diff --git a/sql/init_pgvector.sql b/sql/init_pgvector.sql
index 11fa6ae..06469d1 100644
--- a/sql/init_pgvector.sql
+++ b/sql/init_pgvector.sql
@@ -1,5 +1,35 @@
+-- Wird beim ersten Start des Containers automatisch ausgeführt
+-- (liegt in /docker-entrypoint-initdb.d/)
+--
+-- Zweck:
+--  - DBs anlegen: n8n, vectors
+--  - pgvector Extension in beiden DBs aktivieren
+--  - optional Schema vec in vectors vorbereiten
+
+\connect postgres
+
+-- Datenbanken anlegen (idempotent)
+SELECT 'CREATE DATABASE n8n'
+WHERE NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'n8n') \gexec;
+
+SELECT 'CREATE DATABASE vectors'
+WHERE NOT EXISTS (SELECT 1 FROM pg_database WHERE datname = 'vectors') \gexec;
+
+-- pgvector in n8n aktivieren (schadet nicht, hilft evtl. später)
+\connect n8n
 CREATE EXTENSION IF NOT EXISTS vector;
 
--- Optional, aber hilfreich:
--- CREATE EXTENSION IF NOT EXISTS pgcrypto;
+-- pgvector in vectors aktivieren
+\connect vectors
+CREATE EXTENSION IF NOT EXISTS vector;
 
+-- Optional: Schema vorbereiten
+CREATE SCHEMA IF NOT EXISTS vec;
+
+-- Optional: Beispiel-Tabelle (Dimension an Embeddings anpassen, z.B. 768 / 1024 / 1536)
+-- CREATE TABLE IF NOT EXISTS vec.documents (
+--   id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+--   content text,
+--   metadata jsonb,
+--   embedding vector(1536)
+-- );
diff --git a/templates/docker-compose.yml b/templates/docker-compose.yml
index 9c90cc1..dd0e227 100644
--- a/templates/docker-compose.yml
+++ b/templates/docker-compose.yml
@@ -1,70 +1,81 @@
 services:
-  n8n-db:
-    image: postgres:15-alpine
-    container_name: n8n-db
+  db:
+    image: pgvector/pgvector:pg16
+    container_name: customer-db
     restart: unless-stopped
     environment:
-      POSTGRES_USER: ${N8N_DB_USER}
-      POSTGRES_PASSWORD: ${N8N_DB_PASS}
-      POSTGRES_DB: ${N8N_DB_NAME}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+      TZ: ${TZ:-Europe/Berlin}
     volumes:
-      - ./volumes/n8n-db:/var/lib/postgresql/data
-    networks: [custnet]
-
-  supabase-db:
-    image: pgvector/pgvector:pg15
-    container_name: supabase-db
-    restart: unless-stopped
-    environment:
-      POSTGRES_USER: ${SB_DB_USER}
-      POSTGRES_PASSWORD: ${SB_DB_PASS}
-      POSTGRES_DB: ${SB_DB_NAME}
-    volumes:
-      - ./volumes/supabase-db:/var/lib/postgresql/data
-      - ./sql/init_pgvector.sql:/docker-entrypoint-initdb.d/init_pgvector.sql:ro
-    networks: [custnet]
+      - db_data:/var/lib/postgresql/data
+      - ./sql/init_pgvector.sql:/docker-entrypoint-initdb.d/10-init_pgvector.sql:ro
+    networks:
+      - internal
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB} -h 127.0.0.1"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
 
   n8n:
-    image: docker.n8n.io/n8nio/n8n:latest
+    image: n8nio/n8n:latest
     container_name: n8n
     restart: unless-stopped
     depends_on:
-      - n8n-db
+      db:
+        condition: service_healthy
     ports:
       - "5678:5678"
     environment:
-      # n8n DB
-      DB_TYPE: postgresdb
-      DB_POSTGRESDB_HOST: n8n-db
-      DB_POSTGRESDB_PORT: 5432
-      DB_POSTGRESDB_DATABASE: ${N8N_DB_NAME}
-      DB_POSTGRESDB_USER: ${N8N_DB_USER}
-      DB_POSTGRESDB_PASSWORD: ${N8N_DB_PASS}
+      TZ: ${TZ:-Europe/Berlin}
 
-      # n8n base
-      N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
-      GENERIC_TIMEZONE: Europe/Berlin
-      N8N_PORT: 5678
-
-      # External URL (Reverse Proxy Ziel)
+      # --- n8n core ---
       N8N_HOST: ${N8N_HOST}
+      N8N_PORT: 5678
       N8N_PROTOCOL: https
+      N8N_PATH: /
       N8N_EDITOR_BASE_URL: ${N8N_EDITOR_BASE_URL}
       WEBHOOK_URL: ${WEBHOOK_URL}
 
-      # solange noch kein TLS/Proxy aktiv:
-      N8N_SECURE_COOKIE: "false"
+      # Reverse-Proxy Betrieb (OPNsense davor)
+      N8N_PROXY_HOPS: 1
+      N8N_SECURE_COOKIE: true
 
-      # optional Basic Auth
+      # Optionaler Basisschutz via BasicAuth
       N8N_BASIC_AUTH_ACTIVE: "true"
-      N8N_BASIC_AUTH_USER: ${N8N_BASIC_AUTH_USER}
-      N8N_BASIC_AUTH_PASSWORD: ${N8N_BASIC_AUTH_PASSWORD}
+      N8N_BASIC_AUTH_USER: ${DASHBOARD_USERNAME}
+      N8N_BASIC_AUTH_PASSWORD: ${DASHBOARD_PASSWORD}
+
+      # Verschlüsselung für Credentials
+      N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
+
+      # --- DB für n8n ---
+      DB_TYPE: postgresdb
+      DB_POSTGRESDB_HOST: db
+      DB_POSTGRESDB_PORT: 5432
+      DB_POSTGRESDB_DATABASE: n8n
+      DB_POSTGRESDB_USER: ${POSTGRES_USER}
+      DB_POSTGRESDB_PASSWORD: ${POSTGRES_PASSWORD}
+
+      # Qualität-of-life
+      GENERIC_TIMEZONE: ${TZ:-Europe/Berlin}
 
     volumes:
-      - ./volumes/n8n-data:/home/node/.n8n
-    networks: [custnet]
+      - n8n_data:/home/node/.n8n
+    networks:
+      - internal
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5678/ >/dev/null 2>&1 || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 20
 
 networks:
-  custnet:
+  internal:
     driver: bridge
 
+volumes:
+  db_data:
+  n8n_data: