diff --git a/group_vars/all b/group_vars/all
index ba9342f..62bddc4 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -2,6 +2,11 @@
 
 certmgr_mode: webserver
 
+gogs_domain: git.binary-kitchen.de
+gogs_dbname: gogs
+gogs_dbuser: gogs
+gogs_dbpass: UbRoiq4fuRL3MvxghPww
+
 ldap_ca: /etc/ldap/ssl/BKCA.crt
 ldap_uri: ldaps://ldap.binary.kitchen/
 ldap_host: ldap.binary.kitchen
diff --git a/roles/gogs/handlers/main.yml b/roles/gogs/handlers/main.yml
new file mode 100644
index 0000000..44975c4
--- /dev/null
+++ b/roles/gogs/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: Restart nginx
+  service: name=nginx state=restarted
diff --git a/roles/gogs/meta/main.yml b/roles/gogs/meta/main.yml
new file mode 100644
index 0000000..923f9d1
--- /dev/null
+++ b/roles/gogs/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+- { role: certmgr }
+- { role: nginx }
diff --git a/roles/gogs/tasks/main.yml b/roles/gogs/tasks/main.yml
new file mode 100644
index 0000000..63469cd
--- /dev/null
+++ b/roles/gogs/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+
+- name: Enable https for apt
+  apt: name=apt-transport-https state=present
+
+- name: Enable gogs apt-key
+  apt_key: url='https://deb.packager.io/key'
+
+- name: Enable gogs repository
+  apt_repository: repo='deb https://deb.packager.io/gh/pkgr/gogs jessie pkgr'
+
+- name: Install gogs
+  apt: name=gogs state=latest
+
+- name: Install PostgreSQL
+  apt: name={{ item }} state=present
+  with_items:
+  - postgresql
+  - python-psycopg2
+
+- name: Configure PostgreSQL database
+  postgresql_db: name={{ gogs_dbname }}
+  become: true
+  become_user: postgres
+
+- name: Configure PostgreSQL user
+  postgresql_user: db={{ gogs_dbname }} name={{ gogs_dbuser }} password={{ gogs_dbpass }} priv=ALL state=present
+  become: true
+  become_user: postgres
+
+- name: Ensure certificates are available
+  command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ gogs_domain }}.key -out /etc/nginx/ssl/{{ gogs_domain }}.crt -days 730 -subj "/CN={{ gogs_domain }}" creates=/etc/nginx/ssl/{{ gogs_domain }}.crt
+  notify: Restart nginx
+
+- name: Configure certificate manager for gogs
+  template: src=certs.j2 dest=/etc/acme/domains.d/{{ gogs_domain }}.conf
+
+- name: Configure vhost
+  template: src=vhost.j2 dest=/etc/nginx/sites-available/gogs
+  notify: Restart nginx
+
+- name: Enable vhost
+  file: src=/etc/nginx/sites-available/gogs dest=/etc/nginx/sites-enabled/gogs state=link
+  notify: Restart nginx
diff --git a/roles/gogs/templates/certs.j2 b/roles/gogs/templates/certs.j2
new file mode 100644
index 0000000..b130a68
--- /dev/null
+++ b/roles/gogs/templates/certs.j2
@@ -0,0 +1,15 @@
+---
+
+{{ gogs_domain }}:
+- path: /etc/nginx/ssl/{{ gogs_domain }}.key
+  user: root
+  group: root
+  perm: '400'
+  format: key
+  action: 'service nginx restart'
+- path: /etc/nginx/ssl/{{ gogs_domain }}.crt
+  user: root
+  group: root
+  perm: '400'
+  format: crt,ca
+  action: 'service nginx restart'
diff --git a/roles/gogs/templates/vhost.j2 b/roles/gogs/templates/vhost.j2
new file mode 100644
index 0000000..ba1189d
--- /dev/null
+++ b/roles/gogs/templates/vhost.j2
@@ -0,0 +1,32 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name {{ gogs_domain }};
+
+	location /.well-known/acme-challenge {
+		default_type "text/plain";
+		alias /var/www/acme-challenge;
+	}
+
+	location / {
+		return 301 https://{{ gogs_domain }}$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name {{ gogs_domain }};
+
+	ssl_certificate_key /etc/nginx/ssl/{{ gogs_domain }}.key;
+	ssl_certificate /etc/nginx/ssl/{{ gogs_domain }}.crt;
+
+
+	location / {
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_pass http://localhost:3000;
+	}
+
+}
diff --git a/roles/mail/meta/main.yml b/roles/mail/meta/main.yml
index 14070af..923f9d1 100644
--- a/roles/mail/meta/main.yml
+++ b/roles/mail/meta/main.yml
@@ -1,5 +1,5 @@
 ---
 
 dependencies:
-- { role: nginx }
 - { role: certmgr }
+- { role: nginx }
diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml
index 04ef8c1..15b8bc4 100644
--- a/roles/owncloud/tasks/main.yml
+++ b/roles/owncloud/tasks/main.yml
@@ -40,7 +40,7 @@
   copy: src=www.conf dest=/etc/php5/fpm/pool.d/www.conf
   notify: Restart php5-fpm
 
-- name: Enable vhosts
+- name: Enable vhost
   file: src=/etc/nginx/sites-available/owncloud dest=/etc/nginx/sites-enabled/owncloud state=link
   notify: Restart nginx