diff --git a/deploy.yml b/deploy.yml
index f2c882c..06ea4b7 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -8,6 +8,13 @@
     - name: mount rw
       command: /usr/local/bin/rw
 
+- name: set-up eudev
+  hosts: suricata
+  become: true
+  roles:
+    - eudev
+  tags: eudev
+
 - name: basic roles
   hosts:
     - caladan
@@ -157,6 +164,14 @@
   roles:
     - wireguard
 
+- name: set up NUT
+  hosts:
+    - suricata
+  become: true
+  roles:
+    - nut
+  tags: nut
+
 - name: setup gopass
   become: true
   hosts:
diff --git a/hosts.yml b/hosts.yml
index a2835eb..efb9ed6 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -172,6 +172,38 @@ all:
         - "hdmi_group=2"
         - "hdmi_mode=4"
 
+      nut_device:
+        name: nutdev1
+        config:
+          driver: "usbhid-ups"
+          port: "auto"
+          vendorid: "0764"
+          productid: "0601"
+          product: "OR1500ERM1U"
+          serial: "GBULZ2000030"
+          vendor: "CPS"
+          bus: "001"
+
+      nut_mode: netserver
+      nut_admin_password: !vault |
+                $ANSIBLE_VAULT;1.1;AES256
+                396261663339336265643530373931633034326338386337363539663634663
+                438626465393132386134383935623061666134646130353138333561326665
+                330a62346364313562303633643663303430376664356461666166373232316
+                465653633323235653833303463366330376136356234633339396532643938
+                3634300a6165363061623264306339303366313365316636383631366262336
+                564313139303133343633353034613661633639633563356466363865643533
+                3937323163
+      nut_upsmon_password: !vault |
+                $ANSIBLE_VAULT;1.1;AES256
+                313636333565356536333862386361393439666563353938343934623532366
+                433363738623862623035663138643532346330346339376437353563633365
+                320a33356464656230316565376339333331373832643631366562666331333
+                137386235666437663766313833616135303339643539353931313966623638
+                3962360a3131383461393435633363366437663535306430343631313935343
+                465343465343038383961306132653066643933646237313234326435663834
+                3865663534
+
     caladan:
       ansible_host: caladan
       ansible_user: ansible
diff --git a/roles/nut/.DS_Store b/roles/nut/.DS_Store
new file mode 100644
index 0000000..6c13055
Binary files /dev/null and b/roles/nut/.DS_Store differ
diff --git a/roles/nut/tasks/main.yml b/roles/nut/tasks/main.yml
new file mode 100644
index 0000000..1db9a7f
--- /dev/null
+++ b/roles/nut/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+
+- name: install NUT for alpine
+  apk:
+    name:
+      - nut
+  when: ansible_distribution == "Alpine"
+
+- name: set NUT mode
+  lineinfile:
+    path: /etc/nut/nut.conf
+    regexp: '^MODE='
+    line: "MODE={{ nut_mode }}"
+
+- name: set up /etc/nut/upsmon.conf
+  blockinfile:
+    path: /etc/nut/upsmon.conf
+    block: |
+      MONITOR {{ nut_device.name }} 1 {{ nut_upsmon_password }} {{ nut_types[nut_mode] }}
+
+- name: set up upsd
+  include_tasks: upsd.yml
+  when: nut_mode in ["standalone", "netserver"]
+
+- name: set up upsmon
+  include_tasks: upsmon.yml
diff --git a/roles/nut/tasks/upsd.yml b/roles/nut/tasks/upsd.yml
new file mode 100644
index 0000000..ddfdc8b
--- /dev/null
+++ b/roles/nut/tasks/upsd.yml
@@ -0,0 +1,30 @@
+---
+
+- name: add UPS device(s) config to /etc/nut/ups.conf
+  blockinfile:
+    path: /etc/nut/ups.conf
+    block: |
+      [{{ nut_device.name }}]
+      {% for key, value in nut_device.config.items() %}  {{ key }} = "{{ value }}"
+      {% endfor %}
+
+- name: set up NUT user(s) to /etc/nut/upsd.users
+  blockinfile:
+    path: /etc/nut/upsd.users
+    block: |
+      [admin]
+        password = "{{ nut_admin_password }}"
+        actions = SET
+        instcmds = ALL
+
+      [upsmon]
+        password = "{{ nut_upsmon_password }}"
+        upsmon {{ nut_types[nut_mode] }}
+
+- name: start and enable nut-upsd
+  service:
+    name: nut-upsd
+    runlevel: default
+    state: started
+    enabled: true
+  when: ansible_distribution == "Alpine"
diff --git a/roles/nut/tasks/upsmon.yml b/roles/nut/tasks/upsmon.yml
new file mode 100644
index 0000000..53d8057
--- /dev/null
+++ b/roles/nut/tasks/upsmon.yml
@@ -0,0 +1,15 @@
+---
+
+- name: set up /etc/nut/upsmon.conf
+  blockinfile:
+    path: /etc/nut/upsmon.conf
+    block: |
+      MONITOR {{ nut_device.name }} 1 upsmon {{ nut_upsmon_password }} {{ nut_types[nut_mode] }}
+
+- name: start and enable nut-upsmon
+  service:
+    name: nut-upsmon
+    runlevel: default
+    state: started
+    enabled: true
+  when: ansible_distribution == "Alpine"
diff --git a/roles/nut/vars/main.yml b/roles/nut/vars/main.yml
new file mode 100644
index 0000000..3a82dca
--- /dev/null
+++ b/roles/nut/vars/main.yml
@@ -0,0 +1,4 @@
+nut_types:
+  standalone: primary
+  netserver: primary
+  clientserver: secondary