diff --git a/README.md b/README.md
index 36e44ce..e64c4cd 100644
--- a/README.md
+++ b/README.md
@@ -29,18 +29,39 @@ Building and improving this Ansible role have been sponsored by my employer **Pr
   * [mariadb_extra_configs](#mariadb_extra_configs)
   * [mariadb_extra_databases](#mariadb_extra_databases)
   * [mariadb_extra_users](#mariadb_extra_users)
+  * [mariadb_galera_address](#mariadb_galera_address)
+  * [mariadb_galera_cluster](#mariadb_galera_cluster)
+  * [mariadb_galera_enabled](#mariadb_galera_enabled)
+  * [mariadb_galera_name](#mariadb_galera_name)
+  * [mariadb_galera_nodes](#mariadb_galera_nodes)
+  * [mariadb_galera_primary](#mariadb_galera_primary)
   * [mariadb_global_databases](#mariadb_global_databases)
   * [mariadb_global_users](#mariadb_global_users)
   * [mariadb_ignore_db_dirs](#mariadb_ignore_db_dirs)
+  * [mariadb_innodb_buffer_pool_instances](#mariadb_innodb_buffer_pool_instances)
+  * [mariadb_innodb_buffer_pool_size](#mariadb_innodb_buffer_pool_size)
+  * [mariadb_innodb_file_per_table](#mariadb_innodb_file_per_table)
+  * [mariadb_innodb_flush_log_at_trx_commit](#mariadb_innodb_flush_log_at_trx_commit)
+  * [mariadb_innodb_io_capacity](#mariadb_innodb_io_capacity)
+  * [mariadb_innodb_max_dirty_pages_pct](#mariadb_innodb_max_dirty_pages_pct)
+  * [mariadb_key_buffer_size](#mariadb_key_buffer_size)
   * [mariadb_limit_number_files](#mariadb_limit_number_files)
   * [mariadb_lower_case_table_names](#mariadb_lower_case_table_names)
   * [mariadb_max_allowed_packet](#mariadb_max_allowed_packet)
   * [mariadb_max_connections](#mariadb_max_connections)
+  * [mariadb_oom_score_adjust](#mariadb_oom_score_adjust)
   * [mariadb_packages](#mariadb_packages)
+  * [mariadb_query_cache_size](#mariadb_query_cache_size)
+  * [mariadb_query_cache_type](#mariadb_query_cache_type)
   * [mariadb_root_hosts](#mariadb_root_hosts)
   * [mariadb_root_password](#mariadb_root_password)
   * [mariadb_root_username](#mariadb_root_username)
+  * [mariadb_skip_name_resolve](#mariadb_skip_name_resolve)
+  * [mariadb_symbolic_links](#mariadb_symbolic_links)
   * [mariadb_temp_directory](#mariadb_temp_directory)
+  * [mariadb_timeout_start_sec](#mariadb_timeout_start_sec)
+  * [mariadb_upstream_repo](#mariadb_upstream_repo)
+  * [mariadb_upstream_version](#mariadb_upstream_version)
 * [Dependencies](#dependencies)
 * [License](#license)
 * [Author](#author)
@@ -249,6 +270,64 @@ mariadb_extra_users:
     state: absent
 ```
 
+### mariadb_galera_address
+
+Node address within galera cluster
+
+#### Default value
+
+```YAML
+mariadb_galera_address: '{{ ansible_address }}'
+```
+
+### mariadb_galera_cluster
+
+#### Default value
+
+```YAML
+mariadb_galera_cluster: galera
+```
+
+### mariadb_galera_enabled
+
+Enable galera clustering
+
+#### Default value
+
+```YAML
+mariadb_galera_enabled: false
+```
+
+### mariadb_galera_name
+
+Node name within galera cluster
+
+#### Default value
+
+```YAML
+mariadb_galera_name: '{{ inventory_hostname }}'
+```
+
+### mariadb_galera_nodes
+
+Node addresses part of galera cluster
+
+#### Default value
+
+```YAML
+mariadb_galera_nodes: []
+```
+
+### mariadb_galera_primary
+
+Inventory of primary galera node
+
+#### Default value
+
+```YAML
+mariadb_galera_primary:
+```
+
 ### mariadb_global_databases
 
 List of databases to create
@@ -304,6 +383,76 @@ List of ignored database directories
 mariadb_ignore_db_dirs: []
 ```
 
+### mariadb_innodb_buffer_pool_instances
+
+InnoDB buffer pool instances
+
+#### Default value
+
+```YAML
+mariadb_innodb_buffer_pool_instances: 1
+```
+
+### mariadb_innodb_buffer_pool_size
+
+InnoDB buffer pool size
+
+#### Default value
+
+```YAML
+mariadb_innodb_buffer_pool_size: 256M
+```
+
+### mariadb_innodb_file_per_table
+
+InnoDB file per table
+
+#### Default value
+
+```YAML
+mariadb_innodb_file_per_table: 1
+```
+
+### mariadb_innodb_flush_log_at_trx_commit
+
+InnoDB flush at trx commit
+
+#### Default value
+
+```YAML
+mariadb_innodb_flush_log_at_trx_commit: 1
+```
+
+### mariadb_innodb_io_capacity
+
+InnoDB IO capacity
+
+#### Default value
+
+```YAML
+mariadb_innodb_io_capacity: 1000
+```
+
+### mariadb_innodb_max_dirty_pages_pct
+
+InnoDB max dirty pages percentage
+
+#### Default value
+
+```YAML
+mariadb_innodb_max_dirty_pages_pct: 90
+```
+
+### mariadb_key_buffer_size
+
+Key buffer size
+
+#### Default value
+
+```YAML
+mariadb_key_buffer_size: 32M
+```
+
 ### mariadb_limit_number_files
 
 Number of allowed open files for systemd service
@@ -344,6 +493,16 @@ Max allowed connections
 mariadb_max_connections: 1000
 ```
 
+### mariadb_oom_score_adjust
+
+Adjustment score for OOM killer
+
+#### Default value
+
+```YAML
+mariadb_oom_score_adjust: -999
+```
+
 ### mariadb_packages
 
 List of packages to install
@@ -357,6 +516,27 @@ mariadb_packages:
   - mariadb-backup
   - mycli
   - python3-pymysql
+  - rsync
+```
+
+### mariadb_query_cache_size
+
+Query cache size
+
+#### Default value
+
+```YAML
+mariadb_query_cache_size: 0
+```
+
+### mariadb_query_cache_type
+
+Query cache type
+
+#### Default value
+
+```YAML
+mariadb_query_cache_type: 0
 ```
 
 ### mariadb_root_hosts
@@ -368,6 +548,7 @@ Allowed hosts for root user
 ```YAML
 mariadb_root_hosts:
   - localhost
+  - 127.0.0.1
 ```
 
 ### mariadb_root_password
@@ -390,6 +571,26 @@ Username for the root user
 mariadb_root_username: root
 ```
 
+### mariadb_skip_name_resolve
+
+Skip name resolving
+
+#### Default value
+
+```YAML
+mariadb_skip_name_resolve: true
+```
+
+### mariadb_symbolic_links
+
+Symbolic links
+
+#### Default value
+
+```YAML
+mariadb_symbolic_links: 0
+```
+
 ### mariadb_temp_directory
 
 Temporary directory used by MariaDB
@@ -400,6 +601,36 @@ Temporary directory used by MariaDB
 mariadb_temp_directory:
 ```
 
+### mariadb_timeout_start_sec
+
+Time to wait for daemon startup
+
+#### Default value
+
+```YAML
+mariadb_timeout_start_sec: 120
+```
+
+### mariadb_upstream_repo
+
+Install from upstream repository
+
+#### Default value
+
+```YAML
+mariadb_upstream_repo: true
+```
+
+### mariadb_upstream_version
+
+Upstream repo version
+
+#### Default value
+
+```YAML
+mariadb_upstream_version: 10.6
+```
+
 ## Dependencies
 
 * [rolehippie.docker](https://github.com/rolehippie/docker)
diff --git a/defaults/main.yml b/defaults/main.yml
index a2ecd32..d745e33 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,11 @@
 # Standards: 1.2
 ---
+# @var mariadb_upstream_repo:description: Install from upstream repository
+mariadb_upstream_repo: True
+
+# @var mariadb_upstream_version:description: Upstream repo version
+mariadb_upstream_version: 10.6
+
 # @var mariadb_packages:description: List of packages to install
 mariadb_packages:
   - mariadb-server
@@ -7,6 +13,7 @@ mariadb_packages:
   - mariadb-backup
   - mycli
   - python3-pymysql
+  - rsync
 
 # @var mariadb_bind_address:description: Bind address for the server
 mariadb_bind_address: 0.0.0.0
@@ -17,6 +24,39 @@ mariadb_ignore_db_dirs: []
 # @var mariadb_temp_directory:description: Temporary directory used by MariaDB
 mariadb_temp_directory:
 
+# @var mariadb_skip_name_resolve:description: Skip name resolving
+mariadb_skip_name_resolve: True
+
+# @var mariadb_innodb_buffer_pool_size:description: InnoDB buffer pool size
+mariadb_innodb_buffer_pool_size: 256M
+
+# @var mariadb_innodb_buffer_pool_instances:description: InnoDB buffer pool instances
+mariadb_innodb_buffer_pool_instances: 1
+
+# @var mariadb_innodb_file_per_table:description: InnoDB file per table
+mariadb_innodb_file_per_table: 1
+
+# @var mariadb_innodb_flush_log_at_trx_commit:description: InnoDB flush at trx commit
+mariadb_innodb_flush_log_at_trx_commit: 1
+
+# @var mariadb_innodb_max_dirty_pages_pct:description: InnoDB max dirty pages percentage
+mariadb_innodb_max_dirty_pages_pct: 90
+
+# @var mariadb_innodb_io_capacity:description: InnoDB IO capacity
+mariadb_innodb_io_capacity: 1000
+
+# @var mariadb_key_buffer_size:description: Key buffer size
+mariadb_key_buffer_size: 32M
+
+# @var mariadb_query_cache_type:description: Query cache type
+mariadb_query_cache_type: 0
+
+# @var mariadb_query_cache_size:description: Query cache size
+mariadb_query_cache_size: 0
+
+# @var mariadb_symbolic_links:description: Symbolic links
+mariadb_symbolic_links: 0
+
 # @var mariadb_max_allowed_packet:description: Max allowed packet
 mariadb_max_allowed_packet: 64M
 
@@ -29,6 +69,30 @@ mariadb_lower_case_table_names: 0
 # @var mariadb_limit_number_files:description: Number of allowed open files for systemd service
 mariadb_limit_number_files: 32768
 
+# @var mariadb_oom_score_adjust:description: Adjustment score for OOM killer
+mariadb_oom_score_adjust: -999
+
+# @var mariadb_timeout_start_sec:description: Time to wait for daemon startup
+mariadb_timeout_start_sec: 120
+
+# @var mariadb_galera_enabled:description: Enable galera clustering
+mariadb_galera_enabled: False
+
+# @var mariadb_galera_primary:description: Inventory of primary galera node
+mariadb_galera_primary:
+
+# @var mariadb_galera_name:description: Name of the galera cluster
+mariadb_galera_cluster: galera
+
+# @var mariadb_galera_nodes:description: Node addresses part of galera cluster
+mariadb_galera_nodes: []
+
+# @var mariadb_galera_address:description: Node address within galera cluster
+mariadb_galera_address: "{{ ansible_address }}"
+
+# @var mariadb_galera_name:description: Node name within galera cluster
+mariadb_galera_name: "{{ inventory_hostname }}"
+
 # @var mariadb_root_username:description: Username for the root user
 mariadb_root_username: root
 
@@ -38,6 +102,7 @@ mariadb_root_password: root
 # @var mariadb_root_hosts:description: Allowed hosts for root user
 mariadb_root_hosts:
   - localhost
+  - 127.0.0.1
 
 # @var mariadb_global_databases:description: List of databases to create
 # @var mariadb_global_databases:example: >
diff --git a/tasks/exporter.yml b/tasks/exporter.yml
index 13a7944..15489f4 100644
--- a/tasks/exporter.yml
+++ b/tasks/exporter.yml
@@ -46,6 +46,9 @@
   template:
     src: exporter/default.j2
     dest: /etc/default/mariadb-exporter
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
   tags:
     - mariadb-exporter
 
@@ -55,10 +58,14 @@
   template:
     src: exporter/service.j2
     dest: /etc/systemd/system/mariadb-exporter.service
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
   tags:
     - mariadb-exporter
 
 - name: Start mariadb-exporter service
+  ignore_errors: "{{ ansible_check_mode }}"
   systemd:
     name: mariadb-exporter
     state: started
diff --git a/tasks/galera.yml b/tasks/galera.yml
new file mode 100644
index 0000000..986330d
--- /dev/null
+++ b/tasks/galera.yml
@@ -0,0 +1,75 @@
+# Standards: 1.2
+---
+- name: Check galera status
+  register: mariadb_galera_status
+  delegate_to: "{{ mariadb_galera_primary }}"
+  run_once: True
+  mysql_info:
+    filter: settings
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    login_user: "{{ mariadb_root_username }}"
+    login_password: "{{ mariadb_root_password }}"
+  tags:
+    - mariadb
+
+- name: Stop mariadb services
+  when:
+    - mariadb_galera_status.settings.wsrep_on == 'OFF'
+  systemd:
+    name: mariadb
+    state: stopped
+    daemon_reload: True
+    masked: False
+    enabled: True
+  tags:
+    - mariadb
+
+- name: Initial galera config
+  when:
+    - mariadb_galera_status.settings.wsrep_on == 'OFF'
+    - inventory_hostname == mariadb_galera_primary
+  vars:
+    mariadb_galera_nodes: []
+  template:
+    src: galera.j2
+    dest: /etc/mysql/mariadb.conf.d/60-galera.cnf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  tags:
+    - mariadb
+
+- name: Create galera cluster
+  when:
+    - mariadb_galera_status.settings.wsrep_on == 'OFF'
+    - inventory_hostname == mariadb_galera_primary
+  command: galera_new_cluster
+  tags:
+    - mariadb
+
+- name: Restore galera config
+  when:
+    - mariadb_galera_status.settings.wsrep_on == 'OFF'
+    - inventory_hostname == mariadb_galera_primary
+  template:
+    src: galera.j2
+    dest: /etc/mysql/mariadb.conf.d/60-galera.cnf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  tags:
+    - mariadb
+
+- name: Start galera cluster
+  when:
+    - mariadb_galera_status.settings.wsrep_on == 'OFF'
+  systemd:
+    name: mariadb
+    state: started
+    daemon_reload: True
+    masked: False
+    enabled: True
+  tags:
+    - mariadb
+
+...
diff --git a/tasks/main.yml b/tasks/main.yml
index 15294eb..495d588 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,6 +6,28 @@
   file:
     path: "{{ item }}"
     state: directory
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  tags:
+    - mariadb
+
+- name: Download repo key
+  when: mariadb_upstream_repo
+  apt_key:
+    url: https://mariadb.org/mariadb_release_signing_key.asc
+    id: 177F4010FE56CA3336300305F1656F24C74CD1D8
+    state: present
+  tags:
+    - mariadb
+
+- name: Add apt repository
+  when: mariadb_upstream_repo
+  apt_repository:
+    repo: "deb [arch=amd64] https://mirror.netcologne.de/mariadb/repo/{{ mariadb_upstream_version }}/ubuntu {{ ansible_distribution_release }} main"
+    filename: mariadb
+    update_cache: True
+    state: present
   tags:
     - mariadb
 
@@ -29,6 +51,7 @@
     - mariadb
 
 - name: Fix data permissions
+  when: not ansible_check_mode
   file:
     path: /var/lib/mysql
     owner: mysql
@@ -65,12 +88,28 @@
   tags:
     - mariadb
 
+- name: Write galera config
+  when: mariadb_galera_enabled
+  notify:
+    - Restart mariadb
+  template:
+    src: galera.j2
+    dest: /etc/mysql/mariadb.conf.d/60-galera.cnf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  tags:
+    - mariadb
+
 - name: Write override config
   notify:
     - Restart mariadb
   template:
     src: config.j2
     dest: /etc/mysql/mariadb.conf.d/99-override.cnf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
   tags:
     - mariadb
 
@@ -80,10 +119,14 @@
   template:
     src: override.j2
     dest: /etc/systemd/system/mariadb.service.d/override.conf
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
   tags:
     - mariadb
 
 - name: Start mariadb service
+  ignore_errors: "{{ ansible_check_mode }}"
   systemd:
     name: mariadb
     state: started
@@ -94,7 +137,8 @@
     - mariadb
 
 - name: Update root account
-  no_log: True
+  when: not ansible_check_mode
+  diff: False
   loop: "{{ mariadb_root_hosts }}"
   mysql_user:
     name: "{{ mariadb_root_username }}"
@@ -104,6 +148,7 @@
     login_unix_socket: /var/run/mysqld/mysqld.sock
     login_user: "{{ mariadb_root_username }}"
     login_password: "{{ mariadb_root_password }}"
+    priv: '*.*:ALL,GRANT'
     state: present
   tags:
     - mariadb
@@ -129,7 +174,8 @@
     - mariadb
 
 - name: Remove anonymous user
-  no_log: True
+  when: not ansible_check_mode
+  diff: False
   mysql_user:
     name: ""
     host_all: True
@@ -139,6 +185,7 @@
     - mariadb
 
 - name: Remove test database
+  when: not ansible_check_mode
   mysql_db:
     name: test
     state: absent
@@ -146,7 +193,15 @@
   tags:
     - mariadb
 
+- name: Include galera tasks
+  when: mariadb_galera_enabled | default(False)
+  include: galera.yml
+  tags:
+    - mariadb
+
 - name: Create defined databases
+  delegate_to: "{{ mariadb_galera_primary if mariadb_galera_enabled else omit }}"
+  when: not ansible_check_mode
   loop: "{{ mariadb_global_databases + mariadb_extra_databases }}"
   loop_control:
     label: "{{ item.name }}"
@@ -160,7 +215,9 @@
     - mariadb
 
 - name: Create defined users
-  no_log: True
+  delegate_to: "{{ mariadb_galera_primary if mariadb_galera_enabled else omit }}"
+  when: not ansible_check_mode
+  diff: False
   loop: "{{ mariadb_global_users + mariadb_extra_users }}"
   loop_control:
     label: "{{ item.name }}"
diff --git a/templates/config.j2 b/templates/config.j2
index 1d245ac..6f7e3d5 100644
--- a/templates/config.j2
+++ b/templates/config.j2
@@ -1,15 +1,35 @@
 [mysqld]
 bind-address = {{ mariadb_bind_address }}
+
 max_allowed_packet = {{ mariadb_max_allowed_packet }}
 max_connections = {{ mariadb_max_connections }}
 {% if mariadb_ignore_db_dirs | default(False) %}
+
 {% for item in mariadb_ignore_db_dirs %}
 ignore_db_dirs = {{ item }}
 {% endfor %}
 {% endif %}
 {% if mariadb_temp_directory | default(False) %}
+
 tmpdir = {{ mariadb_temp_directory }}
 {% endif %}
+{% if mariadb_skip_name_resolve %}
+
+skip-name-resolve
+{% endif %}
+
+innodb-buffer-pool-size={{ mariadb_innodb_buffer_pool_size }}
+innodb-buffer-pool-instances={{ mariadb_innodb_buffer_pool_instances }}
+innodb_file_per_table={{ mariadb_innodb_file_per_table }}
+innodb-flush-log-at-trx-commit={{ mariadb_innodb_flush_log_at_trx_commit }}
+innodb-max-dirty-pages-pct={{ mariadb_innodb_max_dirty_pages_pct }}
+innodb-io-capacity={{ mariadb_innodb_io_capacity }}
+
+key-buffer-size={{ mariadb_key_buffer_size }}
+
+query-cache-type={{ mariadb_query_cache_type }}
+query-cache-size={{ mariadb_query_cache_size }}
+symbolic-links={{ mariadb_symbolic_links }}
 
 [mariadb]
 lower_case_table_names = {{ mariadb_lower_case_table_names }}
diff --git a/templates/galera.j2 b/templates/galera.j2
new file mode 100644
index 0000000..d8289d5
--- /dev/null
+++ b/templates/galera.j2
@@ -0,0 +1,14 @@
+[galera]
+wsrep_on = 1
+wsrep_provider = /usr/lib/galera/libgalera_smm.so
+wsrep_cluster_name = {{ mariadb_galera_cluster }}
+wsrep_cluster_address = gcomm://{{ mariadb_galera_nodes | join(',') }}
+wsrep_sst_method = rsync
+wsrep_node_address = {{ mariadb_galera_address }}
+wsrep_node_name = {{ mariadb_galera_name }}
+
+bind-address = {{ mariadb_bind_address }}
+
+binlog_format = row
+default-storage-engine = innodb
+innodb_autoinc_lock_mode = 2
diff --git a/templates/override.j2 b/templates/override.j2
index b57a491..d68300d 100644
--- a/templates/override.j2
+++ b/templates/override.j2
@@ -1,2 +1,8 @@
 [Service]
 LimitNOFILE={{ mariadb_limit_number_files }}
+{% if mariadb_oom_score_adjust | default(False) %}
+OOMScoreAdjust={{ mariadb_oom_score_adjust }}
+{% endif %}
+{% if mariadb_timeout_start_sec | default(False) %}
+TimeoutStartSec={{ mariadb_timeout_start_sec }}
+{% endif %}