diff --git a/group_vars/db.yml b/group_vars/db.yml
new file mode 100644
index 0000000..f805992
--- /dev/null
+++ b/group_vars/db.yml
@@ -0,0 +1,6 @@
+---
+datadisks:
+  - 20
+firewall_in:
+  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 3389, from: [172.20.20.0/22]}
diff --git a/host_vars/db02.home.foo.sh.yml b/host_vars/db02.home.foo.sh.yml
new file mode 100644
index 0000000..60a001c
--- /dev/null
+++ b/host_vars/db02.home.foo.sh.yml
@@ -0,0 +1,6 @@
+---
+vmhost: vmhost02.home.foo.sh
+network_interfaces:
+  - device: eth0
+    vlan: 20
+    mac: 52:54:00:ac:dc:24
diff --git a/hosts b/hosts
index 272b86e..c59d669 100644
--- a/hosts
+++ b/hosts
@@ -8,6 +8,9 @@ backup02.home.foo.sh
 [collab]
 collab01.home.foo.sh
 
+[db]
+db02.home.foo.sh
+
 [dnagw]
 dna-gw01.home.foo.sh
 dna-gw02.home.foo.sh
@@ -77,6 +80,7 @@ atl01.vultr.foo.sh
 
 [centos8:children]
 adm
+db
 git
 jenkins
 mail
diff --git a/playbooks/db.yml b/playbooks/db.yml
new file mode 100644
index 0000000..a125917
--- /dev/null
+++ b/playbooks/db.yml
@@ -0,0 +1,24 @@
+---
+- import_playbook: "include/deploy-kvm-guest.yml myhosts=db"
+
+- name: configure instance
+  hosts: db
+  user: root
+  gather_facts: true
+
+  vars_files:
+    - "{{ ansible_private }}/vars.yml"
+
+  pre_tasks:
+    - name: mount /export
+      mount:
+        name: /export
+        src: LABEL=/export
+        fstype: xfs
+        opts: noatime,noexec,nosuid,nodev
+        passno: "0"
+        dump: "0"
+        state: mounted
+
+  roles:
+    - base