diff --git a/group_vars/all b/group_vars/all
index a894657..fd3b841 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -13,4 +13,9 @@ pgid: "1000"
 tz: "Europe/Prague"
 media:
   tv: "{{ data_folder }}/media/tv"
-  movies: "{{ data_folder }}/media/movies"
\ No newline at end of file
+  movies: "{{ data_folder }}/media/movies"
+downloads:
+  nzb: "{{ data_folder }}/downloads/nzb"
+  torrent: "{{ data_folder }}/downloads/torrent"
+  torrent_blackhole: "{{ data_folder }}/downloads/blackhole"
+  music: "{{ data_folder }}/downloads/music"
\ No newline at end of file
diff --git a/playbook.yml b/playbook.yml
index 3f8b62a..ea942ac 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -9,6 +9,7 @@
     - postgres
     - authelia
     - keycloak
+    - radarr
   vars_files:
     - vault/certs/{{ base_domain }}.yml
     - vault/passwords.yml
diff --git a/roles/authelia/templates/configuration.yml.j2 b/roles/authelia/templates/configuration.yml.j2
index 7aee676..d41d815 100644
--- a/roles/authelia/templates/configuration.yml.j2
+++ b/roles/authelia/templates/configuration.yml.j2
@@ -39,6 +39,8 @@ access_control:
       policy: one_factor
     - domain: keycloak.{{ base_domain }}
       policy: one_factor
+    - domain: radarr.{{ base_domain }}
+      policy: two_factor
 session:
   name: authelia_session
   secret: somerandomsecret
diff --git a/roles/radarr/tasks/main.yml b/roles/radarr/tasks/main.yml
new file mode 100644
index 0000000..28d1d06
--- /dev/null
+++ b/roles/radarr/tasks/main.yml
@@ -0,0 +1,34 @@
+- name: ensure directories exist
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "{{ data_folder }}/radarr"
+    - "{{ media.tv }}"
+    - "{{ media.movies }}"
+    - "{{ downloads.nzb }}"
+- name: run container
+  docker_container:
+    name: "{{ role_name }}"
+    image: "linuxserver/radarr"
+    networks:
+      - name: external
+    env:
+      "TZ": "{{ tz }}"
+      "PUID": "{{ puid }}"
+      "PGID": "{{  pgid }}"
+      "UMASK": "022"
+    volumes:
+      - "{{ data_folder }}/radarr:/config"
+      - "{{ downloads.nzb }}:/downloads"
+      - "{{ media.movies }}:/movies"
+    ports:
+      - "7878:7878"
+    state: started
+- name: copy nginx conf
+  template:
+    src: "{{ role_name }}.conf.j2"
+    dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
+    mode: "755"
+  notify: reload nginx
\ No newline at end of file
diff --git a/roles/radarr/templates/radarr.conf.j2 b/roles/radarr/templates/radarr.conf.j2
new file mode 100644
index 0000000..6ce72bb
--- /dev/null
+++ b/roles/radarr/templates/radarr.conf.j2
@@ -0,0 +1,20 @@
+server {
+    server_name {{ role_name }}.{{ base_domain }};
+    listen 80;
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    server_name {{ role_name }}.{{ base_domain }};
+    listen 443 ssl http2;
+
+    include /etc/nginx/snippets/authelia-endpoint.conf;
+
+    location / {
+        include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-auth.conf;
+
+        set $upstream http://{{ role_name }}:7878;
+        proxy_pass $upstream;
+    }
+}
\ No newline at end of file