diff --git a/ansible/playbooks/adhoc-facts-refresh.yml b/ansible/playbooks/adhoc-facts-refresh.yml
index 8e80fe1..4a9e645 100644
--- a/ansible/playbooks/adhoc-facts-refresh.yml
+++ b/ansible/playbooks/adhoc-facts-refresh.yml
@@ -1,6 +1,6 @@
 ---
 - hosts: all
-  become: True
+  become: true
   tasks:
     - name: Force a fact refresh to have those available in local cache
       setup:
diff --git a/ansible/playbooks/adhoc-ipagroups.yml b/ansible/playbooks/adhoc-ipagroups.yml
index 4217541..c8b48b1 100644
--- a/ansible/playbooks/adhoc-ipagroups.yml
+++ b/ansible/playbooks/adhoc-ipagroups.yml
@@ -1,6 +1,6 @@
 ---
 # This playbook is meant to be used with callable variables, like adhoc or AWX.
-# What: Creates groups in the idm infrastructure based on the variables provided.
+# What: Creates groups in the idm infrastructure based on the variables provided
 
 - name: Create our initial users
   hosts: ipaserver
@@ -27,4 +27,3 @@
         nonposix: "{{ ipaPosix }}"
       tags:
         - groups
-
diff --git a/ansible/playbooks/adhoc-ipausers.yml b/ansible/playbooks/adhoc-ipausers.yml
index 36f8170..5fa45db 100644
--- a/ansible/playbooks/adhoc-ipausers.yml
+++ b/ansible/playbooks/adhoc-ipausers.yml
@@ -1,6 +1,5 @@
 ---
 # This playbook is meant to be used with callable variables, like adhoc or AWX.
-# 
 # What: Creates users in the idm infrastructure based on the variables provided.
 
 - name: Create a User
@@ -36,4 +35,3 @@
         update_password: on_create
       tags:
         - users
-
diff --git a/ansible/playbooks/handlers/handlers b/ansible/playbooks/handlers/handlers
deleted file mode 120000
index 1d3863c..0000000
--- a/ansible/playbooks/handlers/handlers
+++ /dev/null
@@ -1 +0,0 @@
-playbooks/handlers
\ No newline at end of file
diff --git a/ansible/playbooks/handlers/main.yml b/ansible/playbooks/handlers/main.yml
index c4fed87..01abf1e 100644
--- a/ansible/playbooks/handlers/main.yml
+++ b/ansible/playbooks/handlers/main.yml
@@ -21,4 +21,3 @@
   service:
     name: auditd
     state: restarted
-
diff --git a/ansible/playbooks/import-rockygroups.yml b/ansible/playbooks/import-rockygroups.yml
index f28e147..ae87ae5 100644
--- a/ansible/playbooks/import-rockygroups.yml
+++ b/ansible/playbooks/import-rockygroups.yml
@@ -5,8 +5,7 @@
     ipaadmin_password: "{{ ipaadmin_password }}"
     name: "{{ item.group }}"
     description: "{{ item.description }}"
-    nonposix: no
+    nonposix: false
   loop: "{{ ipagroups }}"
   tags:
     - groups
-
diff --git a/ansible/playbooks/import-rockysudo.yml b/ansible/playbooks/import-rockysudo.yml
index 2463254..4c54958 100644
--- a/ansible/playbooks/import-rockysudo.yml
+++ b/ansible/playbooks/import-rockysudo.yml
@@ -10,4 +10,3 @@
       - rockyadm
     hostcat: all
     cmdcat: all
-
diff --git a/ansible/playbooks/import-rockyusers.yml b/ansible/playbooks/import-rockyusers.yml
index 6d4a4f9..1390fb7 100644
--- a/ansible/playbooks/import-rockyusers.yml
+++ b/ansible/playbooks/import-rockyusers.yml
@@ -16,4 +16,3 @@
   loop: "{{ users }}"
   tags:
     - users
-
diff --git a/ansible/playbooks/init-rocky-install-kvm-hosts.yml b/ansible/playbooks/init-rocky-install-kvm-hosts.yml
index c77c55d..373e802 100644
--- a/ansible/playbooks/init-rocky-install-kvm-hosts.yml
+++ b/ansible/playbooks/init-rocky-install-kvm-hosts.yml
@@ -40,7 +40,7 @@
       systemd:
         name: libvirtd
         state: started
-        enabled: yes
+        enabled: true
 
     - name: Verify KVM module is loaded
       shell: "lsmod | grep -i kvm"
@@ -52,4 +52,6 @@
       file:
         path: /var/log/ansible.run
         state: touch
-
+        mode: '0644'
+        user: root
+        group: root
diff --git a/ansible/playbooks/init-rocky-ipa-internal-dns.yml b/ansible/playbooks/init-rocky-ipa-internal-dns.yml
index 7e4cbce..a659bf4 100644
--- a/ansible/playbooks/init-rocky-ipa-internal-dns.yml
+++ b/ansible/playbooks/init-rocky-ipa-internal-dns.yml
@@ -5,6 +5,7 @@
   become: false
   vars_files:
   - vars/encpass.yml
+  - vars/rdns.yml
 
   tasks:
     - name: "Checking for user variables"
@@ -14,9 +15,8 @@
         success_msg: "Required variables provided"
         fail_msg: "We are missing ipa admin password"
 
-    - name: "Start users"
+    - name: "Create Reverse Domains"
       ipadnszone:
         ipaadmin_password: '{{ ipaadmin_password }}'
         name: '{{ internal_domain }}'
-      with_items:
-        - dev.rockylinux.org
+      with_items: '{{ rdns }}'
diff --git a/ansible/playbooks/init-rocky-system-config.yml b/ansible/playbooks/init-rocky-system-config.yml
index 10b7e27..2675f87 100644
--- a/ansible/playbooks/init-rocky-system-config.yml
+++ b/ansible/playbooks/init-rocky-system-config.yml
@@ -25,7 +25,7 @@
       include: tasks/variable_loader_common.yml
 
     - name: Configure SSH
-      include: tasks/ssh-config.yml
+      include: tasks/ssh_config.yml
 
     - name: Configure harden settings
       include: tasks/harden.yml
@@ -38,4 +38,3 @@
         mode: '0644'
         user: root
         group: root
-
diff --git a/ansible/playbooks/role-rocky-ipa-client.yml b/ansible/playbooks/role-rocky-ipa-client.yml
index 696f062..6de3fb8 100644
--- a/ansible/playbooks/role-rocky-ipa-client.yml
+++ b/ansible/playbooks/role-rocky-ipa-client.yml
@@ -20,13 +20,14 @@
         msg: "/etc/no-ansible exists - skipping run on this node"
 
   roles:
-  - role: ipaclient
-    state: present
-
+    - role: ipaclient
+      state: present
 
   post_tasks:
     - name: Touching run file that ansible has ran here
       file:
         path: /var/log/ansible.run
         state: touch
-
+        mode: '0644'
+        user: root
+        group: root
diff --git a/ansible/playbooks/role-rocky-ipa-replica.yml b/ansible/playbooks/role-rocky-ipa-replica.yml
index 4ca2ca3..ba911c6 100644
--- a/ansible/playbooks/role-rocky-ipa-replica.yml
+++ b/ansible/playbooks/role-rocky-ipa-replica.yml
@@ -27,14 +27,14 @@
       ini_file:
         path: /etc/NetworkManager/NetworkManager.conf
         state: present
-        no_extra_spaces: yes
+        no_extra_spaces: true
         section: main
         option: dns
         value: none
         owner: root
         group: root
         mode: 0644
-        backup: yes
+        backup: true
       notify:
         - reload_networkmanager
 
@@ -45,17 +45,19 @@
         owner: root
         group: root
         mode: 0644
-        backup: yes
+        backup: true
       notify:
         - reload_networkmanager
 
   roles:
-  - role: ipareplica
-    state: present
+    - role: ipareplica
+      state: present
 
   post_tasks:
     - name: Touching run file that ansible has ran here
       file:
         path: /var/log/ansible.run
         state: touch
-
+        mode: '0644'
+        user: root
+        group: root
diff --git a/ansible/playbooks/role-rocky-ipa.yml b/ansible/playbooks/role-rocky-ipa.yml
index 512360b..5241c63 100644
--- a/ansible/playbooks/role-rocky-ipa.yml
+++ b/ansible/playbooks/role-rocky-ipa.yml
@@ -23,28 +23,30 @@
           - "not no_ansible.stat.exists"
         msg: "/etc/no-ansible exists - skipping run on this node"
 
-    - name: Ensure 'dns=none' is set for Network Manager to avoid DNS servers being changed
+    - name: Ensure 'dns=none' is set for Network Manager to avoid change
       ini_file:
         path: /etc/NetworkManager/NetworkManager.conf
         state: present
-        no_extra_spaces: yes
+        no_extra_spaces: true
         section: main
         option: dns
         value: none
         owner: root
         group: root
         mode: 0644
-        backup: yes
+        backup: true
       notify:
         - reload_networkmanager
 
   roles:
-  - role: ipaserver
-    state: present
+    - role: ipaserver
+      state: present
 
   post_tasks:
     - name: Touching run file that ansible has ran here
       file:
         path: /var/log/ansible.run
         state: touch
-
+        mode: '0644'
+        user: root
+        group: root
diff --git a/ansible/playbooks/tasks/harden.yml b/ansible/playbooks/tasks/harden.yml
index 264b1d1..2e04760 100644
--- a/ansible/playbooks/tasks/harden.yml
+++ b/ansible/playbooks/tasks/harden.yml
@@ -10,8 +10,8 @@
     name: '{{ item.key }}'
     value: '{{ item.value }}'
     state: present
-    ignoreerrors: yes
-    sysctl_set: yes
+    ignoreerrors: true
+    sysctl_set: true
     sysctl_file: /etc/sysctl.d/99-ansible.conf
   with_dict: '{{ sysctl_config }}'
   tags:
@@ -124,7 +124,7 @@
         - harden
 
 # Leaving this out for now as we don't know the implications of the audit rules
-# on build systems yet. 
+# on build systems yet.
 #    - name: Ensure collection audit rules are available
 #      template:
 #        src: "etc/audit/rules.d/collection.rules.j2"
@@ -137,4 +137,3 @@
 #        - restart_auditd
 #      tags:
 #        - harden
-
diff --git a/ansible/playbooks/tasks/ssh-config.yml b/ansible/playbooks/tasks/ssh-config.yml
deleted file mode 100644
index 3accb0a..0000000
--- a/ansible/playbooks/tasks/ssh-config.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-- name: Ensure SSH is installed - it should be
-  package:
-    name: openssh-server
-    state: present
-
-- name: ssh configuration - global
-  block:
-  - name: ssh configuration - base
-    template:
-      src: "etc/ssh/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-sshd_config.j2"
-      dest: /etc/ssh/sshd_config
-      owner: root
-      group: root
-      mode: '0600'
-      validate: /usr/sbin/sshd -t -f %s
-      backup: yes
-    notify: restart_ssh
-
-  - name: ssh banner
-    copy:
-      src: "etc/rockybanner"
-      dest: "/etc/rockybanner"
-      owner: root
-      group: root
-      mode: '0644'
-    notify: restart_ssh
-
-  - name: Remove dsa keys
-    file:
-      path: "{{ item }}"
-      state: absent
-    with_items:
-      - /etc/ssh/ssh_host_dsa_key.pub
-      - /etc/ssh/ssh_host_dsa_key
diff --git a/ansible/playbooks/tasks/ssh_config.yml b/ansible/playbooks/tasks/ssh_config.yml
new file mode 100644
index 0000000..6a422c0
--- /dev/null
+++ b/ansible/playbooks/tasks/ssh_config.yml
@@ -0,0 +1,40 @@
+---
+- name: Ensure SSH is installed - it should be
+  package:
+    name: openssh-server
+    state: present
+
+- name: ssh configuration - global
+  block:
+    - name: ssh configuration - base
+      template:
+        src: "etc/ssh/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-sshd_config.j2"
+        dest: /etc/ssh/sshd_config
+        owner: root
+        group: root
+        mode: '0600'
+        validate: /usr/sbin/sshd -t -f %s
+        backup: true
+      notify: restart_ssh
+  rescue:
+    - name: Print errors for configuration and validation
+      debug:
+        msg: "Error in configuration or template"
+
+- name: ssh banner
+  copy:
+    src: "etc/rockybanner"
+    dest: "/etc/rockybanner"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart_ssh
+
+
+- name: Remove dsa keys
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /etc/ssh/ssh_host_dsa_key.pub
+    - /etc/ssh/ssh_host_dsa_key
diff --git a/ansible/playbooks/vars/rdns.yml b/ansible/playbooks/vars/rdns.yml
new file mode 100644
index 0000000..b1b56b3
--- /dev/null
+++ b/ansible/playbooks/vars/rdns.yml
@@ -0,0 +1,10 @@
+---
+rdns:
+  - 0.1.10.in-addr.arpa.
+  - 2.1.10.in-addr.arpa.
+  - 8.1.10.in-addr.arpa.
+  - 14.1.10.in-addr.arpa.
+  - 0.16.10.in-addr.arpa.
+  - 2.16.10.in-addr.arpa.
+  - 8.16.10.in-addr.arpa.
+  - 14.16.10.in-addr.arpa.
diff --git a/ansible/playbooks/vars/sudorules.yml b/ansible/playbooks/vars/sudorules.yml
index cd21505..ed97d53 100644
--- a/ansible/playbooks/vars/sudorules.yml
+++ b/ansible/playbooks/vars/sudorules.yml
@@ -1,2 +1 @@
 ---
-