diff --git a/modules/swarm/cwtv-web/main.tf b/modules/swarm/cwtv-web/main.tf
new file mode 100644
index 0000000..21498eb
--- /dev/null
+++ b/modules/swarm/cwtv-web/main.tf
@@ -0,0 +1,82 @@
+data "docker_registry_image" "cwtv_web" {
+  name = "nginx:latest"
+}
+
+data "docker_network" "traefik" {
+  name = "traefik"
+}
+
+locals {
+  labels = {
+    "shepherd.auto-update"                                    = "true",
+    "traefik.enable"                                          = "true"
+    "traefik.http.services.cwtv-web.loadbalancer.server.port" = "80",
+    "traefik.http.routers.cwtv-web.rule"                      = "Host(`www.chaoswest.tv`)||Host(`chaoswest.tv`)",
+    "traefik.http.routers.cwtv-web.tls"                       = "true",
+    "traefik.http.routers.cwtv-web.tls.certresolver"          = "default",
+  }
+}
+
+resource "docker_service" "cwtv_web" {
+  name = "cwtv-web"
+
+  dynamic "labels" {
+    for_each = local.labels
+    content {
+      label = labels.key
+      value = labels.value
+    }
+  }
+
+  task_spec {
+    networks_advanced {
+      name = data.docker_network.traefik.id
+    }
+
+    container_spec {
+      image = "${data.docker_registry_image.cwtv_web.name}@${data.docker_registry_image.cwtv_web.sha256_digest}"
+
+      mounts {
+        target = "/usr/share/nginx/html/"
+        source = "/mnt/data/cwtv-web/www/chaoswest.tv"
+        type   = "bind"
+      }
+    }
+  }
+}
+
+data "hetznerdns_zone" "primary" {
+  name = "chaoswest.tv"
+}
+
+resource "hetznerdns_record" "primary" {
+  zone_id = data.hetznerdns_zone.primary.id
+  name    = "www"
+  value   = "ax41-1.fsn.mon2.de."
+  type    = "CNAME"
+}
+
+
+data "dns_a_record_set" "primary" {
+  host = "ax41-1.fsn.mon2.de"
+}
+
+data "dns_aaaa_record_set" "primary" {
+  host = "ax41-1.fsn.mon2.de"
+}
+
+resource "hetznerdns_record" "apex_a" {
+  for_each = toset(data.dns_a_record_set.primary.addrs)
+  zone_id  = data.hetznerdns_zone.primary.id
+  name     = "@"
+  value    = each.value
+  type     = "A"
+}
+
+resource "hetznerdns_record" "apex_aaaa" {
+  for_each = toset(data.dns_aaaa_record_set.primary.addrs)
+  zone_id  = data.hetznerdns_zone.primary.id
+  name     = "@"
+  value    = each.value
+  type     = "AAAA"
+}
diff --git a/modules/swarm/cwtv-web/outputs.tf b/modules/swarm/cwtv-web/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/swarm/cwtv-web/variables.tf b/modules/swarm/cwtv-web/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/swarm/cwtv-web/version.tf b/modules/swarm/cwtv-web/version.tf
new file mode 100644
index 0000000..3db6617
--- /dev/null
+++ b/modules/swarm/cwtv-web/version.tf
@@ -0,0 +1,17 @@
+terraform {
+  required_version = "1.5.5"
+  required_providers {
+    hetznerdns = {
+      source  = "timohirt/hetznerdns"
+      version = "~>2.2"
+    }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~>3.0"
+    }
+    dns = {
+      source  = "hashicorp/dns"
+      version = "3.4.2"
+    }
+  }
+}
diff --git a/stacks/ax41-1/.terraform.lock.hcl b/stacks/ax41-1/.terraform.lock.hcl
index 10e3bff..58316c4 100644
--- a/stacks/ax41-1/.terraform.lock.hcl
+++ b/stacks/ax41-1/.terraform.lock.hcl
@@ -5,6 +5,7 @@ provider "registry.terraform.io/carlpett/sops" {
   version     = "1.0.0"
   constraints = "~> 1.0"
   hashes = [
+    "h1:Ef2u9JLvoQv2TNT6rpuaKQu7Ps5teZKfGSxpoBMMEOk=",
     "h1:tnN2Mgl0NUF3cg7a0HtGmtOhHcG+tkaT6ncOPRuA9l8=",
     "zh:064e63ea800cd1a8e575064097bc7de6fd5faa8ad50dbb3f2f9d8a3ebc9d7b97",
     "zh:0663900085949d2faf24c170c7cdfbf76e545797915cc331da8304144c02bf27",
@@ -20,6 +21,7 @@ provider "registry.terraform.io/goauthentik/authentik" {
   version     = "2023.10.0"
   constraints = "~> 2023.10.0"
   hashes = [
+    "h1:QoOsDOpXcq2YiON1+Mlfp34Gq4o50TweAu72QWfK25k=",
     "h1:d6pqTwKRUjRsHgkS5w2HxZGAHnpqCvDBu5WlDVlsOLM=",
     "zh:01fa235282d58dfa12550a7ee5a24c9ac0e48892efc7a457a2706af939ede015",
     "zh:0c33b5596e0fce54f5c2627607c9b2a2e9c40dece4310740fa96bdba7ecd36a9",
@@ -38,10 +40,30 @@ provider "registry.terraform.io/goauthentik/authentik" {
   ]
 }
 
+provider "registry.terraform.io/hashicorp/dns" {
+  version = "3.4.2"
+  hashes = [
+    "h1:fANvQG0D/XKyj+s+egm66efvr8z2gNKER6UlKfjUxvU=",
+    "zh:75e40862402368e23cd298b62519203621cf4891b95e1c863530bf7d8e9614e6",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7a660fbfe5f83d7b94fd5b4cc9bf10d2f6ae280779839f4b7f183c7db5f1e368",
+    "zh:7c8c3499fb015d2a877a645ffd0225c3fdb4e8b71c044ff242762a1aed2a28e6",
+    "zh:954f20a96c8d6a04961896137bc004dae19fdaaaf8fd29229fb6ebc98ccac040",
+    "zh:96bd331cdd3673037e679b20cbf64e02e16f16f05a8c5dc2567c484fdd271d48",
+    "zh:96f83dfaeba393b1cf17feef05f25ffc4083432c1e3336a28977e626aac6eb53",
+    "zh:c663da6c3fda06a69d082d23935cebc34c7dc1b898e03a825b50628ad0e0ba71",
+    "zh:d0cc78a4f9444efe52764a57e7159b217181e0fd4ab4a610fa3bf7839bd94b02",
+    "zh:d1e938eec2c7ec946775bf984e79b3c66440fe3c08c3662bf0b40d3097985ed9",
+    "zh:dee0ccb0588f4c4224fe36e50f649ae36add82d72ccbf070800438860da820ac",
+    "zh:f2b3be35c8c97ed58f7d01ac532207fc816514eda639dcd3fd1929f5f5be369f",
+  ]
+}
+
 provider "registry.terraform.io/kreuzwerker/docker" {
   version     = "3.0.2"
   constraints = "~> 3.0"
   hashes = [
+    "h1:XjdpVL61KtTsuPE8swok3GY8A+Bu3TZs8T2DOEpyiXo=",
     "h1:tryCE8s9BiT6VyfnGgU1mUt9s0HcCKlRERdLd2fr010=",
     "zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
     "zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
@@ -64,6 +86,7 @@ provider "registry.terraform.io/timohirt/hetznerdns" {
   version     = "2.2.0"
   constraints = "~> 2.2"
   hashes = [
+    "h1:9a5BBgc0oi7DjmveI64xEhzW6wv5hQRAc+kmhs3QKyU=",
     "h1:HyskQAglrOueur79gSCBgx9MNDOs0tz39aNYQiFgxz8=",
     "zh:5bb0ab9f62be3ed92070235e507f3c290491d51391ef4edcc70df53b65a83019",
     "zh:5ccdfac7284f5515ac3cff748336b77f21c64760e429e811a1eeefa8ebb86e12",
diff --git a/stacks/ax41-1/README.md b/stacks/ax41-1/README.md
index 4764f96..3c40672 100644
--- a/stacks/ax41-1/README.md
+++ b/stacks/ax41-1/README.md
@@ -19,6 +19,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_cwtv_web"></a> [cwtv\_web](#module\_cwtv\_web) | ../../modules/swarm/cwtv-web | n/a |
 | <a name="module_deckchores"></a> [deckchores](#module\_deckchores) | ../../modules/swarm/deckchores | n/a |
 | <a name="module_forgejo"></a> [forgejo](#module\_forgejo) | ../../modules/swarm/forgejo | n/a |
 | <a name="module_grafana"></a> [grafana](#module\_grafana) | ../../modules/swarm/grafana | n/a |
diff --git a/stacks/ax41-1/main.tf b/stacks/ax41-1/main.tf
index ec6da4a..70a4968 100644
--- a/stacks/ax41-1/main.tf
+++ b/stacks/ax41-1/main.tf
@@ -35,6 +35,10 @@ module "shit" {
   source = "../../modules/swarm/shit"
 }
 
+module "cwtv_web" {
+  source = "../../modules/swarm/cwtv-web"
+}
+
 module "spaceapi" {
   source = "../../modules/swarm/spaceapi"
 }