diff --git a/group_vars/all/zabbix_server.yml b/group_vars/all/zabbix_server.yml
new file mode 100644
index 0000000000000000000000000000000000000000..59ae204bd40435a789d05f1dce8c6c744d975b2e
--- /dev/null
+++ b/group_vars/all/zabbix_server.yml
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+64323962376133366330393062343963646263323339663438323733613864323437343135346261
+3332613736373461356164323134623032353334383935620a356130383264316166613236356331
+39646334393066613937633137626639643764303835653231623861616332343035306465326335
+3330653462653865320a316136613333386238396431633363636366366565386539323930323337
+33356332313939313863386362373632386234333739633336343130373138613963616631343362
+6563636533303935333465393031366366646262383265613162
diff --git a/roles/zabbix-server/defaults/main.yml b/roles/zabbix-server/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ae54ecba2b286c19e248e2c886bd7274de3cd7f9
--- /dev/null
+++ b/roles/zabbix-server/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+
+zabbix_db_name: zabbix-server
+zabbix_db_user: zabbix-server
+zabbix_domain: zabbix.archlinux.org
+zabbix_web_dir: /usr/share/webapps/zabbix
+zabbix_pgpass: /var/lib/zabbix-server/.pgpass
+
diff --git a/roles/zabbix-server/handlers/main.yml b/roles/zabbix-server/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..190a8ab0aa04e55b85915b84676833c54309432e
--- /dev/null
+++ b/roles/zabbix-server/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart zabbix server
+ service: name=zabbix-server-pgsql state=restarted
+
+- name: restart php-fpm@zabbix-web
+ service: name=php-fpm@zabbix-web state=restarted
diff --git a/roles/zabbix-server/tasks/main.yml b/roles/zabbix-server/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7260828f54035a38689be84e42921fd4fbee59c2
--- /dev/null
+++ b/roles/zabbix-server/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+
+- name: install packages
+ pacman: name=zabbix-server,zabbix-frontend-php
+
+- file: path=/etc/zabbix state=directory owner=root group=root mode=755
+
+- name: install server config
+ template: src=zabbix_server.conf dest=/etc/zabbix/zabbix_server.conf owner=zabbix-server group=zabbix-server mode=600
+ notify:
+ - restart zabbix server
+
+- name: install nginx config
+ template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/zabbix.conf owner=root group=root mode=644
+ notify:
+ - reload nginx
+
+- name: make nginx log dir
+ file: path=/var/log/nginx/{{ zabbix_domain }} state=directory owner=root group=root mode=0755
+
+- name: create zabbix db user
+ postgresql_user: name={{ zabbix_db_user }} password={{ zabbix_db_password }}
+ become: yes
+ become_user: postgres
+ become_method: su
+
+- name: create zabbix db
+ postgresql_db: db="{{zabbix_db_name}}" owner={{zabbix_db_user}}
+ become: yes
+ become_user: postgres
+ become_method: su
+
+- name: create zabbix .pgpass
+ template: src=pgpass.j2 dest="{{zabbix_pgpass}}" owner=zabbix-server group=zabbix-server mode=600
+ no_log: true
+
+- name: install database schema
+ shell: psql -U "{{zabbix_db_user}}" "{{zabbix_db_name}}" < "/usr/share/zabbix-server/postgresql/{{item}}"
+ become_user: zabbix-server
+ become: yes
+ with_items:
+ - schema.sql
+ - images.sql
+ - data.sql
+
+- name: make zabbix web user
+ user: name=zabbix-web shell=/bin/false home="{{ zabbix_web_dir }}" createhome=no
+
+- name: configure php-fpm
+ template:
+ src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/zabbix-web.conf"
+ owner=root group=root mode=0644
+ notify:
+ - restart php-fpm@zabbix-web
+
+- name: install zabbix web config
+ template: src=zabbix.conf.php.j2 dest=/usr/share/webapps/zabbix/conf/zabbix.conf.php owner=zabbix-web group=zabbix-web mode=600
+
+- name: run zabbix server service
+ service: name=zabbix-server-pgsql enabled=yes state=started
+
+- name: start and enable systemd socket
+ service: name=php-fpm@zabbix-web.socket state=running enabled=true
diff --git a/roles/zabbix-server/templates/nginx.d.conf.j2 b/roles/zabbix-server/templates/nginx.d.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..6975bc54c320c503ffc954690f6081f170976827
--- /dev/null
+++ b/roles/zabbix-server/templates/nginx.d.conf.j2
@@ -0,0 +1,48 @@
+upstream zabbix {
+ server unix:///run/php-fpm/zabbix-web.socket;
+}
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ zabbix_domain }};
+
+ access_log /var/log/nginx/{{ zabbix_domain }}/access.log;
+ error_log /var/log/nginx/{{ zabbix_domain }}/error.log;
+
+ include snippets/letsencrypt.conf;
+
+ location / {
+ rewrite ^(.*) https://$server_name$1 permanent;
+ }
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name {{ zabbix_domain }};
+
+ access_log /var/log/nginx/{{ zabbix_domain }}/access.log;
+ error_log /var/log/nginx/{{ zabbix_domain }}/error.log;
+
+ ssl_certificate /etc/letsencrypt/live/{{ zabbix_domain }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ zabbix_domain }}/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/{{ zabbix_domain }}/chain.pem;
+
+ root {{zabbix_web_dir}};
+
+ index index.php;
+
+ location / {
+ try_files $uri $uri/ /index.php$is_args$args;
+ }
+
+ location ~ \.php$ {
+ try_files $uri =404;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include fastcgi_params;
+ fastcgi_pass zabbix;
+ }
+
+}
diff --git a/roles/zabbix-server/templates/pgpass.j2 b/roles/zabbix-server/templates/pgpass.j2
new file mode 100644
index 0000000000000000000000000000000000000000..63ecaa0693d078f49639702e04e350c9eafb6b57
--- /dev/null
+++ b/roles/zabbix-server/templates/pgpass.j2
@@ -0,0 +1,2 @@
+# hostname:port:database:username:password
+localhost:*:{{zabbix_db_name}}:{{zabbix_db_user}}:{{zabbix_db_password}}
diff --git a/roles/zabbix-server/templates/php-fpm.conf.j2 b/roles/zabbix-server/templates/php-fpm.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..87d9b12736f2cffaafa0f1c648aa1c01bace826d
--- /dev/null
+++ b/roles/zabbix-server/templates/php-fpm.conf.j2
@@ -0,0 +1,24 @@
+[global]
+error_log = syslog
+daemonize = no
+
+[zabbix-web]
+listen = /run/php-fpm/zabbix-web.socket
+listen.owner = zabbix-web
+listen.group = http
+listen.mode = 0660
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 2000
+
+php_admin_value[open_basedir] = {{zabbix_web_dir}}:/tmp
+php_admin_value[opcache.memory_consumption] = 128
+php_admin_value[opcache.interned_strings_buffer] = 8
+php_admin_value[opcache.max_accelerated_files] = 200
+php_admin_value[opcache.revalidate_freq] = 60
+php_admin_value[opcache.fast_shutdown] = 1
+php_admin_value[disable_functions] = passthru, exec, proc_open, shell_exec, system, popen
diff --git a/roles/zabbix-server/templates/zabbix.conf.php.j2 b/roles/zabbix-server/templates/zabbix.conf.php.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b83663ca38fb69a29f3a32b7033c72cc0569d86c
--- /dev/null
+++ b/roles/zabbix-server/templates/zabbix.conf.php.j2
@@ -0,0 +1,19 @@
+<?php
+// Zabbix GUI configuration file.
+global $DB;
+
+$DB['TYPE'] = 'POSTGRESQL';
+$DB['SERVER'] = 'localhost';
+$DB['PORT'] = '0';
+$DB['DATABASE'] = '{{zabbix_db_name}}';
+$DB['USER'] = '{{zabbix_db_user}}';
+$DB['PASSWORD'] = '{{zabbix_db_password}}';
+
+// Schema name. Used for IBM DB2 and PostgreSQL.
+$DB['SCHEMA'] = '';
+
+$ZBX_SERVER = '{{zabbix_domain}}';
+$ZBX_SERVER_PORT = '10051';
+$ZBX_SERVER_NAME = 'Arch Linux Zabbix';
+
+$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
diff --git a/roles/zabbix-server/templates/zabbix_server.conf b/roles/zabbix-server/templates/zabbix_server.conf
new file mode 100644
index 0000000000000000000000000000000000000000..8996770db2d8b77aae7158f65917082aa8315742
--- /dev/null
+++ b/roles/zabbix-server/templates/zabbix_server.conf
@@ -0,0 +1,6 @@
+LogType=system
+DBName={{zabbix_db_name}}
+DBUser={{zabbix_db_user}}
+DBPassword={{zabbix_db_password}}
+Timeout=4
+LogSlowQueries=3000