diff --git a/ansible/site.yml b/ansible/site.yml
index 9f713cb..d1e7bcf 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -111,6 +111,33 @@
     shell: bash -c "source /root/.acme.sh/acme.sh.env; /root/.acme.sh/acme.sh --install-cert -d {{ acolock_hostname }} --key-file /etc/nginx/{{ acolock_hostname }}.key --fullchain-file /etc/nginx/{{ acolock_hostname }}.cer --reloadcmd \"systemctl reload nginx\""
     tags: certificate
 
+  - name: Ensure Hardware Watchdog is enabled at boot
+    lineinfile:
+      path: /boot/config.txt
+      line: dtparam=watchdog=on
+    register: hw_watchdog
+
+  - name: Reboot the machine
+    reboot:
+      reboot_timeout: 3600
+    when: hw_watchdog.changed
+
+  - name: Ensure Watchdog package is installed
+    apt:
+      name: watchdog
+
+  - name: Write watchdog config
+    template:
+      src: watchdog.conf
+      dest: /etc/watchdog.conf
+
+  - name: Ensure Watchdog is enabled and started
+    service:
+      name: watchdog
+      state: started
+      enabled: yes
+
+
   handlers:
     - name: restart nginx
       service:
diff --git a/ansible/watchdog.conf b/ansible/watchdog.conf
new file mode 100644
index 0000000..7c41cec
--- /dev/null
+++ b/ansible/watchdog.conf
@@ -0,0 +1,3 @@
+watchdog-device = /dev/watchdog
+watchdog-timeout = 15
+max-load-1 = 24