diff --git a/obsidian-sync/couchdb/local.ini b/obsidian-sync/couchdb/local.ini
new file mode 100644
index 0000000..88d3321
--- /dev/null
+++ b/obsidian-sync/couchdb/local.ini
@@ -0,0 +1,39 @@
+# =============================================================================
+# 10-livesync.ini  —  CouchDB config overrides for Obsidian Self-hosted LiveSync
+# Lands in /opt/couchdb/etc/local.d/ so it overrides base defaults.
+# Reference: vrtmrz/obsidian-livesync "Setup your own server" docs.
+# =============================================================================
+
+[couchdb]
+# Single machine, no clustering. Required for a standalone LiveSync server.
+single_node = true
+# Allow large notes/attachments (50 MB). Raise if you paste big PDFs/images.
+max_document_size = 50000000
+
+[chttpd]
+# Listen on all interfaces inside the container (Traefik reaches it via the net).
+bind_address = 0.0.0.0
+# LiveSync streams revisions in big batches; default request cap is too small.
+max_http_request_size = 4294967296
+# Force every request to carry valid credentials — this is CouchDB's own auth,
+# i.e. the reason we do NOT also put Traefik basicAuth in front of it.
+require_valid_user = true
+
+[chttpd_auth]
+require_valid_user = true
+
+[httpd]
+WWW-Authenticate = Basic realm="couchdb"
+
+# --- CORS -------------------------------------------------------------------
+# LiveSync runs inside browsers with DIFFERENT origins:
+#   desktop Obsidian -> app://obsidian.md
+#   mobile Obsidian  -> capacitor://localhost
+#   Ignis            -> https://notes.manohargupta.com
+# So we must allow cross-origin credentialed requests from all of them.
+[cors]
+origins = *
+credentials = true
+headers = accept, authorization, content-type, origin, referer
+methods = GET, PUT, POST, HEAD, DELETE
+max_age = 3600