diff --git a/bitlair.yaml b/bitlair.yaml
index f4ece91..449f529 100644
--- a/bitlair.yaml
+++ b/bitlair.yaml
@@ -75,3 +75,9 @@
 - hosts: ldap
   roles:
     - { role: "common", tags: [ "common" ] }
+
+- hosts: tickets
+  roles:
+    - { role: "common", tags: [ "common" ] }
+    - { role: "acme", tags: [ "acme" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
diff --git a/group_vars/tickets.yaml b/group_vars/tickets.yaml
new file mode 100644
index 0000000..04e44f0
--- /dev/null
+++ b/group_vars/tickets.yaml
@@ -0,0 +1,28 @@
+---
+
+root_access:
+  - ak
+  - foobar
+  - polyfloyd
+
+acme_domains:
+ - tickets.bitlair.nl
+
+nginx_sites:
+  - server_name: "tickets.bitlair.nl"
+    config:
+      - |-
+        location / {
+          proxy_pass http://127.0.0.1:3000/;
+          proxy_http_version 1.1;
+          proxy_set_header Connection "upgrade";
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_set_header X-Forwarded-Proto $scheme;
+
+          # by default nginx times out connections in one minute
+          proxy_read_timeout 1d;
+        }
+
+group_nft_input:
+  - "tcp dport { http, https } accept # Allow web-traffic from world"
diff --git a/inventory b/inventory
index eca431d..0fd8fac 100644
--- a/inventory
+++ b/inventory
@@ -53,6 +53,9 @@ chat.bitlair.nl
 [ldap]
 ldap-new.bitlair.nl
 
+[tickets]
+tickets.bitlair.nl
+
 [debian:children]
 bank
 fotos