diff --git a/bootstrap-ceph.sh b/bootstrap-ceph.sh
new file mode 100644
index 0000000..44b5253
--- /dev/null
+++ b/bootstrap-ceph.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+uuid=$(uuidgen)
+#ceph likes to use short name
+nodename=$(hostname -s
+cat << EOF > /etc/ceph/ceph.conf
+[global]
+# specify public network
+public network = 89.47.190.28/23
+# specify UUID genarated above
+fsid = ${uuid}
+# specify IP address of Monitor Daemon
+mon host = 89.47.190.28
+# specify Hostname of Monitor Daemon
+mon initial members = ${nodename}
+osd pool default crush rule = -1
+[mon.${nodename}]
+# specify Hostname of Monitor Daemon
+host = internal-sto4-test-ceph-0.platform.sunet.se
+# specify IP address of Monitor Daemon
+mon addr = 89.47.190.28
+# allow to delete pools
+mon allow pool delete = true
+EOF
+ # generate secret key for Cluster monitoring
+
+ceph-authtool --create-keyring /etc/ceph/ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'
+ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow *' --cap mgr 'allow *'
+# generate key for bootstrap
+
+ceph-authtool --create-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring --gen-key -n client.bootstrap-osd --cap mon 'profile bootstrap-osd' --cap mgr 'allow r'
+ceph-authtool /etc/ceph/ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring
+ceph-authtool /etc/ceph/ceph.mon.keyring --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring
+sudo -u ceph mkdir /var/lib/ceph/mon/ceph-${nodename}
+
+monmaptool --create --add ${nodename} 89.47.190.28 --fsid ${uuid} /etc/ceph/monmap
+ceph-mon --cluster ceph --mkfs -i i${nodename}  --monmap /etc/ceph/monmap --keyring /etc/ceph/ceph.mon.keyring
+chown -R ceph /var/lib/ceph/mon/ceph-${nodename} /var/lib/ceph/bootstrap-osd 
+
+#mgr
+mkdir /var/lib/ceph/mgr/ceph-${nodename}
+ceph auth get-or-create mgr.${nodename} mon 'allow profile mgr' osd 'allow *' mds 'allow *' 
+ceph auth get-or-create mgr.${nodename} | tee /etc/ceph/ceph.mgr.admin.keyring 
+cp /etc/ceph/ceph.mgr.admin.keyring /var/lib/ceph/mgr/ceph-${nodename}/keyring 
+chown ceph:ceph /etc/ceph/ceph.mgr.admin.keyring 
+chown -R ceph:ceph /var/lib/ceph/mgr/ceph-${nodename}
+systemctl enable --now ceph-mgr@${nodename}
+systemctl enable ceph-mon
+#systemctl start ceph-mon
+
+#set some global stuff
+ceph mon enable-msgr2
+ceph mgr module enable pg_autoscaler
+ceph config set mon auth_allow_insecure_global_id_reclaim false
+#Create storage disk
+ceph-volume lvm create --data /dev/sda2 
+
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..7268ca4
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,63 @@
+# Define required providers
+terraform {
+required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.53.0"
+    }
+  }
+}
+
+# Configure the OpenStack Provider
+provider "openstack" {
+  cloud = "dco-platform"
+}
+resource "openstack_networking_secgroup_v2" "ssh-jump-tofu" {
+  description          = "SSH from jumphost rule for SWAMID machine - managed by tofu"
+  name                 = "ssh-jump-tofu"
+  delete_default_rules = false
+}
+resource "openstack_networking_secgroup_rule_v2" "v4-jump" {
+  for_each = var.jump_hosts
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 22
+  port_range_max    = 22
+  protocol          = "tcp"
+  remote_ip_prefix  = each.value["v4"]
+  security_group_id = openstack_networking_secgroup_v2.ssh-jump-tofu.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "v6-jump" {
+  for_each = var.jump_hosts
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 22
+  port_range_max    = 22
+  protocol          = "tcp"
+  remote_ip_prefix  = each.value["v6"]
+  security_group_id = openstack_networking_secgroup_v2.ssh-jump-tofu.id
+}
+resource "openstack_compute_instance_v2" "ceph-nodes" {
+  count           = var.instance_count
+  name            = "${var.instance_name}-${count.index}.${var.dns_suffix}"
+  flavor_name     = "${var.instance_type}"
+  key_pair        = "mifr-yubi"
+  security_groups = ["ssh-jump-tofu",]
+  image_name        = "debian-12"
+  region	  = "dco1"
+  user_data       = "#cloud-config\ngrowpart:\nmode: false"
+  block_device {
+    boot_index            = 0
+    delete_on_termination = true
+    destination_type      = "local"
+    source_type           = "image"
+    uuid                  = "d26c1ad1-90a2-4086-b1d9-08a5f6fe05cb"
+    volume_size		  = 20
+  }
+
+  network {
+    name = "public"
+  }
+}
diff --git a/vars.tf b/vars.tf
new file mode 100644
index 0000000..db4d902
--- /dev/null
+++ b/vars.tf
@@ -0,0 +1,30 @@
+variable "jump_hosts" {
+  type = map(object({
+    v4 = string
+    v6 = string
+  }))
+  default = {
+
+    "hoppjerka.sunet.se" = {
+      v4 = "130.242.125.68/32"
+      v6 = "2001:6b0:8:4::68/128"
+    }
+    "joppherka.sunet.se" = {
+      v4 = "130.242.121.73/32"
+      v6 = "2001:6b0:7:6::73/128"
+    }
+  }
+}
+
+variable "instance_count" {
+  default = "1"
+}
+variable "instance_type" {
+  default = "l2.c8r16.100"
+}
+variable "instance_name" {
+  default = "internal-sto4-test-ceph"
+}
+variable "dns_suffix" {
+  default = "platform.sunet.se"
+}