diff --git a/host_vars/nginx.yml b/host_vars/nginx.yml
new file mode 100644
index 0000000..9713272
--- /dev/null
+++ b/host_vars/nginx.yml
@@ -0,0 +1,7 @@
+---
+# Nginx web server specific variables
+
+common_firewall_allowed_ports:
+  - "22/tcp"   # SSH
+  - "80/tcp"   # HTTP
+  - "443/tcp"  # HTTPS
diff --git a/playbooks/configure-directlx-dev-dns.yml b/playbooks/configure-directlx-dev-dns.yml
new file mode 100644
index 0000000..2cdc31a
--- /dev/null
+++ b/playbooks/configure-directlx-dev-dns.yml
@@ -0,0 +1,38 @@
+---
+- name: Configure Pi-hole DNS for directlx.dev services (via NPM)
+  hosts: pihole
+  vars:
+    dns_domain: directlx.dev
+    # All services routed through NPM (192.168.200.71)
+    dns_records:
+      - { ip: "192.168.200.71", hostname: "www" }
+      - { ip: "192.168.200.71", hostname: "mgmt" }
+      - { ip: "192.168.200.71", hostname: "hiveops" }
+      - { ip: "192.168.200.71", hostname: "browser" }
+      - { ip: "192.168.200.71", hostname: "smartjournal" }
+      - { ip: "192.168.200.71", hostname: "incidents" }
+      - { ip: "192.168.200.71", hostname: "remote" }
+
+  tasks:
+    - name: Copy DNS update script
+      ansible.builtin.template:
+        src: ../templates/pihole-hosts.py.j2
+        dest: /tmp/update_pihole_hosts_directlx.py
+        mode: '0755'
+
+    - name: Update Pi-hole DNS hosts for directlx.dev
+      ansible.builtin.command: python3 /tmp/update_pihole_hosts_directlx.py
+      register: update_result
+      changed_when: "'updated' in update_result.stdout.lower()"
+      notify: Restart pihole-FTL
+
+    - name: Cleanup script
+      ansible.builtin.file:
+        path: /tmp/update_pihole_hosts_directlx.py
+        state: absent
+
+  handlers:
+    - name: Restart pihole-FTL
+      ansible.builtin.systemd:
+        name: pihole-FTL
+        state: restarted