diff --git a/roles/wallabag/README.md b/roles/wallabag/README.md
new file mode 100644
index 0000000..4036043
--- /dev/null
+++ b/roles/wallabag/README.md
@@ -0,0 +1,3 @@
+# wallabag
+
+Build a wallabag docker image and run a wallabag docker container.
diff --git a/roles/wallabag/defaults/main.yml b/roles/wallabag/defaults/main.yml
new file mode 100644
index 0000000..e774636
--- /dev/null
+++ b/roles/wallabag/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+# defaults file for wallabag
+wallabag_build_path: /srv/build_containers/walabag
diff --git a/roles/wallabag/handlers/main.yml b/roles/wallabag/handlers/main.yml
new file mode 100644
index 0000000..b56e52a
--- /dev/null
+++ b/roles/wallabag/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for wallabag
diff --git a/roles/wallabag/meta/argument_specs.yml b/roles/wallabag/meta/argument_specs.yml
new file mode 100644
index 0000000..975bcb9
--- /dev/null
+++ b/roles/wallabag/meta/argument_specs.yml
@@ -0,0 +1,91 @@
+---
+argument_specs:
+  # roles/myapp/tasks/main.yml entry point
+  main:
+    short_description: Build a wallabag docker image and run a wallabag docker container.
+    options:
+      wallabag_data_volume:
+        description: Volume for wallabag data
+        type: str
+        required: false
+        default: wallabag
+      wallabag_images_volume:
+        description: Volume for wallabag images
+        type: str
+        required: false
+        default: wallabag
+      wallabag_build_path:
+        description: Path to docker image build directory
+        type: str
+        required: false
+        default: /srv/build_containers/wallabag
+      force_recreate:
+        description: Force build and recreate container
+        type: bool
+        required: false
+        default: false
+      wallabag_domain:
+        description: Domain name of this wallabag instance (e.g. wallabag.example.com)
+        type: str
+        required: true
+      letsencrypt_mail:
+        description: Email address for Let's Encrypt certificate (e.g. letsencrypt@example.com)
+        type: str
+        required: true
+      wallabag_secret:
+        description: Wallabag instance secret
+        type: str
+        required: true
+      wallabag_email:
+        description: Sender email address for mails from the wallabag instance (e.g. wallabag@example.com)
+        type: str
+        required: true
+
+  build:
+    short_description: Build a wallabag docker image
+    options:
+      wallabag_build_path:
+        description: Path to docker image build directory
+        type: str
+        required: false
+        default: /srv/build_containers/wallabag
+      force_recreate:
+        description: Force build
+        type: bool
+        required: false
+        default: false
+
+  run:
+    short_description: Run a wallabag docker container
+    options:
+      wallabag_data_volume:
+        description: Volume for wallabag data
+        type: str
+        required: false
+        default: wallabag_data
+      wallabag_images_volume:
+        description: Volume for wallabag images
+        type: str
+        required: false
+        default: wallabag_images
+      force_recreate:
+        description: Force recreate container
+        type: bool
+        required: false
+        default: false
+      wallabag_domain:
+        description: Domain name of this wallabag instance (e.g. wallabag.example.com)
+        type: str
+        required: true
+      letsencrypt_mail:
+        description: Email address for Let's Encrypt certificate (e.g. letsencrypt@example.com)
+        type: str
+        required: true
+      wallabag_secret:
+        description: Wallag instance secret
+        type: str
+        required: true
+      wallabag_email:
+        description: Sender email address for mails from the wallabag instance (e.g. wallabag@example.com)
+        type: str
+        required: true
diff --git a/roles/wallabag/meta/main.yml b/roles/wallabag/meta/main.yml
new file mode 100644
index 0000000..113049d
--- /dev/null
+++ b/roles/wallabag/meta/main.yml
@@ -0,0 +1,12 @@
+galaxy_info:
+  author: Frank Adaemmer <frank@adaemmer.com>
+  description: Build and run a wallabag container
+  license: GPL-3.0-or-later
+
+  min_ansible_version: '2.9'
+  platforms:
+    - name: GenericLinux
+      version:
+        - any
+
+  galaxy_tags: [docker]
diff --git a/roles/wallabag/tasks/build.yml b/roles/wallabag/tasks/build.yml
new file mode 100644
index 0000000..dd699c3
--- /dev/null
+++ b/roles/wallabag/tasks/build.yml
@@ -0,0 +1,23 @@
+---
+- name: Clone wallabag docker
+  ansible.builtin.git:
+    repo: https://github.com/wallabag/docker.git
+    dest: "{{ wallabag_build_path }}"
+    version: master
+
+- name: Build wallabag image
+  community.docker.docker_image:
+    name: copyrights/wallabag
+    tag: latest
+    build:
+      path: "{{ wallabag_build_path }}"
+      pull: true
+      nocache: "{{ force_recreate | default(false) }}"
+    source: build
+    force_source: true
+    state: present
+  become: true
+  retries: 3
+  delay: 60
+  until: current_task is not failed
+  register: current_task
diff --git a/roles/wallabag/tasks/main.yml b/roles/wallabag/tasks/main.yml
new file mode 100644
index 0000000..0cd43a3
--- /dev/null
+++ b/roles/wallabag/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+# tasks file for wallabag
+- name: Build wallabag image
+  ansible.builtin.import_tasks: build.yml
+
+- name: Create wallabag
+  ansible.builtin.import_tasks: run.yml
diff --git a/roles/wallabag/tasks/run.yml b/roles/wallabag/tasks/run.yml
new file mode 100644
index 0000000..6adab04
--- /dev/null
+++ b/roles/wallabag/tasks/run.yml
@@ -0,0 +1,49 @@
+---
+- name: Create wallabag
+  community.docker.docker_container:
+    name: wallabag
+    detach: true
+    image: copyrights/wallabag
+    # pull: true
+    labels:
+      com.centurylinklabs.watchtower.enable: 'true'
+      traefik.enable: "true"
+      traefik.http.routers.wallabag.entrypoints: "http"
+      traefik.http.routers.wallabag.rule: "Host(`{{ wallabag_domain }}`)"
+      traefik.http.middlewares.wallabag-https-redirect.redirectscheme.scheme: "https"
+      traefik.http.routers.wallabag.middlewares: "wallabag-https-redirect"
+      traefik.http.routers.wallabag-secure.entrypoints: "https"
+      traefik.http.routers.wallabag-secure.rule: "Host(`{{ wallabag_domain }}`)"
+      traefik.http.routers.wallabag-secure.tls: "true"
+      traefik.http.routers.wallabag-secure.tls.certresolver: "http"
+      # traefik.http.routers.wallabag-secure.service: "wallabag"
+      # traefik.http.services.wallabag.loadbalancer.server.port: "80"
+      traefik.docker.network: "webnet"
+      # traefik.backend.healthcheck.path: "/health"
+
+    networks:
+      - name: webnet
+    network_mode: default
+    recreate: "{{ force_recreate | default(omit) }}"
+    comparisons:
+      image: strict
+      env: strict
+      volumes: strict
+    restart_policy: always
+    state: started
+    volumes:
+      - '{{ wallabag_data_volume }}:/var/www/wallabag/data'
+      - '{{ wallabag_images_volume }}:/var/www/wallabag/web/assets/images'
+    env:
+      VIRTUAL_HOST: "{{ wallabag_domain }}"
+      LETSENCRYPT_HOST: "{{ wallabag_domain }}"
+      LETSENCRYPT_EMAIL: "{{ letsencrypt_mail }}"
+      SYMFONY__ENV__SECRET: "{{ wallabag_secret }}"
+      SYMFONY__ENV__FROM_EMAIL: "{{ wallabag_email }}"
+      SYMFONY__ENV__FOSUSER_CONFIRMATION: 'false'
+      SYMFONY__ENV__DOMAIN_NAME: "https://{{ wallabag_domain }}"
+  become: true
+  retries: 3
+  delay: 60
+  until: current_task is not failed
+  register: current_task