diff --git a/ansible/roles/test/tasks/main.yml b/ansible/roles/test/tasks/main.yml
new file mode 100644
index 0000000..2126a1e
--- /dev/null
+++ b/ansible/roles/test/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: copy over test compose file
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0777
+  with_items:
+    - {src: 'test-compose.yml', dest: '/home/josiah/apps/traefik/docker-compose.yml'}
+    - {src: 'traefik.toml', dest: '/home/josiah/apps/traefik/traefik.toml'}    
+
+- name: Deploy awful stack
+  docker_stack:
+    state: present
+    name: test
+    compose:
+      - /home/josiah/apps/awful/docker-compose.yml
diff --git a/ansible/roles/test/templates/test-compose.yml b/ansible/roles/test/templates/test-compose.yml
new file mode 100644
index 0000000..fadde7a
--- /dev/null
+++ b/ansible/roles/test/templates/test-compose.yml
@@ -0,0 +1,46 @@
+version: '3'
+
+networks:
+  gitea:
+    external: false
+  pubnet:
+
+volumes:
+  traefik_acme:
+  traefik_logs:    
+    
+services:
+  traefik:
+    image: traefik:v2.2
+    networks:
+      - pubnet    
+    command: --web --docker --docker.swarmmode --docker.watch --logLevel=DEBUG
+    ports:
+      - 80:80
+      - 443:443
+      - 5000:5000
+    volumes:
+      - traefik_acme:/acme/
+      - traefik_logs:/var/log/access.log
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /home/josiah/apps/traefik/traefik.toml:/traefik.toml
+    deploy:
+      mode: global      
+      placement:
+        constraints:
+          - node.role == manager
+    labels:
+      - "traefik.enable=true"    
+      - "traefik.http.routers.awfulAll-traefik-api.rule=Host(`awful-1.awful.club`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
+      - "traefik.http.routers.awfulAll-traefik-api.service=api@internal"
+      - "traefik.http.routers.awfulAll-traefik-api.entrypoints=http"
+
+  whoami:
+    image: containous/whoami:latest
+    networks:
+      - pubnet
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.awfulAll-whoami.rule=Host(`whoami.awful.club`)"
+      - "traefik.http.routers.awfulAll-whoami.service=awfulAll-whoami"
+      - "traefik.http.services.awfulAll-whoami.loadbalancer.server.port=80"      
diff --git a/ansible/roles/test/templates/traefik.toml b/ansible/roles/test/templates/traefik.toml
new file mode 100644
index 0000000..b23a013
--- /dev/null
+++ b/ansible/roles/test/templates/traefik.toml
@@ -0,0 +1,33 @@
+# defaultEntryPoints must be at the top
+# because it should not be in any table below
+
+defaultEntryPoints = ["http", "https"]
+
+[log]
+  level = "DEBUG"
+
+[api]
+  dashboard = true
+
+[entryPoints]
+  [entryPoints.http]
+    address = ":80"
+  [entryPoints.https]
+    address = ":443"
+
+[http.middlewares]
+  [http.middlewares.mediaserver-https-redir.redirectScheme]
+    scheme = "https"
+    permanent = true
+
+[certificatesResolvers.mediaserver-resolver.acme]
+  storage = "/acme.json"
+  email = "<me@jowj.net>"
+
+
+[providers.docker]
+
+[docker]
+  endpoint = "unix:///var/run/docker.sock"
+  watch = true
+  exposedbydefault = false
diff --git a/ansible/roles/test/vars/main.yml b/ansible/roles/test/vars/main.yml
new file mode 100644
index 0000000..ef86eef
--- /dev/null
+++ b/ansible/roles/test/vars/main.yml
@@ -0,0 +1 @@
+sys_packages: [ 'curl', 'vim', 'git', 'emacs', 'build-essential', 'mosh', 'python', 'python3-pip' ]