diff --git a/.ansible-lint b/.ansible-lint
index 331594e..0801758 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -3,5 +3,6 @@ profile: production
 strict: true
 exclude_paths:
   - "**/*docker-compose.yaml"
+  - "**/*docker-compose.yml"
   - .github/
   - .pre-commit-config.yaml
diff --git a/.gitignore b/.gitignore
index 1e9e734..2050077 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 vault.pass
 .idea
+.cache_ggshield
diff --git a/playbooks/apps/all.yaml b/playbooks/apps/all.yaml
index a33b81f..8f5ba48 100644
--- a/playbooks/apps/all.yaml
+++ b/playbooks/apps/all.yaml
@@ -1,6 +1,7 @@
 ---
 - import_playbook: bin.yaml # noqa: name[play]
 - import_playbook: caddy.yaml # noqa: name[play]
+- import_playbook: charasheet.yaml # noqa: name[play]
 - import_playbook: ghost-update.yaml # noqa: name[play]
 - import_playbook: gitea.yaml # noqa: name[play]
 - import_playbook: goatcounter.yaml # noqa: name[play]
diff --git a/playbooks/apps/charasheet.yaml b/playbooks/apps/charasheet.yaml
new file mode 100644
index 0000000..94f71f3
--- /dev/null
+++ b/playbooks/apps/charasheet.yaml
@@ -0,0 +1,61 @@
+---
+- name: Charasheet
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Create dir
+      ansible.builtin.file:
+        path: "{{ dir }}"
+        state: directory
+        mode: "0775"
+    - name: Write files
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: "{{ dir }}/"
+        mode: preserve
+      with_fileglob:
+        - files/{{ app_name }}/*
+      notify:
+        - Restart service
+    - name: Write templates
+      ansible.builtin.template:
+        src: "{{ item }}"
+        dest: "{{ dir }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
+        mode: preserve
+      with_fileglob:
+        - templates/{{ app_name }}/*.j2
+        - templates/{{ app_name }}/.*.j2
+      notify:
+        - Restart service
+    - name: Ensure service is started
+      community.docker.docker_compose_v2:
+        project_src: "{{ dir }}"
+        state: present
+
+  handlers:
+    - name: Restart service
+      community.docker.docker_compose_v2:
+        project_src: "{{ dir }}"
+        state: restarted
+
+  vars:
+    app_name: charasheet
+    dir: /mnt/data/{{ app_name }}
+    secret_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      35666131616231643064336266303061326534356131666364633932373330663637343836353837
+      3438356431373434613435613165313631333133396133360a363335326135613537633132306530
+      33623239356433393361393737386461626230613561326632623736303038303130396530353538
+      3561613065623130620a306631393062613161333335366261386534623539646361663736306432
+      30636239663263623938383137363034633061343163393665363932376662663063336634316261
+      63363166656462343763343263373535353763303939316430613335653033303036313864616234
+      313763346663393432323132386536326636
+    mailgun_api_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      38613137366132646234316137646431373839343530316536326230643035643635643431663064
+      6531316662373736656230336361353261633862323939310a353637366466643334333436373464
+      34616564303465396333326333393462343339643636653231623536613431623135373836626261
+      6632633330383265350a316632303961643363393332636635313333643561653031313038396535
+      37666334346634306263613063383061393264366163633939373165616461383831383364353364
+      33383366326138373862323166653531363233643861363132336363306137363737356633643235
+      393863373065633639656232373732383632
diff --git a/playbooks/apps/files/charasheet/docker-compose.yml b/playbooks/apps/files/charasheet/docker-compose.yml
new file mode 100644
index 0000000..eea21e8
--- /dev/null
+++ b/playbooks/apps/files/charasheet/docker-compose.yml
@@ -0,0 +1,15 @@
+services:
+  django:
+    image: crocmagnon/charasheet:latest
+    env_file:
+      - .env
+    volumes:
+      - ./db:/app/db
+      - ./data:/app/data
+    ports:
+      - "8001:8000"
+    user: 1000:1000
+    restart: always
+    init: true
+    tty: true
+    mem_limit: 512m
diff --git a/playbooks/apps/files/charasheet/update b/playbooks/apps/files/charasheet/update
new file mode 100755
index 0000000..9731e1e
--- /dev/null
+++ b/playbooks/apps/files/charasheet/update
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -euxo pipefail
+pushd /mnt/data/charasheet
+docker compose --ansi never pull --quiet
+docker compose --ansi never up -d
+docker compose exec django python manage.py migrate
+popd
+docker image prune -f
diff --git a/playbooks/apps/templates/charasheet/.env.j2 b/playbooks/apps/templates/charasheet/.env.j2
new file mode 100644
index 0000000..9ec3fcc
--- /dev/null
+++ b/playbooks/apps/templates/charasheet/.env.j2
@@ -0,0 +1,7 @@
+SECRET_KEY='{{ secret_key }}'
+DEBUG=false
+ALLOWED_HOSTS=charasheet.augendre.info,localhost
+MAILGUN_API_KEY={{ mailgun_api_key }}
+MAILGUN_SENDER_DOMAIN=mg.augendre.info
+REGISTRATION_OPEN=true
+CSRF_TRUSTED_ORIGINS=https://charasheet.augendre.info