diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..179b602
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+selinux_enabled: True
+selinux_policy: "targeted"
+selinux_state: "permissive"
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..6422299
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+- import_tasks: setup.yml
diff --git a/tasks/setup.yml b/tasks/setup.yml
new file mode 100644
index 0000000..8f9b488
--- /dev/null
+++ b/tasks/setup.yml
@@ -0,0 +1,17 @@
+---
+- block:
+    - name: Set selinux policy
+      selinux:
+        policy: "{{ selinux_policy }}"
+        state: "{{ selinux_state }}"
+      register: __sestatus
+
+    - name: Add .autorelabel file (requires a reboot)
+      file:
+        path: /.autorelabel
+        state: touch
+      when:
+        - selinux_state == "enforcing"
+        - __sestatus.changed
+  become: True
+  become_user: root