diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index 99fa7d23..9c167728 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -104,6 +104,7 @@
     - wireguard
     - emacs
     - mrmanager
+    - ndproxy
 
 - hosts: admin_git:public_dns
   vars:
diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf
index 064ce126..010b5070 100644
--- a/ansible/roles/firewall/files/mrmanager_pf.conf
+++ b/ansible/roles/firewall/files/mrmanager_pf.conf
@@ -70,6 +70,7 @@ pass quick on $allow
 #   doas route add -host 74.80.180.139 -interface jail_nat
 #   doas route add -net 10.129.0.0/16 -interface jail_nat
 #   ? doas route -6 add -net '2620:11f:7001:7:ffff:ffff:0ad7:0100/120' -interface jail_nat
+#   ? doas ifconfig jail_nat inet6 2620:11f:7001:7:ffff:ffff:0ad7:0101/120
 #   doas sysctl net.link.ether.inet.proxyall=1
 # Plus this in pf.conf:
 #   pass quick from any to 74.80.180.139
diff --git a/ansible/roles/ndproxy/defaults/main.yaml b/ansible/roles/ndproxy/defaults/main.yaml
new file mode 100644
index 00000000..0712e11c
--- /dev/null
+++ b/ansible/roles/ndproxy/defaults/main.yaml
@@ -0,0 +1 @@
+# foo: []
diff --git a/ansible/roles/ndproxy/files/foo b/ansible/roles/ndproxy/files/foo
new file mode 100644
index 00000000..e69de29b
diff --git a/ansible/roles/ndproxy/handlers/main.yaml b/ansible/roles/ndproxy/handlers/main.yaml
new file mode 100644
index 00000000..0d2f27ed
--- /dev/null
+++ b/ansible/roles/ndproxy/handlers/main.yaml
@@ -0,0 +1,14 @@
+# - name: restart foo freebsd
+#   when: 'os_flavor == "freebsd"'
+#   listen: restart foo
+#   service:
+#     name: foo
+#     state: restarted
+
+# - name: restart ssh linux
+#   when: 'os_flavor == "linux"'
+#   listen: restart foo
+#   systemd:
+#     state: restarted
+#     name: foo
+#     daemon_reload: yes
diff --git a/ansible/roles/ndproxy/meta/main.yaml b/ansible/roles/ndproxy/meta/main.yaml
new file mode 100644
index 00000000..43e965e4
--- /dev/null
+++ b/ansible/roles/ndproxy/meta/main.yaml
@@ -0,0 +1,2 @@
+# dependencies:
+#   - users
diff --git a/ansible/roles/ndproxy/tasks/common.yaml b/ansible/roles/ndproxy/tasks/common.yaml
new file mode 100644
index 00000000..bef243ab
--- /dev/null
+++ b/ansible/roles/ndproxy/tasks/common.yaml
@@ -0,0 +1,55 @@
+# - name: Create directories
+#   file:
+#     name: "{{ item }}"
+#     state: directory
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - /foo/bar
+
+# - name: Install scripts
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0755
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.bash
+#       dest: /usr/local/bin/foo
+
+# - name: Install Configuration
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ item.dest }}"
+#     mode: 0600
+#     owner: root
+#     group: wheel
+#   loop:
+#     - src: foo.conf
+#       dest: /usr/local/etc/foo.conf
+
+# - name: Clone Source
+#   git:
+#     repo: "https://foo.bar/baz.git"
+#     dest: /foo/bar
+#     version: "v1.0.2"
+#     force: true
+#   diff: false
+
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
diff --git a/ansible/roles/ndproxy/tasks/freebsd.yaml b/ansible/roles/ndproxy/tasks/freebsd.yaml
new file mode 100644
index 00000000..da952d3f
--- /dev/null
+++ b/ansible/roles/ndproxy/tasks/freebsd.yaml
@@ -0,0 +1,15 @@
+- name: Install packages
+  package:
+    name:
+      - ndproxy
+    state: present
+
+- name: Install service configuration
+  copy:
+    src: "files/{{ item }}_rc.conf"
+    dest: "/etc/rc.conf.d/{{ item }}"
+    mode: 0644
+    owner: root
+    group: wheel
+  loop:
+    - ndproxy
diff --git a/ansible/roles/ndproxy/tasks/linux.yaml b/ansible/roles/ndproxy/tasks/linux.yaml
new file mode 100644
index 00000000..bbbb0967
--- /dev/null
+++ b/ansible/roles/ndproxy/tasks/linux.yaml
@@ -0,0 +1,29 @@
+# - name: Build aur packages
+#   register: buildaur
+#   become_user: "{{ build_user.name }}"
+#   command: "aurutils-sync --no-view {{ item }}"
+#   args:
+#     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+#   loop:
+#     - foo
+
+# - name: Update cache
+#   when: buildaur.changed
+#   pacman:
+#     name: []
+#     state: present
+#     update_cache: true
+
+# - name: Install packages
+#   package:
+#     name:
+#       - foo
+#     state: present
+
+# - name: Enable services
+#   systemd:
+#     enabled: yes
+#     name: "{{ item }}"
+#     daemon_reload: yes
+#   loop:
+#     - foo.service
diff --git a/ansible/roles/ndproxy/tasks/main.yaml b/ansible/roles/ndproxy/tasks/main.yaml
new file mode 100644
index 00000000..6805b9dc
--- /dev/null
+++ b/ansible/roles/ndproxy/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  # when: foo is defined
diff --git a/ansible/roles/ndproxy/tasks/peruser.yaml b/ansible/roles/ndproxy/tasks/peruser.yaml
new file mode 100644
index 00000000..111e886d
--- /dev/null
+++ b/ansible/roles/ndproxy/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/ndproxy/tasks/peruser_freebsd.yaml b/ansible/roles/ndproxy/tasks/peruser_freebsd.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/ansible/roles/ndproxy/tasks/peruser_linux.yaml b/ansible/roles/ndproxy/tasks/peruser_linux.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/ansible/roles/ndproxy/templates/foo.yaml.j2 b/ansible/roles/ndproxy/templates/foo.yaml.j2
new file mode 100644
index 00000000..e69de29b