diff --git a/build-gerrit-container.yml b/build-gerrit-container.yml
new file mode 100644
index 0000000..e18cab2
--- /dev/null
+++ b/build-gerrit-container.yml
@@ -0,0 +1,56 @@
+---
+# Deploys gerrit
+- name: Build gerrit container
+  hosts: '{{ host }}'
+  become: false
+  vars_files:
+    - vars/gerrit.yml
+  handlers:
+    - import_tasks: handlers/main.yml
+
+  pre_tasks:
+    - name: Check if ansible cannot be run here
+      ansible.builtin.stat:
+        path: /etc/no-ansible
+      register: no_ansible
+
+    - name: Verify if we can run ansible
+      ansible.builtin.assert:
+        that:
+          - "not no_ansible.stat.exists"
+        success_msg: "We are able to run on this node"
+        fail_msg: "/etc/no-ansible exists - skipping run on this node"
+
+    - name: Verify if we are Rocky Linux 9 or higher
+      ansible.builtin.assert:
+        that:
+          - ansible_distribution_major_version|int >= 9
+          - ansible_distribution | lower == "rocky"
+        success_msg: "We are on a supported system"
+        fail_msg: "Only Rocky Linux versions 9 or higher are supported."
+
+    - name: Verify that reverse_proxy is proper
+      ansible.builtin.assert:
+        that:
+          - (reverse_proxy == 'httpd') or (reverse_proxy == 'nginx')
+        fail_msg: "Only httpd or nginx is supported"
+        success_msg: "reverse proxy is set"
+
+    - name: Import vault if available
+      ansible.builtin.include_vars:
+        file: "{{ vault_file }}"
+      vars:
+        vault_file: "{{ lookup('ansible.builtin.first_found', 'vars/vaults/gerrit.yml', errors='ignore') }}"
+
+    - name: Check that variables are set properly
+      ansible.builtin.assert:
+        that:
+          - gerrit_database_password != "gerrit"
+        success_msg: "Proper password is set."
+        fail_msg: "Please set a proper database password."
+      when: not gerrit_allow_insecure_passwords|bool
+
+  tasks:
+    - name: Build gerrit container
+      ansible.builtin.import_tasks: tasks/container.yml
+...
diff --git a/defaults/main.yml b/defaults/main.yml
index 52854a6..94518a2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,6 +9,8 @@ gerrit_site: "rlgitsvc"
 gerrit_container_user: "{{ gerrit_user }}"
 gerrit_container_heap_limit: "1g"
 gerrit_container_java_options: "-server -XX:+PrintGCDetails -XX:MaxPermSize=256M"
+gerrit_build_container: false
+gerrit_container_java_options_docker: " -Djava.security.egd=file:/dev/./urandom --add-opens java.base/java.net=ALL-UNNAMED --add-opens java.base/java.lang.invoke=ALL-UNNAMED"
 
 gerrit_database_type: "postgresql"
 gerrit_database_user: "gerrit"
diff --git a/tasks/container.yml b/tasks/container.yml
new file mode 100644
index 0000000..73b0674
--- /dev/null
+++ b/tasks/container.yml
@@ -0,0 +1,6 @@
+---
+- name: Install podman related packages
+  ansible.builtin.package:
+    name: podman
+    state: present
+...
diff --git a/templates/gerrit.config.j2 b/templates/gerrit.config.j2
index 53cf7b5..df9095e 100644
--- a/templates/gerrit.config.j2
+++ b/templates/gerrit.config.j2
@@ -3,7 +3,7 @@
         canonicalWebUrl = {{ gerrit_config_canonical_weburl }}
 
 [container]
-        javaOptions = {{ gerrit_container_java_options }}
+        javaOptions = "{{ gerrit_container_java_options }}{{ '' if not gerrit_build_container else gerrit_container_java_options_docker }}"
         user = {{ gerrit_user }}
         heapLimit = {{ gerrit_container_heap_limit }}
         javaHome = /usr/lib/jvm/jre/