diff --git a/README.md b/README.md
index fb4d405..b68616f 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-# desu.ltd Ansible Management Repository
+# Salt's Ansible Repository
 
-Contains core system configuration for all of desu.ltd and related environments
+Useful for management across all of 9iron, thefuck, and desu.
 
 ## Initialization
 
@@ -9,7 +9,7 @@ Contains core system configuration for all of desu.ltd and related environments
 
 For quick bootstrapping of tools and libraries used in this repo, see [rehashedsalt/ansible-env](https://gitlab.com/rehashedsalt/docker-ansible-env). I use that exact image for CI/CD.
 
-## Machine Setup
+## Deployment
 
 ### Linux Machines
 
@@ -25,14 +25,24 @@ Each Linux machine will require the following to be fulfilled for Ansible to acc
 
 To automate these host-local steps, use the script file `contrib/bootstrap.sh`.
 
-### Other Machines
+### Windows Machines
 
-Unsupported at this time, though things that accept SSH might Just Work.
+lol don't
 
-## Machine Deployment
+### All Machines
 
-Deploying a new server will require that it be added to NetBox and that it is accessible from the Ansible host. From there, running the main playbook `site.yml` will get the machine up to snuff.
+Adding a new server will require these:
+
+* The server is accessible from the Ansible host;
+
+* The server has been added to NetBox OR in `inventory-hard`
+
+* DNS records for the machine are set; and
+
+From there, running the playbook `site.yml` should get the machine up to snuff.
 
 ## Zerotier
 
-A lot of my home network is connected via Zerotier. Initial deployment can be done locally through a bastion machine or similar, but subsequent deploys should run over Zerotier. Once configuration is available, you should log into the machine and modify Netbox to document its Zerotier IP in Netbox, setting it to be the primary IP of the device. The interface name should be `zt0`.
+A lot of my home-network side of things is connected together via ZeroTier; initial deployment/repairs may require specifying an `ansible_host` for the inventory item in question to connect to it locally. Subsequent plays will require connectivity to my home ZeroTier network.
+
+Cloud-managed devices require no such workarounds.
diff --git a/playbooks/all_scanner.yml b/playbooks/all_scanner.yml
new file mode 100755
index 0000000..eb68d9b
--- /dev/null
+++ b/playbooks/all_scanner.yml
@@ -0,0 +1,12 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- hosts: all
+  gather_facts: no
+  tasks:
+    - name: assure scanner user
+      user: name=scanner state=absent
+      tags: [ scanner, greenbone ]
+    - name: assure scanner user sudoers rule
+      lineinfile: path=/etc/sudoers line="scanner ALL=(ALL:ALL) NOPASSWD:ALL" state=absent
+      tags: [ scanner, greenbone ]
diff --git a/playbooks/cleanup.yml b/playbooks/cleanup.yml
index 38128df..a477bfc 100755
--- a/playbooks/cleanup.yml
+++ b/playbooks/cleanup.yml
@@ -7,36 +7,3 @@
     - name: touch ansible timestamp file
       file: path=/var/lib/ansible-last-run state=touch mode='0644'
       changed_when: no
-- hosts: tags_autoreboot
-  gather_facts: no
-  module_defaults:
-    nagios:
-      author: Ansible
-      action: downtime
-      cmdfile: /data/nagios/var/rw/nagios.cmd
-      comment: "Ansible tags_autoreboot task"
-      host: "{{ inventory_hostname }}"
-      minutes: 10
-  serial: 1
-  tasks:
-    - name: check for reboot-required
-      stat: path=/var/run/reboot-required
-      register: s
-    - name: reboot
-      block:
-        - name: attempt to schedule downtime
-          block:
-            - name: register nagios host downtime
-              nagios:
-                service: host
-              delegate_to: web3.dallas.mgmt.desu.ltd
-            - name: register nagios service downtime
-              nagios:
-                service: all
-              delegate_to: web3.dallas.mgmt.desu.ltd
-          rescue:
-            - name: notify of failure to reboot
-              debug: msg="Miscellaneous failure when scheduling downtime"
-        - name: reboot
-          reboot: reboot_timeout=600
-      when: s.stat.exists
diff --git a/playbooks/platforms_ubuntu-22-04.yml b/playbooks/platforms_ubuntu-22-04.yml
deleted file mode 100755
index eb838d7..0000000
--- a/playbooks/platforms_ubuntu-22-04.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env ansible-playbook
-# vim:ft=ansible:
----
-- hosts: platforms_ubuntu-22-04
-  gather_facts: no
-  roles:
-    - role: motd
-      vars:
-        motd_watch_services_extra:
-          - docker
-          - kubelet
-          - postgresql
-      tags: [ motd, common ]
diff --git a/playbooks/site_common.yml b/playbooks/site_common.yml
new file mode 100755
index 0000000..d5efdea
--- /dev/null
+++ b/playbooks/site_common.yml
@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Supplementary tags
+- import_playbook: tags_ansible.yml
+- import_playbook: tags_ansible-pull.yml
diff --git a/playbooks/site_local.yml b/playbooks/site_local.yml
new file mode 100755
index 0000000..d608220
--- /dev/null
+++ b/playbooks/site_local.yml
@@ -0,0 +1,4 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- import_playbook: local_dns.yml
diff --git a/playbooks/site_main.yml b/playbooks/site_main.yml
new file mode 100755
index 0000000..565527d
--- /dev/null
+++ b/playbooks/site_main.yml
@@ -0,0 +1,18 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Main playbooks for machines across my environments
+  # Does not include supplementary management configuration
+  # Home configuration
+- import_playbook: home_db.yml
+- import_playbook: home_fs.yml
+- import_playbook: home_app.yml
+- import_playbook: home_game.yml
+- import_playbook: home_media.yml
+- import_playbook: home_automation.yml
+- import_playbook: home_bastion.yml
+  # Production configuration
+- import_playbook: prod_db.yml
+- import_playbook: prod_web.yml
+- import_playbook: prod_com.yml
+- import_playbook: prod_game.yml
diff --git a/playbooks/site_post.yml b/playbooks/site_post.yml
new file mode 100755
index 0000000..b46c82b
--- /dev/null
+++ b/playbooks/site_post.yml
@@ -0,0 +1,8 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Housekeeping tags for one-off tasks
+- import_playbook: tags_docker-prune.yml
+- import_playbook: tags_autoreboot.yml
+  # Last little bit of cleanup
+- import_playbook: cleanup.yml
diff --git a/playbooks/site_pre.yml b/playbooks/site_pre.yml
new file mode 100755
index 0000000..55c14d6
--- /dev/null
+++ b/playbooks/site_pre.yml
@@ -0,0 +1,24 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+  # Preambulatory system configuration
+  # It's implicit that configuration here MUST preceed site_main.yml
+- import_playbook: all.yml
+- import_playbook: all_scanner.yml
+  # Platform configuration
+- import_playbook: platforms_ubuntu-20-04.yml
+- import_playbook: platforms_ubuntu-21-10.yml
+- import_playbook: platforms_proxmox-ve-7.yml
+  # Manufacturer configuration
+- import_playbook: manufacturers_raspi.yml
+- import_playbook: manufacturers_s76.yml
+  # Zerotier network configuration
+- import_playbook: tags_zt-personal.yml
+- import_playbook: tags_zt-management.yml
+  # Tags for fundamental services
+- import_playbook: tags_snmp.yml
+- import_playbook: tags_nagios.yml
+  # Role (in the Netbox sense) configuration
+- import_playbook: device_roles_bastion.yml
+- import_playbook: device_roles_game.yml
+- import_playbook: device_roles_workstation.yml
diff --git a/playbooks/tags_autoreboot.yml b/playbooks/tags_autoreboot.yml
new file mode 100755
index 0000000..20d9fae
--- /dev/null
+++ b/playbooks/tags_autoreboot.yml
@@ -0,0 +1,36 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- hosts: tags_autoreboot
+  gather_facts: no
+  module_defaults:
+    nagios:
+      author: Ansible
+      action: downtime
+      cmdfile: /data/nagios/var/rw/nagios.cmd
+      comment: "Ansible tags_autoreboot task"
+      host: "{{ inventory_hostname }}"
+      minutes: 10
+  serial: 1
+  tasks:
+    - name: check for reboot-required
+      stat: path=/var/run/reboot-required
+      register: s
+    - name: reboot
+      block:
+        - name: attempt to schedule downtime
+          block:
+            - name: register nagios host downtime
+              nagios:
+                service: host
+              delegate_to: web3.dallas.mgmt.desu.ltd
+            - name: register nagios service downtime
+              nagios:
+                service: all
+              delegate_to: web3.dallas.mgmt.desu.ltd
+          rescue:
+            - name: notify of failure to reboot
+              debug: msg="Miscellaneous failure when scheduling downtime"
+        - name: reboot
+          reboot: reboot_timeout=600
+      when: s.stat.exists
diff --git a/playbooks/vars/minecraft-dammit.yml b/playbooks/vars/minecraft-dammit.yml
new file mode 100644
index 0000000..2b1ed30
--- /dev/null
+++ b/playbooks/vars/minecraft-dammit.yml
@@ -0,0 +1,36 @@
+# vim:ft=ansible:
+minecraft_enabled: no
+minecraft_name: dammit
+minecraft_version: 1.7.10
+minecraft_jre_xmx: 4G
+minecraft_restart_delay: 30
+minecraft_server_properties:
+  - opt: allow-flight
+    value: "true"
+  - opt: difficulty
+    value: 3
+  - opt: motd
+    value: "I can't believe that I actually exist"
+  - opt: server-port
+    value: 25567
+  - opt: view-distance
+    value: 12
+minecraft_forge_install: yes
+minecraft_forge_version: 10.13.4.1614
+minecraft_forge_versionstring: "{{ minecraft_version }}-{{ minecraft_forge_version }}-{{ minecraft_version }}"
+minecraft_forge_jar_name: "forge-{{ minecraft_forge_versionstring }}-universal.jar"
+minecraft_forge_packurl: "https://www.9iron.club/files/packs/1.7.10-magicpack/latest.zip"
+#minecraft_forge_mods:
+#  - "https://media.forgecdn.net/files/2309/699/worldedit-forge-mc1.7.10-6.1.1-dist.jar"
+minecraft_forge_mods_remove:
+  - DynamicSurroundings-1.7.10-1.0.6.2.jar
+  - favorites-1.2.jar
+  - FullscreenWindowed-1.7.10-1.3.0b.jar
+  - MouseTweaks-2.4.4-mc1.7.10.jar
+  - "Neat 1.0-1.jar"
+  - OptiFine_1.7.10_HD_U_E7.jar
+  - SoundFilters-0.8_for_1.7.X.jar
+  - Stellar+API-0.1.3.8.jar
+  - Stellar+Sky-0.1.5.7.jar
+  - World-Tooltips-1.7.10-1.2.3-79.jar
+  - worldedit-forge-mc1.7.10-6.1.1-dist.jar
diff --git a/playbooks/vars/minecraft-valhelsia.yml b/playbooks/vars/minecraft-valhelsia.yml
new file mode 100644
index 0000000..b4dd121
--- /dev/null
+++ b/playbooks/vars/minecraft-valhelsia.yml
@@ -0,0 +1,23 @@
+# vim:ft=ansible:
+minecraft_enabled: no
+minecraft_name: valhelsia
+minecraft_version: 1.16.3
+minecraft_jre_xmx: 5G
+minecraft_server_properties:
+  - opt: difficulty
+    value: hard
+  - opt: motd
+    value: "Let's get this out onto a tray. Nice, mmkay"
+  - opt: server-port
+    value: 25566
+  - opt: view-distance
+    value: 10
+minecraft_forge_install: yes
+minecraft_forge_version: 34.1.42
+minecraft_forge_packurl: "https://media.forgecdn.net/files/3110/654/Valhelsia_SERVER-pre5-3.1.0.zip"
+minecraft_forge_mods:
+  - "https://media.forgecdn.net/files/3091/862/ftb-gui-library-1603.1.1.25.jar"
+  - "https://media.forgecdn.net/files/3105/153/ftb-chunks-1603.2.0.43.jar"
+  - "https://media.forgecdn.net/files/3113/275/industrial-foregoing-1.16.4-3.2.2-daea863.jar"
+minecraft_forge_mods_remove:
+  - industrial-foregoing-1.16.3-3.1.1-a834e76.jar
diff --git a/playbooks/vars/minecraft-vanilla.yml b/playbooks/vars/minecraft-vanilla.yml
new file mode 100644
index 0000000..073f2dc
--- /dev/null
+++ b/playbooks/vars/minecraft-vanilla.yml
@@ -0,0 +1,18 @@
+# vim:ft=ansible:
+minecraft_enabled: no
+minecraft_name: vanilla
+minecraft_version: 1.16.4
+minecraft_jre_xmx: 1G
+minecraft_jre_xms: 512M
+minecraft_server_properties:
+  - opt: difficulty
+    value: normal
+  - opt: motd
+    value: "brett's new serber"
+  - opt: server-port
+    value: 25565
+  - opt: spawn-protection
+    value: 4
+  - opt: view-distance
+    value: 12
+minecraft_paper_install: yes
diff --git a/site.yml b/site.yml
index 0e38e8e..a6e8362 100755
--- a/site.yml
+++ b/site.yml
@@ -1,27 +1,13 @@
 #!/usr/bin/env ansible-playbook
 # vim:ft=ansible:
 ---
-  # Local configuration goes first
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'local_*.yml') }}"
-  # Then we run against all hosts, performing foundational tasks
-- import_playbook: all.yml
-  # Then we narrow things down to device-specific configuration
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'device_types_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'platforms_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'manufacturers_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'tags_.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'device_roles_*.yml') }}"
-  # And finally we configure the core services of the machine
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'home_*.yml') }}"
-- import_playbook: "{{ item }}"
-  loop: "{{ lookup('fileglob' 'prod_*.yml') }}"
-  # Once that's all done, we clean up
-  # NOTE: This little cleanup playbook rolls reboots!
-- import_playbook: cleanup.yml
+  # Configuration that happens local to the Ansible controller
+- import_playbook: playbooks/site_local.yml
+  # Preambulatory system configuration
+- import_playbook: playbooks/site_pre.yml
+  # Main environment configuration
+- import_playbook: playbooks/site_main.yml
+  # Supplementary tags
+- import_playbook: playbooks/site_common.yml
+  # Post-play housekeeping and reboots
+- import_playbook: playbooks/site_post.yml