diff --git a/ansible/inventories/production/host_vars/git.jthan.io/vars.yaml b/ansible/inventories/production/host_vars/git.jthan.io/vars.yaml
index 268217a..06ce3e5 100644
--- a/ansible/inventories/production/host_vars/git.jthan.io/vars.yaml
+++ b/ansible/inventories/production/host_vars/git.jthan.io/vars.yaml
@@ -1,2 +1,9 @@
 gitea_version: 1.25.3
 root_pw: "{{ lookup('bitwarden.secrets.lookup', '4c3d81e6-bb31-40f9-a37a-b3bd00484160') }}" 
+olm_config_path: "/etc/olm"
+olm_endpoint: "https://pangolin.jthan.io"
+olm_id: "{{ lookup('bitwarden.secrets.lookup', 'a27c5cf3-21f1-464a-b911-b3de017888cb') }}" 
+olm_secret: "{{ lookup('bitwarden.secrets.lookup', 'a9499a7f-4b3e-4c1b-97a0-b3de01789bfb') }}" 
+olm_loglevel: "INFO"
+olm_override_dns: "true"
+olm_tunnel_dns: "true"
diff --git a/ansible/roles/olm/handlers/main.yaml b/ansible/roles/olm/handlers/main.yaml
new file mode 100644
index 0000000..d807b42
--- /dev/null
+++ b/ansible/roles/olm/handlers/main.yaml
@@ -0,0 +1,5 @@
+- name: restart olm
+  service:
+    name: olm
+    state: restarted
+    daemon_reload: true
diff --git a/ansible/roles/olm/tasks/main.yaml b/ansible/roles/olm/tasks/main.yaml
index e69de29..e274534 100644
--- a/ansible/roles/olm/tasks/main.yaml
+++ b/ansible/roles/olm/tasks/main.yaml
@@ -0,0 +1,42 @@
+- name: Download and verify the olm binary
+  get_url:
+    url: "https://github.com/fosrl/olm/releases/download/{{ olm_version }}/olm_linux_amd64"
+    dest: "/usr/local/bin/olm_linux_amd64-{{ olm_version }}"
+    checksum: "{{ olm_checksum }}"
+  notify: restart olm
+
+- name: Create olm binary symlink
+  file:
+    src: "/usr/local/bin/olm_linux_amd64-{{ olm_version }}"
+    dest: "/usr/local/bin/olm"
+    state: link
+    owner: root
+    group: root
+    mode: '0755' # Permissions for the target file
+    force: yes
+  notify: restart olm
+
+- name: Create olm config directory
+  file: 
+    path: {{ olm_config_path }}
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+- name: Create olm config file
+  template:
+    src: templates/config.json.j2
+    dest: {{ olm_config_path}}/config.json
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: Create olm systemd service
+  template:
+    src: templates/olm.service.j2
+    dest: /etc/systemd/system/olm.service
+    owner: root
+    group: root
+    mode: '0600'
+  notify: restart olm
diff --git a/ansible/roles/olm/tasks/templates/config.json.j2 b/ansible/roles/olm/tasks/templates/config.json.j2
new file mode 100644
index 0000000..6835fa9
--- /dev/null
+++ b/ansible/roles/olm/tasks/templates/config.json.j2
@@ -0,0 +1,25 @@
+{
+  "endpoint": "{{ olm_endpoint }}",
+  "id": "{{ olm_id }}",
+  "secret": "{{ olm_secret }}",
+  "org": "",
+  "userToken": "",
+  "mtu": 1280,
+  "dns": "8.8.8.8",
+  "upstreamDNS": [
+    "192.168.1.2"
+  ],
+  "interface": "olm",
+  "logLevel": "{{ olm_loglevel }}",
+  "enableApi": false,
+  "httpAddr": "",
+  "socketPath": "/var/run/olm.sock",
+  "pingInterval": "3s",
+  "pingTimeout": "5s",
+  "disableHolepunch": false,
+  "tlsClientCert": "",
+  "overrideDNS": {{ olm_override_dns }},
+  "tunnelDNS": {{ olm_tunnel_dns }},
+  "disableRelay": false,
+  "Version": "1.4.0"
+}
diff --git a/ansible/roles/olm/tasks/templates/olm.service.j2 b/ansible/roles/olm/tasks/templates/olm.service.j2
new file mode 100644
index 0000000..ad3752a
--- /dev/null
+++ b/ansible/roles/olm/tasks/templates/olm.service.j2
@@ -0,0 +1,12 @@
+[Unit]
+Description=Olm
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/olm 
+Restart=always
+User=root
+Environment="CONFIG_FILE={{ olm_config_path }}/config.json"
+
+[Install]
+WantedBy=multi-user.target