diff --git a/dnbd3.yml b/dnbd3.yml
new file mode 100644
index 000000000..c94f4ca90
--- /dev/null
+++ b/dnbd3.yml
@@ -0,0 +1,60 @@
+---
+- name: DNBD3 Infrastructure
+  hosts: dnbd3primary,dnbd3proxy
+  become: true
+  pre_tasks:
+    - name: Install dependencies
+      ansible.builtin.package:
+        name:
+          - git
+        state: present
+
+    - name: Create dnbd3 user
+      ansible.builtin.group:
+        name: "{{ dnbd3_group }}"
+        state: present
+    - name: Create dnbd3 user
+      ansible.builtin.user:
+        name: "{{ dnbd3_user }}"
+        group: "{{ dnbd3_group }}"
+        shell: /bin/false
+        create_home: false
+    - name: Grant access to dnbd3 root directory
+      ansible.builtin.file:
+        mode: "770"
+        path: "{{ dnbd3_base_path }}"
+        state: directory
+        owner: "{{ dnbd3_user }}"
+        group: "{{ dnbd3_group }}"
+    - name: Grant access to tftp root directory
+      ansible.builtin.file:
+        mode: "770"
+        path: "{{ tftpboot_path }}"
+        state: directory
+        owner: "{{ tftp_user }}"
+        group: "{{ tftp_group }}"
+      when: "'dnbd3primary' in group_names"
+  roles:
+    #    - role: usegalaxy_eu.handy.os_setup
+    #      become: true
+    #      vars:
+    #        hostname: "{{ inventory_hostname }}"
+    #        enable_hostname: true
+    #        enable_powertools: true
+    #      when: "'dnbd3_primary' in group_names"
+    - role: usegalaxy_eu.dnbd3
+    - role: usegalaxy_eu.tftp
+      when: "'dnbd3primary' in group_names"
+    - role: geerlingguy.apache
+      when: "'dnbd3primary' in group_names"
+
+
+  post_tasks:
+    - name: Grant access to http directory
+      ansible.builtin.file:
+        mode: "770"
+        path: "{{ apache_vhosts[0].documentroot }}"
+        state: directory
+        owner: "www-data"
+        group: "www-data"
+      when: "'dnbd3primary' in group_names"
diff --git a/group_vars/dnbd3/vars.yml b/group_vars/dnbd3/vars.yml
new file mode 100644
index 000000000..b01be7d0a
--- /dev/null
+++ b/group_vars/dnbd3/vars.yml
@@ -0,0 +1,15 @@
+---
+# --- dnbd3 setup vars ---
+#dnbd3_base_path: "/mnt/s3/dnbd3"
+dnbd3_git_tag: "master"
+dnbd3_git_repo: "git://git.openslx.org/dnbd3.git"
+# --- dnbd3 config vars ---
+dnbd3_listen_port: "5003"
+dnbd3_client_penalty: "100000"
+dnbd3_primary: "{{ hostvars['dnbd3-primary.galaxyproject.eu']['ansible_default_ipv4']['address'] }}"
+dnbd3_primary_comment: "Primary DNBD3 server, which replicates S3FS mounted QCOW2 images."
+# dnbd3_primary_backup: "10.20.56.174"
+# dnbd3_primary_backup_comment: "Secondary/backup DNBD3 server, which replicates S3FS mounted QCOW2 images."
+dnbd3_poxys:
+  - ip: "{{ hostvars[dnbd3-proxy]['ansible_default_ipv4']['address'] }}"
+    comment: "1st DNBD3 Proxy"
diff --git a/group_vars/dnbd3primary/vars.yml b/group_vars/dnbd3primary/vars.yml
new file mode 100644
index 000000000..16e9f1a93
--- /dev/null
+++ b/group_vars/dnbd3primary/vars.yml
@@ -0,0 +1,10 @@
+---
+dnbd3_is_proxy: false
+dnbd3_base_path: "/export/dnbd3-cache/images"
+tftpboot_path: "/export/dnbd3-cache/boot"
+apache_listen_port: 80
+apache_remove_default_vhost: true
+apache_vhosts:
+  - servername: "dnbd3-primary.galaxyproject.eu"
+    serveralias: "{{ hostvars['dnbd3-primary.galaxyproject.eu']['ansible_default_ipv4']['address'] }}"
+    documentroot: "/export/dnbd3-cache/http"
diff --git a/group_vars/dnbd3proxy/vars.yml b/group_vars/dnbd3proxy/vars.yml
new file mode 100644
index 000000000..c758024c4
--- /dev/null
+++ b/group_vars/dnbd3proxy/vars.yml
@@ -0,0 +1,3 @@
+---
+dnbd3_is_proxy: true
+dnbd3_base_path: "/mnt/dnbd3"
diff --git a/hosts b/hosts
index 83b2a1ed1..b5d7c8e13 100644
--- a/hosts
+++ b/hosts
@@ -94,3 +94,13 @@ ansible_group_priority=4
 
 [dokku]
 apps.galaxyproject.eu ansible_ssh_user=ubuntu
+
+[dnbd3:children]
+dnbd3primary
+dnbd3proxy
+
+[dnbd3primary]
+dnbd3-primary.galaxyproject.eu ansible_ssh_user=root
+
+[dnbd3proxy]
+dnbd3-proxy.galaxyproject.eu
diff --git a/requirements.yaml b/requirements.yaml
index 293c1766e..67d0f1bd6 100644
--- a/requirements.yaml
+++ b/requirements.yaml
@@ -157,3 +157,11 @@ roles:
   - src: https://github.com/usegalaxy-eu/ansible-fw-glxeu-generic
     name: usegalaxy_eu.firewall
     version: 1.0.1
+  - name: usegalaxy_eu.dnbd3
+    src: https://github.com/usegalaxy-eu/ansible-dnbd3
+    version: main
+  - name: usegalaxy_eu.tftp
+    src: https://github.com/usegalaxy-eu/ansible-tftp
+    version: main
+  - name: geerlingguy.apache
+    version: 4.0.0