diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver
index 049a3c0..d95e459 100644
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@@ -22,6 +22,11 @@ jail_zfs_dataset_mountpoint: /jail/main
 jail_canmount: "on"
 jail_bemount: "on"
 jail_list:
+  - name: nat_dhcp
+    dataset: zmass/unencrypted/jails
+    enabled: true
+    conf:
+      src: nat_dhcp
   - name: cloak
     conf:
       src: cloak
diff --git a/ansible/environments/home/hosts b/ansible/environments/home/hosts
index 0bf6393..d1343eb 100644
--- a/ansible/environments/home/hosts
+++ b/ansible/environments/home/hosts
@@ -1,2 +1,2 @@
 [headless]
-homeserver ansible_user=talexander ansible_host=192.168.1.123
+homeserver ansible_user=talexander ansible_host=172.16.16.2
diff --git a/ansible/environments/jail/host_vars/homeserver_nat_dhcp b/ansible/environments/jail/host_vars/homeserver_nat_dhcp
new file mode 100644
index 0000000..1d0b6d9
--- /dev/null
+++ b/ansible/environments/jail/host_vars/homeserver_nat_dhcp
@@ -0,0 +1 @@
+os_flavor: "freebsd"
diff --git a/ansible/environments/jail/hosts b/ansible/environments/jail/hosts
index af5f04e..8e6ff96 100644
--- a/ansible/environments/jail/hosts
+++ b/ansible/environments/jail/hosts
@@ -1,2 +1,4 @@
 [jail]
 nat_dhcp ansible_connection=jail
+homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=sshjail
+nat_dhcp@172.16.16.2 ansible_connection=sshjail
diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index 623a887..258d15c 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -32,8 +32,9 @@
     - media
     - kubernetes
     - google_cloud_sdk
+    - ansible
 
-- hosts: nat_dhcp
+- hosts: nat_dhcp:homeserver_nat_dhcp
   vars:
     ansible_become: True
   roles:
diff --git a/ansible/roles/ansible/defaults/main.yaml b/ansible/roles/ansible/defaults/main.yaml
new file mode 100644
index 0000000..2da3041
--- /dev/null
+++ b/ansible/roles/ansible/defaults/main.yaml
@@ -0,0 +1 @@
+install_ansible: true
diff --git a/ansible/roles/ansible/tasks/common.yaml b/ansible/roles/ansible/tasks/common.yaml
new file mode 100644
index 0000000..fef1101
--- /dev/null
+++ b/ansible/roles/ansible/tasks/common.yaml
@@ -0,0 +1,15 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  when: users is defined
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
diff --git a/ansible/roles/ansible/tasks/freebsd.yaml b/ansible/roles/ansible/tasks/freebsd.yaml
new file mode 100644
index 0000000..03075b6
--- /dev/null
+++ b/ansible/roles/ansible/tasks/freebsd.yaml
@@ -0,0 +1,6 @@
+- name: Install packages
+  package:
+    name:
+      - py39-ansible
+      - ansible-sshjail
+    state: present
diff --git a/ansible/roles/ansible/tasks/linux.yaml b/ansible/roles/ansible/tasks/linux.yaml
new file mode 100644
index 0000000..bfaf17e
--- /dev/null
+++ b/ansible/roles/ansible/tasks/linux.yaml
@@ -0,0 +1,28 @@
+# - name: Build aur packages
+#   register: buildaur
+#   become_user: "{{ build_user.name }}"
+#   command: "aurutils-sync --no-view {{ item }}"
+#   args:
+#     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+#   loop:
+#     - foo
+
+# - name: Update cache
+#   when: buildaur.changed
+#   pacman:
+#     name: []
+#     state: present
+#     update_cache: true
+    
+- name: Install packages
+  package:
+    name:
+      - ansible
+    state: present
+
+- name: Install sshjail plugin
+  ansible.builtin.get_url:
+    url: https://raw.githubusercontent.com/austinhyde/ansible-sshjail/e712c537ecdfc7a660f222fbac4172dd715fc130/sshjail.py
+    dest: /usr/share/ansible/plugins/connection_plugins/sshjail.py
+    mode: '0555'
+    checksum: sha512:730c887ae7bbf2de34da44fb10a45fdeff649e3f2447df821c93ef02a21ecbef7db2fd57f1fc85fcd0b5b86fa30aa2b9ef143865d1e5086620c7dbe0633207cd
diff --git a/ansible/roles/ansible/tasks/main.yaml b/ansible/roles/ansible/tasks/main.yaml
new file mode 100644
index 0000000..4f8cc32
--- /dev/null
+++ b/ansible/roles/ansible/tasks/main.yaml
@@ -0,0 +1,2 @@
+- import_tasks: tasks/common.yaml
+  when: install_ansible
diff --git a/ansible/roles/ansible/tasks/peruser.yaml b/ansible/roles/ansible/tasks/peruser.yaml
new file mode 100644
index 0000000..111e886
--- /dev/null
+++ b/ansible/roles/ansible/tasks/peruser.yaml
@@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
diff --git a/ansible/roles/ansible/tasks/peruser_freebsd.yaml b/ansible/roles/ansible/tasks/peruser_freebsd.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/ansible/tasks/peruser_linux.yaml b/ansible/roles/ansible/tasks/peruser_linux.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/media/tasks/common.yaml b/ansible/roles/media/tasks/common.yaml
index 3062762..73ea98f 100644
--- a/ansible/roles/media/tasks/common.yaml
+++ b/ansible/roles/media/tasks/common.yaml
@@ -15,6 +15,7 @@
     state: present
 
 - include_tasks: "tasks/{{graphics_driver}}.yaml"
+  when: install_graphics # TODO: Maybe this should be when graphics_driver is defined to support headless casting
 
 - import_tasks: tasks/freebsd.yaml
   when: 'os_flavor == "freebsd"'
diff --git a/ansible/roles/media/tasks/peruser.yaml b/ansible/roles/media/tasks/peruser.yaml
index d48fda3..98b342c 100644
--- a/ansible/roles/media/tasks/peruser.yaml
+++ b/ansible/roles/media/tasks/peruser.yaml
@@ -2,6 +2,7 @@
     name: per_user
 
 - name: Create directories
+  when: install_graphics
   file:
     name: "{{ account_homedir.stdout }}/{{ item }}"
     state: directory
@@ -12,6 +13,7 @@
     - ".config/mpv"
 
 - name: Copy files
+  when: install_graphics
   copy:
     src: "files/{{ item.src }}"
     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
diff --git a/ansible/run.bash b/ansible/run.bash
index 8e33196..2f37517 100755
--- a/ansible/run.bash
+++ b/ansible/run.bash
@@ -24,6 +24,9 @@ elif [ "$target" = "odofreebsd" ]; then
     ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
 elif [ "$target" = "jail_nat_dhcp" ]; then
     ansible-playbook -v -i environments/jail playbook.yaml --diff --limit nat_dhcp "${@}"
+elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then
+    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit homeserver_nat_dhcp "${@}"
+    #
 else
     die 1 "Unrecognized target"
 fi