diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 4b20f64..2660182 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -112,6 +112,15 @@ gitea_internal_token: !vault |
           62633234313261363537663061373931303832653531356566633739636264666635653936313965
           623964653936646334313864643030653763
 
+# For Nagios
+secret_nagios_admin_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64333231393831303031616363363030613464653161313531316465346263313063626638363437
+          3965303861646232393663633066363039636637343161340a643162633133336335313632383861
+          34616338636630633539353335336631313361656633333539323130626132356263653436343363
+          3930323538613137370a373861376566376631356564623665313662636562626234643862343863
+          61326232633266633262613931303631396163326266386363366639366639613938
+
 # For Netbox
 secret_netbox_user_pass: !vault |
           $ANSIBLE_VAULT;1.1;AES256
diff --git a/playbooks/tasks/web/nagios.yml b/playbooks/tasks/web/nagios.yml
new file mode 100644
index 0000000..77b8d1e
--- /dev/null
+++ b/playbooks/tasks/web/nagios.yml
@@ -0,0 +1,35 @@
+# vim:ft=ansible:
+- name: assure data directory for nagios
+  file: path=/data/nagios state=directory mode=0755
+  tags: [ nagios ]
+- name: assure ssmtp.conf file for nagios
+  file: path=/data/nagios/ssmtp.conf state=file mode=0640
+  tags: [ nagios ]
+- name: template out hosts for nagios
+  template:
+    src: |
+      {% for host in query('netbox.netbox.nb_lookup', 'devices', api_endpoint='https://netbox.desu.ltd', token=secret_netbox_api_token)%}
+      {{ host }}
+      {% endfor %}
+    dest: /data/nagios/etc/objects/ansible-hosts.cfg
+    owner: root
+    group: root
+    mode: 0644
+  tags: [ nagios, template ]
+- name: docker deploy nagios
+  docker_container:
+    name: nagios
+    image: manios/nagios
+    env:
+      NAGIOSADMIN_USER: admin
+      NAGIOSADMIN_PASS: "{{ secret_nagios_admin_pass }}"
+      TZ: "America/Chicago"
+    networks:
+      - name: web
+        aliases: [ "nagios" ]
+    volumes:
+      - /data/nagios/etc:/opt/nagios/etc
+      - /data/nagios/var:/opt/nagios/var
+      - /data/nagios/plugins:/opt/Custom-Nagios-Plugins
+      - /data/nagios/ssmtp.conf:/etc/ssmtp/ssmtp.conf
+  tags: [ docker, nagios ]
diff --git a/playbooks/web.yml b/playbooks/web.yml
index 11a4cb1..8e3c9ab 100755
--- a/playbooks/web.yml
+++ b/playbooks/web.yml
@@ -153,6 +153,19 @@
               proxy_pass http://netbox:8080;
             }
           }
+          server {
+            listen 443 ssl;
+            server_name nagios.desu.ltd;
+            ssl_certificate /etc/letsencrypt/live/netbox.desu.ltd/fullchain.pem;
+            ssl_certificate_key /etc/letsencrypt/live/netbox.desu.ltd/privkey.pem;
+            ssl_trusted_certificate /etc/letsencrypt/live/netbox.desu.ltd/chain.pem;
+            ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+            location / {
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_pass http://nagios:80;
+            }
+          }
       tags: [ docker, ingress ]
     - name: include tasks for apps
       include_tasks: tasks/app/{{ task }}
@@ -165,6 +178,8 @@
       include_tasks: tasks/web/{{ task }}
       with_items:
         - netbox.yml
+        - nagios.yml
+        - ingress-generic.yml
       loop_control:
         loop_var: task
       tags: [ always ]