diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index af31198..4cddade 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -91,3 +91,4 @@
     - bhyve
     - wireguard
     - plainmacs
+    - mrmanager
diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf
index 2c99de9..4dad8f3 100644
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@@ -2,6 +2,7 @@ ext_if = "lagg0"
 not_ext_if = "{ !lagg0 }"
 jail_nat_v4 = "{ 10.215.1.0/24 }"
 not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
+pub_k8s = "{ 74.80.180.136/29, !74.80.180.138 }"
 
 dhcp = "{ bootpc, bootps }"
 allow = "{ colo }"
@@ -30,9 +31,11 @@ block log all
 pass out on $ext_if
 
 # Single interface kubernetes cluster is working with the following run on mrmanager:
-#   doas route add -host 74.80.180.139 -int jail_nat
+#   doas route add -host 74.80.180.139 -interface jail_nat
+#   doas sysctl net.link.ether.inet.proxyall=1
 # Plus this in pf.conf:
 #   pass quick from any to 74.80.180.139
+pass quick from any to $pub_k8s
 
 pass in on jail_nat
 # Allow traffic from my machine to the jails/virtual machines
diff --git a/ansible/roles/mrmanager/tasks/common.yaml b/ansible/roles/mrmanager/tasks/common.yaml
new file mode 100644
index 0000000..fef1101
--- /dev/null
+++ b/ansible/roles/mrmanager/tasks/common.yaml
@@ -0,0 +1,15 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
diff --git a/ansible/roles/mrmanager/tasks/freebsd.yaml b/ansible/roles/mrmanager/tasks/freebsd.yaml
new file mode 100644
index 0000000..b8a0827
--- /dev/null
+++ b/ansible/roles/mrmanager/tasks/freebsd.yaml
@@ -0,0 +1,9 @@
+- name: Configure sysctls
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_file: "/etc/sysctl.conf.local"
+  loop:
+    - name: net.link.ether.inet.proxyall
+      value: "1"
diff --git a/ansible/roles/mrmanager/tasks/linux.yaml b/ansible/roles/mrmanager/tasks/linux.yaml
new file mode 100644
index 0000000..43ba876
--- /dev/null
+++ b/ansible/roles/mrmanager/tasks/linux.yaml
@@ -0,0 +1,29 @@
+# - name: Build aur packages
+#   register: buildaur
+#   become_user: "{{ build_user.name }}"
+#   command: "aurutils-sync --no-view {{ item }}"
+#   args:
+#     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+#   loop:
+#     - foo
+
+# - name: Update cache
+#   when: buildaur.changed
+#   pacman:
+#     name: []
+#     state: present
+#     update_cache: true
+    
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
+
+# - name: Enable services
+#   systemd:
+#     enabled: yes
+#     name: "{{ item }}"
+#     daemon_reload: yes
+#   loop:
+#     - foo.service
diff --git a/ansible/roles/mrmanager/tasks/main.yaml b/ansible/roles/mrmanager/tasks/main.yaml
new file mode 100644
index 0000000..6805b9d
--- /dev/null
+++ b/ansible/roles/mrmanager/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined
diff --git a/ansible/roles/mrmanager/tasks/peruser.yaml b/ansible/roles/mrmanager/tasks/peruser.yaml
new file mode 100644
index 0000000..111e886
--- /dev/null
+++ b/ansible/roles/mrmanager/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/mrmanager/tasks/peruser_freebsd.yaml b/ansible/roles/mrmanager/tasks/peruser_freebsd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/mrmanager/tasks/peruser_linux.yaml b/ansible/roles/mrmanager/tasks/peruser_linux.yaml
new file mode 100644
index 0000000..e69de29