diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml
index 3f4aff2..1b8ba26 100644
--- a/.github/workflows/ansible-lint.yml
+++ b/.github/workflows/ansible-lint.yml
@@ -18,6 +18,7 @@ jobs:
             scripts/ansible/kill_playbook.yml
             scripts/ansible/ping_playbook.yml
             scripts/ansible/restart_playbook.yml
+            scripts/ansible/service_playbook.yml
             scripts/ansible/update_playbook.yml
 
           args:
diff --git a/scripts/ansible/inventory.yml b/scripts/ansible/inventory.yml
new file mode 100644
index 0000000..0a47f50
--- /dev/null
+++ b/scripts/ansible/inventory.yml
@@ -0,0 +1,3 @@
+ava_nodes:
+  hosts:
+    localhost:
diff --git a/scripts/ansible/roles/ava-base/tasks/main.yml b/scripts/ansible/roles/ava-base/tasks/main.yml
new file mode 100644
index 0000000..9fea86c
--- /dev/null
+++ b/scripts/ansible/roles/ava-base/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: Install deps
+  become: true
+  apt:
+    name:
+      # Build
+      - cmake
+      - curl
+      - g++
+      - golang-go  # Assumes Ubuntu 20.04, where this installs Go 1.13
+      - libssl-dev
+      - libuv1-dev
+      - make
+      # Staking key management
+      - openssl
+      - python3-cryptography
+    state: present
diff --git a/scripts/ansible/roles/ava-certs/defaults/main.yml b/scripts/ansible/roles/ava-certs/defaults/main.yml
new file mode 100644
index 0000000..acfbb7f
--- /dev/null
+++ b/scripts/ansible/roles/ava-certs/defaults/main.yml
@@ -0,0 +1,3 @@
+staking_tls_key_file: "{{ repo_folder }}/keys/staker.key"
+staking_tls_csr_file: "{{ repo_folder }}/keys/staker.csr"
+staking_tls_cert_file: "{{ repo_folder }}/keys/staker.crt"
diff --git a/scripts/ansible/roles/ava-certs/tasks/main.yml b/scripts/ansible/roles/ava-certs/tasks/main.yml
new file mode 100644
index 0000000..86d00e2
--- /dev/null
+++ b/scripts/ansible/roles/ava-certs/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: Create staker key
+  openssl_privatekey:
+    path: "{{ staking_tls_key_file }}"
+    type: RSA
+    size: 4096
+
+- name: Create staker certificate request
+  openssl_csr:
+    path: "{{ staking_tls_csr_file }}"
+    C: US
+    ST: NY
+    O: Avalabs
+    CN: ava
+    privatekey_path: "{{ staking_tls_key_file }}"
+    digest: sha256
+    # genStaker.sh doesn't include a subjectAltName in the signing request.
+    # If subject_alt_name isn't specified, then Ansible defaults to using
+    # the CN as the SAN.
+    use_common_name_for_san: false
+
+# genStaker.sh generates a certificate valid for 365250 days (1000 years).
+# That duration is not replicated here, because specifying a relative
+# time to ownca_not_after would make this task non-idempotent.
+- name: Create staker certificate
+  openssl_certificate:
+    path: "{{ staking_tls_cert_file }}"
+    csr_path: "{{ staking_tls_csr_file }}"
+    ownca_path: "{{ repo_folder }}/keys/rootCA.crt"
+    ownca_privatekey_path: "{{ repo_folder }}/keys/rootCA.key"
+    ownca_digest: sha256
+    provider: ownca
diff --git a/scripts/ansible/roles/ava-install/defaults/main.yml b/scripts/ansible/roles/ava-install/defaults/main.yml
new file mode 100644
index 0000000..0e681ab
--- /dev/null
+++ b/scripts/ansible/roles/ava-install/defaults/main.yml
@@ -0,0 +1,6 @@
+ava_daemon_bin_dir: "/usr/bin"
+ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
+ava_daemon_db_dir: "{{ ava_daemon_data_dir }}/db"
+ava_daemon_keys_dir: "{{ ava_daemon_data_dir }}/keys"
+ava_daemon_log_dir: "/var/log/ava"
+ava)daemon_plugin_dir: "/usr/lib/ava/plugins"
diff --git a/scripts/ansible/roles/ava-install/tasks/main.yml b/scripts/ansible/roles/ava-install/tasks/main.yml
new file mode 100644
index 0000000..9ea1581
--- /dev/null
+++ b/scripts/ansible/roles/ava-install/tasks/main.yml
@@ -0,0 +1,68 @@
+- name: Create directories
+  become: true
+  file:
+    path: "{{ item.path }}"
+    owner: "{{ item.owner | default(ava_daemon_user) }}"
+    group: "{{ item.group | default(ava_daemon_group) }}"
+    mode: "{{ item.mode }}"
+    recurse: "{{ item.recurse | default(omit) }}"
+    state: directory
+  loop:
+    - path: "{{ ava_daemon_data_dir }}"
+      mode: u=rwX,go=rX
+    - path: "{{ ava_daemon_keys_dir }}"
+      mode: u=rX,go=
+    - path: "{{ ava_daemon_log_dir }}"
+      mode: u=rwX,go=rX
+    - path: "{{ ava_daemon_plugin_dir }}"
+      owner: root
+      group: root
+      mode: u=rwX,go=rX
+      recurse: true
+  loop_control:
+    label: "{{ item.path }}"
+  notify:
+    - Restart AVA service
+
+- name: Install binary
+  become: true
+  copy:
+    src: "{{ ava_binary }}"
+    dest: "{{ ava_daemon_bin_dir }}/ava"
+    remote_src: true
+    owner: root
+    group: root
+    mode: u=rwx,go=rx
+  notify:
+    - Restart AVA service
+
+- name: Install plugins
+  become: true
+  copy:
+    src: "{{ item.path }}"
+    dest: "{{ ava_daemon_plugin_dir }}"
+    owner: root
+    group: root
+    mode: u=rwx,go=rx
+    remote_src: true
+  loop:
+    - path: "{{ repo_folder }}/build/plugins/evm"
+  notify:
+    - Restart AVA service
+
+- name: Install staking files
+  become: true
+  copy:
+    src: "{{ item.src }}"
+    dest: "{{ ava_daemon_keys_dir }}"
+    owner: "{{ ava_daemon_user }}"
+    group: "{{ ava_daemon_group }}"
+    mode: "{{ item.mode }}"
+    remote_src: true
+  loop:
+    - src: "{{ staking_tls_key_file }}"
+      mode: u=r,go=
+    - src: "{{ staking_tls_cert_file }}"
+      mode: ugo=r
+  notify:
+    - Restart AVA service
diff --git a/scripts/ansible/roles/ava-service/defaults/main.yml b/scripts/ansible/roles/ava-service/defaults/main.yml
new file mode 100644
index 0000000..27c0449
--- /dev/null
+++ b/scripts/ansible/roles/ava-service/defaults/main.yml
@@ -0,0 +1,5 @@
+ava_daemon_bin_dir: "/usr/bin"
+ava_daemon_data_dir: "/var/lib/{{ ava_daemon_user }}"
+ava_daemon_keys_dir: "{{ ava_daemon_data_dir }}/keys"
+ava_daemon_plugin_dir: "/usr/lib/ava/plugins"
+log_level: info
diff --git a/scripts/ansible/roles/ava-service/handlers/main.yml b/scripts/ansible/roles/ava-service/handlers/main.yml
new file mode 100644
index 0000000..8f3f5b6
--- /dev/null
+++ b/scripts/ansible/roles/ava-service/handlers/main.yml
@@ -0,0 +1,10 @@
+- name: Reload systemd
+  become: true
+  systemd:
+    daaemon_reload: true
+
+- name: Restart AVA service
+  become: true
+  service:
+    name: ava
+    state: restarted
diff --git a/scripts/ansible/roles/ava-service/tasks/main.yml b/scripts/ansible/roles/ava-service/tasks/main.yml
new file mode 100644
index 0000000..39c4070
--- /dev/null
+++ b/scripts/ansible/roles/ava-service/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Configure AVA service
+  become: true
+  template:
+    src: ava.service
+    dest: /etc/systemd/system
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+    - Reload systemd
+    - Restart AVA service
+
+- name: Enable AVA service
+  become: true
+  systemd:
+    name: ava
+    state: started
+    enabled: true
+    daemon_reload: true
+  notify:
+    - Restart AVA service
diff --git a/scripts/ansible/roles/ava-service/templates/ava.service b/scripts/ansible/roles/ava-service/templates/ava.service
new file mode 100644
index 0000000..65535d7
--- /dev/null
+++ b/scripts/ansible/roles/ava-service/templates/ava.service
@@ -0,0 +1,23 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=AVA test node
+Documentation=https://docs.ava.network/
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+WorkingDirectory={{ ava_daemon_data_dir }}
+Restart=always
+RestartSec=1
+User={{ ava_daemon_user }}
+ExecStart={{ ava_daemon_bin_dir }}/ava \
+            --public-ip="{{ ansible_facts.default_ipv4.address }}" \
+            --db-dir="{{ ava_daemon_db_dir }}" \
+            --plugin-dir="{{ ava_daemon_plugin_dir }}" \
+            --log-dir="{{ ava_daemon_log_dir }}" \
+            --log-level="{{ log_level }}"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/ansible/roles/ava-start/defaults/main.yml b/scripts/ansible/roles/ava-start/defaults/main.yml
new file mode 100644
index 0000000..d6974e3
--- /dev/null
+++ b/scripts/ansible/roles/ava-start/defaults/main.yml
@@ -0,0 +1 @@
+log_level: info
diff --git a/scripts/ansible/roles/ava-user/defaults/main.yml b/scripts/ansible/roles/ava-user/defaults/main.yml
new file mode 100644
index 0000000..6f4d2d9
--- /dev/null
+++ b/scripts/ansible/roles/ava-user/defaults/main.yml
@@ -0,0 +1,2 @@
+ava_daemon_user: ava
+ava_daemon_group: "{{ ava_daemon_user }}"
diff --git a/scripts/ansible/roles/ava-user/tasks/main.yml b/scripts/ansible/roles/ava-user/tasks/main.yml
new file mode 100644
index 0000000..80cbfbe
--- /dev/null
+++ b/scripts/ansible/roles/ava-user/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: Create AVA daemon group
+  become: true
+  group:
+    name: "{{ ava_daemon_group }}"
+    system: true
+
+- name: Create AVA daemon user
+  become: true
+  user:
+    name: "{{ ava_daemon_user }}"
+    group: "{{ ava_daemon_group }}"
+    home: "{{ ava_daemon_data_dir }}"
+    shell: /bin/false
+    skeleton: false
+    system: true
diff --git a/scripts/ansible/roles/gopath/tasks/main.yml b/scripts/ansible/roles/gopath/tasks/main.yml
new file mode 100644
index 0000000..b0136ea
--- /dev/null
+++ b/scripts/ansible/roles/gopath/tasks/main.yml
@@ -0,0 +1,4 @@
+- name: Set GOPATH
+  lineinfile:
+    path: ~/.bashrc
+    line: GOPATH=$HOME/go
diff --git a/scripts/ansible/service_playbook.yml b/scripts/ansible/service_playbook.yml
new file mode 100644
index 0000000..6d55d25
--- /dev/null
+++ b/scripts/ansible/service_playbook.yml
@@ -0,0 +1,10 @@
+- name: Configure AVA service
+  hosts: ava_nodes
+  roles:
+    - name: ava-base
+    - name: gopath
+    - name: ava-build
+    - name: ava-certs
+    - name: ava-user
+    - name: ava-install
+    - name: ava-service