diff --git a/.gitignore b/.gitignore
index bb30560..d0e11e9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-prometheus-dnssec-exporter
-config.yaml
-.changes
+/prometheus-dnssec-exporter
+/config.yaml
+/.changes
diff --git a/package/debian/prometheus-dnssec-exporter/DEBIAN/conffiles b/package/debian/prometheus-dnssec-exporter/DEBIAN/conffiles
new file mode 100644
index 0000000..8cd149f
--- /dev/null
+++ b/package/debian/prometheus-dnssec-exporter/DEBIAN/conffiles
@@ -0,0 +1,2 @@
+/etc/default/prometheus-dnssec-exporter
+/etc/prometheus/dnssec-exporter/config.yaml
diff --git a/package/debian/prometheus-dnssec-exporter/DEBIAN/control b/package/debian/prometheus-dnssec-exporter/DEBIAN/control
new file mode 100644
index 0000000..c46e377
--- /dev/null
+++ b/package/debian/prometheus-dnssec-exporter/DEBIAN/control
@@ -0,0 +1,8 @@
+Package: prometheus-dnssec-exporter
+Version: __VERSION__
+Maintainer: s3lph <s3lph@kabelsalat.ch>
+Section: web
+Priority: optional
+Architecture: amd64
+Description: Prometheus exporter to check the DNSSEC state of DNSSEC zones
+ This is a Prometheus exporter to check the DNSSEC state of DNSSEC zones.
diff --git a/package/debian/prometheus-dnssec-exporter/DEBIAN/postinst b/package/debian/prometheus-dnssec-exporter/DEBIAN/postinst
new file mode 100755
index 0000000..bc5c5c2
--- /dev/null
+++ b/package/debian/prometheus-dnssec-exporter/DEBIAN/postinst
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+if [[ "$1" == "configure" ]]; then
+
+    if ! getent group prometheus >/dev/null; then
+        groupadd --system prometheus
+    fi
+
+    if ! getent passwd prometheus >/dev/null; then
+        useradd --system --gid prometheus --home-dir /var/lib/prometheus --shell /usr/sbin/nologin prometheus
+    fi
+
+    chown root:prometheus /etc/prometheus/dnssec-exporter /etc/prometheus/dnssec-exporter/config.yaml
+    chmod 0755 /etc/prometheus/dnssec-exporter
+    cmmod 0640 /etc/prometheus/dnssec-exporter/config.yaml
+
+    deb-systemd-helper enable prometheus-dnssec-exporter.service
+    deb-systemd-invoke restart prometheus-dnssec-exporter.service
+
+fi
+
diff --git a/package/debian/prometheus-dnssec-exporter/DEBIAN/prerm b/package/debian/prometheus-dnssec-exporter/DEBIAN/prerm
new file mode 100755
index 0000000..f1fcdfe
--- /dev/null
+++ b/package/debian/prometheus-dnssec-exporter/DEBIAN/prerm
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+if [[ "$1" == "remove" ]]; then
+
+    deb-systemd-invoke stop prometheus-dnssec-exporter
+
+fi
diff --git a/package/debian/prometheus-dnssec-exporter/etc/default/prometheus-dnssec-exporter b/package/debian/prometheus-dnssec-exporter/etc/default/prometheus-dnssec-exporter
new file mode 100644
index 0000000..213472d
--- /dev/null
+++ b/package/debian/prometheus-dnssec-exporter/etc/default/prometheus-dnssec-exporter
@@ -0,0 +1,13 @@
+
+ARGS="--config=/etc/prometheus/dnssec-exporter/config.yaml --web.listen-address=:9142"
+
+# GLOBAL OPTIONS:
+# --web.listen-address=":9142"
+#                      Address on which to expose metrics.
+# --web.metrics-path="/metrics"
+#                      Path under which to expose metrics.
+# --web.config=""      Path to web config yaml file.
+# --config=""          Path to config yaml file.
+# --log.level=info     Only log messages with the given severity or above. One of: [debug, info, warn, error]
+# --log.format=logfmt  Output format of log messages. One of: [logfmt, json]
+# --version            Show application version.
diff --git a/package/debian/prometheus-dnssec-exporter/etc/prometheus/dnssec-exporter/config.yaml b/package/debian/prometheus-dnssec-exporter/etc/prometheus/dnssec-exporter/config.yaml
new file mode 100644
index 0000000..5617c7f
--- /dev/null
+++ b/package/debian/prometheus-dnssec-exporter/etc/prometheus/dnssec-exporter/config.yaml
@@ -0,0 +1,22 @@
+---
+
+## dnssec exporter configuration
+#
+#dns:
+#  # The resolver to use.  Must be DNSSEC validating, and
+#  # must not strip DNSSEC responses.
+#  resolver: 1.1.1.1:53
+#  # List of zones to resolve.
+#  zones:
+#    - example.org.
+#    - example.com.
+
+## TLS and Basic Auth can be configured here as well, see for details:
+## https://github.com/prometheus/exporter-toolkit/blob/master/web/tls_config.go#L36
+#
+#basic_auth_users:
+#  user1: pass1
+#  user2: pass2
+#tls_server_config:
+#  cert_file: server.crt
+#  key_file: server.key
diff --git a/package/debian/prometheus-dnssec-exporter/lib/systemd/system/prometheus-dnssec-exporter.service b/package/debian/prometheus-dnssec-exporter/lib/systemd/system/prometheus-dnssec-exporter.service
new file mode 100644
index 0000000..744f4b5
--- /dev/null
+++ b/package/debian/prometheus-dnssec-exporter/lib/systemd/system/prometheus-dnssec-exporter.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Prometheus DNSSEC Exporter
+Documentation=https://gitlab.com/s3lph/prometheus-dnssec-exporter
+After=network.target
+
+[Service]
+Restart=on-failure
+User=prometheus
+EnvironmentFile=/etc/default/prometheus-dnssec-exporter
+ExecStart=/usr/bin/prometheus-dnssec-exporter $ARGS
+
+[Install]
+WantedBy=multi-user.target