diff --git a/roles/espe_frontend-and-nginx/defaults/main.json b/roles/espe_frontend-and-nginx/defaults/main.json
new file mode 100644
index 0000000..c445c77
--- /dev/null
+++ b/roles/espe_frontend-and-nginx/defaults/main.json
@@ -0,0 +1,4 @@
+{
+	"var_espe_frontend_end_nginx_domain": "zackeneule.example.org",
+	"var_espe_frontend_end_nginx_directory": "/opt/zackeneule"
+}
diff --git a/roles/espe_frontend-and-nginx/tasks/main.json b/roles/espe_frontend-and-nginx/tasks/main.json
new file mode 100644
index 0000000..74d17b8
--- /dev/null
+++ b/roles/espe_frontend-and-nginx/tasks/main.json
@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_espe_frontend_end_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_espe_frontend_end_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_espe_frontend_end_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
diff --git a/roles/espe_frontend-and-nginx/templates/conf.j2 b/roles/espe_frontend-and-nginx/templates/conf.j2
index 8d31a70..77d8c35 100644
--- a/roles/espe_frontend-and-nginx/templates/conf.j2
+++ b/roles/espe_frontend-and-nginx/templates/conf.j2
@@ -1,14 +1,14 @@
 server {
-	server_name {{domain}};
+	server_name {{var_espe_frontend_end_nginx_domain}};
 	
 	listen 80;
 	listen [::]:80;
 	listen [::]:443 ssl http2;
 	listen 443 ssl http2;
 	
-	ssl_certificate /etc/ssl/certs/{{domain}}.pem;
-	ssl_certificate_key /etc/ssl/private/{{domain}}.pem;
+	ssl_certificate /etc/ssl/certs/{{var_espe_frontend_end_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_espe_frontend_end_nginx_domain}}.pem;
 	include /etc/nginx/ssl-hardening.conf;
 	
-	root {{directory}};
+	root {{var_espe_frontend_end_nginx_directory}};
 }