diff --git a/host_vars/srv02.yml b/host_vars/srv02.yml
index 56d017d2c82db5068b812f4be3e9594971f24ba4..bcd1665d72cad6bf62151a7956d19c6435892f06 100644
--- a/host_vars/srv02.yml
+++ b/host_vars/srv02.yml
@@ -8,3 +8,4 @@ nginx:
     - hopglass-map
     - luebeck.freifunk.net
     - wiki
+    - ffdyndns
diff --git a/roles/services/files/ffdyndns/ffdyndns.toml b/roles/services/files/ffdyndns/ffdyndns.toml
new file mode 100644
index 0000000000000000000000000000000000000000..c849d928734fd6fb975984b780bdbf33ac9c5c18
--- /dev/null
+++ b/roles/services/files/ffdyndns/ffdyndns.toml
@@ -0,0 +1,14 @@
+name = "FFdynDNS"
+description = "DynDNS Service"
+server_web_url = "ffdyn.net"
+database = "./db.rocks"
+dns_server = "10.130.0.104"
+bind_address = "0.0.0.0"
+bind_port = 8053
+
+
+[[domain]]
+name = "ffdyn.net."
+description = "Freifunk  Premium Domain"
+allowed_ips = ["0.0.0.0/0", "::/0"]
+validity = 1
diff --git a/roles/services/files/nginx/sites-available/ffdyndns b/roles/services/files/nginx/sites-available/ffdyndns
new file mode 100644
index 0000000000000000000000000000000000000000..a86bb43f42892dc20f40a4ebad7e1535b50f82f5
--- /dev/null
+++ b/roles/services/files/nginx/sites-available/ffdyndns
@@ -0,0 +1,24 @@
+server {
+	listen 80;
+	listen [::]:80;
+
+	#listen localhost:443 ssl http2;
+	#listen [::]:443 ssl http2;
+
+	server_name ffdyn.net;
+
+	include snippets/acme.conf;
+	include snippets/tls.conf;
+
+	#ssl_certificate /var/lib/acme/live/luebeck.freifunk.net/fullchain;
+	#ssl_certificate_key /var/lib/acme/live/luebeck.freifunk.net/privkey;
+
+	#if ($ssl_protocol = "") {
+	#	return 301 https://$host$request_uri;
+	#}
+
+	location / {
+		proxy_pass http://127.0.0.1:8053;
+		include snippets/proxy-params.conf;
+	}
+}
diff --git a/roles/services/files/nginx/snippets/proxy-params.conf b/roles/services/files/nginx/snippets/proxy-params.conf
new file mode 100644
index 0000000000000000000000000000000000000000..df75bc5d74fa18c1fb818e9ad497e4154a2f84a7
--- /dev/null
+++ b/roles/services/files/nginx/snippets/proxy-params.conf
@@ -0,0 +1,4 @@
+proxy_set_header Host $http_host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/roles/services/tasks/base.yml b/roles/services/tasks/base.yml
index 8a2fd7569818e5a842606d51acd03d6f799b4fc4..009de02ed4d68d6c6cf5214545175dd4cfdfd709 100644
--- a/roles/services/tasks/base.yml
+++ b/roles/services/tasks/base.yml
@@ -38,8 +38,3 @@
   copy:
     src: etc/
     dest: /etc
-
-
-- name: install base tools
-  include: software.yml
-  tags: [base, apt, software]
diff --git a/roles/services/tasks/ffdyndns.yml b/roles/services/tasks/ffdyndns.yml
new file mode 100644
index 0000000000000000000000000000000000000000..97c0b8dffbfac61fe9d3d6517f4510a353da38b9
--- /dev/null
+++ b/roles/services/tasks/ffdyndns.yml
@@ -0,0 +1,26 @@
+---
+
+- name: copy configs
+  copy:
+    src: ffdyndns/ffdyndns.toml
+    dest: /etc/
+
+
+
+# install ffdyndns
+- name: install ffdyndns
+  block:
+  - name: download ffdyndns
+    get_url:
+      url: https://freifunk-luebeck.pages.chaotikum.org/ffdyndns/ffdyndns.deb
+      dest: /tmp/ffdyndns.deb
+
+  - name: install ffdyndns
+    command: dpkg -i --force-confold /tmp/ffdyndns.deb
+
+  - name: enable ffdyndns
+    systemd:
+      daemon_reload: yes
+      state: restarted
+      enabled: yes
+      name: ffdyndns
diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
index cd2ed302b8288fb84c8c721777b2d03ed2e1f0b1..06164eb8b06ea1a5b3c416520955980a2176a2a6 100644
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@@ -1,11 +1,8 @@
 ---
 - name: base config
   tags: [base]
-  include_tasks:
+  import_tasks:
     file: base.yml
-    apply:
-      tags: [base]
-
 
 - name: install packages
   include: software.yml
@@ -18,3 +15,8 @@
 - name: setup nginx
   include: nginx.yml
   tags: [nginx]
+
+- name: ffdyndns
+  tags: [ffdyndns]
+  import_tasks:
+    file: ffdyndns.yml