diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..4eb8a63
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,16 @@
+#!/usr/bin/make -f
+all: deps bootstrap homelab
+
+SHELL := /bin/bash
+bootstrap:
+	ansible-playbook bootstrap.yml -K -e ansible_ssh_user=cianhatton -e ansible_ssh_private_key_file=~/.ssh/id_rsa
+
+qnap:
+	ansible-playbook setup-homelab.yml --limit qnap
+
+homelab:
+	ansible-playbook setup-homelab.yml
+
+deps:
+	pip install -r requirements.txt
+	ansible-galaxy install -r requirements.yml
diff --git a/bootstrap.yml b/bootstrap.yml
index 4905df8..5a23f56 100644
--- a/bootstrap.yml
+++ b/bootstrap.yml
@@ -1,5 +1,19 @@
 ---
+# needs to be run with a different user with access to create ansible key and user.
+# e.g.
+# ansible-playbook bootstrap.yml -e ansible_ssh_user=cianhatton
+# might additionally require -K if your user requires password for sudo.
+
+- name: Generate SSH Key for ansible
+  hosts: localhost
+  connection: local
+  tasks:
+    - name: Generate an OpenSSH rsa keypair for ansible
+      community.crypto.openssh_keypair:
+        path: ~/.ssh/ansible
+        passphrase: ""
+
 - hosts: all
   become: true
   roles:
-    - role: 'roles/bootstrap'
+    - role: bootstrap
diff --git a/group_vars/servers.yml b/group_vars/servers.yml
index f288fc2..6597f45 100644
--- a/group_vars/servers.yml
+++ b/group_vars/servers.yml
@@ -24,7 +24,6 @@ olivetin:
 
 docker_networks: []
 
-homelab_group: cianhatton
 homelab_user: cianhatton
 
 configure_samba: true
@@ -32,6 +31,9 @@ samba_group: smbgroup
 samba_user: smbuser
 users:
   - name: cianhatton
+    group: cianhatton
+    passwordless_sudo: true
+
 shares:
   - /share
   - /share/public_files
diff --git a/hosts.ini b/hosts.ini
index 0f53672..1139785 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -7,6 +7,10 @@ linodes
 [qnaps]
 qnap
 
+
+[dockerhosts]
+qnap
+
 # BEGIN ANSIBLE MANAGED BLOCK
 [linodes]
 # END ANSIBLE MANAGED BLOCK
diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml
index 665971e..5b4793c 100644
--- a/roles/bootstrap/tasks/main.yml
+++ b/roles/bootstrap/tasks/main.yml
@@ -14,6 +14,7 @@
   user:
     name: ansible
     groups: root
+    system: true
 
 - name: Add ssh key for ansible
   authorized_key:
diff --git a/roles/setup_users/tasks/main.yml b/roles/setup_users/tasks/main.yml
index c2edd65..329addc 100644
--- a/roles/setup_users/tasks/main.yml
+++ b/roles/setup_users/tasks/main.yml
@@ -6,24 +6,25 @@
     state: latest
     update_cache: true
 
-- name: Make sure we have a '{{homelab_group}}' group
+- name: Make sure we have a  groups
   group:
-    name: "{{homelab_group}}"
+    name: "{{item.group}}"
     state: present
-- name: Allow '{{homelab_user}}' group to have passwordless sudo
-  lineinfile:
-    dest: /etc/sudoers
-    state: present
-    regexp: '^%{{homelab_user}}'
-    line: '%{{homelab_user}} ALL=(ALL) NOPASSWD: ALL'
-    validate: 'visudo -cf %s'
+  with_items: "{{users}}"
 
-- name: Add User
+- name: Add Users
   ansible.builtin.user:
-    name: "{{homelab_user}}"
-    comment: "{{homelab_user}} user"
-    uid: 1000
-    group: "{{homelab_group}}"
+    name: "{{item.name}}"
+    comment: "{{item.name}} user"
+    group: "{{item.group}}"
+  with_items: "{{users}}"
+
+- name: Add sudoers
+  template:
+    src: sudoers.j2
+    dest: "/etc/sudoers.d/{{item.name}}"
+  with_items: "{{users}}"
+  when: item.passwordless_sudo == true
 
 - name: Set authorized key
   authorized_key:
diff --git a/roles/setup_users/templates/sudoers.j2 b/roles/setup_users/templates/sudoers.j2
new file mode 100644
index 0000000..51df02e
--- /dev/null
+++ b/roles/setup_users/templates/sudoers.j2
@@ -0,0 +1 @@
+{{item.name}} ALL=(ALL) NOPASSWD: ALL
diff --git a/setup-homelab.yml b/setup-homelab.yml
index 840c056..67d8af8 100644
--- a/setup-homelab.yml
+++ b/setup-homelab.yml
@@ -1,31 +1,42 @@
 ---
-- hosts: qnap
+- name: Update packages and ensure users on all hosts
+  tags: ["always"]
+  hosts: all
   become: true
-
   pre_tasks:
-    - name: Include vault variables.
-      include_vars: "{{vault_file}}"
-      tags: ["always"]
     - name: Update Packages
       apt:
         upgrade: dist
         update_cache: true
+  roles:
+    - role: setup_users
+
+- name: Install docker on docker hosts
+  hosts: dockerhosts
+  become: true
+  roles:
+    - role: setup_docker
+      tags: ["setup","docker"]
+
+- name: Setup and deploy services on the QNAP
+  hosts: qnap
+  become: true
+  pre_tasks:
+    - name: Include vault variables.
+      include_vars: "{{vault_file}}"
       tags: ["always"]
 
   roles:
-    - role: 'roles/setup_mergerfs'
+    - role: setup_mergerfs
       tags: ["mergerfs"]
-    - role: 'roles/setup_users'
-      tags: ["users"]
-    - role: 'roles/setup_samba'
+    - role: setup_samba
       tags: ["samba"]
-    - role: 'roles/setup_docker'
-      tags: ["docker"]
-    - role: 'roles/setup_portainer'
-      tags: ["portainer"]
-    - role: 'roles/setup_hosted_services'
+    - role: setup_portainer
+      tags: ["services", "portainer"]
+    - role: setup_hosted_services
       tags: ["services"]
 
+
 - hosts: linodes
   become: true
 
@@ -33,18 +44,11 @@
     - name: Include vault variables.
       include_vars: "{{vault_file}}"
       tags: ["always"]
-    - name: Update Packages
-      apt:
-        upgrade: dist
-        update_cache: true
-      tags: ["always"]
 
   roles:
-    - role: 'roles/setup_users'
-      tags: ["users"]
-    - role: 'roles/setup_samba'
+    - role: setup_samba
       tags: ["samba"]
-    - role: 'roles/setup_docker'
+    - role: setup_docker
       tags: ["docker"]
-    - role: 'roles/setup_hosted_services'
+    - role: setup_hosted_services
       tags: ["services"]