diff --git a/ansible/deploy-airflow.yml b/ansible/deploy-airflow.yml
new file mode 100644
index 0000000..2359196
--- /dev/null
+++ b/ansible/deploy-airflow.yml
@@ -0,0 +1,8 @@
+---
+- name: Deploy airflow hosts
+  hosts:
+    - data2.htz-fsn.prod.ooni.nu
+  become: true
+  roles:
+    # Comes from https://github.com/idealista/airflow-role
+    - {"role": "airflow"}
diff --git a/ansible/group_vars/airflow/vars.yml b/ansible/group_vars/airflow/vars.yml
new file mode 100644
index 0000000..3894d8f
--- /dev/null
+++ b/ansible/group_vars/airflow/vars.yml
@@ -0,0 +1,11 @@
+airflow_admin_users:
+  - name: OONI Admin
+    username: admin
+    password: "{{ lookup('amazon.aws.aws_ssm', '/oonidevops/secrets/airflow_admin_password', profile='oonidevops_user_prod') }}"
+    role: Admin
+    firstname: Open
+    lastname: Observatory
+    email: admin@ooni.org
+airflow_fernet_key: "{{ lookup('amazon.aws.aws_ssm', '/oonidevops/secrets/airflow_fernet_key', profile='oonidevops_user_prod') }}"
+airflow_webserver_secret_key: "{{ lookup('amazon.aws.aws_ssm', '/oonidevops/secrets/airflow_webserver_secret_key', profile='oonidevops_user_prod') }}"
+#airflow_executor: "LocalExecutor"
diff --git a/ansible/inventory b/ansible/inventory
index bda9a48..1e10693 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -10,6 +10,9 @@ data1.htz-fsn.prod.ooni.nu
 data2.htz-fsn.prod.ooni.nu
 data3.htz-fsn.prod.ooni.nu
 
+[airflow]
+data2.htz-fsn.prod.ooni.nu
+
 ## Location tags
 
 [htz_fsn]
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index 52ae85e..f8e40a3 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -1,8 +1,15 @@
 - src: willshersystems.sshd
+  version: v0.25.0
 - src: nginxinc.nginx
+  version: 0.24.3
 - src: geerlingguy.certbot
+  version: 5.2.0
 - src: artis3n.tailscale
+  version: v4.5.0
 - src: https://github.com/idealista/clickhouse_role
   scm: git
   version: 3.5.1
   name: idealista.clickhouse_role
+- src: https://github.com/ooni/airflow-role.git
+  scm: git
+  name: airflow