diff --git a/playbooks/setup-alpha-host.yml b/playbooks/alpha/init.yml
similarity index 100%
rename from playbooks/setup-alpha-host.yml
rename to playbooks/alpha/init.yml
diff --git a/playbooks/athens-common/ufw.yml b/playbooks/athens-common/ufw.yml
new file mode 100644
index 0000000..c7d400b
--- /dev/null
+++ b/playbooks/athens-common/ufw.yml
@@ -0,0 +1,43 @@
+# This play book sets up a mirrored setup for both web service hosts
+# such that they accept web traffic in and out from anywhere
+# but only accept ssh connections from the internal network
+---
+- hosts: alpha,beta
+  remote_user: ubuntu
+  # UFW is only accessible to root so sudo is required for each task
+  become: yes
+  become_method: sudo
+  tasks:
+    - name: Install UFW in case it's not here
+      apt:
+        name: ufw
+        update_cache: yes
+    - name: Allow SSH connections from internal network
+      ufw:
+        rule: allow
+        port: ssh
+        direction: incoming
+        src: 10.0.0.128/26
+
+    - name: Rate limit SSH connections
+      ufw:
+        rule: limit
+        direction: incoming
+        port: ssh
+        proto: tcp
+
+    - name: Allow Plain-HTTP traffic from anywhere
+      ufw:
+        rule: allow
+        port: 80
+        proto: tcp
+
+    - name: Allow HTTPS traffic from anywhere
+      ufw:
+        rule: allow
+        port: 443
+        proto: tcp
+
+
+
+
diff --git a/playbooks/beta/init.yml b/playbooks/beta/init.yml
new file mode 100644
index 0000000..3421035
--- /dev/null
+++ b/playbooks/beta/init.yml
@@ -0,0 +1,12 @@
+---
+- hosts: beta
+  remote_user: ubuntu
+  tasks:
+    - name: Install Nginx
+      become: yes
+      become_method: sudo
+      apt:
+        name: nginx
+        update_cache: yes
+        state: present
+