diff --git a/pizza1/configs/haproxy/haproxy.cfg b/pizza1/configs/haproxy/haproxy.cfg
new file mode 100644
index 0000000..ab2710e
--- /dev/null
+++ b/pizza1/configs/haproxy/haproxy.cfg
@@ -0,0 +1,55 @@
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 3600000
+        timeout client  3600000
+        timeout server  3600000
+        timeout tunnel  3600000
+listen ssh
+	bind :::22 v4v6
+	balance roundrobin
+	mode tcp
+	option tcp-check
+	tcp-check expect rstring SSH-2.0-OpenSSH.*
+	server pubnix 10.7.0.2:22 check inter 10s fall 2 rise 1
+listen xrdp
+	bind :::3389 v4v6
+	balance roundrobin
+	mode tcp
+	option tcp-check
+	server pubnix 10.7.0.2:3389 check inter 10s fall 2 rise 1
+listen gemini
+	bind :::1965 v4v6
+	balance roundrobin
+	mode tcp
+	option tcp-check
+	server pubnix 10.7.0.2:1965 check inter 10s fall 2 rise 1
+listen soju
+	bind :::6697 v4v6
+	balance roundrobin
+	mode tcp
+	option tcp-check
+	server pubnix 10.7.0.2:6697 check inter 10s fall 2 rise 1
+listen iperf3
+	bind :::5202 v4v6
+	balance roundrobin
+	mode tcp
+	option tcp-check
+	server pubnix 10.7.0.2:5201 check inter 10s fall 2 rise 1
+listen nodexporter
+	bind :::9101 v4v6
+	balance roundrobin
+	mode tcp
+	option tcp-check
+	server pubnix 10.7.0.2:9100 check inter 10s fall 2 rise 1
diff --git a/pizza1/tor/torrc b/pizza1/configs/tor/torrc
similarity index 100%
rename from pizza1/tor/torrc
rename to pizza1/configs/tor/torrc
diff --git a/pizza1/playbook.yaml b/pizza1/playbook.yaml
index f6d8b3d..e1fef95 100644
--- a/pizza1/playbook.yaml
+++ b/pizza1/playbook.yaml
@@ -13,6 +13,7 @@
           - knot
           - knot-dnsutils
           - knot-module-geoip
+          - haproxy
     - name: Setup postfix configs
       ansible.builtin.copy:
         src: ./configs/postfix
@@ -34,3 +35,13 @@
         name: tor
         enabled: true
         state: restarted
+    - name: Setup haproxy configs
+      ansible.builtin.copy:
+        src: ./configs/haproxy/haproxy.cfg
+        target: /etc/haproxy/haproxy.cfg
+        mode: preserve
+    - name: Restart+Enable haproxy
+      ansible.builtin.service:
+        name: haproxy
+        enabled: true
+        state: restarted