diff --git a/config/docker-compose.yml b/config/docker-compose.yml
new file mode 100644
index 0000000..a601f99
--- /dev/null
+++ b/config/docker-compose.yml
@@ -0,0 +1,42 @@
+app:
+  name: master-service
+  env: docker-compose
+
+http:
+  host: 0.0.0.0
+  port: 8123
+
+logging:
+  level: INFO
+  output: otel
+  format: json
+
+metrics:
+  enabled: true
+
+tracing:
+  enabled: true
+
+otel:
+  service_name: master-service
+  logs_endpoint: http://otel-collector:4318/v1/logs
+  metrics_endpoint: http://otel-collector:4318/v1/metrics
+  traces_endpoint: http://otel-collector:4318/v1/traces
+  metric_export_interval: 1000
+
+docker:
+  base_url: tcp://docker-engine:2375
+
+sandbox:
+  image: nginx:1.27-alpine
+  ttl_seconds: 30
+  cleanup_interval_seconds: 5
+  chats_root: /var/lib/master-sandbox/chats
+  dependencies_host_path: /var/lib/master-dependencies
+  lambda_tools_host_path: /var/lib/master-lambda-tools
+  chat_mount_path: /workspace/chat
+  dependencies_mount_path: /opt/dependencies
+  lambda_tools_mount_path: /opt/lambda-tools
+
+security:
+  token_header: X-API-Token
diff --git a/docker-compose.yml b/docker-compose.yml
index 86e1bbb..24d5bab 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,22 +4,43 @@ services:
       context: .
       dockerfile: Dockerfile
       target: run
+    user: root
     depends_on:
-      - otel-collector
+      docker-engine:
+        condition: service_healthy
+      otel-collector:
+        condition: service_started
     environment:
-      APP_API_TOKEN: ${APP_API_TOKEN:?APP_API_TOKEN is required}
-      APP_SIGNING_KEY: ${APP_SIGNING_KEY:?APP_SIGNING_KEY is required}
-      APP_ENV: docker
-      APP_HTTP_HOST: 0.0.0.0
-      APP_HTTP_PORT: '8123'
-      APP_LOGGING_OUTPUT: otel
-      APP_METRICS_ENABLED: 'true'
-      APP_TRACING_ENABLED: 'true'
-      APP_OTEL_LOGS_ENDPOINT: http://otel-collector:4318/v1/logs
-      APP_OTEL_METRICS_ENDPOINT: http://otel-collector:4318/v1/metrics
-      APP_OTEL_TRACES_ENDPOINT: http://otel-collector:4318/v1/traces
+      APP_API_TOKEN: local-api-token
+      APP_SIGNING_KEY: local-signing-key
     ports:
       - '127.0.0.1:8123:8123'
+    volumes:
+      - ./config/docker-compose.yml:/app/config/app.yaml:ro
+      - sandbox-data:/var/lib/master-sandbox
+      - sandbox-dependencies:/var/lib/master-dependencies:ro
+      - sandbox-tools:/var/lib/master-lambda-tools:ro
+
+  docker-engine:
+    image: docker:28-dind
+    privileged: true
+    environment:
+      DOCKER_TLS_CERTDIR: ''
+    command:
+      - --host=tcp://0.0.0.0:2375
+    healthcheck:
+      test:
+        - CMD
+        - docker
+        - info
+      interval: 5s
+      timeout: 5s
+      retries: 12
+    volumes:
+      - docker-data:/var/lib/docker
+      - sandbox-data:/var/lib/master-sandbox
+      - sandbox-dependencies:/var/lib/master-dependencies
+      - sandbox-tools:/var/lib/master-lambda-tools
 
   otel-collector:
     image: grafana/otel-lgtm:latest
@@ -29,4 +50,8 @@ services:
       - lgtm-data:/data
 
 volumes:
+  docker-data:
   lgtm-data:
+  sandbox-data:
+  sandbox-dependencies:
+  sandbox-tools: