diff --git a/roles/github_runner/defaults/main.yml b/roles/github_runner/defaults/main.yml
new file mode 100644
index 0000000..d97d0e9
--- /dev/null
+++ b/roles/github_runner/defaults/main.yml
@@ -0,0 +1,25 @@
+---
+
+github_runner_user: "github-runner"
+github_runner_user_groups:
+  - "docker"
+github_runner_base_path: "/opt/github-runner"
+github_runner_work_path: "{{ github_runner_base_path }}/cache"
+github_runner_tarball: "{{ github_runner_base_path }}/github-actions-runner.tar.gz"
+
+github_runner_systemd_unit_name: "github-actions-runner.service"
+github_runner_systemd_unit_description: >-
+  GitHub Actions self-hosted runner
+
+github_runner_github_org: ~
+github_runner_github_bearer_token: ~
+github_runner_github_registration_token_url: >-
+  https://api.github.com/orgs/{{ github_runner_github_org }}/actions/runners/registration-token
+github_runner_github_runner_download_url: >-
+  https://api.github.com/orgs/{{ github_runner_github_org }}/actions/runners/downloads
+github_runner_distribution: linux
+github_runner_architecture: x64
+
+github_runner_enabled: true
+github_runner_autostart: "{{ github_runner_enabled | ternary('enabled', 'disabled') }}"
+github_runner_state: "started"
diff --git a/roles/github_runner/handlers/main.yml b/roles/github_runner/handlers/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/github_runner/tasks/main.yml b/roles/github_runner/tasks/main.yml
new file mode 100644
index 0000000..d4edd8b
--- /dev/null
+++ b/roles/github_runner/tasks/main.yml
@@ -0,0 +1,99 @@
+---
+
+- name: Ensure user '{{ github_runner_user }}' exists
+  ansible.builtin.user:
+    name: "{{ github_runner_user }}"
+    state: present
+    system: true
+    create_home: false
+    groups: "{{ github_runner_user_groups }}"
+    append: true
+  register: github_runner_user_info
+
+- name: Ensure directories for binaries and work dir exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: "directory"
+    mode: "0750"
+  loop:
+    - "{{ github_runner_base_path }}"
+    - "{{ github_runner_work_path }}"
+
+- name: Download and unpack tarball with github runner
+  block:
+    - name: Retrieve download URL from GitHub API
+      ansible.builtin.uri:
+        method:
+        url: "{{ github_runner_github_runner_download_url }}"
+        headers:
+          Accept: "Application/vnd.github+json"
+          Authorization: "{{ github_runner_github_bearer_token }}"
+          "X-GitHub-Api-Version": "2022-11-28"
+        register: github_runner_download_urls
+
+    - name: Download github runner tarball
+      ansible.builtin.get_url:
+        url: "{{ gh_runner_dl_url }}" 
+        dest: "{{ github_runner_tarball }}"
+      vars:
+        gh_runner_dl_url: >-
+          {{ github_runner_download_urls.json
+          | selectattr('os', 'eq', github_runner_distribution)
+          | selectattr('architecture', 'eq', github_runner-architecture)
+          | map(attribute='download_url')
+          }}
+
+    - name: Extract github runner tarball
+      ansible.builtin.unarchive:
+        src: "{{ github_runner_tarball }}"
+        dest: "{{ github_runner_base_path }}"
+        remote_src: true
+  always:
+    - name: Ensure tarball is cleaned up
+      ansible.builtin.file:
+        path: "{{ github_runner_tarball }}"
+        state: absent
+
+- name: Register runner with GitHub
+  block:
+    - name: Obtain short-lived registration token
+      ansible.builtin.uri:
+        method: POST
+        url: "{{ github_runner_github_registration_token_url }}"
+        headers:
+          Accept: "application/vnd.github+json"
+          Authorization: "Bearer {{ github_runner_github_bearer_token }}"
+          "X-GitHub-Api-Version": "2022-11-28"
+        body_format: raw
+        body: omit
+      register: github_runner_registration_token_info
+
+      failed_when: github_runner_registratio_token_info.status | int != 201
+      changed_when: github_runner_registratio_token_info.status | int == 201
+
+    - name: Run configure script
+      ansible.builtin.command:
+        cmd: "{{ github_runner_base_path }}/configure.sh --url {{ gh_url }} --token {{ gh_token }}"
+      vars:
+        gh_token: "{{ github_runner_registration_token_info.json.token }}"
+        gh_url: "https://github.com/{{ github_runner_github_org_name }}"
+
+- name: Ensure systemd service file is templated
+  ansible.builtin.template:
+    src: "github-actions-runner.service.j2"
+    dest: "/etc/systemd/systemd/{{ github_runner_systemd_unit_name }}"
+    mode: "0644"
+  notify:
+    - systemd_reload
+
+- name: Ensure systemd unit for github actions runner is {{ github_runner_autostart }}
+  ansible.builtin.systemd:
+    name: "{{ github_runner_systemd_unit_name }}"
+    enabled: "{{ github_runner_enabled }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd unit for github actions runner is {{ github_runner_state }}
+  ansible.builtin.systemd:
+    name: "{{ github_runner_systemd_unit_name }}"
+    state: "{{ github_runner_state }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
diff --git a/roles/github_runner/templates/github-actions-runner.service.j2 b/roles/github_runner/templates/github-actions-runner.service.j2
new file mode 100644
index 0000000..e47a404
--- /dev/null
+++ b/roles/github_runner/templates/github-actions-runner.service.j2
@@ -0,0 +1,12 @@
+[Unit]
+Description={{ github_runner_systemd_unit_description }}
+
+[Service]
+Type=exec
+User={{ github_runner_user }}
+WorkingDirectory={{ github_runner_base_path }}
+
+ExecStart={{ github_runner_base_path }}/run.sh
+
+[Install]
+WantedBy=multi-user.target