diff --git a/hieradata/roles/infra/nomad/agent.yaml b/hieradata/roles/infra/nomad/agent.yaml
index 1d1d600..608f604 100644
--- a/hieradata/roles/infra/nomad/agent.yaml
+++ b/hieradata/roles/infra/nomad/agent.yaml
@@ -3,6 +3,7 @@
 hiera_include:
   - docker
   - docker::networks
+  - frrouting
   - profiles::nomad::node
 
 docker::version: latest
@@ -11,7 +12,17 @@ docker::root_dir: /data/docker
 docker::bip: '198.18.101.254/24'
 docker::ip_forward: true
 docker::ip_masq: false
-docker::iptables: true
+docker::iptables: false
+
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  eth0:
+    area: 0.0.0.0
+  ens19:
+    passive: true
+  docker0:
+    area: 0.0.0.1
 
 profiles::yum::global::repos:
   ceph-reef:
@@ -28,6 +39,7 @@ profiles::ceph::client::keyrings:
 
 profiles::packages::include:
   nomad: {}
+  cni-plugins: {}
 
 profiles::nomad::node::client: true
 
diff --git a/modules/frrouting/manifests/init.pp b/modules/frrouting/manifests/init.pp
new file mode 100644
index 0000000..b5acb3d
--- /dev/null
+++ b/modules/frrouting/manifests/init.pp
@@ -0,0 +1,65 @@
+class frrouting (
+  Boolean $manage_package           = true,
+  Boolean $manage_config            = true,
+  Boolean $manage_service           = true,
+  String  $package_name             = 'frr',
+  String  $service_name             = 'frr',
+  Hash    $daemons                  = {},
+  Hash    $ospfd_interfaces         = {},
+  String  $ospfd_router_id          = $facts['networking']['ip'],
+  Array[String] $ospfd_redistribute = [],
+  Array[String] $ospfd_networks     = [],
+  Boolean $ospfd_default_originate_always = false,
+) {
+
+  $daemons_defaults = {
+    'bgpd'    => false,
+    'ospfd'   => true,
+    'ospf6d'  => false,
+    'ripd'    => false,
+    'ripngd'  => false,
+    'isisd'   => false,
+    'pimd'    => false,
+    'pim6d'   => false,
+    'nhrpd'   => false,
+    'eigrpd'  => false,
+    'sharpd'  => false,
+    'pbrd'    => false,
+    'bfdd'    => false,
+    'fabricd' => false,
+    'vrrpd'   => false,
+    'pathd'   => false,
+    'staticd' => false,
+  }
+
+  $daemons_merged = merge($daemons, $daemons_defaults)
+
+  if $manage_package {
+    package { $package_name:
+      ensure => installed,
+    }
+  }
+
+  if $manage_config {
+    file { '/etc/frr/frr.conf':
+      ensure  => file,
+      content => template('frrouting/frr.conf.erb'),
+      notify  => Service[$service_name],
+    }
+
+    file { '/etc/frr/daemons':
+      ensure  => file,
+      content => template('frrouting/daemons.erb'),
+      notify  => Service[$service_name],
+    }
+  }
+
+  if $manage_service {
+    service { $service_name:
+      ensure     => running,
+      enable     => true,
+      hasstatus  => true,
+      hasrestart => true,
+    }
+  }
+}
diff --git a/modules/frrouting/templates/daemons.erb b/modules/frrouting/templates/daemons.erb
new file mode 100644
index 0000000..846b339
--- /dev/null
+++ b/modules/frrouting/templates/daemons.erb
@@ -0,0 +1,28 @@
+# THIS FILE IS MANAGED BY PUPPET
+<% @daemons_merged.each do |daemon, status| -%>
+<% if status -%>
+<%= daemon %>=yes
+<% else -%>
+<%= daemon %>=no
+<% end -%>
+<% end -%>
+
+vtysh_enable=yes
+zebra_options="  -A 127.0.0.1 -s 90000000"
+bgpd_options="   -A 127.0.0.1"
+ospfd_options="  -A 127.0.0.1"
+ospf6d_options=" -A ::1"
+ripd_options="   -A 127.0.0.1"
+ripngd_options=" -A ::1"
+isisd_options="  -A 127.0.0.1"
+pimd_options="   -A 127.0.0.1"
+pim6d_options="  -A ::1"
+nhrpd_options="  -A 127.0.0.1"
+eigrpd_options=" -A 127.0.0.1"
+sharpd_options=" -A 127.0.0.1"
+pbrd_options="   -A 127.0.0.1"
+staticd_options="-A 127.0.0.1"
+bfdd_options="   -A 127.0.0.1"
+fabricd_options="-A 127.0.0.1"
+vrrpd_options="  -A 127.0.0.1"
+pathd_options="  -A 127.0.0.1"
diff --git a/modules/frrouting/templates/frr.conf.erb b/modules/frrouting/templates/frr.conf.erb
new file mode 100644
index 0000000..f1638fd
--- /dev/null
+++ b/modules/frrouting/templates/frr.conf.erb
@@ -0,0 +1,27 @@
+# THIS FILE IS MANAGED BY PUPPET
+frr defaults traditional
+hostname <%= @hostname %>
+no ipv6 forwarding
+<% @ospfd_interfaces.each do |iface, params| -%>
+interface <%= iface %>
+<% if params['area'] -%>
+ ip ospf area <%= params['area'] %>
+<% end -%>
+<% if params['passive'] == true -%>
+ ip ospf passive
+<% end -%>
+exit
+<% end -%>
+router ospf
+ ospf router-id <%= @ospfd_router_id %>
+ log-adjacency-changes detail
+<% @ospfd_redistribute.each do |type| -%>
+ redistribute <%= type %>
+<% end -%>
+<% @ospfd_networks.each do |network| -%>
+ network <%= network %>
+<% end -%>
+<% if @ospfd_default_originate_always -%>
+ default-information originate always
+<% end -%>
+exit
diff --git a/site/profiles/templates/nomad/config.hcl.erb b/site/profiles/templates/nomad/config.hcl.erb
index f1e2ac0..2f6aead 100644
--- a/site/profiles/templates/nomad/config.hcl.erb
+++ b/site/profiles/templates/nomad/config.hcl.erb
@@ -22,6 +22,13 @@ server {
 client {
   enabled = true
 }
+plugin "docker" {
+  config {
+    volumes {
+      enabled = true
+    }
+  }
+}
 <% end -%>
 
 # Require TLS