diff --git a/roles/apt_repository/defaults/main.yml b/roles/apt_repository/defaults/main.yml
new file mode 100644
index 0000000..d38559d
--- /dev/null
+++ b/roles/apt_repository/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+repo_arch: ""
+repo_suite: "{{ ansible_distribution_release }}"
+repo_components:
+  - main
diff --git a/roles/apt_repository/meta/argument_specs.yml b/roles/apt_repository/meta/argument_specs.yml
new file mode 100644
index 0000000..70a1380
--- /dev/null
+++ b/roles/apt_repository/meta/argument_specs.yml
@@ -0,0 +1,36 @@
+---
+
+argument_specs:
+  main:
+    short_description: Apt repository
+    description: "Gets apt repository gpg key from a url and adds repo to sources"
+    options:
+      repo_name:
+        description: Name of the repository. Used in file names.
+        type: str
+        required: true
+      repo_url:
+        description: Url of the repository
+        type: str
+        required: true
+      repo_key_url:
+        description: Url of the repository signing key
+        type: str
+        required: true
+      repo_arch:
+        description: Architecture to use for the repsitory. You can use apt_arch variable here to use the system native archicecture.
+        type: str
+        required: false
+        default: ''
+      repo_suite:
+        description: Suite of the repository. Usually distribution codename.
+        type: str
+        required: false
+        default: "{{ ansible_distribution_release }}"
+      repo_components:
+        description: Components of the repository to use
+        type: list
+        elements: str
+        required: false
+        default:
+          - main
diff --git a/roles/apt_repository/molecule/default/converge.yml b/roles/apt_repository/molecule/default/converge.yml
new file mode 100644
index 0000000..6974d23
--- /dev/null
+++ b/roles/apt_repository/molecule/default/converge.yml
@@ -0,0 +1,14 @@
+---
+- name: Converge
+  hosts: all
+  tasks:
+    - name: "Include apt_repository"
+      ansible.builtin.import_role:
+        name: apt_repository
+      vars:
+        repo_name: docker
+        repo_url: https://download.docker.com/linux/{{ ansible_distribution | lower }}
+        repo_key_url: https://download.docker.com/linux/debian/gpg
+        repo_arch: "{{ apt_arch }}"
+        repo_components:
+          - stable
diff --git a/roles/apt_repository/molecule/default/molecule.yml b/roles/apt_repository/molecule/default/molecule.yml
new file mode 100644
index 0000000..17d267a
--- /dev/null
+++ b/roles/apt_repository/molecule/default/molecule.yml
@@ -0,0 +1,13 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: podman
+platforms:
+  - name: bullseye
+    image: git.uumas.fi/uumas/molecule-testbed:bullseye
+    pre_build_image: true
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
diff --git a/roles/apt_repository/molecule/default/verify.yml b/roles/apt_repository/molecule/default/verify.yml
new file mode 100644
index 0000000..f906b6d
--- /dev/null
+++ b/roles/apt_repository/molecule/default/verify.yml
@@ -0,0 +1,21 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: true
+  tasks:
+    - name: Get content of docker source file
+      ansible.builtin.slurp:
+        src: /etc/apt/sources.list.d/docker.list
+      register: docker_repo
+
+    - name: Ensure docker repo file content is as expected
+      ansible.builtin.assert:
+        that: >
+          docker_repo.content | b64decode == "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc]
+          https://download.docker.com/linux/{{ ansible_distribution | lower }}
+          {{ ansible_distribution_release }} stable\n"
+        msg: >
+          /etc/apt/sources.list.d/docker.list should contain
+          deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc]
+          https://download.docker.com/linux/{{ ansible_distribution | lower }}
+          {{ ansible_distribution_release }} stable but it contained {{ docker_repo.content | b64decode }} instead
diff --git a/roles/apt_repository/tasks/main.yml b/roles/apt_repository/tasks/main.yml
new file mode 100644
index 0000000..12f5599
--- /dev/null
+++ b/roles/apt_repository/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+
+- name: Install dependencies
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - gnupg
+    update_cache: true
+
+- name: Initialize repo_options
+  ansible.builtin.set_fact:
+    repo_options: []
+
+- name: Add arch to repo_options
+  ansible.builtin.set_fact:
+    repo_options: "{{ repo_options + ['arch=' + repo_arch] }}"
+  when: repo_arch | length > 0
+
+- name: Esnure /etc/apt/keyrings exists
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: "0755"
+
+- name: Get repo signing key
+  ansible.builtin.get_url:
+    url: "{{ repo_key_url }}"
+    dest: /etc/apt/keyrings/{{ repo_name }}.asc
+    mode: "0644"
+  register: repo_key
+
+- name: Add signed-by to repo_options
+  ansible.builtin.set_fact:
+    repo_options: "{{ repo_options + ['signed-by=' + repo_key.dest] }}"
+
+- name: Add repo {{ repo_name }}
+  ansible.builtin.apt_repository:
+    repo: "deb [{{ repo_options | join(' ') }}] {{ repo_url }} {{ repo_suite }} {{ repo_components | join(' ') }}"
+    filename: docker
+    mode: "0644"
diff --git a/roles/apt_repository/vars/main.yml b/roles/apt_repository/vars/main.yml
new file mode 100644
index 0000000..e178d87
--- /dev/null
+++ b/roles/apt_repository/vars/main.yml
@@ -0,0 +1,2 @@
+---
+apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"