diff --git a/playbooks/base.yaml b/playbooks/base.yaml
index 0ce939cb42..579a7b1181 100644
--- a/playbooks/base.yaml
+++ b/playbooks/base.yaml
@@ -3,9 +3,12 @@
     - users
     - base-repos
 
-# Split into two plays so that the update apt cache handler fires
-# before we run base-server
+# Run base-server seperately so that the update apt cache handler in base-repos
+# fires before we run base-server
 - hosts: "!disabled"
   roles:
     - base-server
+
+- hosts: "!ci-backup:!disabled"
+  roles:
     - exim
diff --git a/playbooks/group_vars/ci-backup.yaml b/playbooks/group_vars/ci-backup.yaml
new file mode 100644
index 0000000000..bcfd6be7dd
--- /dev/null
+++ b/playbooks/group_vars/ci-backup.yaml
@@ -0,0 +1,2 @@
+# TODO(mordred) Why is this set?
+purge_apt_sources: false
diff --git a/playbooks/group_vars/mailman.yaml b/playbooks/group_vars/mailman.yaml
index eb4ad8a64b..4cfb82ce9d 100644
--- a/playbooks/group_vars/mailman.yaml
+++ b/playbooks/group_vars/mailman.yaml
@@ -2,3 +2,5 @@ exim_queue_interval: '1m'
 exim_queue_run_max: '50'
 exim_smtp_accept_max: '100'
 exim_smtp_accept_max_per_host: '10'
+# TODO(mordred) Why is this set?
+purge_apt_sources: false
diff --git a/playbooks/group_vars/storyboard.yaml b/playbooks/group_vars/storyboard.yaml
new file mode 100644
index 0000000000..7f813d1a84
--- /dev/null
+++ b/playbooks/group_vars/storyboard.yaml
@@ -0,0 +1,34 @@
+exim_routers:
+  - storyboard_verp_router: |
+      driver = dnslookup
+      # we only consider messages sent in through loopback
+      condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
+                          {eq{$sender_host_address}{::1}}}{yes}{no}}
+      # we do not do this for traffic going to the local machine
+      domains = '!+local_domains'
+      ignore_target_hosts = <; \
+            0.0.0.0; \
+            64.94.110.11; \
+            127.0.0.0/8; \
+            ::1/128; \
+            fe80::/10; \
+            fec0::/10; \
+            ff00::/8
+      # only the un-VERPed bounce addresses are handled
+      senders = "*-bounces@*"
+      transport = storyboard_verp_smtp
+  - storyboard: |
+      # Send bounces to /dev/null until storyboard supports them.
+      driver = redirect
+      local_parts = storyboard
+      local_part_suffix_optional = true
+      local_part_suffix = -bounces : -bounces+*
+      data = :blackhole:
+exim_transports:
+  - storyboard_verp_smtp: |
+      driver = smtp
+      return_path = \
+        ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
+      max_rcpt = 1
+      headers_remove = Errors-To
+      headers_add = Errors-To: ${return_path}
diff --git a/playbooks/host_vars/firehose.openstack.org.yaml b/playbooks/host_vars/firehose.openstack.org.yaml
new file mode 100644
index 0000000000..c3c4486ff4
--- /dev/null
+++ b/playbooks/host_vars/firehose.openstack.org.yaml
@@ -0,0 +1,14 @@
+exim_local_domains: "@:firehose.openstack.org"
+exim_routers:
+  - cyrus: |
+      driver = accept
+      domains = +local_domains
+      local_part_suffix = +*
+      local_part_suffix_optional
+      transport = cyrus
+exim_transports:
+  - cyrus: |
+      driver = lmtp
+      socket = /var/run/cyrus/socket/lmtp
+      user = cyrus
+      batch_max = 35
diff --git a/playbooks/roles/install-ansible/files/groups.yaml b/playbooks/roles/install-ansible/files/groups.yaml
index f45136ec00..4b1c4e6cf1 100644
--- a/playbooks/roles/install-ansible/files/groups.yaml
+++ b/playbooks/roles/install-ansible/files/groups.yaml
@@ -24,6 +24,7 @@ groups:
   review-dev: inventory_hostname|regex_match('review-dev\d+\.openstack\.org')
   review: inventory_hostname|regex_match('review\d+\.openstack\.org')
   status: inventory_hostname.startswith('status')
+  storyboard: inventory_hostname.startswith('storyboard')
   subunit-worker: inventory_hostname.startswith('subunit-worker')
   survey: inventory_hostname.startswith('survey')
   translate-dev: inventory_hostname|regex_match('translate-dev\d+\.openstack\.org')