diff --git a/roles/kanboard/handlers/main.yml b/roles/kanboard/handlers/main.yml
new file mode 100644
index 0000000..ef9f342
--- /dev/null
+++ b/roles/kanboard/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart php-fpm
+  service:
+    name: 'php-fpm{{ php_version }}'
+    state: restarted
+  when: "'handler' not in ansible_skip_tags"
diff --git a/roles/kanboard/tasks/main.yml b/roles/kanboard/tasks/main.yml
new file mode 100644
index 0000000..b3f052d
--- /dev/null
+++ b/roles/kanboard/tasks/main.yml
@@ -0,0 +1,49 @@
+- name: Install packages
+  package:
+    name:
+      - tar # for unpacking the archive
+      - php-pdo_sqlite
+      - php-ctype
+      - php-dom
+      - php-gd
+      - php-json
+      - php-mbstring
+      - php-openssl
+      - php-session
+      - php-simplexml
+      - php-xml
+      - php-zip
+  notify: restart php-fpm
+
+- name: Create kanboard directory
+  file:
+    path: /srv/http/kanboard
+    state: directory
+    owner: nginx
+    group: nginx
+
+- name: Check if kanboard should be upgraded
+  lineinfile:
+    path: /srv/http/kanboard/app/constants.php
+    search_string: 'v{{ kanboard_version }}'
+    state: absent
+  check_mode: true
+  changed_when: false
+  register: is_current
+
+- name: Install or upgrade kanboard
+  when: 'is_current.found|default(0) == 0'
+  unarchive:
+    remote_src: true
+    src: 'https://github.com/kanboard/kanboard/archive/refs/tags/v{{ kanboard_version }}.tar.gz'
+    extra_opts:
+      - '--strip-components=1'
+    dest: /srv/http/kanboard
+    owner: nginx
+    group: nginx
+
+- name: Create nginx site
+  template:
+    dest: /etc/nginx/http.d/kanboard.conf
+    src: nginx.conf.j2
+  notify: reload nginx
diff --git a/roles/kanboard/templates/nginx.conf.j2 b/roles/kanboard/templates/nginx.conf.j2
new file mode 100644
index 0000000..7d7081e
--- /dev/null
+++ b/roles/kanboard/templates/nginx.conf.j2
@@ -0,0 +1,26 @@
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name {{ ([dns_name] + tls_domains|default([])) | join(" ") }};
+
+	http2 on;
+	ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
+
+	client_max_body_size 100M;
+
+	root /srv/http/kanboard;
+	index index.php;
+
+	location ~ ^/data/ { deny all; }
+
+	location ~ \.php$ {
+		try_files $uri $uri/ /doku.php;
+
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param REDIRECT_STATUS 200;
+		fastcgi_param HTTPS on;
+		fastcgi_pass unix:/run/php-fpm.socket;
+	}
+}
diff --git a/setup.yml b/setup.yml
index 50e9309..7fc7742 100644
--- a/setup.yml
+++ b/setup.yml
@@ -41,6 +41,13 @@
     - nginx-php
     - dokuwiki
 
+- hosts: kanboard
+  roles:
+    - alpine
+    - nginx
+    - nginx-php
+    - kanboard
+
 - hosts: netbox
   roles:
     - alpine