diff --git a/README.md b/README.md
index e5d820f..4888ae3 100644
--- a/README.md
+++ b/README.md
@@ -20,3 +20,4 @@ All services below are implemented using Docker:
 - RSS feed reader using [FreshRSS](https://miniflux.app/)
 - Metrics using [Prometheus](https://prometheus.io/)
 - Latex editor using [Overleaf](https://www.overleaf.com/) ([latex.pim.kunis.nl](https://latex.pim.kunis.nl))
+- Markdown editor using [Hedgedoc](https://hedgedoc.org/)
diff --git a/ansible/max.yml b/ansible/max.yml
index 3bf7cec..f2e06e0 100644
--- a/ansible/max.yml
+++ b/ansible/max.yml
@@ -21,3 +21,4 @@
     - {role: 'inbucket', tags: 'inbucket'}
     - {role: 'prometheus', tags: 'prometheus'}
     - {role: 'overleaf', tags: 'overleaf'}
+    - {role: 'hedgedoc', tags: 'hedgedoc'}
diff --git a/ansible/roles/cyberchef/tasks/main.yml b/ansible/roles/cyberchef/tasks/main.yml
index 2518ba7..34ec717 100644
--- a/ansible/roles/cyberchef/tasks/main.yml
+++ b/ansible/roles/cyberchef/tasks/main.yml
@@ -11,4 +11,3 @@
     project_src: "{{ service_dir }}"
     pull: true
     remove_orphans: true
-
diff --git a/ansible/roles/forgejo/vars/main.yml b/ansible/roles/forgejo/vars/main.yml
index 38d58cc..7cad12e 100644
--- a/ansible/roles/forgejo/vars/main.yml
+++ b/ansible/roles/forgejo/vars/main.yml
@@ -3,7 +3,6 @@ data_dir: "{{ base_data_dir }}/{{ service_name }}"
 service_dir: "{{ base_service_dir }}/{{ service_name }}"
 git_domain: "git.{{ domain_name_pim }}"
 
-
 forgejo:
   root_url: "https://{{ git_domain }}"
   mailer_host: "smtp.tweak.nl"
diff --git a/ansible/roles/hedgedoc/meta/main.yml b/ansible/roles/hedgedoc/meta/main.yml
new file mode 100644
index 0000000..6b03734
--- /dev/null
+++ b/ansible/roles/hedgedoc/meta/main.yml
@@ -0,0 +1,4 @@
+dependencies:
+  - role: common
+  - role: docker
+  - role: traefik
diff --git a/ansible/roles/hedgedoc/tasks/main.yml b/ansible/roles/hedgedoc/tasks/main.yml
new file mode 100644
index 0000000..aa5d846
--- /dev/null
+++ b/ansible/roles/hedgedoc/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Create service directory
+  file:
+    path: "{{ service_dir }}"
+    state: directory
+- name: Copy Docker Compose script
+  template:
+    src: "{{ role_path }}/templates/docker-compose.yml.j2"
+    dest: "{{ service_dir }}/docker-compose.yml"
+- name: Create data directory
+  file:
+    path: "{{ data_dir }}"
+    state: directory
+- name: Create uploads directory
+  file:
+    path: "{{ data_dir }}/uploads"
+    state: directory
+    mode: 0777
+- name: Start the Docker Compose
+  docker_compose:
+    project_src: "{{ service_dir }}"
+    pull: true
+    remove_orphans: true
diff --git a/ansible/roles/hedgedoc/templates/docker-compose.yml.j2 b/ansible/roles/hedgedoc/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..bc7f6f5
--- /dev/null
+++ b/ansible/roles/hedgedoc/templates/docker-compose.yml.j2
@@ -0,0 +1,48 @@
+version: '3'
+
+networks:
+  traefik:
+    external: true
+  internal:
+    external: false
+
+services:
+  database:
+    image: postgres:13.4-alpine
+    environment:
+      - POSTGRES_USER=hedgedoc
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=hedgedoc
+    volumes:
+      - {{ data_dir }}/database:/var/lib/postgresql/data
+    restart: always
+    networks:
+      - internal
+  app:
+    image: quay.io/hedgedoc/hedgedoc:1.9.7
+    environment:
+      - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
+      - CMD_DOMAIN={{ hedgedoc_domain }}
+      - CMD_PORT=3000
+      - CMD_URL_ADDPORT=false
+      - CMD_ALLOW_ANONYMOUS=true
+      - CMD_ALLOW_EMAIL_REGISTER=false
+      - CMD_PROTOCOL_USESSL=true
+      - CMD_SESSION_SECRET={{ session_secret }}
+    volumes:
+      - {{ data_dir }}/uploads:/hedgedoc/public/uploads
+    restart: always
+    depends_on:
+      - database
+    networks:
+      - traefik
+      - internal
+    labels:
+          - traefik.enable=true
+          - traefik.http.routers.hedgedoc.entrypoints=websecure
+          - traefik.http.routers.hedgedoc.rule=Host(`{{ hedgedoc_domain }}`)
+          - traefik.http.routers.hedgedoc.tls=true
+          - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt
+          - treafik.http.routers.hedgedoc.service=hedgedoc
+          - traefik.http.services.hedgedoc.loadbalancer.server.port=3000
+          - traefik.docker.network=traefik
diff --git a/ansible/roles/hedgedoc/vars/main.yml b/ansible/roles/hedgedoc/vars/main.yml
new file mode 100644
index 0000000..10f93d8
--- /dev/null
+++ b/ansible/roles/hedgedoc/vars/main.yml
@@ -0,0 +1,14 @@
+service_name: hedgedoc
+data_dir: "{{ base_data_dir }}/{{ service_name }}"
+service_dir: "{{ base_service_dir }}/{{ service_name }}"
+hedgedoc_domain: "md.{{ domain_name_pim }}"
+session_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          30633835386265643561343033326536653166343630396139303137613138383233666565666330
+          3032613865333836656566626435383165396539323837350a376331306464643766373839386638
+          65653865343539633636323833343964636332636461386434386432306230343833343431363134
+          6563373138626637650a633932313862326231666330343662343765666166373961376237396434
+          33396131353830323063326266623862353731653665626466653335656434303033353333353164
+          61613535373037646565386131383631366338616565373261396136616433393462313537313861
+          35313661616365373231373963323865393635626132343138363230313431636333363130346239
+          32656335333635613736