diff --git a/ansible/main.yml b/ansible/main.yml
index 26a37fc..f4eab1c 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -12,7 +12,7 @@
     - prowlarr
     - sonarr
     - radarr
-    - qbittorrent
+    - firefly3
     - overseerr
     - ntfy
     - nextcloud
@@ -23,7 +23,9 @@
     - deemix
     - barassistant
     - mealie
-    - name: searxng
+    - searxng
+    - qbittorrent
+    - name: firefly3
       tags: test
     - unifi-controller
     - slskd
diff --git a/ansible/roles/firefly3/tasks/main.yml b/ansible/roles/firefly3/tasks/main.yml
new file mode 100644
index 0000000..cb43e5c
--- /dev/null
+++ b/ansible/roles/firefly3/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Create install directory
+  file:
+    path: "{{ install_directory }}/{{ role_name }}"
+    state: directory
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Copy docker-compose file to destination
+  template:
+    src: docker-compose.yml
+    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+    validate: docker-compose -f %s config
+  become: true
+
+- name: Start docker container
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    pull: true
+    remove_orphans: yes
diff --git a/ansible/roles/firefly3/templates/docker-compose.yml b/ansible/roles/firefly3/templates/docker-compose.yml
new file mode 100644
index 0000000..57de633
--- /dev/null
+++ b/ansible/roles/firefly3/templates/docker-compose.yml
@@ -0,0 +1,66 @@
+version: "{{ docker_compose_version }}"
+
+networks:
+  firefly_iii:
+    driver: bridge
+  traefik:
+    external: true
+
+services:
+  app:
+    image: fireflyiii/core:latest
+    container_name: firefly3
+    restart: unless-stopped
+    volumes:
+      - "{{ data_dir }}/firefly3/upload:/var/www/html/storage/upload"
+    depends_on:
+      - db
+    networks:
+      - traefik
+      - default
+    environment:
+      APP_ENV: local
+      APP_DEBUG: "false"
+      APP_KEY: "{{ app_key }}"
+      SITE_OWNER: {{ owner_email_address }}
+      DEFAULT_LANGUAGE: "en_US"
+      DEFAULT_LOCALE: equal
+      TZ: {{ timezone }}
+      TRUSTED_PROXIES: "*"
+      APP_LOG_LEVEL: notice
+      AUDIT_LOG_LEVEL: info
+      DB_CONNECTION: mysql
+      DB_HOST: db
+      DB_PORT: 3306
+      DB_DATABASE: firefly
+      DB_USERNAME: firefly
+      DB_PASSWORD: firefly
+      APP_URL: "https://firefly.local.{{ personal_domain }}"
+      STATIC_CRON_TOKEN: "Y5uNSbJoK4FKUC9gVE5hq8YFEbFmc6BK"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.firefly.rule: "Host(`firefly.local.{{ personal_domain }}`)"
+      traefik.http.routers.firefly.middlewares: lan-whitelist@file
+
+  db:
+    image: mariadb
+    restart: always
+    volumes:
+      - "{{ data_dir }}/mariadb/firefly3:/var/lib/mysql"
+    environment:
+      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+      MYSQL_USER: firefly
+      MYSQL_PASSWORD: firefly
+      MYSQL_DATABASE: firefly
+  cron:
+    #
+    # To make this work, set STATIC_CRON_TOKEN in your .env file or as an environment variable and replace REPLACEME below
+    # The STATIC_CRON_TOKEN must be *exactly* 32 characters long
+    #
+    image: alpine
+    restart: always
+    container_name: firefly_iii_cron
+    command: sh -c "echo \"0 3 * * * wget -qO- http://app:8080/api/v1/cron/Y5uNSbJoK4FKUC9gVE5hq8YFEbFmc6BK\" | crontab - && crond -f -L /dev/stdout"
+    networks:
+      - firefly_iii
+      - default
diff --git a/ansible/roles/firefly3/vars/main.yml b/ansible/roles/firefly3/vars/main.yml
new file mode 100644
index 0000000..f795754
--- /dev/null
+++ b/ansible/roles/firefly3/vars/main.yml
@@ -0,0 +1,17 @@
+owner_email_address: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61373861363433363938396137653461363830323539316438323861326437663364383032363064
+  6438303462336466373233663366303263313139333830330a623465633166653530633961643162
+  65303032386661393063393134643436653737666163373833383036316234393563313536353036
+  3839663034393730340a626361646463636137636535653632343064353461656532656236633865
+  66636634323434356436313737336635363832333262383331333034313530663463
+
+app_key: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  31333563616230396135363562313038346138633631613832646463343666643733333366303561
+  3461316337303862616662333031306231613532383534340a643236306232383466333531626466
+  33313830646365333935313237663134343033396166623730303030636438656435313462633762
+  3134643738616365330a636366343736306539666565663866626537303431366633646638663563
+  32616439336338393663373466323630323733393031633564383737383465313434313230323038
+  6534636266653166633539326632623165663436323936643031
+