diff --git a/Puppetfile b/Puppetfile
index 5701a66..dd723f0 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -29,6 +29,7 @@ mod 'puppet-prometheus', '13.4.0'
 mod 'puppet-grafana', '13.1.0'
 mod 'puppet-consul', '8.0.0'
 mod 'puppet-vault', '4.1.0'
+mod 'puppet-dhcp', '6.1.0'
 
 # other
 mod 'ghoneycutt-puppet', '3.3.0'
diff --git a/hieradata/country/au/region/drw1/infra/dhcp/server.yaml b/hieradata/country/au/region/drw1/infra/dhcp/server.yaml
new file mode 100644
index 0000000..8136905
--- /dev/null
+++ b/hieradata/country/au/region/drw1/infra/dhcp/server.yaml
@@ -0,0 +1,55 @@
+---
+profiles::dhcp::server::ntpservers:
+  - ntp01.main.unkin.net
+  - ntp02.main.unkin.net
+profiles::dhcp::server::interfaces:
+  - eth0
+profiles::dhcp::server::default_lease_time: 1200
+profiles::dhcp::server::globaloptions:
+  - 'arch code 93 = unsigned integer 16'
+
+profiles::dhcp::server::pools:
+  syd1-prod:
+    network: 198.18.15.0
+    mask: 255.255.255.0
+    range:
+      - '198.18.15.200 198.18.15.220'
+    gateway: 198.18.15.254
+    nameservers:
+      - 198.18.17.7
+      - 198.18.17.8
+    domain_name: main.unkin.net
+    pxeserver: 198.18.17.48
+  syd1-test:
+    network: 198.18.16.0
+    mask: 255.255.255.0
+    range:
+      - '198.18.16.200 198.18.16.220'
+    gateway: 198.18.16.254
+    nameservers:
+      - 198.18.17.7
+      - 198.18.17.8
+    domain_name: main.unkin.net
+    pxeserver: 198.18.17.48
+  drw1-prod:
+    network: 198.18.17.0
+    mask: 255.255.255.0
+    range:
+      - '198.18.17.200 198.18.17.220'
+    gateway: 198.18.17.1
+    nameservers:
+      - 198.18.17.7
+      - 198.18.17.8
+    domain_name: main.unkin.net
+    pxeserver: 198.18.17.48
+
+  # UFI 64-bit
+profiles::dhcp::server::classes:
+  UEFI-64:
+    parameters:
+      - 'match if option arch = 00:07 or option arch = 00:09'
+      - 'filename "/ipxe.efi"'
+  Legacy:
+    parameters:
+      - 'match if option arch = 00:00'
+      - 'filename "/undionly.kpxe"'
diff --git a/site/profiles/manifests/dhcp/server.pp b/site/profiles/manifests/dhcp/server.pp
new file mode 100644
index 0000000..a4c6d98
--- /dev/null
+++ b/site/profiles/manifests/dhcp/server.pp
@@ -0,0 +1,37 @@
+# profiles::dhcp::server
+class profiles::dhcp::server (
+  Array[Stdlib::Host] $ntpservers = [
+    '0.au.pool.ntp.org',
+    '1.au.pool.ntp.org',
+    '2.au.pool.ntp.org',
+    '3.au.pool.ntp.org'
+  ],
+  Array[String]       $interfaces = ['eth0'],
+  Integer             $default_lease_time = 86400,
+  Array[String]       $globaloptions = [],
+  Hash                $pools  = {},
+  Hash                $classes  = {},
+){
+
+  class { 'dhcp':
+    service_ensure     => running,
+    interfaces         => $interfaces,
+    ntpservers         => $ntpservers,
+    default_lease_time => $default_lease_time,
+    globaloptions      => $globaloptions
+  }
+
+  # if pools, import them
+  $pools.each | $name, $data | {
+    dhcp::pool { $name:
+        * => $data,
+    }
+  }
+
+  # if classes, import them
+  $classes.each | $name, $data | {
+    dhcp::dhcp_class { $name:
+        * => $data,
+    }
+  }
+}
diff --git a/site/roles/manifests/infra/dhcp/server.pp b/site/roles/manifests/infra/dhcp/server.pp
index f7dd3e8..86a3606 100644
--- a/site/roles/manifests/infra/dhcp/server.pp
+++ b/site/roles/manifests/infra/dhcp/server.pp
@@ -2,4 +2,5 @@
 class roles::infra::dhcp::server {
   include profiles::defaults
   include profiles::base
+  include profiles::dhcp::server
 }