diff --git a/ansible.cfg b/ansible.cfg
index c12c7bd..d1caaa9 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -4,3 +4,4 @@ remote_user = ubuntu
 private_key_file = ~/.ssh/ansible
 ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
 deprecation_warnings = false
+ask_vault_pass = true
diff --git a/hosts b/hosts
index 42f729a..d670797 100644
--- a/hosts
+++ b/hosts
@@ -1,8 +1,10 @@
 all:
   hosts:
   children:
+    ansible:
+      hosts:
+        playground.dragonfucker.club:
     aws:
       hosts:
-        ec2-3-15-44-30.us-east-2.compute.amazonaws.com:
-        ec2-18-224-139-59.us-east-2.compute.amazonaws.com:
+        3.15.238.110:
 # vim:ft=ansible:
diff --git a/provision.yml b/provision.yml
index dc181d3..404a015 100644
--- a/provision.yml
+++ b/provision.yml
@@ -3,5 +3,7 @@
 ---
 - hosts: aws
   roles:
-    - user
     - common
+- hosts: ansible
+  roles:
+    - ansiblehost
diff --git a/roles/ansiblehost/files/awscredentials b/roles/ansiblehost/files/awscredentials
new file mode 100644
index 0000000..a1a44fe
--- /dev/null
+++ b/roles/ansiblehost/files/awscredentials
@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+38616333383866663466353035306234356565643564383866633038636531616239393365636436
+6538393064666337616565616636363331333062643235340a613061356630656333626664343038
+39326661306439343666623339323430333662363864366364363664323833393039303938323035
+3061396662656435660a366361363138386332633234633832613630643364316130643665343737
+37303434633839323363376562303966363466323638616265303865343936396465616434666163
+61666663373333643034363663323465326130393331636463666534343837646466653265343162
+39343066323764646361323833303334643730633938633436343330626230303462666166356530
+63623861383436636137623733633839333564363334323034313537616633666436333133396639
+63666237366535386436343839653939373533656164333865613631386131343565363734333935
+3861623666613138353061646564393465356532316631616231
diff --git a/roles/ansiblehost/tasks/main.yml b/roles/ansiblehost/tasks/main.yml
new file mode 100644
index 0000000..78f789e
--- /dev/null
+++ b/roles/ansiblehost/tasks/main.yml
@@ -0,0 +1,40 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Basic setup
+  include_role:
+    name: common
+- name: Install Ansible-required packages
+  apt:
+    name: "{{ packages }}"
+  vars:
+    packages:
+    - ansible
+    - python-boto3
+    - python-botocore
+  become: true
+- name: Create .aws directory for salt
+  file:
+    path: ~/.aws
+    state: directory
+  become: true
+  become_user: salt
+- name: Copy AWS credentials
+  copy:
+    src: "{{ role_path }}/files/awscredentials"
+    dest: ~/.aws/credentials
+    mode: 0600
+  become: true
+  become_user: salt
+- name: Create Projects directory for salt
+  file:
+    path: ~/Projects
+    state: directory
+  become: true
+  become_user: salt
+- name: Clone Ansible repository
+  git:
+    repo: git@gitlab.com:rehashedsalt/ansible
+    dest: ~/Projects/ansible
+  become: true
+  become_user: salt
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 8a1ab01..b4b6dac 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -15,3 +15,6 @@
     packages:
     - vim
   become: true
+- name: Set up users
+  include_role:
+    name: user