diff --git a/roles/server/defaults/main.yaml b/roles/server/defaults/main.yaml
new file mode 100644
index 0000000..8487512
--- /dev/null
+++ b/roles/server/defaults/main.yaml
@@ -0,0 +1,2 @@
+router_server: False
+
diff --git a/roles/server/tasks/main.yml b/roles/server/tasks/main.yml
index ba3abf4..5f3b886 100644
--- a/roles/server/tasks/main.yml
+++ b/roles/server/tasks/main.yml
@@ -3,3 +3,8 @@
   ansible.builtin.apt: name={{ item }} state=present
   with_items:
     - openssh-server
+
+- name: include router setup if tagged
+  when: router_server
+  ansible.builtin.include_tasks:
+    file: router.yaml
\ No newline at end of file
diff --git a/roles/server/tasks/router.yaml b/roles/server/tasks/router.yaml
new file mode 100644
index 0000000..f06958d
--- /dev/null
+++ b/roles/server/tasks/router.yaml
@@ -0,0 +1,37 @@
+- name: set up netplan
+  become: true
+  ansible.builtin.file:
+    content: |
+      network:
+        version: 2
+        ethernets:
+          eth0:
+            dhcp4: False
+            dhcp6: False
+            addresses:
+              - "192.168.4.254/24"
+    dest: /etc/netplan/20-router-eth0.yaml
+    mode: 0644
+    owner: root
+    group: root
+
+- name: apply netplan
+  become: true
+  ansible.builtin.command:
+    cmd: netplan apply
+
+- name: copy dnsmasq.conf
+  become: true
+  ansible.builtin.copy:
+    src: "{{ role_path }}/files/dnsmasq.conf"
+    dest: /etc/dnsmasq.conf
+    mode: 0644
+    owner: root
+    group: root
+
+- name: install netmasq
+  become: true
+  ansible.builtin.apt:
+    name: dnsmasq
+    state: present
+