diff --git a/roles/cs.varnish-watchdog/defaults/main.yml b/roles/cs.varnish-watchdog/defaults/main.yml
new file mode 100644
index 000000000..c9ff107f2
--- /dev/null
+++ b/roles/cs.varnish-watchdog/defaults/main.yml
@@ -0,0 +1,6 @@
+varnish_watchdog_timeout: 2
+varnish_watchdog_restart_cmd: "/bin/systemctl restart varnish"
+varnish_watchdog_script_path: "/usr/local/bin/varnish-watchdog.sh"
+varnish_watchdog_service_name: "varnish-watchdog.service"
+varnish_watchdog_timer_name: "varnish-watchdog.timer"
+varnish_watchdog_interval: "*:0/1"
diff --git a/roles/cs.varnish-watchdog/meta/main.yml b/roles/cs.varnish-watchdog/meta/main.yml
new file mode 100644
index 000000000..e69de29bb
diff --git a/roles/cs.varnish-watchdog/tasks/main.yml b/roles/cs.varnish-watchdog/tasks/main.yml
new file mode 100644
index 000000000..78844909e
--- /dev/null
+++ b/roles/cs.varnish-watchdog/tasks/main.yml
@@ -0,0 +1,60 @@
+- name: Install Varnish watchdog script
+  ansible.builtin.copy:
+    dest: "{{ varnish_watchdog_script_path }}"
+    owner: root
+    group: root
+    mode: "0755"
+    content: |
+      #!/usr/bin/env bash
+      set -euo pipefail
+
+      TIMEOUT="{{ varnish_watchdog_timeout }}"
+      RESTART_CMD="{{ varnish_watchdog_restart_cmd }}"
+
+      if ! timeout "${TIMEOUT}" varnishadm ping >/dev/null 2>&1; then
+          logger -t varnish-watchdog "Varnish is unresponsive, restarting service"
+          ${RESTART_CMD}
+      fi
+
+- name: Install Varnish watchdog service unit
+  ansible.builtin.copy:
+    dest: "/etc/systemd/system/{{ varnish_watchdog_service_name }}"
+    owner: root
+    group: root
+    mode: "0644"
+    content: |
+      [Unit]
+      Description=Varnish watchdog health check
+      Wants=network-online.target
+      After=network-online.target varnish.service
+
+      [Service]
+      Type=oneshot
+      ExecStart={{ varnish_watchdog_script_path }}
+
+- name: Install Varnish watchdog timer unit
+  ansible.builtin.copy:
+    dest: "/etc/systemd/system/{{ varnish_watchdog_timer_name }}"
+    owner: root
+    group: root
+    mode: "0644"
+    content: |
+      [Unit]
+      Description=Run Varnish watchdog every minute
+
+      [Timer]
+      OnCalendar={{ varnish_watchdog_interval }}
+      Persistent=true
+      Unit={{ varnish_watchdog_service_name }}
+
+      [Install]
+      WantedBy=timers.target
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: true
+
+- name: Enable and start Varnish watchdog timer
+  ansible.builtin.systemd:
+    name: "{{ varnish_watchdog_timer_name }}"
+    enabled: true
diff --git a/site.step-15-varnish.yml b/site.step-15-varnish.yml
index a2d82500d..96827a95c 100644
--- a/site.step-15-varnish.yml
+++ b/site.step-15-varnish.yml
@@ -77,6 +77,7 @@
       varnish_bypass_request_header_name: "{{ mageops_bypass_token_http_header }}"
       varnish_magento_vary_sign: "{{ mageops_magento_vary_sign_enabled }}"
       varnish_magento_vary_secret: "{{ mageops_magento_vary_sign_secret }}"
+    - role: cs.varnish-watchdog
     - role: cs.varnish-manager
       when: varnish_standalone and aws_use
     - role: cs.mageops-cli-profile