diff --git a/.gitmodules b/.gitmodules
index cec4d93..5fb5699 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "states/certificates/dehydrated/dehydrated-mythic-dns01"]
 	path = states/certificates/dehydrated/dehydrated-mythic-dns01
 	url = https://github.com/mythic-beasts/dehydrated-mythic-dns01
+[submodule "states/gpodder/micro-gpodder-server"]
+	path = states/gpodder/micro-gpodder-server
+	url = https://github.com/bohwaz/micro-gpodder-server.git
diff --git a/states/backup/hedwig_backup2l.conf b/states/backup/hedwig_backup2l.conf
index 2f2d2f7..d943363 100644
--- a/states/backup/hedwig_backup2l.conf
+++ b/states/backup/hedwig_backup2l.conf
@@ -22,7 +22,7 @@ VOLNAME="all"
 
 # List of directories to make backups of.
 # All paths MUST be absolute and start with a '/'!
-SRCLIST=(/etc /root /home /var/mail /usr/local /var/lib/wordpress)
+SRCLIST=(/etc /root /home /var/mail /usr/local /var/lib/wordpress /srv)
 
 # The following expression specifies the files not to be archived.
 # See the find(1) man page for further info. It is discouraged to
diff --git a/states/certificates/dehydrated/dnsapi.config.txt b/states/certificates/dehydrated/dnsapi.config.txt
index 7920aac..ffa59c2 100644
--- a/states/certificates/dehydrated/dnsapi.config.txt
+++ b/states/certificates/dehydrated/dnsapi.config.txt
@@ -11,6 +11,7 @@ www.bear-cave.org.uk {{ keyid }} {{ secret }}
 lunch.org.uk {{ keyid }} {{ secret }}
 www.lunch.org.uk {{ keyid }} {{ secret }}
 git.lunch.org.uk {{ keyid }} {{ secret }}
+gpodder.lunch.org.uk {{ keyid }} {{ secret }}
 hg.lunch.org.uk {{ keyid }} {{ secret }}
 jenkins.lunch.org.uk {{ keyid }} {{ secret }}
 lists.lunch.org.uk {{ keyid }} {{ secret }}
diff --git a/states/certificates/dehydrated/domains.txt b/states/certificates/dehydrated/domains.txt
index 9f9740e..1ba0b10 100644
--- a/states/certificates/dehydrated/domains.txt
+++ b/states/certificates/dehydrated/domains.txt
@@ -1,6 +1,7 @@
 bear-cave.org.uk www.bear-cave.org.uk
 lunch.org.uk www.lunch.org.uk
 git.lunch.org.uk
+gpodder.lunch.org.uk
 hg.lunch.org.uk
 jenkins.lunch.org.uk
 mail.lunch.org.uk webmail.lunch.org.uk
diff --git a/states/gpodder/gpodder.lunch.org.uk.conf b/states/gpodder/gpodder.lunch.org.uk.conf
new file mode 100644
index 0000000..4d53c8e
--- /dev/null
+++ b/states/gpodder/gpodder.lunch.org.uk.conf
@@ -0,0 +1,45 @@
+<IfModule mod_ssl.c>
+
+<VirtualHost *:443>
+        ServerName gpodder.lunch.org.uk
+
+        ErrorLog /var/log/apache2/gpodder-error.log
+        CustomLog /var/log/apache2/gpodder-access.log combined
+
+        RemoteIPProxyProtocol On
+
+	DocumentRoot /srv/gpodder
+
+        <Directory /srv/gpodder>
+            Options FollowSymLinks
+            AllowOverride All
+            Order allow,deny
+            Allow from all
+            Require all granted
+            DirectoryIndex index.php
+        </Directory>
+
+	SSLEngine on
+	SSLCertificateFile /var/local/certificates/gpodder.lunch.org.uk/fullchain.pem
+	SSLCertificateKeyFile /var/local/certificates/gpodder.lunch.org.uk/privkey.pem
+</VirtualHost>
+
+</IfModule>
+
+<VirtualHost *:80>
+        ServerName gpodder.lunch.org.uk
+
+        ErrorLog /var/log/apache2/gpodder-error.log
+        CustomLog /var/log/apache2/gpodder-access.log combined
+
+        RemoteIPProxyProtocol On
+
+        <IfModule rewrite_module>
+                #
+                # This redirects all accesses to the HTTPS version of the site.
+                #
+                RewriteEngine On
+
+                RewriteRule ^/?(.*) https://gpodder.lunch.org.uk/$1 [R=301,L]
+        </IfModule>
+</VirtualHost>
diff --git a/states/gpodder/init.sls b/states/gpodder/init.sls
new file mode 100644
index 0000000..1f964b9
--- /dev/null
+++ b/states/gpodder/init.sls
@@ -0,0 +1,34 @@
+gpodder:
+  pkg.installed:
+  - pkgs:
+    - php-sqlite3
+    - libapache2-mod-php8.2
+
+srv_gpodder_directory:
+  file.recurse:
+    - name: /srv/gpodder
+    - source: salt://gpodder/micro-gpodder-server/server
+    - user: www-data
+    - group: www-data
+    - dir_mode: '0755'
+
+gpodder_web:
+  file.managed:
+    - require:
+      - sls: apache
+      - sls: certificates/client
+    - names:
+      - /etc/apache2/sites-available/gpodder.lunch.org.uk.conf:
+        - source: salt://gpodder/gpodder.lunch.org.uk.conf
+  apache_module.enabled:
+    - name: php8.2
+  apache_site.enabled:
+    - require:
+      - file: /etc/apache2/sites-available/gpodder.lunch.org.uk.conf
+    - name: gpodder.lunch.org.uk
+  service.running:
+    - name: apache2
+    - reload: true
+    - watch:
+      - file: /etc/apache2/sites-available/gpodder.lunch.org.uk.conf
+
diff --git a/states/gpodder/micro-gpodder-server b/states/gpodder/micro-gpodder-server
new file mode 160000
index 0000000..2a7d3ba
--- /dev/null
+++ b/states/gpodder/micro-gpodder-server
@@ -0,0 +1 @@
+Subproject commit 2a7d3bab5dff46bc0db7b9316bb71c8733ae97b8
diff --git a/states/top.sls b/states/top.sls
index fb5a7da..3d5394c 100644
--- a/states/top.sls
+++ b/states/top.sls
@@ -14,6 +14,7 @@ base:
     - lunch_website
     - havoc_website
     - cowboy_website
+    - gpodder
 
   'scabbers.lunch.org.uk':
     - debian