diff --git a/group_vars/zm.yml b/group_vars/zm.yml
new file mode 100644
index 0000000..e14ccc2
--- /dev/null
+++ b/group_vars/zm.yml
@@ -0,0 +1,8 @@
+---
+datadisks:
+  - 100
+
+firewall_in:
+  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 4949, from: [172.20.20.0/22]}
diff --git a/host_vars/zm02.home.foo.sh.yml b/host_vars/zm02.home.foo.sh.yml
new file mode 100644
index 0000000..f8c846e
--- /dev/null
+++ b/host_vars/zm02.home.foo.sh.yml
@@ -0,0 +1,6 @@
+---
+vmhost: vmhost02.home.foo.sh
+network_interfaces:
+  - device: eth0
+    vlan: 20
+    mac: "52:54:00:ac:dc:4c"
diff --git a/hosts b/hosts
index e4a4beb..75e4d5a 100644
--- a/hosts
+++ b/hosts
@@ -64,6 +64,9 @@ static02.home.foo.sh
 vmhost01.home.foo.sh
 vmhost02.home.foo.sh
 
+[zm]
+zm02.home.foo.sh
+
 [vultr]
 atl01.vultr.foo.sh
 
@@ -80,6 +83,7 @@ print
 shell
 static
 vmhost
+zm
 
 [centos7:children]
 ldap
diff --git a/playbooks/zm.yml b/playbooks/zm.yml
new file mode 100644
index 0000000..427911a
--- /dev/null
+++ b/playbooks/zm.yml
@@ -0,0 +1,24 @@
+---
+- import_playbook: "include/deploy-kvm-guest.yml myhosts=zm"
+
+- name: configure instance
+  hosts: zm
+  user: root
+  gather_facts: true
+
+  vars_files:
+    - "{{ ansible_private }}/vars.yml"
+
+  pre_tasks:
+    - name: mount /export
+      mount:
+        name: /export
+        src: LABEL=/export
+        fstype: xfs
+        opts: noatime,noexec,nosuid,nodev
+        passno: "0"
+        dump: "0"
+        state: mounted
+
+  roles:
+    - base