diff --git a/roles/realmd/tasks/main.yaml b/roles/realmd/tasks/main.yaml
index 71bbd80..3148113 100644
--- a/roles/realmd/tasks/main.yaml
+++ b/roles/realmd/tasks/main.yaml
@@ -99,17 +99,45 @@
 - name: Define group in sudoers
   ansible.builtin.lineinfile:
     state: present
-    path: /etc/ssh/sshd_config
+    path: /etc/sudoers
     line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
   when: checksudoers.found == 0
 
+- name: Remove misconfig from sshd
+  ansible.builtin.lineinfile:
+    state: absent
+    path: /etc/ssh/sshd_config
+    line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
+
+- name: Remove old AllowUsers
+  ansible.builtin.lineinfile:
+    state: absent
+    path: /etc/ssh/sshd_config
+    regexp: "^AllowUsers tormakris ansible service-user"
+
+- name: Check if AllowUsers is defined
+  ansible.builtin.lineinfile:
+    state: absent
+    path: /etc/ssh/sshd_config
+    regexp: "intra.tormakris.dev"
+  check_mode: true
+  changed_when: false
+  register: checkallowusers
+
+- name: Define AllowUsers if undefined
+  ansible.builtin.lineinfile:
+    state: present
+    path: /etc/ssh/sshd_config
+    line: "AllowUsers tormakris@intra.tormakris.dev ansible@intra.tormakris.dev service-user@intra.tormakris.dev"
+  when: checkallowusers.found == 0
+
 - name: Create home for tormakris
   ansible.builtin.command:
     cmd: mkhomedir_helper tormakris@intra.tormakris.dev
 
 - name: Remove home directory
   ansible.builtin.file:
-    path: /home/tormakris@intra.tormakris.dev/tormakris
+    path: /home/tormakris@intra.tormakris.dev/tormakris/
     state: absent
     recurse: yes
 
@@ -121,6 +149,18 @@
     owner: tormakris@intra.tormakris.dev
     group: domain users@intra.tormakris.dev
 
+- name: Create home for ansible
+  ansible.builtin.command:
+    cmd: mkhomedir_helper ansible@intra.tormakris.dev
+
+- name: Copy ansible home
+  ansible.builtin.copy:
+    src: /home/ansible/
+    dest: /home/ansible@intra.tormakris.dev/
+    remote_src: yes
+    owner: tormakris@intra.tormakris.dev
+    group: domain users@intra.tormakris.dev
+
 - name: "Update authorized_keys of tormakris"
   ansible.posix.authorized_key:
     user: tormakris@intra.tormakris.dev