diff --git a/group_vars/all/09_networks.yml b/group_vars/all/09_networks.yml
index 54d17bf4..a7f4face 100644
--- a/group_vars/all/09_networks.yml
+++ b/group_vars/all/09_networks.yml
@@ -102,6 +102,8 @@ defaults_networks:
       subnet: 192.168.103.208/28
     web-app-bridgy-fed:
       subnet: 192.168.103.224/28
+    web-app-xwiki:
+      subnet: 192.168.103.240/28
 
     # /24 Networks / 254 Usable Clients
     web-app-bigbluebutton:
diff --git a/group_vars/all/10_ports.yml b/group_vars/all/10_ports.yml
index 78e14546..1faff12c 100644
--- a/group_vars/all/10_ports.yml
+++ b/group_vars/all/10_ports.yml
@@ -75,6 +75,7 @@ ports:
       web-app-bluesky_view: 8051
       web-app-magento: 8052
       web-app-bridgy-fed: 8053
+      web-app-xwiki:      8054
       web-app-bigbluebutton: 48087    # This port is predefined by bbb. @todo Try to change this to a 8XXX port
   public:
     # The following ports should be changed to 22 on the subdomain via stream mapping
diff --git a/roles/web-app-mediawiki/config/main.yml b/roles/web-app-mediawiki/config/main.yml
index 3db358ab..9352a6e8 100644
--- a/roles/web-app-mediawiki/config/main.yml
+++ b/roles/web-app-mediawiki/config/main.yml
@@ -2,7 +2,7 @@ sitename:       "Wiki on {{ PRIMARY_DOMAIN | upper }}"
 server:
   domains:
     canonical:
-      - "wiki.{{ PRIMARY_DOMAIN }}"
+      - "media.wiki.{{ PRIMARY_DOMAIN }}"
 docker:
   services:
     database:
diff --git a/roles/web-app-xwiki/README.md b/roles/web-app-xwiki/README.md
new file mode 100644
index 00000000..eb64511e
--- /dev/null
+++ b/roles/web-app-xwiki/README.md
@@ -0,0 +1,34 @@
+# XWiki
+
+## Description
+
+Empower your organization with **XWiki**, an open-source enterprise wiki and knowledge management platform. XWiki provides powerful collaboration features, structured content management, and extensibility through applications and plugins—all under your control.
+
+## Overview
+
+This role deploys XWiki using Docker, automating the installation, configuration, and management of your XWiki server. It integrates with an external PostgreSQL database, Redis for caching and sessions, and an Nginx reverse proxy. The role supports advanced features such as global CSS injection, Matomo analytics, OIDC authentication, and centralized logout, making it a powerful and customizable solution within the Infinito.Nexus ecosystem.
+
+## Features
+
+- **Enterprise Wiki Platform:** Create, edit, and organize pages with a powerful WYSIWYG editor and structured content support.  
+- **Advanced Rights Management:** Fine-grained permissions for users, groups, and spaces.  
+- **Extensions & Applications:** Extend functionality with hundreds of available XWiki extensions and macros.  
+- **Powerful Search:** Full-text and structured search to quickly find knowledge across spaces.  
+- **Office Integration:** Import, export, and collaborate on Office documents (Word, Excel, PDF).  
+- **Customization & Theming:** Adapt the look and feel of your wiki with skins, CSS, and scripting.  
+- **Integration Ready:** Connect with external systems such as Keycloak (OIDC), LDAP, or analytics tools like Matomo.  
+- **Scalability:** Backend support with PostgreSQL and Redis for performance and session handling.  
+
+## Further Resources
+
+- [XWiki Official Website](https://www.xwiki.org/)  
+- [XWiki Documentation](https://www.xwiki.org/xwiki/bin/view/Documentation/)  
+- [XWiki GitHub Repository](https://github.com/xwiki/xwiki-platform)  
+
+## Credits
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at [veen.world](https://www.veen.world).  
+
+Part of the [Infinito.Nexus Project](https://s.infinito.nexus/code)  
+Licensed under [Infinito.Nexus NonCommercial License](https://s.infinito.nexus/license).  
diff --git a/roles/web-app-xwiki/config/main.yml b/roles/web-app-xwiki/config/main.yml
new file mode 100644
index 00000000..99efda55
--- /dev/null
+++ b/roles/web-app-xwiki/config/main.yml
@@ -0,0 +1,31 @@
+credentials: {}
+docker:
+  services:
+    redis:
+      enabled:      false
+    database:
+      enabled:      true
+    xwiki:
+      image:        xwiki
+      version:      stable-mariadb-tomcat
+      name:         xwiki
+      backup:
+        no_stop_required: true
+  volumes:
+    data:           "xwiki_data"
+features:
+  matomo:           true
+  css:              true
+  desktop:          true
+  central_database: true
+  logout:           true
+  oidc:             true
+server:
+  csp:
+    whitelist:      {}
+    flags:          {}
+  domains:
+    canonical:
+      - "x.wiki.{{ PRIMARY_DOMAIN }}"
+rbac:
+  roles: {}
diff --git a/roles/web-app-xwiki/meta/main.yml b/roles/web-app-xwiki/meta/main.yml
new file mode 100644
index 00000000..8c5b632c
--- /dev/null
+++ b/roles/web-app-xwiki/meta/main.yml
@@ -0,0 +1,21 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "XWiki is an open-source enterprise wiki and knowledge management platform, offering collaboration tools, structured content, and extensibility through apps and plugins."
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: | 
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags: [wiki, collaboration, knowledge, documentation, cms]
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://s.infinito.nexus/code/"
+  logo:
+    class: "fas fa-book"
+  run_after:
+    - web-app-matomo
+    - web-app-keycloak
+    - web-app-mailu
+dependencies: []
diff --git a/roles/web-app-xwiki/schema/main.yml b/roles/web-app-xwiki/schema/main.yml
new file mode 100644
index 00000000..e69de29b
diff --git a/roles/web-app-xwiki/tasks/main.yml b/roles/web-app-xwiki/tasks/main.yml
new file mode 100644
index 00000000..2a4e1343
--- /dev/null
+++ b/roles/web-app-xwiki/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+- block:
+  - name: "load docker, db and proxy for {{ application_id }}"
+    include_role: 
+      name: sys-stk-full-stateful
+  - include_tasks: utils/run_once.yml
+  when: run_once_web_app_xwiki is not defined
diff --git a/roles/web-app-xwiki/templates/Dockerfile.j2 b/roles/web-app-xwiki/templates/Dockerfile.j2
new file mode 100644
index 00000000..07f84292
--- /dev/null
+++ b/roles/web-app-xwiki/templates/Dockerfile.j2
@@ -0,0 +1 @@
+FROM {{ XWIKI_IMAGE }}:{{ XWIKI_VERSION }}
diff --git a/roles/web-app-xwiki/templates/docker-compose.yml.j2 b/roles/web-app-xwiki/templates/docker-compose.yml.j2
new file mode 100644
index 00000000..eb296354
--- /dev/null
+++ b/roles/web-app-xwiki/templates/docker-compose.yml.j2
@@ -0,0 +1,23 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+  application:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: "{{ XWIKI_IMAGE_CUSTOM }}"
+    container_name: "{{ XWIKI_CONTAINER }}"
+    hostname: '{{ XWIKI_HOSTNAME}}'
+    command: ["all"]
+    ports:
+      - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}"
+    volumes:
+      - 'data:/usr/local/xwiki'
+{% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: {{ XWIKI_DATA_VOLUME }}
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
diff --git a/roles/web-app-xwiki/templates/env.j2 b/roles/web-app-xwiki/templates/env.j2
new file mode 100644
index 00000000..3f6aab0d
--- /dev/null
+++ b/roles/web-app-xwiki/templates/env.j2
@@ -0,0 +1,45 @@
+DB_USER="{{ database_username }}"
+DB_PASSWORD="{{ database_password }}"
+DB_HOST="{{ database_host }}"
+
+### Pretix core
+#XWIKI_XWIKI_INSTANCE_NAME="{{ PRIMARY_DOMAIN | upper }} Tickets"
+#XWIKI_XWIKI_ALLOWED_HOSTS="{{ XWIKI_HOSTNAME }},127.0.0.1,localhost"
+#XWIKI_XWIKI_URL="{{ XWIKI_URL }}"
+#XWIKI_XWIKI_AUTH_BACKENDS="xwiki.base.auth.NativeAuthBackend{% if XWIKI_OIDC_ENABLED %},xwiki_oidc.auth.OIDCAuthBackend{% endif %}"
+#
+### Locale
+#XWIKI_LOCALE_TIMEZONE="{{ HOST_TIMEZONE }}"
+#
+### Database
+#XWIKI_DATABASE_BACKEND="postgresql"
+#XWIKI_DATABASE_NAME="{{ database_name }}"
+#XWIKI_DATABASE_USER="{{ database_username }}"
+#XWIKI_DATABASE_PASSWORD="{{ database_password }}"
+#XWIKI_DATABASE_HOST="{{ database_host }}"
+#XWIKI_DATABASE_PORT="{{ database_port }}"
+#XWIKI_WEB_CONCURRENCY="{{ POSTGRES_ALLOWED_AVG_CONNECTIONS }}"
+#XWIKI_WORKER_THREADS="{{ (POSTGRES_ALLOWED_AVG_CONNECTIONS | int // 2 ) }}"
+#
+#{% if XWIKI_REDIS_ENABLED %}
+### Redis
+#XWIKI_REDIS_SESSIONS="true"
+#XWIKI_REDIS_LOCATION="redis://redis:6379/{{ XWIKI_REDIS_CACHE_DB }}"
+#CELERY_BROKER_URL="redis://redis:6379/{{ XWIKI_REDIS_BROKER_DB }}"
+#CELERY_RESULT_BACKEND="redis://redis:6379/{{ XWIKI_REDIS_RESULT_DB }}"
+#{% endif %}
+#
+#{% if XWIKI_OIDC_ENABLED %}
+### OIDC (plugin)
+#XWIKI_OIDC_TITLE="{{ XWIKI_OIDC_LABEL | replace('\"','\\\"') }}"
+#XWIKI_OIDC_ISSUER="{{ XWIKI_OIDC_ISSUER }}"
+#XWIKI_OIDC_AUTHORIZATION_ENDPOINT="{{ XWIKI_OIDC_AUTH_URL }}"
+#XWIKI_OIDC_TOKEN_ENDPOINT="{{ XWIKI_OIDC_TOKEN_URL }}"
+#XWIKI_OIDC_USERINFO_ENDPOINT="{{ XWIKI_OIDC_USERINFO_URL }}"
+#XWIKI_OIDC_END_SESSION_ENDPOINT="{{ XWIKI_OIDC_LOGOUT_URL }}"
+#XWIKI_OIDC_JWKS_URI="{{ XWIKI_OIDC_JWKS_URL }}"
+#XWIKI_OIDC_CLIENT_ID="{{ XWIKI_OIDC_CLIENT_ID }}"
+#XWIKI_OIDC_CLIENT_SECRET="{{ XWIKI_OIDC_CLIENT_SECRET }}"
+#XWIKI_OIDC_SCOPES="{{ XWIKI_OIDC_SCOPES }}"
+#XWIKI_OIDC_UNIQUE_ATTRIBUTE="{{ XWIKI_OIDC_UNIQUE_ATTRIBUTE }}"
+#{% endif %}
diff --git a/roles/web-app-xwiki/vars/main.yml b/roles/web-app-xwiki/vars/main.yml
new file mode 100644
index 00000000..42f2845e
--- /dev/null
+++ b/roles/web-app-xwiki/vars/main.yml
@@ -0,0 +1,33 @@
+# General
+application_id:                 "web-app-xwiki"
+database_type:                  "postgres"
+container_port:                 8080
+container_hostname:             "{{ domains | get_domain(application_id) }}"
+
+# Pretix
+
+## URLs
+XWIKI_URL:                     "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
+XWIKI_HOSTNAME:                "{{ container_hostname }}"
+
+## OIDC (mirrors GitLab’s pattern)
+XWIKI_OIDC_ENABLED:            "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
+XWIKI_OIDC_LABEL:              "{{ OIDC.BUTTON_TEXT }}"
+XWIKI_OIDC_CLIENT_ID:          "{{ OIDC.CLIENT.ID }}"
+XWIKI_OIDC_CLIENT_SECRET:      "{{ OIDC.CLIENT.SECRET }}"
+XWIKI_OIDC_ISSUER:             "{{ OIDC.CLIENT.ISSUER_URL }}"
+XWIKI_OIDC_AUTH_URL:           "{{ OIDC.CLIENT.AUTHORIZE_URL }}"
+XWIKI_OIDC_TOKEN_URL:          "{{ OIDC.CLIENT.TOKEN_URL }}"
+XWIKI_OIDC_USERINFO_URL:       "{{ OIDC.CLIENT.USER_INFO_URL }}"
+XWIKI_OIDC_LOGOUT_URL:         "{{ OIDC.CLIENT.LOGOUT_URL }}"
+XWIKI_OIDC_JWKS_URL:           "{{ OIDC.CLIENT.CERTS }}"
+XWIKI_OIDC_SCOPES:             "openid,email,profile"
+# Use Keycloak username claim by default (plugin default is 'sub')
+XWIKI_OIDC_UNIQUE_ATTRIBUTE:   "{{ OIDC.ATTRIBUTES.USERNAME }}"
+
+## Docker
+XWIKI_IMAGE_CUSTOM:            "xwiki_custom"
+XWIKI_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.xwiki.image') }}"
+XWIKI_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.xwiki.version') }}"
+XWIKI_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.xwiki.name') }}"
+XWIKI_DATA_VOLUME:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"