diff --git a/roles/dhcp/defaults/main.yml b/roles/dhcp/defaults/main.yml
new file mode 100644
index 0000000..1e6759d
--- /dev/null
+++ b/roles/dhcp/defaults/main.yml
@@ -0,0 +1,35 @@
+---
+
+dhcp_server_package_name: "dhcp-server"
+dhcp_server_configfile_path: "/etc/dhcp/dhcpd.test.conf"
+dhcp_server_systemd_unit: "dhcpd.service"
+
+# Default lease time in seconds: 1 day = 60*60*24
+dhcp_default_lease_time: 86400
+# Max lease time in seconds: 1 week = 60*60*24*7
+dhcp_max_lease_time: 604800
+# domain-name and name-servers common across all networks the dhcp-server controls
+dhcp_common_domain_name: "example.org"
+dhcp_common_name_servers:
+  - "ns1.example.org"
+  - "ns2.example.org"
+dhcp_is_authorative: True
+
+dhcp_subnets:
+  - net: 192.168.167.0
+    netmask: 255.255.255.0
+    routers: 192.168.167.2
+    broadcast: 192.168.167.255
+    domain_name: "int.example.org"
+    domain_name_servers:
+      - "ns1.int.example.org"
+    domain_search:
+      - "int.example.org"
+    range_start: 192.168.167.10
+    range_end: 192.168.167.20
+    allow_unknown: True
+    hosts:
+      - name: server
+        mac: "00:00:00:00:00:00"
+        ip: 192.168.167.45
+
diff --git a/roles/dhcp/tasks/main.yml b/roles/dhcp/tasks/main.yml
new file mode 100644
index 0000000..e51a97e
--- /dev/null
+++ b/roles/dhcp/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+
+- name: Ensure ISC-DHCP installed
+  package:
+    name: "{{ dhcp_server_package_name }}"
+    state: present
+
+- name: Template DHCP-server configuration
+  template:
+    src: dhcpd.conf.j2
+    dest: "{{ dhcp_server_configfile_path }}"
+    owner: root
+    group: root
+    mode: 0644
+    setype: dhcp_etc_t
+
+- name: Restart & enable DHCP-server
+  systemd:
+    name: "{{ dhcp_server_systemd_unit }}"
+    enabled: yes
+    state: restarted
+    daemon_reload: yes
+
+
diff --git a/roles/dhcp/templates/dhcpd.conf.j2 b/roles/dhcp/templates/dhcpd.conf.j2
new file mode 100644
index 0000000..5d5c074
--- /dev/null
+++ b/roles/dhcp/templates/dhcpd.conf.j2
@@ -0,0 +1,54 @@
+# dhcpd.conf
+
+{% if dhcp_is_authorative is defined and dhcp_is_authorative is sameas true %}
+authoritative;
+{% endif %}
+
+# Global settings for DHCP lease times
+default-lease-time {{ dhcp_default_lease_time }};
+max-lease-time {{ dhcp_max_lease_time }};
+
+# Global domain names and servers for all supported networks
+{% if dhcp_common_domain_name is not none %}
+option domain-name "{{ dhcp_common_domain_name }}";
+{% endif %}
+{% if dhcp_common_name_servers is not none %}
+option domain-name-servers {{ dhcp_common_name_servers|join(', ') }};
+{% endif %}
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# Subnet definitions
+{% for subnet in dhcp_subnets %}
+subnet {{ subnet.net }} netmask {{ subnet.netmask }} {
+  option routers {{ subnet.routers }};
+  option broadcast-address {{ subnet.broadcast }};
+  option domain-name "{{ subnet.domain_name }}";
+  option domain-name-servers {{ subnet.domain_name_servers|join(', ') }};
+  {% if subnet.domain_search is defined and subnet.domain_search|length > 0 %}
+  option domain-search {{ subnet.domain_search | map('regex_replace', '(.*)', '\"\\1\"') | join(', ') }};
+  {% endif %}
+
+  {% if subnet.range_start is defined and subnet.range_end is defined %}
+  range {{ subnet.range_start }} {{ subnet.range_end }};
+  {% endif %}
+
+  {% if subnet.allow_unknown is defined and subnet.allow_unknown is sameas false %}
+  deny unknown-clients;
+  {% else %}
+  allow unknown-clients;
+  {% endif %}
+
+  {% for host in subnet.hosts %}
+  host {{ host.name }} {
+    hardware ethernet {{ host.mac }};
+    {% if host.ip is defined %}
+    fixed-address {{ host.ip }};
+    {% endif %}
+  }
+  {% endfor %}
+}
+{% endfor %}
+