diff --git a/dns.yml b/dns.yml
index 26803c1..3b0cca2 100644
--- a/dns.yml
+++ b/dns.yml
@@ -27,6 +27,8 @@
             ip: "152.53.36.98"
           - name: "code"
             ip: "152.53.36.98"
+          - name: "snippets"
+            ip: "152.53.36.98"
           - name: cal
             ip: "152.53.36.98"
           - name: phlog
@@ -49,6 +51,8 @@
             ip: "152.53.36.98"
           - name: gotify-assistant
             ip: "152.53.36.98"
+          - name: pdg
+            ip: "152.53.36.98"
       - name: nerder.land
         dns_records:
           - name: "forms"
diff --git a/group_vars/all/domains.yml b/group_vars/all/domains.yml
index a5bf881..f6118b5 100644
--- a/group_vars/all/domains.yml
+++ b/group_vars/all/domains.yml
@@ -29,6 +29,7 @@ subdomains:
   appriseapi: "appriseapi.{{ primary_domain }}"
   dockge: "dockge.{{ primary_domain }}"
   code: "code.{{ primary_domain }}"  # Code Server
+  bytestash: "snippets.{{ primary_domain }}"  # ByteStash code snippets
   gotify: "gotify.{{ primary_domain }}"  # Gotify notifications
   gotify_assistant: "gotify-assistant.{{ primary_domain }}"  # iGotify iOS assistant
 
diff --git a/roles/docker/files/Caddyfile b/roles/docker/files/Caddyfile
index 41e3600..ea6243f 100644
--- a/roles/docker/files/Caddyfile
+++ b/roles/docker/files/Caddyfile
@@ -49,6 +49,10 @@ code.thesatelliteoflove.com {
     reverse_proxy authentik-server-1:9000
 }
 
+snippets.thesatelliteoflove.com {
+    reverse_proxy bytestash:5000
+}
+
 files.thesatelliteoflove.com {
     reverse_proxy pingvin-pingvin-share-1:3000
 }
@@ -64,8 +68,6 @@ thesatelliteoflove.com {
     file_server
 }
 
-
-
 bookmarks.thesatelliteoflove.com {
     reverse_proxy hoarder-web-1:3000
 }
@@ -91,6 +93,17 @@ gotify-assistant.thesatelliteoflove.com {
     reverse_proxy gotify-igotify-assistant-1:8080
 }
 
+pdg.thesatelliteoflove.com {
+    root * /srv/pdg
+    try_files {path} {path}.html {path}/ =404
+    file_server
+    encode gzip
+ 
+    handle_errors {
+        rewrite * /{err.status_code}.html
+        file_server
+    }
+}
 
 repair.nerder.land {
     root * /srv/repair
diff --git a/roles/docker/tasks/development/bytestash.yml b/roles/docker/tasks/development/bytestash.yml
new file mode 100644
index 0000000..05f368a
--- /dev/null
+++ b/roles/docker/tasks/development/bytestash.yml
@@ -0,0 +1,19 @@
+- name: make bytestash directories
+  ansible.builtin.file:
+    path: "{{ item}}"
+    state: directory
+  loop:
+    - /opt/stacks/bytestash
+
+- name: Template out the compose file
+  ansible.builtin.template:
+    src: bytestash-compose.yml.j2
+    dest: /opt/stacks/bytestash/compose.yml
+    owner: root
+    mode: 644
+
+- name: deploy bytestash stack
+  community.docker.docker_compose_v2:
+    project_src: /opt/stacks/bytestash
+    files:
+    - compose.yml
\ No newline at end of file
diff --git a/roles/docker/tasks/development/main.yml b/roles/docker/tasks/development/main.yml
index 216946b..4b4b4f3 100644
--- a/roles/docker/tasks/development/main.yml
+++ b/roles/docker/tasks/development/main.yml
@@ -9,3 +9,7 @@
   import_tasks: codeserver.yml
   tags: codeserver
 
+- name: Install bytestash
+  import_tasks: bytestash.yml
+  tags: bytestash
+
diff --git a/roles/docker/templates/bytestash-compose.yml.j2 b/roles/docker/templates/bytestash-compose.yml.j2
new file mode 100644
index 0000000..de5cc43
--- /dev/null
+++ b/roles/docker/templates/bytestash-compose.yml.j2
@@ -0,0 +1,37 @@
+services:
+  bytestash:
+    image: ghcr.io/jordan-dalby/bytestash:latest
+    container_name: bytestash
+    restart: unless-stopped
+    volumes:
+      - bytestash_data:/data/snippets
+    environment:
+      JWT_SECRET: "{{ vault_bytestash.jwt_secret }}"
+      TOKEN_EXPIRY: "24h"
+      ALLOW_NEW_ACCOUNTS: "true"
+      DEBUG: "false"
+      DISABLE_ACCOUNTS: "false"
+      DISABLE_INTERNAL_ACCOUNTS: "false"
+      OIDC_ENABLED: "true"
+      OIDC_DISPLAY_NAME: "Login with Authentik"
+      OIDC_ISSUER_URL: "https://{{ subdomains.auth }}/application/o/bytestash/"
+      OIDC_CLIENT_ID: "{{ vault_bytestash.oidc_client_id }}"
+      OIDC_CLIENT_SECRET: "{{ vault_bytestash.oidc_client_secret }}"
+      OIDC_SCOPES: "openid profile email"
+    extra_hosts:
+      - "{{ subdomains.auth }}:{{ docker.hairpin_ip }}"
+    labels:
+      glance.name: ByteStash
+      glance.icon: si:code
+      glance.url: https://{{ subdomains.bytestash }}/
+      glance.description: Code snippet manager
+      glance.id: bytestash
+
+volumes:
+  bytestash_data:
+    driver: local
+
+networks:
+  default:
+    external: true
+    name: {{ docker.network_name }}
\ No newline at end of file
diff --git a/roles/docker/templates/codeserver-compose.yml.j2 b/roles/docker/templates/codeserver-compose.yml.j2
index 9233f44..7d83559 100644
--- a/roles/docker/templates/codeserver-compose.yml.j2
+++ b/roles/docker/templates/codeserver-compose.yml.j2
@@ -7,6 +7,7 @@ services:
       glance.icon: si:vscodium
       glance.url: https://{{ subdomains.code }}/
       glance.description: Code Server
+      mag37.dockcheck.update: true
     container_name: codeserver
     volumes:
       - home:/home