diff --git a/group_vars/static.yml b/group_vars/static.yml
new file mode 100644
index 0000000..07d697b
--- /dev/null
+++ b/group_vars/static.yml
@@ -0,0 +1,4 @@
+---
+firewall_in:
+  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
diff --git a/host_vars/static02.home.foo.sh.yml b/host_vars/static02.home.foo.sh.yml
new file mode 100644
index 0000000..6d88b04
--- /dev/null
+++ b/host_vars/static02.home.foo.sh.yml
@@ -0,0 +1,6 @@
+---
+vmhost: vmhost02.home.foo.sh
+network_interfaces:
+  - device: eth0
+    vlan: 20
+    mac: "52:54:00:ac:dc:38"
diff --git a/hosts b/hosts
index 6ff9f36..417cde8 100644
--- a/hosts
+++ b/hosts
@@ -31,6 +31,9 @@ atl01.vultr.foo.sh
 proxy01.home.foo.sh
 proxy02.home.foo.sh
 
+[static]
+static02.home.foo.sh
+
 [vmhost]
 vmhost02.home.foo.sh
 
@@ -40,6 +43,7 @@ atl01.vultr.foo.sh
 [centos8:children]
 adm
 nas
+static
 vmhost
 
 [centos7:children]
diff --git a/playbooks/static.yml b/playbooks/static.yml
new file mode 100644
index 0000000..be524e8
--- /dev/null
+++ b/playbooks/static.yml
@@ -0,0 +1,21 @@
+---
+- import_playbook: "include/deploy-kvm-guest.yml myhosts=static"
+
+- name: configure instance
+  hosts: static
+  user: root
+  gather_facts: true
+
+  vars_files:
+    - "{{ ansible_private }}/vars.yml"
+
+  roles:
+    - base
+    - role: kerberos/keytab
+      principals:
+        - "host/{{ inventory_hostname }}@FOO.SH"
+        - "nfs/{{ inventory_hostname }}@FOO.SH"
+    - nfs-client
+    - ldap/nss
+    - autofs
+    - apache
diff --git a/site.yml b/site.yml
index cb74eee..6cdd302 100644
--- a/site.yml
+++ b/site.yml
@@ -4,4 +4,5 @@
 - import_playbook: playbooks/ldap.yml
 - import_playbook: playbooks/ns.yml
 - import_playbook: playbooks/proxy.yml
+- import_playbook: playbooks/sattic.yml
 - import_playbook: playbooks/vmhost.yml