diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml
index 39b97e7..9b4c688 100644
--- a/roles/dokuwiki/tasks/main.yml
+++ b/roles/dokuwiki/tasks/main.yml
@@ -1,9 +1,7 @@
-- name: Set up PHP
-  import_tasks: php.yml
-
 - name: Install packages
   package:
     name: php-openssl,php-session,php-xml
+  notify: restart php-fpm
 
 - name: Check if dokuwiki should be upgraded
   lineinfile:
diff --git a/roles/kanboard/handlers/main.yml b/roles/kanboard/handlers/main.yml
new file mode 100644
index 0000000..ef9f342
--- /dev/null
+++ b/roles/kanboard/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart php-fpm
+  service:
+    name: 'php-fpm{{ php_version }}'
+    state: restarted
+  when: "'handler' not in ansible_skip_tags"
diff --git a/roles/kanboard/tasks/main.yml b/roles/kanboard/tasks/main.yml
new file mode 100644
index 0000000..b3f052d
--- /dev/null
+++ b/roles/kanboard/tasks/main.yml
@@ -0,0 +1,49 @@
+- name: Install packages
+  package:
+    name:
+      - tar # for unpacking the archive
+      - php-pdo_sqlite
+      - php-ctype
+      - php-dom
+      - php-gd
+      - php-json
+      - php-mbstring
+      - php-openssl
+      - php-session
+      - php-simplexml
+      - php-xml
+      - php-zip
+  notify: restart php-fpm
+
+- name: Create kanboard directory
+  file:
+    path: /srv/http/kanboard
+    state: directory
+    owner: nginx
+    group: nginx
+
+- name: Check if kanboard should be upgraded
+  lineinfile:
+    path: /srv/http/kanboard/app/constants.php
+    search_string: 'v{{ kanboard_version }}'
+    state: absent
+  check_mode: true
+  changed_when: false
+  register: is_current
+
+- name: Install or upgrade kanboard
+  when: 'is_current.found|default(0) == 0'
+  unarchive:
+    remote_src: true
+    src: 'https://github.com/kanboard/kanboard/archive/refs/tags/v{{ kanboard_version }}.tar.gz'
+    extra_opts:
+      - '--strip-components=1'
+    dest: /srv/http/kanboard
+    owner: nginx
+    group: nginx
+
+- name: Create nginx site
+  template:
+    dest: /etc/nginx/http.d/kanboard.conf
+    src: nginx.conf.j2
+  notify: reload nginx
diff --git a/roles/kanboard/templates/nginx.conf.j2 b/roles/kanboard/templates/nginx.conf.j2
new file mode 100644
index 0000000..7d7081e
--- /dev/null
+++ b/roles/kanboard/templates/nginx.conf.j2
@@ -0,0 +1,26 @@
+server {
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	server_name {{ ([dns_name] + tls_domains|default([])) | join(" ") }};
+
+	http2 on;
+	ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
+
+	client_max_body_size 100M;
+
+	root /srv/http/kanboard;
+	index index.php;
+
+	location ~ ^/data/ { deny all; }
+
+	location ~ \.php$ {
+		try_files $uri $uri/ /doku.php;
+
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param REDIRECT_STATUS 200;
+		fastcgi_param HTTPS on;
+		fastcgi_pass unix:/run/php-fpm.socket;
+	}
+}
diff --git a/roles/nginx-php/handlers/main.yml b/roles/nginx-php/handlers/main.yml
new file mode 100644
index 0000000..ef9f342
--- /dev/null
+++ b/roles/nginx-php/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart php-fpm
+  service:
+    name: 'php-fpm{{ php_version }}'
+    state: restarted
+  when: "'handler' not in ansible_skip_tags"
diff --git a/roles/dokuwiki/tasks/php.yml b/roles/nginx-php/tasks/main.yml
similarity index 100%
rename from roles/dokuwiki/tasks/php.yml
rename to roles/nginx-php/tasks/main.yml
diff --git a/setup.yml b/setup.yml
index 7647ef3..7fc7742 100644
--- a/setup.yml
+++ b/setup.yml
@@ -38,8 +38,16 @@
   roles:
     - alpine
     - nginx
+    - nginx-php
     - dokuwiki
 
+- hosts: kanboard
+  roles:
+    - alpine
+    - nginx
+    - nginx-php
+    - kanboard
+
 - hosts: netbox
   roles:
     - alpine