diff --git a/.gitignore b/.gitignore
index d3cbb0d..56ad082 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,4 +10,7 @@ kubespray/
 /kubespray/
 
 xvars-*.yml
-*/__pycache__/*
\ No newline at end of file
+*/__pycache__/*
+
+# macOS
+.DS_Store
\ No newline at end of file
diff --git a/host_vars/prodnso-nsointern-nsoprod-01/plain.yml b/host_vars/prodnso-nsointern-nsoprod-01/plain.yml
new file mode 100644
index 0000000..1f2bbf0
--- /dev/null
+++ b/host_vars/prodnso-nsointern-nsoprod-01/plain.yml
@@ -0,0 +1,15 @@
+---
+server_hcloud_firewall_objects:
+  - name: "customer-access-to-{{ inventory_hostname }}"
+    state: present
+    rules:
+      - direction: in
+        protocol: tcp
+        port: "443"
+        source_ips: "{{ additional_ip_adresses_vault }}"
+        destination_ips: []
+        description: customer specific access to https services
+    apply_to:
+      - type: server
+        server:
+          id: "{{ stage_server_id }}"
diff --git a/host_vars/prodnso-nsointern-nsoprod-01/vault.yml b/host_vars/prodnso-nsointern-nsoprod-01/vault.yml
new file mode 100644
index 0000000..128c3a6
--- /dev/null
+++ b/host_vars/prodnso-nsointern-nsoprod-01/vault.yml
@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+31396666646138353139636535636563613531356430336362386265636465656638656661613135
+6331373138383964363266383331633532383537613837310a366531363137656566306565346263
+32653430646463356464653939363431363666373637633332323430303934316439326234663532
+6661373662663836660a663138613564623237666434353561366366353936363063313831333165
+64333464333061336337393762343362373362353462346236323965653666343264343438306132
+32653561656337636365663531333066666663623738643463653865663961303239376262306362
+373762363465613031666565383535313033