diff --git a/roles/gluebuddy/files/gluebuddy.service b/roles/gluebuddy/files/gluebuddy.service
new file mode 100644
index 00000000..4d95f86b
--- /dev/null
+++ b/roles/gluebuddy/files/gluebuddy.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=gluebuddy service
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/gluebuddy
+
+DynamicUsers=true
+NoNewPrivileges=yes
+ProtectSystem=full
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+ProtectHostname=true
+RestrictRealtime=true
+CapabilityBoundingSet=
+MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/gluebuddy/files/gluebuddy.timer b/roles/gluebuddy/files/gluebuddy.timer
new file mode 100644
index 00000000..dca439fb
--- /dev/null
+++ b/roles/gluebuddy/files/gluebuddy.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=gluebuddy timer
+
+[Timer]
+OnUnitActiveSec=10min
+OnBootSec=5min
+RandomizedDelaySec=1min
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/gluebuddy/tasks/main.yml b/roles/gluebuddy/tasks/main.yml
new file mode 100644
index 00000000..31f9ec3d
--- /dev/null
+++ b/roles/gluebuddy/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: install systemd service/timer
+  copy: src={{ item }} dest="/etc/systemd/system/{{ item }}" owner=root group=root mode=0644
+  with_items:
+    - gluebuddy.service
+    - gluebuddy.timer