From f8ccf6f0534723987d82e0bc0b7820d958b966e9 Mon Sep 17 00:00:00 2001
From: xbazzi <codemaster@xbazzi.com>
Date: Sat, 12 Jul 2025 22:52:18 -0600
Subject: [PATCH] Out with NetworkManager, in with networkd

---
 ansible.cfg                                   |   3 +-
 inventory/group_vars/all.yml                  | 224 +++++++++-------
 inventory/group_vars/cluster_prep.yml         |  12 +-
 inventory/group_vars/prod-vm.yml              |  39 +++
 inventory/host_vars/pve1.yml                  |  20 +-
 inventory/hosts.yml                           | 109 +++++---
 playbooks/deploy-postgres.yml                 |   6 +-
 playbooks/export-kitty-terminfo.yml           |   8 +
 playbooks/prep-pve-for-cluster.yml            |   2 +-
 playbooks/provision-alma.yml                  |  20 +-
 .../apps/dbgate/defaults/main.yml             |   0
 roles/{ => docker}/apps/dbgate/tasks/main.yml |   0
 .../apps/portainer-agent/defaults}/main.yml   |   0
 .../apps/portainer-agent/tasks/main.yml       |  22 ++
 roles/postgres/priviledges/defaults/main.yml  |   1 -
 roles/postgres/privileges/defaults/main.yml   |   1 +
 .../tasks/main.yml                            |  10 +-
 roles/provision/alma/common/tasks/main.yml    |  20 +-
 roles/server/dnf/defaults/main.yml            |   0
 roles/server/dnf/tasks/main.yml               |  19 ++
 roles/server/firewall/tasks/main.yml          |   7 -
 roles/server/fstrim/defaults/main.yml         |   0
 roles/server/fstrim/tasks/main.yml            |   6 +
 roles/server/hostname/defaults/main.yml       |   0
 roles/server/hostname/tasks/main.yml          |   5 +
 roles/server/kitty/defaults/main.yml          |   3 +
 roles/server/kitty/tasks/main.yml             |  31 +++
 .../files/networkd.conf.d/10-routes.conf      |   2 +
 roles/server/network/handlers/main.yml        |   4 +
 roles/server/network/tasks/main.yml           | 176 ++++++------
 roles/server/network/tasks/main_nmcli.yml     | 250 ++++++++++++++++++
 .../templates/auxiliary-interface.network.j2  |  26 ++
 .../templates/default-interface.network.j2    |   8 +
 roles/server/network/templates/rt_tables.j2   |   8 +
 roles/server/users/tasks/main.yml             |   2 +-
 35 files changed, 768 insertions(+), 276 deletions(-)
 create mode 100644 inventory/group_vars/prod-vm.yml
 create mode 100644 playbooks/export-kitty-terminfo.yml
 rename roles/{ => docker}/apps/dbgate/defaults/main.yml (100%)
 rename roles/{ => docker}/apps/dbgate/tasks/main.yml (100%)
 rename roles/{server/network/templates => docker/apps/portainer-agent/defaults}/main.yml (100%)
 mode change 100644 => 100755
 create mode 100755 roles/docker/apps/portainer-agent/tasks/main.yml
 delete mode 100755 roles/postgres/priviledges/defaults/main.yml
 create mode 100755 roles/postgres/privileges/defaults/main.yml
 rename roles/postgres/{priviledges => privileges}/tasks/main.yml (82%)
 create mode 100644 roles/server/dnf/defaults/main.yml
 create mode 100644 roles/server/dnf/tasks/main.yml
 create mode 100644 roles/server/fstrim/defaults/main.yml
 create mode 100644 roles/server/fstrim/tasks/main.yml
 create mode 100644 roles/server/hostname/defaults/main.yml
 create mode 100644 roles/server/hostname/tasks/main.yml
 create mode 100644 roles/server/kitty/defaults/main.yml
 create mode 100644 roles/server/kitty/tasks/main.yml
 create mode 100644 roles/server/network/files/networkd.conf.d/10-routes.conf
 create mode 100644 roles/server/network/tasks/main_nmcli.yml
 create mode 100644 roles/server/network/templates/auxiliary-interface.network.j2
 create mode 100644 roles/server/network/templates/default-interface.network.j2
 create mode 100644 roles/server/network/templates/rt_tables.j2

diff --git a/ansible.cfg b/ansible.cfg
index 0b0a949..ca7e0d6 100755
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -2,4 +2,5 @@
 remote_user = ansible
 inventory = inventory/hosts.yml
 roles_path = ./roles
-vault_password_file = ~/.ansible-vault-key
\ No newline at end of file
+vault_password_file = ~/.ansible-vault-key
+allow_unsafe_writes = true
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 8f7e471..4c9b916 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,96 +1,130 @@
 $ANSIBLE_VAULT;1.1;AES256
-38333861353432643165366435353534316564346533666439376631373562366530386636623333
-6130343936376163336432366437623062643161636466640a383232343564636234376330323138
-37393731643030313230613363343639363737393364346231643835613532636530363964383933
-3834343936353965390a313439663463626461376461636462316237366430356437346164393034
-38633331646465666165343365616366623636613264663062613238656466326537373135393234
-38623034306461386132373262666532633562376532303762356663343930623464376661366238
-33373638386366643030366632636138653032633436373932613261656331633663643839306633
-39613136306130626635393333366136646665393932383563373739323730396633363334643639
-36323337336563616165626463306637653865643931613731636233313061616130623662393465
-63366131643135623337313735386566616663343263353561316132343138653761303436386433
-64653736616439623331373865383439343637343737313466363265333033663836633635623732
-30643137633738356665326138363734623766613462323831623931633163373933353661653434
-35343466363132663765623739336136656332333932303332363164366630376638353166316636
-31653133386461323532666661363865383430653230636233616238356431623462316133633239
-34316561333530353166626632653566333966326663383635323165356231386232346263363666
-61366430353239353732663437353165353562313438383063393935306534646165336232333861
-32633138323036323334343866333963353965303536373930336164323565333862353032336566
-39613263303966343337393165633866323233653132626264316238313131663961613037643865
-35376138643934383435636534343231303933396138643231613336613536333961333562343963
-31376438366438346231656364303535336465623237336263383761363630623632356335326231
-61366132613062353833613162623634383134666334366435646238343462396535336534316264
-35326461653331636462366536653430646438626562373635613464313031666434333732616239
-61383536623762653463363031343332393166646264663031656531363761666364653866326230
-33363264663366653930616133363539633463306434653732383435613430626439313935633162
-62323366653639343063353662383265626538646361383030396533366635353830383365636435
-36636433393635633237316131616630383464313535303137376131646566383366333935303830
-34663630613438613836393333626463623466393831303833626666636338356533616436636331
-32393665346538353539633634303161616662366433386139343034333963336630353634346232
-63333561326532336533326333613961643134306264373730346137653962663930326261333763
-32353264616333313263343964663465636235333438343334393963653530663130366133353031
-64626537663362316239643436646236636361656365373232663931613634333465643137313964
-31323464303432346337616530333135346166623561623531313561633533643161363930323265
-32363538323134383434316332383064663437653161316162636339663036316139633636646131
-34343939383935623333613835613431346532323530366331613065666566323731663336623137
-36653165623235343832653438393836353630663063613337346364393439303738656564626432
-64613863376463343433303933656163666532326430383863383636386331643265623963653730
-31666430303666373030343831383436376666346236646231346565643564656339326231383337
-32386239646634643261393531636666666637386633396136653661373835636237323031333434
-31633237633566313131306261613834356139306436393862333533336534383662663837626464
-63653831373235373638303864323531623965333662386239396637636562373632393365663062
-61333934613865626639393236303562643165316466386461636239373336623965333531303335
-63393030326230303537383431663634616133353734353835636565326261386165633730386665
-61363736653762326634316634663530306163366165303464373833633363613338383330353062
-62313331343830323063663363386566373964356566313638653331336366343236356565656331
-61326466653362326337626532353637636535373762383034653464313961353430666132376163
-63323636393331376565343037613631323130646466656531663335373461653063353166346336
-32613564373634663863343036623038656462643532653539396538646532383161333535313164
-66306532393137393736316330383466646265633539326437643039643037393735306136383337
-35353465643762313762653938376331356232356131336131616531303162383737623736363130
-38336634653564363564323964356564313665396461623836633533633534653961323632653766
-39383236663664643666333730623731663438326539346135326564326666396463323661393132
-35343862653264323564343730313938663664663035303332333163633137323661323431343138
-66336666386635643662323431626636636231666561396438336234366331616138323636336664
-36396133323937306463386261363766623366663965623361313264663861626161366166366237
-36393962613135326339623261333635326138336466306132333230643536376334386166346364
-61643231363737656131363935626433373164363161646365633536383563343936653333333832
-33383565346366616365363030646432363633663537316335376333313236616637633066333664
-63313039656664663664393633353466376264356161343532353838373366393835653134353438
-61396164636566313535656533396332316565336664363034353235643635616564663563633338
-32313662666566336437366666376630336466373831343431636662323431393061326139326537
-35303362366338383230643734333533323535303534303637623136613634333436656131376635
-30623736356634616366323563636535633530623435613634636662636436303337373762393734
-63363637323733306532343239303030626135663366333763623933613034333339323636653338
-37646665343632363466383762623763363238633265333166396165633461666662303332373164
-30356231356132323037396231613939353463656333613735376562323837323430623665373364
-63656238356161303462366130636236633238623861373830323237376563353934356239656539
-62346638643263383636666437646466393361366465366362336634663636306230373466366266
-38353133383937336336633239373739663731666162643037623630323739363464623763353163
-36653733663138386432323465383537383137623333333933366232323934623730613139656536
-39623564316135373830316238396664323663663137653130326163356566653630613662613638
-32626261383533393833633539633330383537323534346134366333346438323232336337623861
-35306632356165313063373738303130386436396532616365313633656637373362313639626338
-36616665386663303636323264623839303562303064306139333263343839323436333930393136
-36663531643363643537636437646266643032616437656239666539653163343935633366646534
-36623935356565653831366462653830393465353065386130303065626365663235366530303431
-63353635653163303138383163663931356139626264383331346532663961316261393832626430
-66303435393739303461363731363733646534363766626462333761623537343734343833393634
-31356537653630363563313539356535663032613538303264633864396365613366386366656336
-37643666636436626162636234333938303266393162393933393038366437613165366630386438
-37313634656632653238383134653039323739643366343631343530386237336139313164393133
-64653638363662333461323365333861396266653238306530613064316362663131633461366161
-32633835393832646530623033346238343761393036353137626463613139393839616432626263
-35663232323734333631613139666366666436653566653064393666356165336439303937326637
-36633438623933323964303065313332373762346463343263386439646533306332363136386434
-34363236383733323232306264613137383831633534666337356137316433656238363864646138
-39303661383963313833323330656666373536303931383464343036663035616630343063383139
-63653263323533303933653138666138336530633162653533336466353235366333643835313365
-38303462623430356339323731646238636663393838653466323030653866646435323636343337
-37316336383234323336383061666235663539616631663936613430313138643061393439383636
-31656535366361326566666264656465633337643365393765303732633238653231623735313638
-36303537393038306165393365343334373333393933356133313264396236623936343763366330
-37373262393230326132393237633335353964346434616137636662343635306632373532663830
-66333039613330306231363364323861363964313336666165616635363166623435636366343364
-64356364373832366435656539613238646538623035346434346364386434623461653763656135
-646161643166613037303031663863666465
+39616266383865336462366632626362363833643065393933373338613261373735643832386232
+6336303836636130346365356432643832623532633533350a626531303736363639356234633562
+30643465633332373232356630623366393232343166653633383165303535336139306332366438
+6165646636613135380a613165646136663365373030663662343935393564323761663661396365
+64373438333961303662346666383264383037386564623232623531636462336639363133333431
+33636133613665353066313264386666633763616566623334373232333330613638306264656461
+36306639363138636239663564343161303762373562626634303831613431373861633333326263
+36663733346132666234336232386636633031303663623236623434333532346533376139373261
+36393931393839663934363130626266383638623132303034643862623538643538383065623436
+34633938656466613436633561393165613863336332333166393565313332343230393866333466
+35343930366634646263396239363935313337366135656461656630346466663634616563616633
+30333463326330303032363830336337386431616662316461376565353565343835306464336636
+30623531366230316363393138343932656661343430623164393934333534633764393434323837
+35666233393662353337633136353832366366373265313834373837666635383232383637646333
+39623361626135316138373836633163313265663337333435643030313534643464646636363335
+35393939393733326661393533633766613133333034383864393730663863303536643963626438
+35363437373165383762333862653030333138353737646663616465646431653933313761366163
+35316632613434313239643934643061656164656135303032373332363166303561383932326531
+63346463343331656638386637303762303136313461646361343838613030346533656166396333
+36336334323433626639623737383564353263613364616239336239343733356233353034303135
+32356266653461646336363639303238323835316232316139366631356139353537393435666238
+32346439656238373735626137346332616464363864653963383535313137646666363534326263
+65663162633764646663343263346533363462333836623764643239646430636232636634393938
+62306465663338386337393562306565353163623832343532313263323537653938346562396661
+63643033646534656431303232613634333863343034373066346433346364633036306636616134
+39353830356138616366643931636134336264373635346662396564363038396465386664356336
+30343737613933653631353561636630366633633533336437323031383434643832383264326135
+61343361336430613261666434386266633133333463623638363633306438303232376566336134
+39626461313633656363363661623437303263353233396335663236363730323038396539306266
+37613362643761663661663162613861373261373365376230343737326239323631373537613939
+65303865633931326335303131666161616262306335666639626137323763316562633035376530
+64633532356339313333373435663832663138656132323565633431363631326632383365353361
+65366433323661386465656631396537653738373566356165336337313865383438393831646339
+38343436633263613363313431623765353763376436633035356134396432646466383865323435
+63653066643230326466333066336435343536346566366264386234376462383230366435373237
+37323536343637393264353762613964613335663830623631663364646337326232633462623930
+39383263336266373839643430646331386365326135626231656638373164393062653331643161
+30393732376239396366366334393164333663333435626530386134613162646531623538383931
+37356539666239313332663330653762323232373332376461633936326464323963316136383562
+38303133333466303430626531303762303264636134373935363538366461393831623064656235
+65306261393064633637636266343964373063323536663864353838326138383635363965656233
+37343763353463356630343766383661313665313837663766353638303939333763323436333332
+37333334633463303063623530653261316563666237623266643065306464333238316639366637
+35653562313562333962633939336263666539373935373339633531326533633537633434326533
+63633466653931393733613061373130623565613466616132343066626532376531643939346261
+38623866396264353130636438356134623937653938323837613266623934373531323837646633
+38373334343834663537323566373734626638633836393963323830396639383939376433363766
+31353330643434313630306465303462383038353161393966316434616162393064623330343364
+62626634666232633032663730396232646662346365316236623239353037323137343562613533
+66393132333539323032623734623339326265643839313131386163633833306633386430393362
+36613738383131646530626235393832623261313431366432626539633964643531313965656132
+34383565663434333364353930613765353839313331326366653639616337366438656436383539
+66316235383032636163366361336432656263623166663537343039633161393764383162323137
+34363163346630646363363930333032383137356164653537623539376163366231363664303764
+34656564643833353464326539333737356335376330363031383738306237313934386434343466
+63303439356637373032393663616366353236663834393363613266313535663535613735393731
+38323930333465623434363461613631386238386537356330393461633437303064666261633535
+31616530616438633264626665336362646336353633656231613238353163613638393439653765
+37343433633738616537373835326265656264333561376538313236363434303666363134373438
+33373139363130343733623165393565343637333561623531343730303465313635323264306363
+34343232303233643938626537376333393561386361306439373836633338666464303134396131
+38663137386436363965306265643262353834303765363463386331306333313262363331386432
+62363062326335626264633461363338636562643534336464653738326235633534343461306331
+35376161383534666333356538643837343233643131626433376232313361633034353064343263
+61343965343137383737646232383733653933376463613561303136663135646266313864373438
+61373562363830323130363161343861333964613239393333646364363437376561656463656639
+35656635393732633064613464613331646263396566383836646163386330346162363334646365
+30313335383839303535303833633561363538313133656566353130366638363761633038363562
+34323933313137643837326136653931656661613462393763373832633432393737383631336366
+39393066633638396237373936633931643133366365653032373235633861396465633064343562
+31393635323161363532383364353631616539396432356230383636653435663865373839396462
+39343732326630306534623466333937336530636636636564323762303462646264623036653834
+39663131343762333939343136343965623634633366346239303131346638633837373534666461
+39313436333966656334316461626137353030326533386631353639316264663839653563633635
+36623563626365653338363530616666333030306662626661373063386135636461333231646430
+39383737373761363039646666313461633763316463656134623661613631656466376332616239
+63633930303030633236396664633532363936363735396664656137333831343336623663333037
+33333564383262316436323863396235636337653837376366363539343064366437323366393164
+38373262623130623238326661636630383432656261343264313663326539363962356134393266
+64633636363661336433633662316366613531376632373532626438643336396233353038383662
+64333734653662663666363264363431643534616636626263303638393864613062323364353131
+36356637336138663135306635316666623137363931643734393734316238663661666563343931
+36656463643833653837633539326565373933336634626663333864383866613366613966353636
+63653263626235313635333764303139356162356335666430313038646538303464396631356439
+65363734393230333837633334313762366638366231383535383132353165373063343731353864
+37313463653437326231383338666434323035373664393730326632386533666234623131356263
+65653931663232356663336537636531363835336633366264666162336233633338653334623530
+36636266626630666333313034353262663164363638323335393766373961643366646138653634
+36656131393435623337623663326663313139633862663833663438343463626231363635383834
+34643166653830343235316561333866653536323833353061343737386330303837633233643230
+39643436386562333536376230353865626563393266323737303237303362346463373232383232
+66633939303536343638313132346231386265346232613134306330653934356130626333376662
+66623661353436653263653638626138656331666333653431333661383364313530623437353766
+32636564383132613336303830343164346165386166656433623666363333636532623765623261
+36626466343161363030353036326566646363613238663262653632323137646165316362346161
+35396232666539343366373230393466396434353263383138396662343165383566346537666330
+64316434383938306561353164666534313038653963303330366362363233386638386466353539
+35396266373663343863356538333963363934653439623965376533383066393234616534323565
+66336562353634313139316230646531653432336130363838616434353663653261383061383736
+31376432383531333231396336363936373031313062393437363637336538613431653237353866
+64663630346333333730613765346266663639633766353533343263303166616465623162383530
+66353065346139316635626630623838393166373163313064373637333038333662666363343961
+34343265366539366632613139633339333437663533356538303062393834306335376537326563
+35323137386439303332303032346366656164356634633139353339343731613862396132323464
+31376333656364373361396461386538643765613636323236663736303633643663323163313136
+64326338646639336462306261633535653237333432646238656636303837343134353534363962
+30613132376336326234396138323331613536626663346433393739373761363462373865323931
+63333166623637643033383332393933333137656437366633306232666332626239373065366437
+65633636343263333664336264366237396639663530343965623564653938383032616465643333
+36383933613163626531343762363739353761306630616539666561363834616335616130653039
+64326133623034636133376164663439306539383332373337393864306663366630333337636633
+61623931663237333566663035373965663538666630383934656139643237643733303035303534
+61386662626162616635333739386131623130326165663162333230336666393564303738353265
+38363039616161396534373638633366633432386534363765326134353131303061303965383161
+66623930363831343837303062326433323237306335376331633536626263656338313464323637
+37633563303566396232616432386466666235646631616134643662643664366630343534613632
+31353561623663366237653564626233653136363665646530643563366332386566653965346164
+35356339626365623235306231336634626233653635626235313638396135623437393061653661
+38326636663733663632393561303062613635346237346562666233636563313166623935336631
+33353139633534613333353339373636323563366465383037626537353437396530316235613439
+63306332343038633633366262653732366534363035363564386461303363383763643031373139
+65613930343937306639393130646366333835353463626238336533343030386134323135343131
+37356266666562376431643564643731623439616533353536626461643130363764323262653636
+30363961616636656362633731643563313432316363373461363532366437666133373438353839
+33373564383231343936353262383164636336353462303739653135643934386263323061643939
+32643931333030663134636638333561646232353663343761323138626539336431633539363937
+38643435373539623961386135613232616466653665323231383631383462613565363265376261
+63383934663662643832343835626364383035313663666561653233653430346661343936616164
+38333463653034393965613338313336396666646236316338383065333733386633
diff --git a/inventory/group_vars/cluster_prep.yml b/inventory/group_vars/cluster_prep.yml
index 96d1b46..d9ac3f6 100644
--- a/inventory/group_vars/cluster_prep.yml
+++ b/inventory/group_vars/cluster_prep.yml
@@ -1,2 +1,10 @@
-iscsi_target_ip: nas.lan.xbazzi.com  # TrueNAS IP
-iscsi_target_iqn: iqn.2005-10.org.freenas.ctl:pve-iscsi
\ No newline at end of file
+$ANSIBLE_VAULT;1.1;AES256
+65353761626163643330363566616138653361623139306463623964303730396633316665346161
+6533653962353462333566363530653237646539336165660a613565643063393962646265646634
+62383133396338646564323335393832636165316262633466376462643737613939353433643764
+6337616265353435630a333063653137626437373833383966373164393537653839336161383266
+66343266316664663639323630323135363034343031353030323832333437303964313465333233
+62383731613066366262353063306262326431663937316135396465646433613965373237353062
+39626531303539386330653864353236393566626533303864336633303866323761306562383838
+64386534313331646632613031653735326365656235343862613765646365616665396233343862
+62303335646536393030343463306231376466396639373364626336303639363665
diff --git a/inventory/group_vars/prod-vm.yml b/inventory/group_vars/prod-vm.yml
new file mode 100644
index 0000000..4bee301
--- /dev/null
+++ b/inventory/group_vars/prod-vm.yml
@@ -0,0 +1,39 @@
+$ANSIBLE_VAULT;1.1;AES256
+31313561353530643630326363363839636465303566643435316132663163343365303430636461
+3830656432383635326262363564653034626338626465650a363766373965393238326632323136
+36656536613736666532386636323533646331333437643437353230636139623637363263636562
+3766663535386232340a356164306633336366623065323632623638356536373364306236613231
+31366361373763326561343562616462663066303634633466616164333265366539383366343261
+38626632666564666539376631303835316531313436616533343864316131323564303666633737
+61343333376235303637653632393636326333383737306439393664343031653434666130626664
+32363662353566346164386137633033663738393936316662633030313763316236373833366636
+32333264383161653931376235316235386333323866633531656561646531383036623565313534
+32343463313639653730623135313661316434613666393931306165333262306635386635326664
+61346336393131656663653363333563326663336366643639626534346161643864643366626338
+33643162653731366332333232363433306332633763623631653064643539326561313631656434
+63313366633834356634386362363334303562656565623539633535636437356366633236613435
+31633231613663393234373733643737366334356534383430656536343465333965383431313339
+31646161333766393965316236373431653737376263383865383338343665653031616533323235
+32646334636661333565623462366463343737636634616134376637373930633361663762663630
+66393037306631373662626364663834303765626534363033653331626234623661623033626364
+39333034353762396664386431313263653161306137323836653635343966656133353463363637
+36666130343665636332393532323265386138613063383066636230363839643336306434346137
+32616566666632643335613432633636653261383439326136333833623064643061383065346365
+37626334353432613835386138623166366162316261333234363262336564636639356330376566
+31656432653564363764383935353130346439663633313661393232626339616263303962363961
+37383539663139303464326566303066356463346636313834626166613232616664323831366637
+34616266333933346333316634303262383938613436333630393133393566656530303461313332
+36303363313561613264346663656636663033653563303436316665336532343037613765656565
+38363132616666363766366238643639373136626662353137633936333364616262623432386237
+36636163363935376363366664373835356535373433343036373137646330353635373931656665
+30366535353435353338383461343036323764393365353230363735656337663135306337633035
+39356565616338346332633633653433363662383037613533666536666632333639623332316339
+34376435393435373238336135636431323436366533363239366530663632356436376266633061
+62306662316230306164343932353137316266643234363335333235653637656239383439363465
+65613833666264656463623963306233366662353536666233643038343731663238643461373666
+63346131363035346136366563303236313664636637626664316666623361623162623730663834
+31383736663438383839653434623766643736326463633166303163306336306331376634333666
+39653839336637346266323363336265346630613032633734343632643362333139346237396434
+65613165383135653536393232353033356363373432613831333932623165313432616132323630
+31353537366230343339303661623837306566316534393739393430636362623361373337313530
+3461383431616534646339643330653734346434663230626235
diff --git a/inventory/host_vars/pve1.yml b/inventory/host_vars/pve1.yml
index 57d1b8d..718055e 100644
--- a/inventory/host_vars/pve1.yml
+++ b/inventory/host_vars/pve1.yml
@@ -1,11 +1,11 @@
 $ANSIBLE_VAULT;1.1;AES256
-61636264373765333930663036663164363332363765353836326361383438303065623938353338
-3861383264346132613466666363623562383437643464640a343830356164323732313631666532
-61646636633062333539393266366537613037646137376463343638356562383538376534376533
-6361373233623565310a343466666233623138316439616239376266343932616366636232633735
-32623335633732653637336163666265383066303565386261353539656333656337393530323639
-65313233376434343761653264626563653031623236616362396262643463656535613237383435
-35343439643330343362333362396338646162313063623334326264316235636333376434626535
-34353332653138653765323936346536323038366238323932393335363762623237653962616664
-37653963633936653866656537663435333731343937616237353734383537316361633836363666
-3064366264653335663331383332656638323335633731353531
+63376135396163393863613564316331626339613064323733353633626463313863383736353330
+6666656566613832336431343433356134396530383939370a383437363631393437333065336131
+32393234343432663636653665646538656133396665343833363935666264613963373638356438
+3333363762383066380a356632336439363761363461333662373938306537366436633436646263
+30376638343566353331303638643132383636663236373031306438386564313236613930343665
+62383262643831626132393635336536366133333031333864613039303838356435333830316331
+39353432366666366261336465386461333630313232656137666665336633616266353961643230
+30336230353835383262386262346339336436383336336162343461326161663038623634613064
+61646436373437313564396266303763656536623765663635656138653361616436316337663865
+3162396165643365626339363638656262373335393334373836
diff --git a/inventory/hosts.yml b/inventory/hosts.yml
index f271aea..6bb2f3e 100644
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@@ -1,36 +1,75 @@
 $ANSIBLE_VAULT;1.1;AES256
-64363164666338376439386465623133383736636361353661303464666164616232366431626333
-3437666365663839343866613537323366333564646234350a363434303639333535643039313039
-61306663306134666139303061316163323033353366386233643039613365386536333336663864
-6463316237376364660a313639623233326634366635313962373830393165343130363337353135
-39616535373561353064373139356362663739363138326237393630326535353961623733323766
-61366665346365626637626531666434336366643061663363323237613065613638353731663834
-63386361646161303339653433316232323135323561363161643833373865366162316465383930
-66346466346433643264633162326665613731383036616437643537383833616262646331356638
-61336331636334343465316366323861326365386136303565363564343438613866326162613930
-35643230316237383865616164653038306339306130316534303230383966353934356366633961
-64623761646138633931356230633961353361376239656364326338646436663831323631346531
-37633261646635633665663037663733313332396666636435383166343262663834383633646335
-39383137383436643865383065613533636132326331303731306465636465613136646462643336
-63386635346534343961626339393330633638633263326131313065353164353833333833326164
-36613462393334333166613765343938393132363165316532396237636137323262616631393930
-32323437316430306532653937613937663963613738323231366565313838656434656532623062
-36633561376536373036323330623539383763306561383136633434623062376266333361306266
-35333431626230316630626663376462653838656330376266396664323238323234306362343633
-66333463646665306561313033313464633231316366633031303863636264333363366666376163
-31663464643331666461353331663936656539616235353530366238326333663966386639353334
-65626330613330303930643835393365383739313831333235633261356331346161333765323335
-39393534393166383161376530623739336635303363393633653666633363656334653961643964
-65373237333338313162626636366264356663616261633734613330626562666538313165663562
-33393336613963353330336238656433613363306535323930623037663463613136643735613337
-63396334626334373737663461386663653865626136353761666531623563643465356366666266
-32393536643638303862353234366233323566623862316636323866323336366434376463306661
-31313133313639313635333335643836373437306535383734373031306539643738326238373366
-31393734383738636333643437393238336365376332643861636435303036653065613164363031
-63373632343634303236653036636134306237663462633861366630633034333832646362303236
-32636166366430343063316333636134616236373866373865316261626239376639366537306461
-33636265313262366264306331313039363734633766323932363465353032633764373332326466
-31363034326161643062343230333435343435623336653163323365363233643231306538373939
-35643338396661356332343431383232376238626434613462306437653537343530643030333735
-38393532303533323430373066343938396533656564663731393738363863663864356462663565
-656438663662326136393134643136663737
+38306461396530653165313836363332613036356566383265636266616662306364633762306637
+3562656663366234303066313734396163663633356230360a383961313938333664653331626538
+31353065373963653938653966373835363439633533383065386264303566646237356637303438
+6662306636323630360a323731303661393630363638613865373235323766613765346530353734
+37363863653266623136346663313937383539613433313930643063396435386362343436386561
+64373665393763613135663163613834356536346165666263343136313638346266613638326430
+64376336366634326639633536323032366531653038366663363734666231383635393765383736
+63346338326463633865376635323434346265656230306262396364623236613039383530663964
+34396135323863366235323632666138316134393639386166313732643435366564666561666634
+39656461653933366336346532326565373430616363393436633364316565383339336361623438
+34623364326434666563393035636234383362356537326562383434646634643265613838303164
+33666634353334303738306164316462353365376432656438626435666533363635343332356338
+64396634396233633030383064326233323962613937363935306235626338316664663466383939
+66663939623838313266346339663966363132396364363832633637336161373766613166666266
+34663834373339346166643664656266343162613731303530366536623831646462663937656538
+62623237616337343465626532363639303531343535633738383266366338623166383434326631
+64373335383966333561666531646431313939356661383431353531616630306262633435396535
+39353333323437386563663463306664653664393431623836333834613334326531316661386462
+37366132393132323336653536653037656333333038363033626232323363366661616361636333
+34623733373633373338343438633464323161353838633039303762346136656666643234626332
+38616238643730326434363832333634353932636235396332306463353164643835313130303964
+33316463666135366433326564663934656337656563623439643162303762393339306535633735
+36636532343435323362386463386163303737343933623839306233306138636362643838346564
+37383935386638343262336139373135343137636339643333343730313563666634313262623836
+34616634336235316532333934663732376634643238303465643763633333636466663733333635
+61306537373162306137636335646663646134656366636635633437356366636134636439633936
+64363136313732633566613264306432633234623561306562313863633237633265366637346265
+35393161376332363038306430313037383832373138333431653266346566333766616139316661
+37346436356433623535376664313937363263363531616363333738366431326361303062383335
+63633263613964633137613363313630323066353265633636623763643530333764376664613066
+61666565333035373562323433343362306166386330356430373039633864656136643133633466
+36386638313238353737333565306132313135326234316134656365303930366164373564363730
+63656261613231336332663631343863623235376634663332643563343263623038633863323764
+66353466343434346136333562653665306164633133386431383638346461363838393363633432
+39656639393531303562323630663464326262623464653631313134643664653361653565666462
+35313162396463343464336466613362303566646665373033656362343464663262656239333365
+36633035633462316166393934333238303931616631363933363766636634663437336563313863
+32353062646263643966633839643931353562383330353461643765646266336634363333343064
+37653138326163323865626536643762393234343166666362643431663132393236313637396164
+66326538643838323765623931393266396431393139393766323164383031633062663761633438
+39373936393964626630383230636165313937393139326236633632386164386361346161393731
+38323765393562356635626434343437663165373163643765663834636362353532633262303838
+64396664333739313832323836396161646536626138313362376663626238366161626561666132
+39343764633762653234633764636239303139313731616639613532323163643534363130376433
+61343234386532346633623537643461666562653938396262653734323231623064303439316464
+63376561316562343066313730376631393032343539313832366365376131313862653966376532
+63653835646538383466656165626136363061633366376164666462383837643931363764323832
+34313762663836363433666138343033353432326232383037346130633833346563353463333736
+33623463386365336666353963633963323034633637623363333163346664663437646338356362
+31363833373463633033386231653035383161613435346463393433336436373332306634323232
+37663336623735626532363066303162383563643939323335656565633630646239356339333036
+61303339346431306335323364663764303232643637303666613330373735303365613738653662
+39663866323237333739623466316131656437643561623837346336373836353966393663343065
+32343831323132323430653563366261313036616430663339343336376564383766376165626362
+35656665643161376234303835373566363131343036363033643935313531343439323464623764
+39636562303938646466346462383537646566363034313261616635386339623233363431626631
+36656263623963356332353532613738623935363961623763393536356162653639633763656164
+35316138366164396637316335656332623266316232343439336332653862373535646166393563
+66306132653333353562626663313466623335623238616234633563326565653432343337393832
+30616434643264643937623337343333626265336437613364373064333934663338303331653266
+66323439306333356433323030393361316533306665633639363032366638356663323064303539
+65356365323966366366613836613131386663616163616464623238613038646530373032653666
+32643334323936353536636263333866396665386331363332653435323730313763333732346265
+37623433323939393263666165666231643731343235623063333037626432356362323265366461
+34323237306537633630363237323363386464366331333832663132313832353534393736363237
+33666439643136653966386630326566356462373537626161306464633363383831396233356465
+38623937303137316339326164363431303931633266316331306263313934376363626662346638
+61383731373064336431643339356465316662376166303732633765303438323333373133643535
+30626133343863383961663330653230656565626663303936633037643763303234336562396435
+65666331323739646531306538366232363034626431633765313739376363313664626566346562
+38653262623131646233346361646632663436366230623066613963653035353835343439643833
+30356237333034336331363830346566313433613836393663363937353366626166663233633563
+30666134343239633035616366353061313937336433353466643631346632643263323535356235
+3434393032383433326532376663653064363639303430643937
diff --git a/playbooks/deploy-postgres.yml b/playbooks/deploy-postgres.yml
index 2ed19f5..cd8a472 100644
--- a/playbooks/deploy-postgres.yml
+++ b/playbooks/deploy-postgres.yml
@@ -1,6 +1,6 @@
 ---
 - name: Deploy PostgreSQL container
-  hosts: prod1
+  hosts: db1
   become: true
   roles:
     - role: services/postgres
@@ -8,9 +8,9 @@
       vars:
         directory: "pg-dev"
         container_name: "postgres-dev"
-        port: 7000
+        port: 4000
     - role: services/postgres
       vars:
         directory: "pg-beta"
         container_name: "postgres-beta"
-        port: 7001
\ No newline at end of file
+        port: 4001
\ No newline at end of file
diff --git a/playbooks/export-kitty-terminfo.yml b/playbooks/export-kitty-terminfo.yml
new file mode 100644
index 0000000..2d3ce28
--- /dev/null
+++ b/playbooks/export-kitty-terminfo.yml
@@ -0,0 +1,8 @@
+---
+- name: Export kitty terminfo
+  hosts: prod-vms
+  become: yes
+  vars:
+    ansible_become_allow_unsafe_writes: true
+  roles:
+    - role: server/kitty
diff --git a/playbooks/prep-pve-for-cluster.yml b/playbooks/prep-pve-for-cluster.yml
index b4d3bc5..ae92158 100644
--- a/playbooks/prep-pve-for-cluster.yml
+++ b/playbooks/prep-pve-for-cluster.yml
@@ -2,4 +2,4 @@
   hosts: pve-nodes
   become: yes
   roles:
-    - role: utility/cluster_prep
+    - role: pve/cluster_prep
diff --git a/playbooks/provision-alma.yml b/playbooks/provision-alma.yml
index b4bbcff..e8b4b5f 100644
--- a/playbooks/provision-alma.yml
+++ b/playbooks/provision-alma.yml
@@ -1,13 +1,21 @@
 ---
 - name: Provision AlmaLinux 9 VM
-  hosts: staging-vm
+  hosts: prod-vm
   become: yes
   roles:
-    - role: server/users
-    - role: server/sshkey
-    # - role: server/network
+    - role: server/hostname
+    # - role: server/users
+    # - role: server/sshkey
+    # - role: server/dnf
+    - role: server/network
     # - role: server/firewall
     # - role: provision/alma/common
     # - role: provision/alma/nfs
-    # - role: docker/install
-    # - role: server/reboot
\ No newline at end of file
+    - role: docker/install
+    # - role: server/fstrim
+    # - role: server/kitty
+    # - role: server/reboot
+  # tasks:
+  #   - name: whatever
+  #     ansible.builtin.debug:
+  #       var: "{{ inventory_hostname }}"
\ No newline at end of file
diff --git a/roles/apps/dbgate/defaults/main.yml b/roles/docker/apps/dbgate/defaults/main.yml
similarity index 100%
rename from roles/apps/dbgate/defaults/main.yml
rename to roles/docker/apps/dbgate/defaults/main.yml
diff --git a/roles/apps/dbgate/tasks/main.yml b/roles/docker/apps/dbgate/tasks/main.yml
similarity index 100%
rename from roles/apps/dbgate/tasks/main.yml
rename to roles/docker/apps/dbgate/tasks/main.yml
diff --git a/roles/server/network/templates/main.yml b/roles/docker/apps/portainer-agent/defaults/main.yml
old mode 100644
new mode 100755
similarity index 100%
rename from roles/server/network/templates/main.yml
rename to roles/docker/apps/portainer-agent/defaults/main.yml
diff --git a/roles/docker/apps/portainer-agent/tasks/main.yml b/roles/docker/apps/portainer-agent/tasks/main.yml
new file mode 100755
index 0000000..a18e91d
--- /dev/null
+++ b/roles/docker/apps/portainer-agent/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Pull Portainer Agent image
+  become: true
+  community.docker.docker_image:
+    name: portainer/agent
+    tag: latest
+    source: pull
+
+- name: Deploy Portainer Agent container
+  become: true
+  community.docker.docker_container:
+    name: portainer_agent
+    image: portainer/agent
+    pull: false           # we already pulled above
+    state: started
+    restart_policy: always
+    ports:
+      - "9001:9001"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker/volumes:/var/lib/docker/volumes
+      - /:/host
+    timeout: 120      # wait up to 2m for it to come up
diff --git a/roles/postgres/priviledges/defaults/main.yml b/roles/postgres/priviledges/defaults/main.yml
deleted file mode 100755
index 84dc138..0000000
--- a/roles/postgres/priviledges/defaults/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-priviledges: ALL
\ No newline at end of file
diff --git a/roles/postgres/privileges/defaults/main.yml b/roles/postgres/privileges/defaults/main.yml
new file mode 100755
index 0000000..ec69f1a
--- /dev/null
+++ b/roles/postgres/privileges/defaults/main.yml
@@ -0,0 +1 @@
+privileges: ALL
\ No newline at end of file
diff --git a/roles/postgres/priviledges/tasks/main.yml b/roles/postgres/privileges/tasks/main.yml
similarity index 82%
rename from roles/postgres/priviledges/tasks/main.yml
rename to roles/postgres/privileges/tasks/main.yml
index b47041a..0f8e3aa 100755
--- a/roles/postgres/priviledges/tasks/main.yml
+++ b/roles/postgres/privileges/tasks/main.yml
@@ -7,22 +7,22 @@
     objs: "{{ database }}"
     privs: "CREATE"
     role: "{{ user }}"
-    state: present
     login_host: "{{ pg_host }}"
     login_port: "{{ pg_port }}"
     login_user: "{{ pg_user }}"
     login_password: "{{ pg_password }}"
+    state: present
 
-- name: Give user full priviledges on database
+- name: Give user full privileges on database
   delegate_to: localhost
   community.postgresql.postgresql_privs:
     db: "{{ database }}"
     type: schema
     objs: public
-    privs: "{{ priviledges }}"
+    privs: "{{ privileges }}"
     role: "{{ user }}"
-    state: present
     login_host: "{{ pg_host }}"
     login_port: "{{ pg_port }}"
     login_user: "{{ pg_user }}"
-    login_password: "{{ pg_password }}"
\ No newline at end of file
+    login_password: "{{ pg_password }}"
+    state: present
\ No newline at end of file
diff --git a/roles/provision/alma/common/tasks/main.yml b/roles/provision/alma/common/tasks/main.yml
index 6a700bc..9aeb187 100644
--- a/roles/provision/alma/common/tasks/main.yml
+++ b/roles/provision/alma/common/tasks/main.yml
@@ -4,11 +4,6 @@
   register: output
   changed_when: output.rc != 0
 
-- name: Set hostname
-  ansible.builtin.hostname:
-    name: "{{ provision_hostname }}"
-    use: systemd
-
 - name: Upgrade all packages
   ansible.builtin.dnf:
     name: "*"
@@ -40,17 +35,4 @@
   ansible.builtin.dnf:
     name:
       - '@Development tools'
-    update_cache: true
-
-- name: Install baseline packages
-  ansible.builtin.dnf:
-    name:
-      - vim
-      - curl
-      - git
-      - bash-completion
-      - firewalld
-      - fastfetch
-      - btop
-    state: latest
-    update_cache: true
+    update_cache: true
\ No newline at end of file
diff --git a/roles/server/dnf/defaults/main.yml b/roles/server/dnf/defaults/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server/dnf/tasks/main.yml b/roles/server/dnf/tasks/main.yml
new file mode 100644
index 0000000..d9281dc
--- /dev/null
+++ b/roles/server/dnf/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Install dnf packages
+  ansible.builtin.dnf:
+    name:
+      - systemd-networkd
+      - systemd-resolved
+      - vim
+      - curl
+      - git
+      - bash-completion
+      - firewalld
+      - fastfetch
+      - btop
+      - kitty-terminfo
+      - bind-utils
+      - nmap
+      - tcpdump
+    state: latest
+    update_cache: true
diff --git a/roles/server/firewall/tasks/main.yml b/roles/server/firewall/tasks/main.yml
index a742df0..f77d7d7 100644
--- a/roles/server/firewall/tasks/main.yml
+++ b/roles/server/firewall/tasks/main.yml
@@ -32,12 +32,5 @@
 # - name: Remove ens18 from public
 #   ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18 
   
-# - name: Assign interface ens18 to "internal" zone
-#   ansible.posix.firewalld:
-#     interface: ens18
-#     zone: internal
-#     state: enabled
-#     permanent: true
-
 - name: Reload firewalld to apply changes
   ansible.builtin.command: firewall-cmd --reload
diff --git a/roles/server/fstrim/defaults/main.yml b/roles/server/fstrim/defaults/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server/fstrim/tasks/main.yml b/roles/server/fstrim/tasks/main.yml
new file mode 100644
index 0000000..cd3d18b
--- /dev/null
+++ b/roles/server/fstrim/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Trim filesystem once a week
+  ansible.builtin.systemd_service:
+    name: fstrim.timer
+    enabled: true
+    state: started
diff --git a/roles/server/hostname/defaults/main.yml b/roles/server/hostname/defaults/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/server/hostname/tasks/main.yml b/roles/server/hostname/tasks/main.yml
new file mode 100644
index 0000000..b956bcd
--- /dev/null
+++ b/roles/server/hostname/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Set hostname
+  ansible.builtin.hostname:
+    name: "{{ hostvars[inventory_hostname]['hostname'] }}"
+    use: systemd
\ No newline at end of file
diff --git a/roles/server/kitty/defaults/main.yml b/roles/server/kitty/defaults/main.yml
new file mode 100644
index 0000000..5637f0b
--- /dev/null
+++ b/roles/server/kitty/defaults/main.yml
@@ -0,0 +1,3 @@
+users:
+  - xbazzi
+  - ansible
diff --git a/roles/server/kitty/tasks/main.yml b/roles/server/kitty/tasks/main.yml
new file mode 100644
index 0000000..ece036e
--- /dev/null
+++ b/roles/server/kitty/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- name: Copy pre-generated kitty terminfo to remote users
+  copy:
+    src: /home/xbazzi/.xterm-kitty.terminfo
+    dest: /home/{{ item }}/xterm-kitty.terminfo
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: '0644'
+  loop: "{{ users }}"
+
+- name: Upload xterm-kitty.terminfo to each user’s home
+  ansible.builtin.copy:
+    src: "/home/xbazzi/.xterm-kitty.terminfo"
+    dest: "/home/{{ item }}/xterm-kitty.terminfo"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: '0644'
+  loop: "{{ users }}"
+
+- name: Compile terminfo for each user
+  ansible.builtin.command: >
+    tic -x -o /home/{{ item }}/.terminfo /home/{{ item }}/xterm-kitty.terminfo
+  become: true
+  become_user: root #"{{ item }}"
+  loop: "{{ users }}"
+
+- name: Clean up xterm-kitty.terminfo from home directory
+  ansible.builtin.file:
+    path: "/home/{{ item }}/xterm-kitty.terminfo"
+    state: absent
+  loop: "{{ users }}"
diff --git a/roles/server/network/files/networkd.conf.d/10-routes.conf b/roles/server/network/files/networkd.conf.d/10-routes.conf
new file mode 100644
index 0000000..05dee50
--- /dev/null
+++ b/roles/server/network/files/networkd.conf.d/10-routes.conf
@@ -0,0 +1,2 @@
+[Network]
+RouteTable=mgmt:202 dmz:203
diff --git a/roles/server/network/handlers/main.yml b/roles/server/network/handlers/main.yml
index e69de29..6bc7f06 100644
--- a/roles/server/network/handlers/main.yml
+++ b/roles/server/network/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart systemd-networkd
+  ansible.builtin.systemd_service:
+    name: systemd-networkd
+    state: restarted
\ No newline at end of file
diff --git a/roles/server/network/tasks/main.yml b/roles/server/network/tasks/main.yml
index 05daa35..95b999c 100644
--- a/roles/server/network/tasks/main.yml
+++ b/roles/server/network/tasks/main.yml
@@ -1,32 +1,29 @@
 ---
+##### Firewall pre-requisites #####
+- name: Enable and start systemd-networkd
+  ansible.builtin.systemd:
+    name: systemd-networkd
+    enabled: true
+    state: started
+
 - name: Enable and start firewalld
   ansible.builtin.systemd:
     name: firewalld
     enabled: yes
     state: started
 
-- name: Enable and start NetworkManager
-  ansible.builtin.systemd:
-    name: NetworkManager
-    enabled: yes
-    state: started
-
-- name: Check existing zones
+- name: firewall-cmd --get-zones
   ansible.builtin.command: firewall-cmd --get-zones
   register: firewalld_zones
 
-- name: Debug output
+- name: firewall-cmd --get-active-zones
+  ansible.builtin.command: firewall-cmd --get-active-zones
+  register: firewalld_zones
+
+- name: Check existing zones
   ansible.builtin.debug:
     var: firewalld_zones.stdout
 
-# - name: Create zone "core"
-#   ansible.builtin.command: firewall-cmd --permanent --new-zone="{{ item }}"
-#   loop: ["core", "mgmt"]
-#   # loop: "{{  firewalld_zones.stdout | split }}"
-#   when: item in firewalld_zones.stdout.split()
-  # (item  != "core" and
-  #       item != "dmz")
-
 - name: Create firewalld core zone
   ansible.posix.firewalld:
     zone: core
@@ -48,89 +45,88 @@
 - name: Reload firewalld to apply changes
   ansible.builtin.command: firewall-cmd --reload
 
-- name: Enable ssh rule in core for initial ansible config
+- name: Enable ssh rule in core 
   ansible.posix.firewalld:
     zone: core
     service: ssh
     state: enabled
     permanent: true
 
-# - name: Ensure all other zones are disabled
-#   ansible.posix.firewalld:
-#     zone: "{{ item }}"
-#     state: disabled
-#     permanent: true
-#   when: item not in zones
-#   loop: "{{ firewalld_zones.stdout | split }}"
-    
-- name: Set up CORE interface manually
-  nmcli:
-    conn_name: CORE
-    zone: core
-    type: ethernet
-    ip4: "{{ provision_core_ip4 }}"
-    gw4: "{{ core_gw4 }}"
-    dns4: "{{ core_gw4 }}"
-    method4: "manual"
-    ifname: ens18
-    dns4_search: lan.xbazzi.com
-    state: present
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
-
-- name: Set up mgmt interface manually
-  nmcli:
-    conn_name: MGMT
+- name: Enable ssh rule in mgmt 
+  ansible.posix.firewalld:
     zone: mgmt
-    type: ethernet
-    ip4: "{{ provision_mgmt_ip4 }}"
-    routes4: "0.0.0.0/0 {{ mgmt_gw4 }}"
-    routing_rules4:
-      - "priority 2 from {{ mgmt_net }} table 200"
-    route_metric4: 102
-    dns4: "{{ mgmt_gw4 }}"
-    method4: "manual"
-    ifname: "ens19"
-    dns4_search: "lan.xbazzi.com"
-    state: present
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+    service: ssh
+    state: enabled
+    permanent: true
 
-- name: Set up dmz interface manually
-  nmcli:
-    conn_name: DMZ
-    zone: dmz
-    type: ethernet
-    ip4: "{{ provision_dmz_ip4 }}"
-    routes4: "0.0.0.0/0 {{ dmz_gw4 }}"
-    routing_rules4:
-      - "priority 3 from {{ dmz_net }} table 300"
-    route_metric4: 103
-    dns4: "{{ dmz_gw4 }}"
-    method4: "manual"
-    ifname: "ens20"
-    dns4_search: "lan.xbazzi.com"
-    state: present
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+- name: Reload firewalld to apply changes
+  ansible.builtin.command: firewall-cmd --reload
 
-- name: Remove ens18 default connection
-  nmcli:
-    conn_name: ens18
-    state: absent
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+#### Network config ####
+- name: Ensure systemd-networkd directories exist
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+  loop:
+    - /etc/systemd/network
+    - /etc/systemd/networkd.conf.d
 
-- name: Remove ens19 default connection
-  nmcli:
-    conn_name: ens19
-    state: absent
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+- name: Generate default interface .network file
+  ansible.builtin.template:
+    src: default-interface.network.j2
+    dest: "/etc/systemd/network/{{ default_interface.prefix }}-{{ default_interface.ifname }}-{{ default_interface.name }}.network"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart systemd-networkd
 
-- name: Remove ens20 default connection
-  nmcli:
-    conn_name: ens20
-    state: absent
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+- name: Generate auxiliary interfaces .network files
+  ansible.builtin.template:
+    src: auxiliary-interface.network.j2
+    dest: "/etc/systemd/network/{{ item.prefix }}-{{ item.ifname }}-{{ item.name }}.network"
+    owner: root
+    group: root
+    mode: '0644'
+  loop: "{{ network_interfaces }}"
+  notify: Restart systemd-networkd
 
-- name: Remove "Wired connection 1"
-  nmcli:
-    conn_name: Wired connection 1
-    state: absent
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+# - name: Deploy .network files
+#   ansible.builtin.copy:
+#     src: "files/network/{{ item }}"
+#     dest: "/etc/systemd/network/{{ item }}"
+#     owner: root
+#     group: root
+#     mode: '0644'
+#   loop:
+#     - 10-ens18-core.network
+#     - 20-ens19-mgmt.network
+#     - 30-ens20-dmz.network
+#   notify: Restart systemd-networkd
+
+- name: Deploy systemd-networkd global .conf files
+  ansible.builtin.copy:
+    src: "files/networkd.conf.d/{{ item }}"
+    dest: "/etc/systemd/networkd.conf.d/{{ item }}"
+    owner: root
+    group: root
+    mode: '0644'
+  loop:
+    - 10-routes.conf
+  notify: Restart systemd-networkd
+
+- name: Ensure NetworkManager is disabled
+  ansible.builtin.systemd_service:
+    name: NetworkManager
+    masked: true
+    enabled: false
+    state: stopped 
+
+- name: Ensure NetworkManager-wait-online is disabled
+  ansible.builtin.systemd_service:
+    name: NetworkManager-wait-online
+    masked: true
+    enabled: false
+    state: stopped 
diff --git a/roles/server/network/tasks/main_nmcli.yml b/roles/server/network/tasks/main_nmcli.yml
new file mode 100644
index 0000000..5d6e85c
--- /dev/null
+++ b/roles/server/network/tasks/main_nmcli.yml
@@ -0,0 +1,250 @@
+---
+- name: Enable and start firewalld
+  ansible.builtin.systemd:
+    name: firewalld
+    enabled: yes
+    state: started
+
+- name: Enable and start NetworkManager
+  ansible.builtin.systemd:
+    name: NetworkManager
+    enabled: yes
+    state: started
+
+- name: Check existing zones
+  ansible.builtin.command: firewall-cmd --get-zones
+  register: firewalld_zones
+
+- name: Debug output
+  ansible.builtin.debug:
+    var: firewalld_zones.stdout
+
+# - name: Create zone "core"
+#   ansible.builtin.command: firewall-cmd --permanent --new-zone="{{ item }}"
+#   loop: ["core", "mgmt"]
+#   # loop: "{{  firewalld_zones.stdout | split }}"
+#   when: item in firewalld_zones.stdout.split()
+  # (item  != "core" and
+  #       item != "dmz")
+
+- name: Create firewalld core zone
+  ansible.posix.firewalld:
+    zone: core
+    state: present
+    permanent: true
+
+- name: Create firewalld mgmt zone
+  ansible.posix.firewalld:
+    zone: mgmt
+    state: present
+    permanent: true
+
+- name: Create firewalld dmz zone
+  ansible.posix.firewalld:
+    zone: dmz
+    state: present
+    permanent: true
+
+- name: Reload firewalld to apply changes
+  ansible.builtin.command: firewall-cmd --reload
+
+- name: Enable ssh rule in core 
+  ansible.posix.firewalld:
+    zone: core
+    service: ssh
+    state: enabled
+    permanent: true
+
+- name: Enable ssh rule in mgmt 
+  ansible.posix.firewalld:
+    zone: mgmt
+    service: ssh
+    state: enabled
+    permanent: true
+
+- name: Reload firewalld to apply changes
+  ansible.builtin.command: firewall-cmd --reload
+
+# - name: Ensure all other zones are disabled
+#   ansible.posix.firewalld:
+#     zone: "{{ item }}"
+#     state: disabled
+#     permanent: true
+#   when: item not in zones
+#   loop: "{{ firewalld_zones.stdout | split }}"
+
+# - name: Ensure custom routing table names are present
+#   ansible.builtin.lineinfile:
+#     path: /etc/iproute2/rt_tables
+#     line: "{{ item.table_id }} {{ item.table_name }}"
+#     create: yes
+#     state: present
+#   loop: "{{ network_interfaces }}"
+#   loop_control:
+#     label: "{{ item.table_name }}"
+
+- name: Ensure /etc/iproute2 directory exists
+  ansible.builtin.file:
+    path: /etc/iproute2
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Overwrite /etc/iproute2/rt_tables with templated content
+  ansible.builtin.template:
+    src: rt_tables.j2
+    dest: /etc/iproute2/rt_tables
+    owner: root
+    group: root
+    mode: '0644'
+    force: yes
+
+- name: Default connection
+  debug:
+    var: default_conn
+
+- name: Configure default (CORE) connection
+  community.general.nmcli:
+    conn_name: "{{ default_conn.name | upper }}"
+    type: ethernet
+    zone: "{{ default_conn.name }}"
+    method4: "manual"
+    ip4: "{{ default_conn.ip }}/22"
+    ifname: "{{ default_conn.ifname }}"
+    dns4: "{{ default_conn.gateway }}"
+    dns4_search: lan.xbazzi.com
+    mtu: "{{ default_conn.mtu | default(1500) }}"
+    state: present
+
+- name: Configure ancillary connections
+  community.general.nmcli:
+    conn_name: "{{ item.name | upper }}"
+    type: ethernet
+    zone: "{{ item.name }}"
+    method4: "manual"
+    ip4: "{{ item.ip }}/22"
+    ifname: "{{ item.ifname }}"
+    dns4: "{{ item.gateway }}"
+    dns4_search: lan.xbazzi.com
+    # table: "{{ item.table_id }}"
+    # table: "{{ item.table_id }}"
+    mtu: "{{ item.mtu | default(1500) }}"
+    # routes4_extended:
+      # - ip: "0.0.0.0/0"
+        # table: "{{ item.table_id }}"
+        # next_hop: "{{ item.gateway }}"
+        # mtu: "{{ item.mtu | default(1500) }}"
+        # metric: 
+      # - ip: "{{ item.subnet }}"
+        # table: "{{ item.table_id }}"
+        # table: "{{ item.table_id }}"
+        # next_hop: "0.0.0.0"
+        # mtu: "{{ item.mtu | default(1500) }}"
+    # - "{{ item.subnet }} 0.0.0.0 {{ item.table_id }}"
+    # routing_rules4:
+      # - "priority {{ item.priority }} from {{ item.ip }} table {{ item.table_id }}"
+    state: present
+  loop: "{{ network_interfaces }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Add route-table for each interface
+  ansible.builtin.command: >
+    nmcli connection modify {{ item.name | upper }} ipv4.route-table {{ item.table_id }}
+  loop: "{{ network_interfaces }}"
+
+- name: Add routes 
+  ansible.builtin.command: >
+    nmcli con modify MGMT +ipv4.routes "0.0.0.0/0 {{ item.gateway }}"
+  loop: "{{ network_interfaces }}"
+
+- name: Add routing rules
+  ansible.builtin.command: >
+    nmcli con modify MGMT +ipv4.routing-rules "priority {{ item.priority }} table {{ item.table_id }}"
+  loop: "{{ network_interfaces }}"
+
+# -name: Add ancillary routes to main table
+  # sudo ip route add 10.69.0.0/22 dev ens19 proto kernel scope link table main
+
+# - name: Set up CORE interface manually
+#   nmcli:
+#     conn_name: CORE
+#     zone: core
+#     type: ethernet
+#     ip4: "{{ provision_core_ip4 }}"
+#     gw4: "{{ core_gw4 }}"
+#     dns4: "{{ core_gw4 }}"
+#     method4: "manual"
+#     ifname: ens18
+#     dns4_search: lan.xbazzi.com
+#     state: present
+  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+
+# - name: Set up mgmt interface manually
+#   nmcli:
+#     conn_name: MGMT
+#     zone: mgmt
+#     type: ethernet
+#     ip4: "{{ provision_mgmt_ip4 }}"
+#     # routes4: "0.0.0.0/0 {{ mgmt_gw4 }}"
+#     routing_rules4:
+#       - "priority 2 from {{ mgmt_net }} table 200"
+#     route_metric4: 102
+#     dns4: "{{ mgmt_gw4 }}"
+#     method4: "manual"
+#     ifname: "ens19"
+#     dns4_search: "lan.xbazzi.com"
+#     state: present
+#   # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+
+# - name: Set up dmz interface manually
+#   nmcli:
+#     conn_name: DMZ
+#     zone: dmz
+#     type: ethernet
+#     ip4: "{{ provision_dmz_ip4 }}"
+#     routes4: "0.0.0.0/0 {{ dmz_gw4 }}"
+#     routes4_extended:
+#       ip: {{ provision_dmz_ip4 }}
+#     routing_rules4:
+#       - "priority 3 from {{ dmz_net }} table 300"
+#     route_metric4: 103
+#     dns4: "{{ dmz_gw4 }}"
+#     method4: "manual"
+#     ifname: "ens20"
+#     dns4_search: "lan.xbazzi.com"
+#     state: present
+  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+
+# - name: Remove ens18 default connection
+#   nmcli:
+#     conn_name: "{{ item }}"
+#     state: absent
+#     loop: ["ens18", "ens19", "ens20", "core", "Wired connection 1"]
+
+- name: List current NetworkManager connections
+  ansible.builtin.shell: nmcli -t -f NAME connection show
+  register: nmcli_connections
+
+- name: Show active connection names
+  ansible.builtin.debug:
+    var: nmcli_connections.stdout_lines
+
+- name: Remove unwanted default NetworkManager connections
+  community.general.nmcli:
+    conn_name: "{{ item }}"
+    state: absent
+  loop:
+    - ens18
+    - ens19
+    - ens20
+    - core
+    - "Wired connection 1"
+  ignore_errors: true  # Optional: avoids failure if connection doesn't exist
+
+- name: Restart NetworkManager
+  ansible.builtin.systemd_service:
+    name: NetworkManager
+    enabled: true
+    state: restarted
\ No newline at end of file
diff --git a/roles/server/network/templates/auxiliary-interface.network.j2 b/roles/server/network/templates/auxiliary-interface.network.j2
new file mode 100644
index 0000000..1089c40
--- /dev/null
+++ b/roles/server/network/templates/auxiliary-interface.network.j2
@@ -0,0 +1,26 @@
+[Match]
+Name={{ item.ifname }}
+
+[Network]
+Address={{ hostvars[inventory_hostname]['addresses'][item.name] }}/22
+DNS={{ item.gateway }}
+Domains={{ item.search_domain }}
+IPv6AcceptRA=false
+IPv6SendRA=false
+
+[link]
+MTUBytes= {{ item.mtu }}
+
+[Route]
+Destination=0.0.0.0/0
+Gateway= {{ item.gateway }}
+Table= {{ item.table_id }}
+
+[Route]
+Destination={{ item.subnet }}
+Table= {{ item.table_id }}
+
+[RoutingPolicyRule]
+From={{ hostvars[inventory_hostname]['addresses'][item.name] }}
+Table={{ item.table_name }}
+Priority={{ item.priority }}
\ No newline at end of file
diff --git a/roles/server/network/templates/default-interface.network.j2 b/roles/server/network/templates/default-interface.network.j2
new file mode 100644
index 0000000..67c07e4
--- /dev/null
+++ b/roles/server/network/templates/default-interface.network.j2
@@ -0,0 +1,8 @@
+[Match]
+Name={{ default_interface.ifname }}
+
+[Network]
+Address={{ hostvars[inventory_hostname]['addresses'][default_interface.name] }}/22
+Gateway={{ default_interface.gateway }}
+DNS={{ default_interface.gateway }}
+Domains={{ default_interface.search_domain }}
diff --git a/roles/server/network/templates/rt_tables.j2 b/roles/server/network/templates/rt_tables.j2
new file mode 100644
index 0000000..b5da39d
--- /dev/null
+++ b/roles/server/network/templates/rt_tables.j2
@@ -0,0 +1,8 @@
+255     local
+254     main
+253     default
+0       unspec
+
+{% for iface in network_interfaces %}
+{{ iface.table_id }}     {{ iface.name }}
+{% endfor %}
\ No newline at end of file
diff --git a/roles/server/users/tasks/main.yml b/roles/server/users/tasks/main.yml
index 365b9cf..e95a0ca 100644
--- a/roles/server/users/tasks/main.yml
+++ b/roles/server/users/tasks/main.yml
@@ -2,8 +2,8 @@
 - name: Add xbazzi group
   ansible.builtin.group:
     name: xbazzi
-    state: present
     gid: 1337
+    state: present
 
 - name: Add xbazzi user
   ansible.builtin.user: