diff --git a/hosts b/hosts
index 81e2681..618a334 100644
--- a/hosts
+++ b/hosts
@@ -30,6 +30,8 @@ registry_url=localhost
 registry_user=
 registry_pass=
 bitcoin_version=26.0
+clightning_version=23.11.2
+clightning_platform=Fedora-28-amd64
 bitcoin_rpcuser=n0xb0x
 bitcoin_rpcpassword=rVhfmriXjB8uFekmn7sLvnUiY610JaOx
 electrs_version=0.10.2
diff --git a/roles/apps/files/clightning/entrypoint.sh b/roles/apps/files/clightning/entrypoint.sh
new file mode 100644
index 0000000..9089440
--- /dev/null
+++ b/roles/apps/files/clightning/entrypoint.sh
@@ -0,0 +1,38 @@
+#! /bin/sh
+#
+# entrypoint.sh
+# Copyright (C) 2024 barry <barry@a9.local>
+#
+# Distributed under terms of the MIT license.
+#
+
+
+#!/bin/sh
+set -e
+
+# give bitcoind a second to bootup
+sleep 1
+
+# containers on linux share file permissions with hosts.
+# assigning the same uid/gid from the host user
+# ensures that the files can be read/write from both sides
+if ! id clightning > /dev/null 2>&1; then
+  USERID=${USERID:-1000}
+  GROUPID=${GROUPID:-1000}
+
+  echo "adding user clightning ($USERID:$GROUPID)"
+  groupadd -f -g $GROUPID clightning
+  useradd -r -u $USERID -g $GROUPID clightning
+  # ensure correct ownership of user home dir
+  mkdir -p /home/clightning
+  chown -R $USERID:$GROUPID /home/clightning
+fi
+
+if [ $(echo "$1" | cut -c1) = "-" ]; then
+  echo "$0: assuming arguments for lightningd"
+
+  set -- lightningd "$@"
+fi
+
+echo "$@"
+exec "$@"
diff --git a/roles/apps/templates/clightning/Containerfile.j2 b/roles/apps/templates/clightning/Containerfile.j2
new file mode 100644
index 0000000..5db80c8
--- /dev/null
+++ b/roles/apps/templates/clightning/Containerfile.j2
@@ -0,0 +1,45 @@
+FROM docker.io/almalinux/9-minimal:latest as build
+
+RUN microdnf update -y && microdnf install -y ca-certificates \
+  gnupg2 \
+  libatomic \
+  wget \
+  tar \
+  gzip \
+  && microdnf clean all && rm -fr /tmp/* /var/tmp/*
+
+ARG BVERSION={{bitcoin_version}}
+ARG CLVERSION={{clightning_version}}
+ARG CLPLATFORM={{clightning_platform}}
+ARG BITCOIN_CORE_SIGNATURE=71A3B16735405025D447E8F274810B012346C9A6
+
+RUN mkdir /tmp/bitcoin && cd /tmp/bitcoin \
+    && gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys ${BITCOIN_CORE_SIGNATURE} \
+    && wget https://bitcoincore.org/bin/bitcoin-core-${BVERSION}/SHA256SUMS.asc \
+    https://bitcoincore.org/bin/bitcoin-core-${BVERSION}/SHA256SUMS \
+    https://bitcoincore.org/bin/bitcoin-core-${BVERSION}/bitcoin-${BVERSION}-x86_64-linux-gnu.tar.gz \
+    && gpg --verify --status-fd 1 --verify SHA256SUMS.asc SHA256SUMS 2>/dev/null | grep "^\[GNUPG:\] VALIDSIG.*${BITCOIN_CORE_SIGNATURE}\$" \
+    && sha256sum --ignore-missing --check SHA256SUMS \
+    && tar -xzvf bitcoin-${BVERSION}-x86_64-linux-gnu.tar.gz --strip=1 -C / \
+    && rm -v /bin/test_bitcoin /bin/bitcoin-qt /bin/bitcoind \
+	&& mkdir /tmp/clightning && cd /tmp/clightning \
+	&& wget https://raw.githubusercontent.com/ElementsProject/lightning/master/contrib/keys/cdecker.txt \
+	&& wget https://raw.githubusercontent.com/ElementsProject/lightning/master/contrib/keys/rustyrussell.txt \
+	&& gpg --import cdecker.txt rustyrussell.txt \
+	&& wget https://github.com/ElementsProject/lightning/releases/download/v${CLVERSION}/clightning-v${CLVERSION}-${CLPLATFORM}.tar.gz \
+	&& wget https://https://github.com/ElementsProject/lightning/releases/download/v${CLVERSION}/SHA256SUMS \
+	&& wget https://github.com/ElementsProject/lightning/releases/download/v${CLVERSION}/SHA256SUMS.asc \
+	&& gpg --verify --status-fd 1 --verify SHA256SUMS.asc SHA256SUMS 2>/dev/null | grep "^\[GNUPG:\].VALIDSIG" \
+    && sha256sum --ignore-missing --check SHA256SUMS \
+	&& tar -xzvf clightning-v${CLVERSION}-${CLPLATFORM}.tar.gz -C /
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 9735 9835
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+CMD ["lightningd"]
+