diff --git a/files/nginx.conf b/files/nginx.conf
new file mode 100644
index 00000000..ca04a5ec
--- /dev/null
+++ b/files/nginx.conf
@@ -0,0 +1,43 @@
+user nginx nginx;
+worker_processes 1;
+
+error_log /var/log/nginx/error_log info;
+
+events {
+  worker_connections 1024;
+  use epoll;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  log_format main
+    '$remote_addr - $remote_user [$time_local] '
+    '"$request" $status $bytes_sent '
+    '"$http_referer" "$http_user_agent" '
+    '"$gzip_ratio"';
+
+  client_header_timeout 10m;
+  client_body_timeout 10m;
+  send_timeout 10m;
+
+  connection_pool_size 256;
+  client_header_buffer_size 1k;
+  large_client_header_buffers 4 2k;
+  request_pool_size 4k;
+
+  gzip off;
+
+  output_buffers 1 32k;
+  postpone_output 1460;
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+
+  keepalive_timeout 75 20;
+
+  ignore_invalid_headers on;
+  include /etc/nginx/sites-available/*.conf;
+}
diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml
index 100bb7a0..69d25f8c 100644
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@@ -91,6 +91,9 @@
     name: "{{ (keystone_web_server == 'nginx') | ternary(keystone_apache_distro_packages, keystone_nginx_distro_packages) }}"
     state: absent
     autoremove: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}"
+    newuse: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
+    changed_use: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
+    noreplace: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
 
 - name: Install distro packages
   package:
@@ -98,6 +101,9 @@
     state: "{{ keystone_package_state }}"
     update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
     cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
+    newuse: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
+    changed_use: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
+    noreplace: "{{ (ansible_pkg_mgr == 'portage') | ternary('yes', omit) }}"
   register: install_packages
   until: install_packages is success
   retries: 5
diff --git a/tasks/keystone_nginx.yml b/tasks/keystone_nginx.yml
index f8986783..c8134a9f 100644
--- a/tasks/keystone_nginx.yml
+++ b/tasks/keystone_nginx.yml
@@ -59,6 +59,20 @@
     - Manage LB
     - Restart web server
 
+# NOTE(prometheanfire): Nginx needs to be told to load configs from keystone_nginx_conf_path
+- name: Configure nginx.conf
+  copy:
+    src: nginx.conf
+    dest: /etc/nginx/nginx.conf
+    mode: "0644"
+    group: root
+    owner: root
+  when:
+    - ansible_pkg_mgr == 'portage'
+  notify:
+    - Manage LB
+    - Restart web server
+
 # Configure app
 - name: Configure virtual hosts
   template:
diff --git a/vars/gentoo.yml b/vars/gentoo.yml
new file mode 100644
index 00000000..0c491c76
--- /dev/null
+++ b/vars/gentoo.yml
@@ -0,0 +1,85 @@
+---
+# Copyright 2019, Matthew Thode
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cache_timeout: 600
+
+keystone_distro_packages:
+  - dev-vcs/git
+  - net-misc/openssh
+  - net-misc/rsync
+  - sys-process/cronie
+
+keystone_devel_distro_packages:
+  - dev-python/docutils
+  - net-nds/openldap
+  - dev-libs/cyrus-sasl
+  - dev-libs/libxslt
+  - dev-libs/libxml2
+
+keystone_service_distro_packages:
+  - sys-auth/keystone
+  - dev-python/python-systemd
+  - www-servers/uwsgi
+
+keystone_apache_distro_packages:
+  - www-servers/apache
+  - app-admin/apache-tools
+
+keystone_nginx_distro_packages:
+  - www-servers/nginx
+
+keystone_idp_distro_packages:
+  - dev-libs/xmlsec
+
+keystone_sp_distro_packages: []  # nope
+
+keystone_developer_mode_distro_packages: []
+
+keystone_oslomsg_amqp1_distro_packages:
+  - dev-libs/cyrus-sasl
+
+keystone_apache_default_sites:
+  - "/etc/apache2/sites-enabled/000-default.conf"
+
+keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
+keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
+keystone_apache_conf: "/etc/apache2/apache2.conf"
+keystone_apache_default_log_folder: "/var/log/apache2"
+keystone_apache_default_log_owner: "root"
+keystone_apache_default_log_grp: "adm"
+keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
+
+keystone_apache_configs:
+  - { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
+  - { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
+  - { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
+
+keystone_apache_modules:
+  - name: "ssl"
+    state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
+  - name: "shib2"
+    state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
+  - name: "proxy_http"
+    state: "present"
+  - name: "headers"
+    state: "present"
+# This can be enabled when Apache2.5+ is available
+#  - name: "mod_journald"
+#    state: "present
+
+keystone_nginx_conf_path: "sites-available"
+keystone_system_service_name: apache2
+keystone_uwsgi_bin: '/usr/bin'
+keystone_sshd: sshd