diff --git a/roles/authentik/defaults/main.yml b/roles/authentik/defaults/main.yml
index d7ca79c..e809299 100644
--- a/roles/authentik/defaults/main.yml
+++ b/roles/authentik/defaults/main.yml
@@ -45,6 +45,18 @@ authentik_proxy_apps: []
 #     authorization_slug: default-provider-authorization-implicit-consent
 #     invalidation_slug: default-provider-invalidation-flow
 
+authentik_proxy_outposts: []
+# - name: "proxy-main"
+#   type: "proxy"
+#   service_connection: null
+#   providers:
+#     - whoami
+#     - nextcloud-proxy
+#   config:
+#     authentik_host: "https://authentik.local.test/"
+#     authentik_host_browser: "https://authentik.local.test/"
+#     log_level: "info"
+
 authentik_oidc_apps: []
 # - slug: grafana
 #   name: Grafana
diff --git a/roles/authentik/tasks/main.yml b/roles/authentik/tasks/main.yml
index dd9aa2e..69fedb7 100644
--- a/roles/authentik/tasks/main.yml
+++ b/roles/authentik/tasks/main.yml
@@ -54,6 +54,14 @@
   loop: "{{ authentik_proxy_apps }}"
   register: proxy_templates
 
+- name: Render outpost blueprints
+  template:
+    src: blueprints/outpost-proxy.yaml.j2
+    dest: "{{ authentik_docker_volume_dir }}/blueprints/30-outpost-{{ item.name }}.yaml"
+    mode: "0644"
+  loop: "{{ authentik_proxy_outposts }}"
+  register: outpost_bp
+
 - name: Create docker-compose file for authentik
   template:
     src: docker-compose.yml.j2
@@ -69,5 +77,6 @@
         (
          (oidc_templates is defined and (oidc_templates.results | selectattr('changed') | list | length > 0))
          or (proxy_templates is defined and (proxy_templates.results | selectattr('changed') | list | length > 0))
+         or (outpost_bp is defined and (outpost_bp.results | selectattr('changed') | list | length > 0))
         ) | ternary('always','auto')
       }}
diff --git a/roles/authentik/templates/blueprints/outpost-proxy.yaml.j2 b/roles/authentik/templates/blueprints/outpost-proxy.yaml.j2
new file mode 100644
index 0000000..1aebe6c
--- /dev/null
+++ b/roles/authentik/templates/blueprints/outpost-proxy.yaml.j2
@@ -0,0 +1,27 @@
+# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
+version: 1
+metadata:
+  name: "outpost-{{ item.name }}"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+
+entries:
+  - model: authentik_outposts.outpost
+    identifiers:
+      name: "{{ item.name }}"
+    attrs:
+      name: "{{ item.name }}"
+      type: {{ item.type | default('proxy') }}
+      service_connection: {{ item.service_connection | default('null') }}
+
+      providers:
+{% for p in item.providers %}
+        - !Find [authentik_providers_proxy.proxyprovider, [name, {{ p }}]]
+{% endfor %}
+
+{% if item.config is defined %}
+      config:
+{%   for k, v in item.config.items() %}
+        {{ k }}: {{ v | tojson }}
+{%   endfor %}
+{% endif %}