diff --git a/files/vindbrygga/sshd_config b/files/vindbrygga/sshd_config
new file mode 100644
index 0000000000000000000000000000000000000000..49bef4e613c200717b4d8a7c76bb996f0fbda35e
--- /dev/null
+++ b/files/vindbrygga/sshd_config
@@ -0,0 +1,141 @@
+#	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
+#	$FreeBSD: releng/10.1/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $
+
+# This is the sshd server vindbrygga configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+Port 21
+Port 22
+Port 80
+Port 443
+Port 1022
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+ListenAddress vindbrygga.lysator.liu.se
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+HostKey /usr/local/etc/ssh_vindbrygga/ssh_host_rsa_key
+HostKey /usr/local/etc/ssh_vindbrygga/ssh_host_dsa_key
+HostKey /usr/local/etc/ssh_vindbrygga/ssh_host_ecdsa_key
+HostKey /usr/local/etc/ssh_vindbrygga/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+LoginGraceTime 30
+#PermitRootLogin no
+#StrictModes yes
+MaxAuthTries 4
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# Change to yes to enable built-in password authentication.
+PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable PAM authentication
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+
+# Set this to 'no' to disable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding yes
+X11DisplayOffset 100
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+PidFile /var/run/sshd_vindbrygga.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+UseBlacklist yes
+#VersionAddendum FreeBSD-20140420
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/files/vindbrygga/sshd_vindbrygga b/files/vindbrygga/sshd_vindbrygga
new file mode 100755
index 0000000000000000000000000000000000000000..78519d7ca9e66820d1172681dfcdceeac418431a
--- /dev/null
+++ b/files/vindbrygga/sshd_vindbrygga
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# PROVIDE: sshd_vindbrygga
+# REQUIRE: LOGIN FILESYSTEMS
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="sshd_vindbrygga"
+rcvar="sshd_vindbrygga_enable"
+command="/usr/sbin/sshd"
+command_args="-f /usr/local/etc/ssh_vindbrygga/sshd_config"
+start_precmd="${name}_configtest"
+reload_precmd="${name}_configtest"
+restart_precmd="${name}_configtest"
+configtest_cmd="${name}_configtest"
+pidfile="/var/run/${name}.pid"
+extra_commands="configtest reload"
+
+sshd_vindbrygga_configtest()
+{
+	echo "Performing sanity check on ${name} configuration."
+	eval ${command} ${command_args} ${sshd_vindbrygga_flags} -t
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/manifests/vindbrygga.pp b/manifests/vindbrygga.pp
new file mode 100644
index 0000000000000000000000000000000000000000..bf80480e6c97df41e727fe0ebfdb3d960d180f87
--- /dev/null
+++ b/manifests/vindbrygga.pp
@@ -0,0 +1,37 @@
+#
+class freebsd::vindbrygga {
+  file { '/usr/local/etc/ssh_vindbrygga':
+    ensure => directory,
+  }
+
+  file { '/usr/local/etc/ssh_vindbrygga/sshd_config':
+    ensure => file,
+    source => 'puppet:///modules/freebsd/vindbrygga/sshd_config',
+    owner  => 'root',
+    group  => 'wheel',
+    mode   => '0644',
+  }
+
+  file { '/usr/local/etc/rc.d/sshd_vindbrygga':
+    ensure => file,
+    source => 'puppet:///modules/freebsd/vindbrygga/sshd_vindbrygga',
+    owner  => 'root',
+    group  => 'wheel',
+    mode   => '0755',
+  }
+
+  file_line { 'vindbrygga IPv4':
+    path => '/etc/rc.conf',
+    line => 'ifconfig_igb0_alias0="inet 130.236.254.222 netmask 255.255.255.0"',
+  }
+
+  file_line { 'vindbrygga IPv6':
+    path => '/etc/rc.conf',
+    line => 'ifconfig_igb0_alias1="inet6 2001:6b0:17:f0a0::de prefixlen 64"',
+  }
+
+  file_line { 'enable vindbrygga':
+    path => '/etc/rc.conf',
+    line => 'sshd_vindbrygga_enable="YES"',
+  }
+}