diff --git a/tools/playbooks/deploy.yml b/tools/playbooks/deploy.yml
new file mode 100644
index 0000000..cba6bf1
--- /dev/null
+++ b/tools/playbooks/deploy.yml
@@ -0,0 +1,58 @@
+---
+- name: Deploy PPF code
+  hosts: ppf
+  gather_facts: false
+  become: true
+
+  tasks:
+    - name: Sync Python code and support files
+      ansible.posix.synchronize:
+        src: "{{ ppf_src }}/"
+        dest: "{{ ppf_code_dest }}"
+        rsync_opts:
+          - "--include=*.py"
+          - "--include=servers.txt"
+          - "--include=Dockerfile"
+          - "--exclude=*"
+      register: sync_result
+      notify: restart containers
+
+    - name: Deploy compose file
+      ansible.builtin.copy:
+        src: "{{ ppf_src }}/{{ ppf_compose_src }}"
+        dest: "{{ ppf_base }}/compose.yml"
+        owner: "{{ ppf_owner }}"
+        group: "{{ ppf_owner }}"
+      register: compose_result
+      notify: restart containers
+
+    - name: Fix file ownership
+      ansible.builtin.file:
+        path: "{{ ppf_base }}"
+        owner: "{{ ppf_owner }}"
+        group: "{{ ppf_owner }}"
+        recurse: true
+
+    - name: Flush handlers before status check
+      ansible.builtin.meta: flush_handlers
+
+    - name: Wait for containers to settle
+      ansible.builtin.pause:
+        seconds: 2
+      when: >-
+        ppf_restart | bool and
+        (sync_result is changed or compose_result is changed)
+
+    - name: Check container status
+      ansible.builtin.raw: "uid=$(id -u {{ ppf_owner }}) && cd {{ ppf_base }} && sudo -u {{ ppf_owner }} XDG_RUNTIME_DIR=/run/user/$uid podman-compose ps"
+      register: status_result
+      changed_when: false
+
+    - name: Show container status
+      ansible.builtin.debug:
+        msg: "{{ status_result.stdout_lines | default([]) }}"
+
+  handlers:
+    - name: restart containers
+      ansible.builtin.raw: "uid=$(id -u {{ ppf_owner }}) && cd {{ ppf_base }} && sudo -u {{ ppf_owner }} XDG_RUNTIME_DIR=/run/user/$uid podman-compose restart"
+      when: ppf_restart | bool
diff --git a/tools/playbooks/group_vars/all.yml b/tools/playbooks/group_vars/all.yml
new file mode 100644
index 0000000..9afd68b
--- /dev/null
+++ b/tools/playbooks/group_vars/all.yml
@@ -0,0 +1,3 @@
+ppf_base: /home/podman/ppf
+ppf_owner: podman
+ppf_restart: true
diff --git a/tools/playbooks/group_vars/master.yml b/tools/playbooks/group_vars/master.yml
new file mode 100644
index 0000000..27f3b48
--- /dev/null
+++ b/tools/playbooks/group_vars/master.yml
@@ -0,0 +1,2 @@
+ppf_code_dest: /home/podman/ppf/
+ppf_compose_src: compose.master.yml
diff --git a/tools/playbooks/group_vars/workers.yml b/tools/playbooks/group_vars/workers.yml
new file mode 100644
index 0000000..3d5328f
--- /dev/null
+++ b/tools/playbooks/group_vars/workers.yml
@@ -0,0 +1,2 @@
+ppf_code_dest: /home/podman/ppf/src/
+ppf_compose_src: compose.worker.yml
diff --git a/tools/playbooks/inventory.ini b/tools/playbooks/inventory.ini
new file mode 100644
index 0000000..c27330a
--- /dev/null
+++ b/tools/playbooks/inventory.ini
@@ -0,0 +1,16 @@
+[master]
+odin      ansible_host=10.200.1.250
+
+[workers]
+cassius   ansible_host=10.200.1.13
+edge      ansible_host=10.200.1.254
+sentinel  ansible_host=10.200.1.1
+
+[ppf:children]
+master
+workers
+
+[ppf:vars]
+ansible_user=ansible
+ansible_ssh_private_key_file=/opt/ansible/secrets/ssh/ansible
+ansible_remote_tmp=~/.ansible/tmp