diff --git a/ansible/roles/home-net/tasks/onprem.yml b/ansible/roles/home-net/tasks/onprem.yml
index e69de29..c4daa8f 100644
--- a/ansible/roles/home-net/tasks/onprem.yml
+++ b/ansible/roles/home-net/tasks/onprem.yml
@@ -0,0 +1,46 @@
+- name: Make sure we have a 'sudo' group
+  group:
+    name: sudo
+    state: present
+
+- name: Allow sudo group to have passwordless sudo
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: '/usr/sbin/visudo -cf %s'
+
+- name: Create a new regular user with sudo privileges
+  user:
+    name: "{{ create_user }}"
+    state: present
+    groups: sudo
+    append: true
+    create_home: true
+    shell: /bin/bash
+
+- name: Set authorized key for remote user
+  authorized_key:
+    user: "{{ create_user }}"
+    state: present
+    key: "{{ copy_local_key }}"
+
+
+- name: Disable password authentication for root
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: present
+    regexp: '^#?PermitRootLogin'
+    line: 'PermitRootLogin no'
+
+- name: Update apt
+  apt: update_cache=yes
+
+- name: Install required system packages
+  apt: name={{ sys_packages }} state=latest
+
+- name: Restart sshd
+  service:
+    name: sshd.service
+    state: restarted
diff --git a/ansible/roles/home-net/vars/main.yml b/ansible/roles/home-net/vars/main.yml
index 0ba8d59..42eaaa4 100644
--- a/ansible/roles/home-net/vars/main.yml
+++ b/ansible/roles/home-net/vars/main.yml
@@ -1 +1,3 @@
-sys_packages: [ 'curl', 'vim', 'git', '', 'emacs', 'build-essential', 'mosh' ]
+sys_packages: [ 'curl', 'vim', 'git', 'fail2ban', 'mosh', 'emacs', 'build-essential','dnsutils' ]
+create_user: josiah
+copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/home-net.pub') }}"