diff --git a/.gitignore b/.gitignore
index 5c199eb..c191586 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,24 @@
-# ---> Ansible
+# Ansible specific (optional - ignore temporary output or secrets)
 *.retry
+*.vault
+*.vault_pass
+*.secret
+*.log
 
+# VSCode settings
+.vscode/
+*.code-workspace
+
+# Windows system files
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+$RECYCLE.BIN/
+*.lnk
+
+# Backup files
+*~
+*.bak
+*.swp
+*.swo
+*.tmp
\ No newline at end of file
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..9eaf35e
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,12 @@
+# requirements.yml
+- name: samba_domain_member role
+  src: git+ssh://git@repo.piave7.duckdns.org/Jose/ansible_samba_domain_member.git
+  version: main
+
+- name: samba_ad_dc role
+  src: git+https://repo.piave7.duckdns.org/Jose/ansible_samba_ad_dc.git
+  version: main
+
+- name: samba_windows_share role
+  src: git+ssh@repo.piave7.dedyn.io:Jose/ansible_samba_windows_share.git
+  version: main
diff --git a/tasks/get_anible_ssh_pub_key.yml b/tasks/get_anible_ssh_pub_key.yml
new file mode 100644
index 0000000..5146368
--- /dev/null
+++ b/tasks/get_anible_ssh_pub_key.yml
@@ -0,0 +1,80 @@
+- name: Read and display local SSH public key with user and host info
+  hosts: localhost
+  connection: local
+  gather_facts: true  # Required to access ansible_user and ansible_hostname
+
+  vars:
+    ssh_key_type: "rsa"
+    public_key_path: "{{ lookup('env', 'HOME') + '/.ssh/id_' + ssh_key_type + '.pub' }}"
+
+  tasks:
+    - name: Check if SSH public key file exists
+      ansible.builtin.stat:
+        path: "{{ public_key_path }}"
+      register: ssh_key_file
+      tags: [check]
+
+    - name: Fail if SSH public key is missing
+      ansible.builtin.fail:
+        msg: "Public SSH key not found at {{ public_key_path }}."
+      when: not ssh_key_file.stat.exists
+      tags: [fail]
+
+    - name: Read SSH public key content
+      ansible.builtin.slurp:
+        src: "{{ public_key_path }}"
+      register: local_public_key
+      when: ssh_key_file.stat.exists
+      tags: [read]
+
+    - name: Get current user's UID
+      ansible.builtin.command: id -u
+      register: user_uid
+      changed_when: false
+      tags: [info]
+
+    - name: Get current user's GID
+      ansible.builtin.command: id -g
+      register: user_gid
+      changed_when: false
+      tags: [info]
+
+    - name: Get Docker host (default gateway) IP
+      ansible.builtin.shell: "ip route | awk '/default/ {print $3}'"
+      register: docker_host_ip
+      changed_when: false
+      tags: [host_ip]
+
+    - name: Try resolving host.docker.internal
+      command: getent hosts host.docker.internal
+      register: docker_dns_host
+      failed_when: false
+      changed_when: false
+      tags: [host_ip]
+
+
+    - name: Display SSH key with user and host information
+      ansible.builtin.debug:
+        msg: |
+          SSH Public Key Info
+          ---------------------
+          User    : {{ ansible_user }}
+          User    : {{ ansible_facts['user_id'] }}
+          UID     : {{ user_uid.stdout }}
+          GID     : {{ user_gid.stdout }}
+          Host    : {{ ansible_hostname }}
+          IP Addr : {{ ansible_default_ipv4.address }}
+          IPs    : {{ ansible_all_ipv4_addresses }}
+          Host    : {{ ansible_facts['hostname'] }}
+          Docker Host IP: {{ docker_host_ip.stdout }}
+          Host.docker.internal resolves to: {{ docker_dns_host.stdout }}
+          Path    : {{ public_key_path }}
+
+          Key:
+          {{ local_public_key.content | b64decode }}
+      tags: [show]
+
+    - name: Set decoded SSH public key as fact
+      set_fact:
+        decoded_ssh_key: "{{ local_public_key.content | b64decode }}"
+      tags: [read, set_fact]
\ No newline at end of file
diff --git a/tasks/get_ssh_key.sh b/tasks/get_ssh_key.sh
new file mode 100644
index 0000000..d4ec891
--- /dev/null
+++ b/tasks/get_ssh_key.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+echo "[DEBUG] Script started"
+echo "Running as $(whoami)"
+echo
+
+# Force use of specific home directory
+USER_HOME="/home/semaphore"
+
+# Get current user home directory
+# USER_HOME=$(eval echo ~${SUDO_USER:-$USER})
+
+# Define default public key locations
+KEY_FILES=(
+  "$USER_HOME/.ssh/id_rsa.pub"
+  "$USER_HOME/.ssh/id_ecdsa.pub"
+  "$USER_HOME/.ssh/id_ed25519.pub"
+)
+
+# Loop through each key file to find the first one that exists
+for key_file in "${KEY_FILES[@]}"; do
+  if [ -f "$key_file" ]; then
+    if [ -r "$key_file" ]; then
+      echo "✅ Public SSH key found at: $key_file"
+      echo
+      cat "$key_file"
+      exit 0
+    else
+      echo "⚠️ Found public key at $key_file, but it's not readable (permission issue)"
+    fi
+  fi
+done
+
+# If no public key was found, check for private key to regenerate the pub key
+PRIVATE_KEY="$USER_HOME/.ssh/id_rsa"
+if [ -f "$PRIVATE_KEY" ] && [ ! -f "${PRIVATE_KEY}.pub" ]; then
+  echo "Public key missing, but private key found. Regenerating .pub file..."
+  ssh-keygen -y -f "$PRIVATE_KEY" > "${PRIVATE_KEY}.pub"
+  if [ $? -eq 0 ]; then
+    echo "Public key regenerated at: ${PRIVATE_KEY}.pub"
+    echo
+    cat "${PRIVATE_KEY}.pub"
+    exit 0
+  else
+    echo "Failed to regenerate public key from private key." >&2
+    exit 1
+  fi
+fi
+
+# If no keys at all, generate new one
+echo "No SSH key found. Generating a new SSH key at: $PRIVATE_KEY"
+mkdir -p "$USER_HOME/.ssh"
+chmod 700 "$USER_HOME/.ssh"
+
+ssh-keygen -t rsa -b 4096 -C "admin@localhost" -f "$PRIVATE_KEY" -N ""
+
+# Output the new key
+if [ -f "${PRIVATE_KEY}.pub" ]; then
+  echo
+  echo "New SSH key generated at: ${PRIVATE_KEY}.pub"
+  cat "${PRIVATE_KEY}.pub"
+  exit 0
+else
+  echo "Failed to generate SSH key." >&2
+  exit 1
+fi
diff --git a/tasks/rapbian_desktop_prov.yml b/tasks/rapbian_desktop_prov.yml
new file mode 100644
index 0000000..5ff1995
--- /dev/null
+++ b/tasks/rapbian_desktop_prov.yml
@@ -0,0 +1,79 @@
+---
+- name: Install LDAP client and Bitwarden Extension on Raspbian Desktop
+  hosts: pi5
+  become: true
+  become_user: root
+  gather_facts: true
+
+  vars:
+    # System detection
+    is_raspbian_desktop: false
+
+  pre_tasks:
+    - name: Check if Raspbian Desktop (GUI) is installed
+      ansible.builtin.shell: dpkg -l | grep raspberrypi-ui-mods
+      register: raspbian_desktop_check
+      changed_when: false
+      failed_when: false
+      tags: [system_check]
+
+    - name: Check if Chromium is installed
+      ansible.builtin.shell: which chromium-browser || which chromium
+      register: chromium_check
+      changed_when: false
+      failed_when: false
+      tags: [system_check]
+
+    - name: Set fact if host is Raspbian Desktop
+      ansible.builtin.set_fact:
+        is_raspbian_desktop: true
+      when:
+        - ansible_distribution | lower in ['raspbian', 'debian']
+        - raspbian_desktop_check.rc == 0
+        - chromium_check.rc == 0
+      tags: [system_check]
+
+    - name: Verify LDAP password is set
+      assert:
+        that: ldap_bind_pw is defined
+        fail_msg: "ldap_bind_pw must be defined in vault file"
+        success_msg: "LDAP password verification successful"
+      when: is_raspbian_desktop
+      tags: [always]
+
+  roles:
+    - role: bitwarden_chromium
+      when: is_raspbian_desktop
+      tags: [bitwarden]
+
+    - role: ldap-client
+      vars:
+        enable_auth: true
+        vault_ldap_password: "{{ ldap_bind_pw }}"
+        nss_services:
+          - passwd
+          - group
+          - shadow
+      when: is_raspbian_desktop
+      tags: [ldap]
+
+  # post_tasks:
+  #   - name: Verify LDAP authentication
+  #     block:
+  #       - name: Test LDAP user lookup
+  #         ansible.builtin.command: id "{{ test_ldap_user | default('testuser') }}"
+  #         register: ldap_test
+  #         changed_when: false
+  #         failed_when: false
+
+  #       - name: Show LDAP test results
+  #         debug:
+  #           msg: "LDAP user lookup {{ 'successful' if ldap_test.rc == 0 else 'failed' }}"
+  #     when: 
+  #       - is_raspbian_desktop
+  #       - enable_auth | default(true)
+  #     tags: [test, ldap]
+
+
+# TODO
+# - install pavucontrol
\ No newline at end of file
diff --git a/tasks/test_remote.yml b/tasks/test_remote.yml
new file mode 100644
index 0000000..c446da2
--- /dev/null
+++ b/tasks/test_remote.yml
@@ -0,0 +1,23 @@
+- name: Gather and print relevant system facts
+  hosts: all
+  gather_facts: false  # disable default full fact gathering
+
+  tasks:
+    - name: Gather only selected facts
+      ansible.builtin.setup:
+        filter:
+          - ansible_hostname
+          - ansible_distribution
+          - ansible_distribution_version
+          - ansible_kernel
+          - ansible_architecture
+          - ansible_default_ipv4
+
+    - name: Show relevant facts
+      ansible.builtin.debug:
+        msg:
+          - "Hostname: {{ ansible_facts['hostname'] }}"
+          - "OS: {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_version'] }}"
+          - "Kernel: {{ ansible_facts['kernel'] }}"
+          - "Architecture: {{ ansible_facts['architecture'] }}"
+          - "IP Address: {{ ansible_facts['default_ipv4']['address'] }}"
diff --git a/tasks/update_roles.sh b/tasks/update_roles.sh
new file mode 100644
index 0000000..b09be12
--- /dev/null
+++ b/tasks/update_roles.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Exit on any error
+set -euo pipefail
+
+# Define project root (one level up from tasks/)
+PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+REQUIREMENTS_FILE="$PROJECT_ROOT/requirements.yml"
+ROLES_DIR="$PROJECT_ROOT/roles"
+# ANSIBLE_CFG="$PROJECT_ROOT/ansible.cfg"
+
+echo "🔧 [INFO] Running deployment from: $PROJECT_ROOT"
+echo "📦 [INFO] Installing roles from: $REQUIREMENTS_FILE"
+
+# Step 1: Install roles
+ansible-galaxy install -r "$REQUIREMENTS_FILE" -p "$ROLES_DIR"
+
+# # Step 2: Run playbook
+# echo "🚀 [INFO] Running playbook: $PLAYBOOK_FILE"
+# ANSIBLE_CONFIG="$ANSIBLE_CFG" ansible-playbook "$PLAYBOOK_FILE" -i "$INVENTORY_DIR"
+
+echo "✅ [SUCCESS] Roles updated successfully from requirements."