+        path: /mnt/lotus-land-story/{{ item }}
+        state: directory
+        mode: "0755"
+      loop:
+        - linkding
+
+    - name: Run linkding
+      community.docker.docker_container:
+        name: linkding
+        image: sissbruecker/linkding:{{ version }}
+        restart: true
+        env:
+          LD_ENABLE_OIDC: "True"
+          OIDC_OP_AUTHORIZATION_ENDPOINT: https://auth.kejadlen.dev/api/oidc/authorization
+          OIDC_OP_TOKEN_ENDPOINT: https://auth.kejadlen.dev/api/oidc/token
+          OIDC_OP_USER_ENDPOINT: https://auth.kejadlen.dev/api/oidc/userinfo
+          OIDC_OP_JWKS_ENDPOINT: https://auth.kejadlen.dev/jwks.json
+          OIDC_RP_CLIENT_ID: linkding
+          OIDC_RP_CLIENT_SECRET: "{{ linkding.oidc_rp_client_secret }}"
+        volumes:
+          - /mnt/lotus-land-story/linkding:/etc/linkding/data
+        restart_policy: unless-stopped
+        networks:
+          - name: lotus_land_story
+
+  handlers:
+    - name: Import restarts
+      ansible.builtin.import_tasks: restarts.yml
+
+# vim: ft=yaml.ansible
diff --git a/lotus-land-story/miniflux.yml b/lotus-land-story/miniflux.yml
index 60813bc..a225e03 100644
--- a/lotus-land-story/miniflux.yml
+++ b/lotus-land-story/miniflux.yml
@@ -45,7 +45,7 @@
   vars_files:
     - vars.yml
   vars:
-    version: 2.2.2
+    version: 2.2.3
   tasks:
 
     - name: Get docker network
diff --git a/lotus-land-story/templates/Caddyfile b/lotus-land-story/templates/Caddyfile
index 8784d26..5937bb2 100644
--- a/lotus-land-story/templates/Caddyfile
+++ b/lotus-land-story/templates/Caddyfile
@@ -143,4 +143,8 @@ cadvisor.kejadlen.dev {
 	}
 }
 
+links.kejadlen.dev {
+	reverse_proxy linkding:9090
+}
+
 # vim: ts=4
diff --git a/lotus-land-story/templates/authelia_configuration.yml b/lotus-land-story/templates/authelia_configuration.yml
index beed258..5c7a511 100644
--- a/lotus-land-story/templates/authelia_configuration.yml
+++ b/lotus-land-story/templates/authelia_configuration.yml
@@ -115,3 +115,16 @@ identity_providers:
           - email
           - profile
           - groups
+
+      # https://linkding.link/options/#ld_enable_oidc
+      - client_id: linkding
+        client_name: linkding
+        client_secret: $argon2id$v=19$m=65536,t=3,p=4$dEQme8tnUUYArRvqSMEoUQ$nNygQmREKhzqf0OBLz0AY1th7mV0PZ1DS6M2GBdU+cE
+        public: false
+        token_endpoint_auth_method: client_secret_post
+        redirect_uris:
+          - https://links.kejadlen.dev/oidc/callback/
+        scopes:
+          - openid
+          - email
+          - profile
diff --git a/main.tf b/main.tf
index 0a2bca4..cd08052 100644
--- a/main.tf
+++ b/main.tf
@@ -19,6 +19,11 @@ variable "soa_email" {
   nullable = false
 }
 
+variable "subdomains" {
+  type = map(list(string))
+  nullable = false
+}
+
 data "linode_instances" "ramble_hard" {
   filter {
     name = "label"