diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml
index 80a52c6..b470bf9 100644
--- a/ansible/roles/podman/defaults/main.yml
+++ b/ansible/roles/podman/defaults/main.yml
@@ -8,6 +8,7 @@ fulfillr_path: "{{ podman_volumes }}/fulfillr"
 graylog_path: "{{ podman_volumes }}/graylog"
 hass_path: "{{ podman_volumes }}/hass"
 nginx_path: "{{ podman_volumes }}/nginx"
+nosql_path: "{{ podman_volumes }}/nosql"
 partkeepr_path: "{{ podman_volumes }}/partkeepr"
 photos_path: "{{ podman_volumes }}/photos"
 pihole_path: "{{ podman_volumes }}/pihole"
diff --git a/ansible/roles/podman/tasks/container-nosql.yml b/ansible/roles/podman/tasks/container-nosql.yml
new file mode 100644
index 0000000..d58bfef
--- /dev/null
+++ b/ansible/roles/podman/tasks/container-nosql.yml
@@ -0,0 +1,44 @@
+---
+- name: create nosql host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ nosql_path }}/conf"
+    - "{{ nosql_path }}/data"
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- import_tasks: podman/podman-check.yml
+  vars:
+    container_name: nosql
+    container_image: "{{ image }}"
+
+- name: create nosql container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: nosql
+    image: "{{ image }}"
+    command: redis-server --requirepass {{ nosql_password }} 
+    restart_policy: on-failure:3
+    log_driver: journald
+    volumes:
+      - "{{ nosql_path }}/conf:/usr/local/etc/redis/"
+      - "{{ nosql_path }}/data:/var/lib/redis"
+    env:
+      TZ: America/New_York
+      REDIS_REPLICATION_MODE: master
+    ports:
+      - 6379:6379/tcp
+
+- name: create systemd startup job for nosql
+  include_tasks: podman/systemd-generate.yml
+  vars:
+    container_name: nosql
diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml
index 51ece8b..e52ee82 100644
--- a/ansible/roles/podman/tasks/firewall.yml
+++ b/ansible/roles/podman/tasks/firewall.yml
@@ -16,9 +16,8 @@
     # pihole (unused?)
     - 53/tcp
     - 53/udp
-    # pihole (iptables preroute)
-    - 1153/tcp
-    - 1153/udp
+    # nosql/redis
+    - 6379/tcp
     # ???
     - 6875/tcp
     # Satisfactory
@@ -39,6 +38,9 @@
     immediate: true
     state: disabled
   loop:
+    - 1153/tcp
+    - 1153/udp
+    - 2000/udp
     - 2456/udp
     - 2457/udp
     - 9093/tcp
diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml
index 6858b86..f489176 100644
--- a/ansible/roles/podman/tasks/main.yml
+++ b/ansible/roles/podman/tasks/main.yml
@@ -51,7 +51,7 @@
 
 - import_tasks: container-fulfillr.yml
   vars:
-    image: "{{ aws_ecr_endpoint }}/fulfillr:20230913.2009"
+    image: "{{ aws_ecr_endpoint }}/fulfillr:20230919.2233"
   tags: fulfillr
 
 - import_tasks: configuration-nginx.yml
@@ -60,6 +60,11 @@
     image: docker.io/owasp/modsecurity:nginx
   tags: nginx
 
+- import_tasks: container-nosql.yml
+  vars:
+    image: docker.io/redis:7.2.1-alpine
+  tags: nosql
+
 - import_tasks: container-sshpass-cron.yml
   vars:
     image: docker.io/bdebyl/sshpass-cron:1.0.11
diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml
index f426886..99e46d3 100644
Binary files a/ansible/vars/vault.yml and b/ansible/vars/vault.yml differ