diff --git a/docker-compose.override.yml b/docker-compose.override.yml
new file mode 100644
index 0000000..b9fbf82
--- /dev/null
+++ b/docker-compose.override.yml
@@ -0,0 +1,11 @@
+services:
+  idhub:
+    environment:
+      - DEBUG=true
+      - CREATE_TEST_USERS=true
+    volumes:
+      - .:/opt/idhub
+
+  idhub-postgres:
+    ports:
+      - 5433:5432
diff --git a/docker-compose.prod.override.yml b/docker-compose.prod.override.yml
new file mode 100644
index 0000000..36c7eb8
--- /dev/null
+++ b/docker-compose.prod.override.yml
@@ -0,0 +1,10 @@
+services:
+  idhub:
+    environment:
+      - DEBUG=false
+      - CREATE_TEST_USERS=false
+    volumes:
+      - idhub_data:/opt/idhub
+
+volumes:
+  idhub_data:
diff --git a/docker-compose.yml b/docker-compose.yml
index b55424a..ae2533c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,21 +7,20 @@ services:
       context: .
       dockerfile: docker/idhub.Dockerfile
     environment:
+      # General
       - DOMAIN=${IDHUB_DOMAIN:-localhost}
       - ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-$IDHUB_DOMAIN}
       - DEBUG=true
       - DEMO=${IDHUB_DEMO:-}
+
+      # Admin & User
       - INITIAL_ADMIN_EMAIL=${IDHUB_ADMIN_EMAIL}
       - INITIAL_ADMIN_PASSWORD=${IDHUB_ADMIN_PASSWD}
       - CREATE_TEST_USERS=true
+
+      # Email Configuration
       - ENABLE_EMAIL=${IDHUB_ENABLE_EMAIL:-true}
-      - ENABLE_2FACTOR_AUTH=${IDHUB_ENABLE_2FACTOR_AUTH:-true}
       - ENABLE_DOMAIN_CHECKER=${IDHUB_ENABLE_DOMAIN_CHECKER:-true}
-      - PREDEFINED_TOKEN=${IDHUB_PREDEFINED_TOKEN:-}
-      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
-      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
-      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
-      - PORT=${IDHUB_PORT:-9001}
       - DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
       - EMAIL_HOST=${IDHUB_EMAIL_HOST}
       - EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
@@ -29,22 +28,32 @@ services:
       - EMAIL_PORT=${IDHUB_EMAIL_PORT}
       - EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
       - EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
-      - SUPPORTED_CREDENTIALS=${IDHUB_SUPPORTED_CREDENTIALS:-}
+
+      # Auth & Security
+      - SECRET_KEY=${IDHUB_SECRET_KEY:-publicsecretisnotsecureVtmKBfxpVV47PpBCF2Nzz2H6qnbd}
+      - PREDEFINED_TOKEN=${IDHUB_PREDEFINED_TOKEN:-}
+      - ENABLE_2FACTOR_AUTH=${IDHUB_ENABLE_2FACTOR_AUTH:-true}
+
+      # App
       - SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
+      - STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
+      - MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
+      - PORT=${IDHUB_PORT:-9001}
+      - SUPPORTED_CREDENTIALS=${IDHUB_SUPPORTED_CREDENTIALS:-}
+
+      # DB vars
       - DB_PORT=${IDHUB_DB_PORT:-5432}
       - DB_HOST=${IDHUB_DB_HOST:-devicehub-postgres}
       - DB_NAME=${IDHUB_DB_NAME}
       - DB_USER=${IDHUB_DB_USER}
       - DB_PASSWORD=${IDHUB_DB_PASSWORD}
+
     ports:
       - ${IDHUB_PORT:-9001}:${IDHUB_PORT:-9001}
-    # TODO manage volumes dev vs prod
-    volumes:
-      - .:/opt/idhub
     depends_on:
-        idhub-postgres:
-          condition: service_healthy
-          restart: true
+      idhub-postgres:
+        condition: service_healthy
+        restart: true
 
   idhub-postgres:
     image: postgres:17
@@ -55,13 +64,11 @@ services:
     volumes:
       - idhub_pg_data:/var/lib/postgresql/data
     healthcheck:
-    # https://docs.docker.com/compose/how-tos/startup-order/
       test: ["CMD-SHELL", "pg_isready -U ${IDHUB_DB_USER} -d ${IDHUB_DB_NAME}"]
       start_period: 1s
       interval: 1s
       timeout: 10s
       retries: 10
 
-
 volumes:
   idhub_pg_data: