diff --git a/manifests/hosts/elsasum.pp b/manifests/hosts/elsasum.pp
new file mode 100644
index 0000000000000000000000000000000000000000..5cc60731491cc40ad89fe62320abb64fdc193128
--- /dev/null
+++ b/manifests/hosts/elsasum.pp
@@ -0,0 +1,18 @@
+# @summary A short summary of the purpose of this class
+#
+# A description of what this class does
+#
+# @example
+#   include kmaccess::hosts::elsasum
+class kmaccess::hosts::elsasum {
+  firewalld_port {
+    default:
+      ensure   => present,
+      port     => 8080,
+      protocol => 'tcp';
+    'Allow port 8080 from public Zone':
+      zone     => 'public';
+    'Allow port 8080 from liu Zone':
+      zone     => 'liu';
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000000000000000000000000000000000000..38c8a8dd1092fb26d90130cb40d46f8cd2eda0dd
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,63 @@
+# @summary A short summary of the purpose of this class
+#
+# A description of what this class does
+#
+# @example
+#   include kmaccess
+class kmaccess {
+  $host = fact('networking.fqdn')
+  $cfg = "kmaccess::hosts::${host}"
+  if defined($cfg) {
+    include $cfg
+  }
+  profiles::letsencrypt::cert { $host : }
+  user { 'kmservice' :
+    ensure => 'present',
+    shell  => '/sbin/nologin',
+    system => true,
+  }
+  file { '/etc/sudoers.d/02-kmservice' :
+    ensure => 'present',
+    owner  => 'root',
+    mode   => '0755',
+    content => 'micjo73,arnjo82,danho69 ALL=(kmservice) NOPASSWD: ALL',
+  }
+  users::liu_user { 'micjo73' :
+    commonname => 'Michael Jonasson',
+    shell      => '/bin/bash',
+    sshkey     => 'AAAAC3NzaC1lZDI1NTE5AAAAIFqOg7hZVQPG6sfTUhkLFB1cec1Wdg/7cmiJBdCHXXu5',
+    sshkeytype => 'ssh-ed25519',
+  }
+  users::liu_user { 'arnjo82' :
+    commonname => 'Arne Jönsson',
+    shell      => '/bin/bash',
+    sshkey     => 'AAAAC3NzaC1lZDI1NTE5AAAAIDMyqLt93NFeXcnaerqXbSfmciU6odXY6d+BVdmcUeCS',
+    sshkeytype => 'ssh-ed25519',
+  }
+  users::liu_user { 'danho69' :
+    commonname => 'Daniel Holmer',
+    shell      => '/bin/bash',
+    sshkey     => 'AAAAC3NzaC1lZDI1NTE5AAAAIE6BNeP0nZY58yWieADalkfPqgHHyl8bH5hQvPa7+eS0',
+    sshkeytype => 'ssh-ed25519',
+  }
+  firewalld_service { 'Allow http from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'https',
+  }
+}
diff --git a/spec/classes/hosts/elsasum_spec.rb b/spec/classes/hosts/elsasum_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..62809cca5afd63dade1040b84af54bca6eeae0d5
--- /dev/null
+++ b/spec/classes/hosts/elsasum_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'kmaccess::hosts::elsasum' do
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+
+      it { is_expected.to compile.with_all_deps }
+    end
+  end
+end
diff --git a/spec/classes/kmaccess_spec.rb b/spec/classes/kmaccess_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..38163e383549bc0a0b3ac2db0f3383832b25e2f9
--- /dev/null
+++ b/spec/classes/kmaccess_spec.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'kmaccess' do
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+
+      it { is_expected.to compile.with_all_deps }
+    end
+  end
+end