diff --git a/ansible/README.md b/ansible/README.md
index 6b111ce..b7020b5 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -167,3 +167,23 @@ When initializing the ansible host, you should be in `./infrastructure/ansible`
 % cd infrastructure/ansible
 % ansible-playbook playbooks/init-rocky-ansible-host.yml
 ```
+
+## Initializing the environment
+
+To get a base environment, you will need to run the playbooks in this order.
+
+```
+# Ansible host
+init-rocky-ansible-host.yml
+# First IPA server
+role-rocky-ipa.yml
+# Replicas
+role-rocky-ipa-replica.yml
+# Base users, groups, and DNS
+init-rocky-ipa-team.yml
+init-rocky-ipa-internal-dns.yml
+# All clients should be listed under [ipaclients]
+role-rocky-ipa-client.yml
+# All systems should be hardened
+init-rocky-system-config.yml
+```
diff --git a/ansible/playbooks/adhoc-ipagetcert.yml b/ansible/playbooks/adhoc-ipagetcert.yml
index af4f63d..1a919c0 100644
--- a/ansible/playbooks/adhoc-ipagetcert.yml
+++ b/ansible/playbooks/adhoc-ipagetcert.yml
@@ -17,14 +17,14 @@
   vars:
     ipa_getcert_requested_hostnames:
       - name: "{{ getcert_name|default(ansible_fqdn) }}"
-        owner: "{{ getcert_owner|default(omit) }}"
-        key_location: "{{ getcert_key|default(omit) }}"
-        cert_location: "{{ getcert_cert|default(omit) }}"
-        nss_db_dir: "{{ getcert_nss_db_dir|default(omit) }}"
+        owner: "{{ getcert_owner|default('root') }}"
+        key_location: "{{ getcert_key|default('/etc/pki/tls/private/newcert.key') }}"
+        cert_location: "{{ getcert_cert|default('/etc/pki/tls/certs/newcert.crt') }}"
+        nss_db_dir: "{{ getcert_nss_db_dir|default('/etc/pki/tls/db') }}"
         nss_nickname: "{{ getcert_nss_nickname|default(ansible_fqdn) }}"
-        postcmd: "{{ getcert_postcmd|default(omit) }}"
-    ipa_getcert_chain: "{{ getcert_chain|default(omit) }}"
-    ipa_getcert_chain_location: "{{ getcert_chain_location|default(omit) }}"
+        postcmd: "{{ getcert_postcmd|default(false) }}"
+    ipa_getcert_chain: "{{ getcert_chain|default(false) }}"
+    ipa_getcert_chain_location: "{{ getcert_chain_location|default('/etc/pki/tls/chain') }}"
     ipa_getcert_nss: "{{ getcert_nss|default(false) }}"
 
   roles:
diff --git a/ansible/playbooks/init-rocky-account-services.yml b/ansible/playbooks/init-rocky-account-services.yml
index a5da739..312a4f7 100644
--- a/ansible/playbooks/init-rocky-account-services.yml
+++ b/ansible/playbooks/init-rocky-account-services.yml
@@ -4,7 +4,7 @@
   hosts: "{{ host }}"
   become: true
 
-  handers:
+  handlers:
     - import_tasks: handlers/main.yml
 
   pre_tasks:
diff --git a/ansible/playbooks/init-rocky-bugzilla.yml b/ansible/playbooks/init-rocky-bugzilla.yml
index fe16092..dae4b5a 100644
--- a/ansible/playbooks/init-rocky-bugzilla.yml
+++ b/ansible/playbooks/init-rocky-bugzilla.yml
@@ -4,7 +4,7 @@
   hosts: "{{ host }}"
   become: true
 
-  handers:
+  handlers:
     - import_tasks: handlers/main.yml
 
   pre_tasks:
diff --git a/ansible/playbooks/init-rocky-builder-postfix.yml b/ansible/playbooks/init-rocky-builder-postfix.yml
index 02157bb..97bf800 100644
--- a/ansible/playbooks/init-rocky-builder-postfix.yml
+++ b/ansible/playbooks/init-rocky-builder-postfix.yml
@@ -6,7 +6,7 @@
   vars_files:
     - vars/buildsys.yml
 
-  handers:
+  handlers:
     - import_tasks: handlers/main.yml
 
   pre_tasks:
diff --git a/ansible/playbooks/init-rocky-noggin-theme.yml b/ansible/playbooks/init-rocky-noggin-theme.yml
index 2ae8d34..7d80e0f 100644
--- a/ansible/playbooks/init-rocky-noggin-theme.yml
+++ b/ansible/playbooks/init-rocky-noggin-theme.yml
@@ -4,7 +4,7 @@
   hosts: "idp"
   become: true
 
-  handers:
+  handlers:
     - import_tasks: handlers/main.yml
 
   pre_tasks:
diff --git a/ansible/playbooks/role-rocky-kojid.yml b/ansible/playbooks/role-rocky-kojid.yml
index fc03071..d69ea2f 100644
--- a/ansible/playbooks/role-rocky-kojid.yml
+++ b/ansible/playbooks/role-rocky-kojid.yml
@@ -7,6 +7,7 @@
   - vars/vaults/encpass.yml
   - vars/common.yml
   - vars/kojid.yml
+  - vars/koji-common.yml
 
   # This is to try to avoid the handler issue in pre/post tasks
   handlers:
@@ -28,13 +29,13 @@
     - name: Check for keytabs - kojid
       stat:
         path: /etc/kojid.keytab
-      register: kojid_keytab
+      register: kojid_keytab_check
       changed_when: "1 != 1"
 
     - name: Verify keytab
       assert:
         that:
-          - "kojid_keytab.stat.exists"
+          - "kojid_keytab_check.stat.exists"
         success_msg: "It is likely we have all keytabs"
         fail_msg: "There are no keytabs. Please build the keytabs."
 
@@ -77,6 +78,9 @@
       state: present
 
   post_tasks:
+    - name: "Setup shared filesystem mount"
+      import_tasks: tasks/koji_efs.yml
+
     - name: Touching run file that ansible has ran here
       file:
         path: /var/log/ansible.run
diff --git a/ansible/playbooks/role-rocky-kojihub.yml b/ansible/playbooks/role-rocky-kojihub.yml
index e1c0b88..dd3d8a3 100644
--- a/ansible/playbooks/role-rocky-kojihub.yml
+++ b/ansible/playbooks/role-rocky-kojihub.yml
@@ -7,6 +7,7 @@
   - vars/vaults/encpass.yml
   - vars/common.yml
   - vars/kojihub.yml
+  - vars/koji-common.yml
 
   # This is to try to avoid the handler issue in pre/post tasks
   handlers:
@@ -110,6 +111,9 @@
       state: present
 
   post_tasks:
+    - name: "Setup shared filesystem mount"
+      import_tasks: tasks/koji_efs.yml
+
     - name: Touching run file that ansible has ran here
       file:
         path: /var/log/ansible.run
diff --git a/ansible/playbooks/tasks/koji_efs.yml b/ansible/playbooks/tasks/koji_efs.yml
new file mode 100644
index 0000000..007d44a
--- /dev/null
+++ b/ansible/playbooks/tasks/koji_efs.yml
@@ -0,0 +1,21 @@
+---
+# Sets up the EFS mount for /mnt/koji {{ koji_efs_mount_path }}
+# Requires amazon-efs-utils; included
+#
+- name: Installing amazon-efs-utils
+  yum:
+    name: amazon-efs-utils
+    state: present
+  tags:
+    - amazon_efs_utils
+    - packages
+
+- name: "Creating and mounting {{ koji_efs_fsid }} at {{ koji_efs_mount_path }}"
+  ansible.posix.mount:
+    path: "{{ koji_efs_mount_path }}"
+    src: "{{ koji_efs_fsid }}:/"
+    fstype: "{{ koji_efs_fs_type }}"
+    opts: "{{ koji_efs_fs_opts | join(',') }}"
+    state: "{{ koji_efs_fs_state | default('mounted') }}"
+  tags:
+    - mounts
diff --git a/ansible/playbooks/tasks/postfix_relay.yml b/ansible/playbooks/tasks/postfix_relay.yml
index 7cc58cf..ba984a5 100644
--- a/ansible/playbooks/tasks/postfix_relay.yml
+++ b/ansible/playbooks/tasks/postfix_relay.yml
@@ -33,5 +33,5 @@
 - name: Ensure postfix is running and enabled
   service:
     name: postfix
-    state: running
+    state: restarted
     enabled: true
diff --git a/ansible/playbooks/vars/koji-common.yml b/ansible/playbooks/vars/koji-common.yml
new file mode 100644
index 0000000..67f942d
--- /dev/null
+++ b/ansible/playbooks/vars/koji-common.yml
@@ -0,0 +1,8 @@
+---
+# Koji common
+koji_efs_mount_path: /mnt/koji
+koji_efs_fsid: whatever.amazonaws.com
+koji_efs_fs_type: efs
+koji_efs_fs_opts:
+  - tls
+  - iam
diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml
index 46b4cdf..1400d44 100644
--- a/ansible/roles/requirements.yml
+++ b/ansible/roles/requirements.yml
@@ -38,3 +38,4 @@ collections:
   - name: ansible.posix
   - name: ktdreyer.koji_ansible
   - name: netbox.netbox
+  - name: community.aws