diff --git a/inventory.example.yml b/inventory.example.yml
index a8a4cf9..129c395 100644
--- a/inventory.example.yml
+++ b/inventory.example.yml
@@ -54,6 +54,9 @@ all:
     caddy:
       hosts:
         your_bastion_host:
+    haproxy:
+      hosts:
+        your_bastion_host:
     sshd:
       hosts:
         your_bastion_host:
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
new file mode 100644
index 0000000..3ba2c2d
--- /dev/null
+++ b/roles/haproxy/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+
+- name: Install haproxy package
+  community.general.pacman:
+    name:
+      - haproxy
+
+- name: Deploy haproxy config
+  template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+
+- name: Enable haproxy service
+  systemd:
+    name: haproxy
+    enabled: yes
+    state: started
diff --git a/roles/haproxy/templates/haproxy.j2 b/roles/haproxy/templates/haproxy.j2
new file mode 100644
index 0000000..8924a65
--- /dev/null
+++ b/roles/haproxy/templates/haproxy.j2
@@ -0,0 +1,22 @@
+defaults
+	log global
+	mode tcp
+	timeout connect 10s
+	timeout client 36h
+	timeout server 36h
+
+{% if groups["gitea"] | length > 0 %}
+
+listen gitea_ssh
+	bind *:2499
+	balance leastconn
+	mode tcp
+
+	option tcp-check
+	tcp-check expect rstring SSH-2.0-OpenSSH.*
+
+{% for host in groups["gitea"] %}
+	server {{ host }} {{ host_vars[host]["local_ip"] }}:2499
+{% endfor %}
+
+{% endif %}
diff --git a/run.yml b/run.yml
index f95ff68..d8792e2 100644
--- a/run.yml
+++ b/run.yml
@@ -69,6 +69,11 @@
         - caddy
       when: "caddy" in group_names
 
+    - role: haproxy
+      tags:
+        - haproxy
+      when: "haproxy" in group_names
+
     - role: dotfiles
       tags:
         - dotfiles