diff --git a/roles/root_sudoers/defaults/main.yml b/roles/root_sudoers/defaults/main.yml
new file mode 100644
index 0000000..7c56d5a
--- /dev/null
+++ b/roles/root_sudoers/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# Enables a sudoer group
+# (Debianoid specific)
+
+root_sudoers_group: sudo
diff --git a/roles/root_sudoers/tasks/main.yml b/roles/root_sudoers/tasks/main.yml
new file mode 100644
index 0000000..be6e563
--- /dev/null
+++ b/roles/root_sudoers/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Install sudo on debian
+  apt:
+    name: sudo
+    update_cache: yes
+    
+- name: configure sudo to allow root access for {{root_sudoers_group}} members
+  template:
+    dest: '/etc/sudoers.d/allow-sudoing'
+    src: 'sudoers.d/allow-sudoing.j2'
+    owner: root
+    group: root
+    mode: 0440
+    backup: no
+
diff --git a/roles/root_sudoers/templates/sudoers.d/allow-sudoing.j2 b/roles/root_sudoers/templates/sudoers.d/allow-sudoing.j2
new file mode 100644
index 0000000..156bf3b
--- /dev/null
+++ b/roles/root_sudoers/templates/sudoers.d/allow-sudoing.j2
@@ -0,0 +1,2 @@
+## Allows people in this group to run all commands
+%{{ root_sudoers_group }}  ALL=(ALL)       ALL
diff --git a/roles/ufw/defaults/main.yml b/roles/ufw/defaults/main.yml
new file mode 100644
index 0000000..5283ab2
--- /dev/null
+++ b/roles/ufw/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+
+# A list of ports to allow incomming connections on
+ufw_allow_in: [22]
diff --git a/roles/ufw/tasks/main.yml b/roles/ufw/tasks/main.yml
new file mode 100644
index 0000000..dbc3dbe
--- /dev/null
+++ b/roles/ufw/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- name: install base packages
+  apt:
+    name: ufw
+    state: present
+    update_cache: true
+
+- name: deny all incoming traffic
+  ufw:
+    policy: deny
+    direction: incoming
+
+- name: allow all outgoing traffic
+  ufw:
+    policy: allow
+    direction: outgoing
+
+- name: allow incoming traffic for ssh and web server
+  ufw:
+    rule: allow
+    direction: in
+    to_port: "{{ item }}"
+    proto: tcp
+  with_items: "{{ ufw_allow_in }}"
+
+- name: enable ufw
+  ufw:
+    state: enabled
diff --git a/snackpot.yml b/snackpot.yml
index 25520f4..6e40c62 100644
--- a/snackpot.yml
+++ b/snackpot.yml
@@ -14,6 +14,47 @@
     docker_compose_base_dir: /opt/docker-compose
 
   tasks:
+    - hostname:
+        name: "{{ nextcloud_hostname }}"
+      tags: network
+
+    - name: install packages
+      apt:
+        update_cache: true
+        name:
+          - emacs
+          - strace
+          - nmap
+          - git
+      
+    - include_role:
+        name: root_sudoers
+        apply: { tags: root_sudoers }
+      tags: root_sudoers
+      
+    - include_role:
+        name: ufw
+        apply: { tags: ufw }
+      tags: ufw
+      vars:
+        ufw_allow_in: ["22", "80", "443"]
+        
+    - include_role:
+        name: mrlesmithjr.netplan
+        apply: { become: true, tags: [netplan, network] }
+      tags: netplan, network
+      vars:
+        netplan_enabled: true
+        netplan_configuration:
+          network:
+            version: 2
+            ethernets:
+              enp3s0:
+                addresses: [192.168.0.55/24]
+                gateway4: 192.168.0.1
+                nameservers:
+                  addresses: [192.168.0.1]
+    
     - include_role:
         name: docker_compose
         apply: { tags: docker_compose }