diff --git a/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2 b/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..9ce8c092c1a7bcd2969bd33df724b9346af2d18e
--- /dev/null
+++ b/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
@@ -0,0 +1,38 @@
+#-*-apache-*-
+
+WSGIScriptAlias /karaage /etc/karaage3/karaage.wsgi
+<IfVersion >= 2.4>
+    <Directory /etc/karaage3>
+        <Files karaage.wsgi>
+            Require all granted
+        </Files>
+    </Directory>
+</IfVersion>
+
+# support old URLs.
+Redirect permanent /kgadmin /karaage
+Redirect permanent /users /karaage
+
+Alias /kgstatic "/var/lib/karaage3/static"
+<Location "/kgstatic">
+    SetHandler None
+    <IfVersion >= 2.4>
+    Require all granted
+    </IfVersion>
+</Location>
+
+Alias /kgfiles "/var/cache/karaage3/files"
+<Location "/kgfiles">
+    SetHandler None
+    <IfVersion >= 2.4>
+    Require all granted
+    </IfVersion>
+</Location>
+
+<Location /karaage>
+AuthType Shibboleth
+ShibRequireSession On
+ShibUseHeaders On
+require valid-user
+</Location>
+
diff --git a/roles/karaage3.1.17/templates/main_cf.j2 b/roles/karaage3.1.17/templates/main_cf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..2823b289dc68bb169f0f6a2556a314876762bf61
--- /dev/null
+++ b/roles/karaage3.1.17/templates/main_cf.j2
@@ -0,0 +1,39 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = {{ ansible_fqdn }}
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin =  {{ ansible_fqdn }}
+mydestination = {{ ansible_fqdn }}, localhost.{{ ansible_domain }}, localhost
+relayhost =  {{ smtp_smarthost }}
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = loopback-only