diff --git a/roles/mgrote_wireguard/defaults/main.yml b/roles/mgrote_wireguard/defaults/main.yml
new file mode 100644
index 00000000..d3465129
--- /dev/null
+++ b/roles/mgrote_wireguard/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+wireguard_conf_dir: /etc/wireguard
+#wireguard_profiles:
+#  - name: wg0
+#    privatekey:
+#    address:
+#    dns:
+#    publickey:
+#    allowedips:
+#    endpoint:
+...
diff --git a/roles/mgrote_wireguard/tasks/main.yml b/roles/mgrote_wireguard/tasks/main.yml
new file mode 100644
index 00000000..c6bafc85
--- /dev/null
+++ b/roles/mgrote_wireguard/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: Ensure package exists
+  become: true
+  ansible.builtin.package:
+    name:
+      - wireguard
+    state: present
+
+- name: Ensure profiles are templated
+  become: true
+  ansible.builtin.template:
+    src: "wg.conf.j2"
+    dest: "{{ wireguard_conf_dir }}/{{ item.name }}.conf"
+    owner: root
+    group: root
+    mode: "0600"
+  when:
+    - wireguard_profiles is defined
+  loop: wireguard_profiles
+...
diff --git a/roles/mgrote_wireguard/templates/wg.conf.j2 b/roles/mgrote_wireguard/templates/wg.conf.j2
new file mode 100644
index 00000000..ce52f1e2
--- /dev/null
+++ b/roles/mgrote_wireguard/templates/wg.conf.j2
@@ -0,0 +1,10 @@
+[Interface]
+PrivateKey = {{ privatekey }}
+Address = {{ address }}
+DNS = {{ dns }}
+
+[Peer]
+PublicKey = {{ publickey }}
+AllowedIPs = {{ allowedips }}
+Endpoint = {{ endpoint }}
+PersistentKeepalive = 25