diff --git a/README.md b/README.md
index f5d7971..dede610 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,23 @@
 # Ansible scripts for our private Intel NUC servers
+
+## TODO
+
+### nsd
+
+https://github.com/The-Kube-Way/nsd
+Maybe put zone files in a data directory.
+KSK in ansible vault.
+Then in ansible role:
+- Generate ZSK if needed
+- Sign role if needed
+- ZSK key roll over
+
+### reverse proxy + certbot
+
+nginx? HA-proxy? Traefik?
+Enable reverse proxy rules if service is enabled.
+Should probably start creating a seperate cert for each subdomain.
+
+### Git server
+
+GitLab? Gitea?
diff --git a/playbooks/radicale.yml b/playbooks/radicale.yml
new file mode 100644
index 0000000..161b446
--- /dev/null
+++ b/playbooks/radicale.yml
@@ -0,0 +1,4 @@
+- name: Install Radicale
+  hosts: nucs
+  roles:
+    - radicale
diff --git a/roles/radicale/files/docker-compose.yml b/roles/radicale/files/docker-compose.yml
new file mode 100644
index 0000000..f3f01d4
--- /dev/null
+++ b/roles/radicale/files/docker-compose.yml
@@ -0,0 +1,11 @@
+version: '3'
+services:
+  radicale:
+    restart: always
+    image: mailu/radicale:1.9
+    ports:
+      - '0.0.0.0:5232:5232'
+    volumes:
+      - /data/radicale:/var/lib/radicale
+      - /apps/radicale/config:/radicale
+    command: radicale -S -C /radicale/radicale.conf
diff --git a/roles/radicale/files/radicale.conf b/roles/radicale/files/radicale.conf
new file mode 100644
index 0000000..360d314
--- /dev/null
+++ b/roles/radicale/files/radicale.conf
@@ -0,0 +1,24 @@
+[server]
+hosts = 0.0.0.0:5232, [::]:5232
+ssl = False
+
+[encoding]
+request = utf-8
+stock = utf-8
+
+[auth]
+realm = Radicale - Password Required
+type = htpasswd
+htpasswd_filename = /radicale/users
+htpasswd_encryption = md5
+
+[rights]
+type = owner_only
+
+[storage]
+type = multifilesystem
+filesystem_folder = /data
+
+[logging]
+
+[headers]
diff --git a/roles/radicale/files/users b/roles/radicale/files/users
new file mode 100644
index 0000000..edbdb46
--- /dev/null
+++ b/roles/radicale/files/users
@@ -0,0 +1 @@
+pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.
diff --git a/roles/radicale/tasks/main.yml b/roles/radicale/tasks/main.yml
new file mode 100644
index 0000000..a66223b
--- /dev/null
+++ b/roles/radicale/tasks/main.yml
@@ -0,0 +1,29 @@
+- name: Create Radicale app directory
+  file:
+    path: /apps/radicale
+    state: directory
+- name: Copy docker-compose.yml file
+  copy:
+    src: "{{ role_path }}/files/docker-compose.yml"
+    dest: /apps/radicale/docker-compose.yml
+- name: Create Radicale config directory
+  file:
+    path: /apps/radicale/config
+    state: directory
+- name: Copy radicale.conf
+  copy:
+    src: "{{ role_path }}/files/radicale.conf"
+    dest: /apps/radicale/config/radicale.conf
+- name: Copy users file
+  copy:
+    src: "{{ role_path }}/files/users"
+    dest: /apps/radicale/config/users
+- name: Create Radicale data directory
+  file:
+    path: /data/radicale
+    state: directory
+- name: Start Docker Compose
+  docker_compose:
+    project_src: /apps/radicale
+    pull: true
+    remove_orphans: true