diff --git a/roles/prosody/README.md b/roles/prosody/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..5ba86394ba41d1daa9a0a780492a00c88a62b1ab
--- /dev/null
+++ b/roles/prosody/README.md
@@ -0,0 +1,17 @@
+jabber: prosody
+===
+
+Ansible role that installs our [containerized prosody](https://git.autistici.org/ai3/docker/prosody)
+and configures it.
+
+It is meant to run on backends, with connections
+forwarded via *haproxy*, so it terminates SSL on its own (this is necessary
+because haproxy doesn't speak its custom STARTTLS protocol). In order
+to do this, it depends on the *acme-storage* Ansible role, which sets
+up the *replds@acme* service. This pulls in a copy of /etc/credentials/public.
+
+The replds service must be reflected in the *services.yml* configuration
+which is why you can see in *services.im.yml* some service_credentials
+named 'replds-acme', and a corresponding systemd_service.
+
+To configure it, define the list of domains it should support in the
diff --git a/roles/prosody/meta/main.yml b/roles/prosody/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..186eef83abb870c1a21979c941a00600763c9830
--- /dev/null
+++ b/roles/prosody/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - {role: float-infra-acme-storage}