diff --git a/roles/terraform/tasks/main.yml b/roles/terraform/tasks/main.yml
new file mode 100755
index 0000000..ee1e39a
--- /dev/null
+++ b/roles/terraform/tasks/main.yml
@@ -0,0 +1,46 @@
+- name: Install git
+  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
+  vars:
+    hashicorp_repo_url: "https://apt.releases.hashicorp.com"
+    hashicorp_keyring_path: "/usr/share/keyrings/hashicorp-archive-keyring.gpg"
+
+  block:
+
+    - name: Ensure required packages are installed
+      ansible.builtin.apt:
+        name:
+          - gnupg
+          - software-properties-common
+        state: present
+        update_cache: true
+
+    - name: Download HashiCorp GPG key
+      ansible.builtin.get_url:
+        url: "{{ hashicorp_repo_url }}/gpg"
+        dest: /tmp/hashicorp.gpg
+        mode: '0644'
+
+    - name: Convert GPG key to keyring format
+      ansible.builtin.command:
+        cmd: gpg --dearmor -o {{ hashicorp_keyring_path }} /tmp/hashicorp.gpg
+      args:
+        creates: "{{ hashicorp_keyring_path }}"
+
+    - name: Add HashiCorp APT repository
+      ansible.builtin.apt_repository:
+        repo: >
+          deb [arch={{ ansible_architecture | replace('x86_64','amd64') }}
+          signed-by={{ hashicorp_keyring_path }}]
+          {{ hashicorp_repo_url }}
+          {{ ansible_distribution_release }} main
+        filename: hashicorp
+        state: present
+
+    - name: Update apt cache
+      ansible.builtin.apt:
+        update_cache: true
+
+    - name: Install Terraform
+      ansible.builtin.apt:
+        name: terraform
+        state: present