diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..bc5c821
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,5 @@
+---
+warn_list:
+ - var-naming[no-role-prefix]
+ - yaml[comments-indentation]
+ - yaml[line-length]
diff --git a/Vagrantfile b/Vagrantfile
new file mode 100644
index 0000000..795daa8
--- /dev/null
+++ b/Vagrantfile
@@ -0,0 +1,56 @@
+# ENV['VAGRANT_NO_PARALLEL'] = 'no'
+NODE_ROLES = ["server-0", "server-1", "server-2", "agent-0", "agent-1"]
+NODE_BOXES = ['generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004', 'generic/ubuntu2004']
+NODE_CPUS = 2
+NODE_MEMORY = 2048
+# Virtualbox >= 6.1.28 require `/etc/vbox/network.conf` for expanded private networks 
+NETWORK_PREFIX = "10.10.10"
+
+def provision(vm, role, node_num)
+  vm.box = NODE_BOXES[node_num]
+  vm.hostname = role
+  # An expanded netmask is required to allow VM<-->VM communication, virtualbox defaults to /32
+  node_ip = "#{NETWORK_PREFIX}.#{100+node_num}"
+  vm.network "private_network", ip: node_ip, netmask: "255.255.255.0"
+
+  vm.provision "ansible", run: 'once' do |ansible|
+    ansible.compatibility_mode = "2.0"
+    ansible.verbose = "vv"
+    ansible.playbook = "playbook/site.yml"
+    ansible.groups = {
+      "server" => NODE_ROLES.grep(/^server/),
+      "agent" => NODE_ROLES.grep(/^agent/),
+      "k3s_cluster:children" => ["server", "agent"],
+    }
+    ansible.extra_vars = {
+      k3s_version: "v1.26.5+k3s1",
+      api_endpoint: "#{NETWORK_PREFIX}.100",
+      api_port: 6443,
+      extra_server_args: "",
+      extra_server_init_args: "",
+      extra_agent_args: "",
+    }
+  end
+
+end
+
+Vagrant.configure("2") do |config|
+  # Default provider is libvirt, virtualbox is only provided as a backup
+  config.vm.provider "libvirt" do |v|
+    v.cpus = NODE_CPUS
+    v.memory = NODE_MEMORY
+  end
+  config.vm.provider "virtualbox" do |v|
+    v.cpus = NODE_CPUS
+    v.memory = NODE_MEMORY
+  end
+  
+  # Must iterate on the index, vagrant does not understand iterating 
+  # over the node roles themselves
+  NODE_ROLES.each_with_index do |name, i|
+    config.vm.define name do |node|
+      provision(node.vm, name, i)
+    end
+  end
+
+end
diff --git a/inventory-sample.yml b/inventory-sample.yml
index c32a10b..cf46422 100644
--- a/inventory-sample.yml
+++ b/inventory-sample.yml
@@ -9,14 +9,17 @@ k3s_cluster:
         192.16.35.12
         192.16.35.13
 
+  # Required Vars
   vars:
     ansible_port: 22
     ansible_user: debian
     k3s_version: v1.25.5+k3s2
-    k3s_server_location: /var/lib/rancher/k3s
-    systemd_dir: /etc/systemd/system
     api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
     api_port: 6443
     extra_server_args: ""
     extra_server_init_args: ""
     extra_agent_args: ""
+
+  # Optional vars
+    # k3s_server_location: /var/lib/rancher/k3s
+    # systemd_dir: /etc/systemd/system
diff --git a/roles/k3s/agent/defaults/main.yml b/roles/k3s/agent/defaults/main.yml
new file mode 100644
index 0000000..e0b678e
--- /dev/null
+++ b/roles/k3s/agent/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+k3s_server_location: "/var/lib/rancher/k3s"
+systemd_dir: "/etc/systemd/system"
diff --git a/roles/k3s/agent/tasks/main.yml b/roles/k3s/agent/tasks/main.yml
index 8167567..2ab6b66 100644
--- a/roles/k3s/agent/tasks/main.yml
+++ b/roles/k3s/agent/tasks/main.yml
@@ -1,4 +1,5 @@
 ---
+
 - name: Copy K3s service file
   ansible.builtin.template:
     src: "k3s-agent.service.j2"
diff --git a/roles/k3s/server/defaults/main.yml b/roles/k3s/server/defaults/main.yml
new file mode 100644
index 0000000..e0b678e
--- /dev/null
+++ b/roles/k3s/server/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+k3s_server_location: "/var/lib/rancher/k3s"
+systemd_dir: "/etc/systemd/system"
diff --git a/roles/k3s/server/tasks/main.yml b/roles/k3s/server/tasks/main.yml
index 5f6bd2d..8028378 100644
--- a/roles/k3s/server/tasks/main.yml
+++ b/roles/k3s/server/tasks/main.yml
@@ -87,6 +87,7 @@
       when: ansible_hostname != groups['server'][0]
 
     - name: Verify that all server nodes joined
+      when: (groups['server'] | length) > 1
       ansible.builtin.command:
         cmd: >
           k3s kubectl get nodes -l "node-role.kubernetes.io/control-plane=true" -o=jsonpath="{.items[*].metadata.name}"
diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml
index f6b7416..7a7932d 100644
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -4,6 +4,12 @@
     state: disabled
   when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux','RedHat']
 
+- name: Install Dependent Ubuntu Packages
+  when: ansible_distribution in ['Ubuntu']
+  ansible.builtin.apt:
+    name: policycoreutils  # Used by install script to restore SELinux context
+    update_cache: yes
+
 - name: Enable IPv4 forwarding
   ansible.posix.sysctl:
     name: net.ipv4.ip_forward
@@ -65,4 +71,6 @@
     src: "{{ k3s_server_location }}"
     force: true
     state: link
-  when: k3s_server_location != "/var/lib/rancher/k3s"
+  when:
+    - k3s_server_location is defined
+    - k3s_server_location != "/var/lib/rancher/k3s"
diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml
index 5351507..0681f92 100644
--- a/roles/raspberrypi/tasks/main.yml
+++ b/roles/raspberrypi/tasks/main.yml
@@ -34,7 +34,7 @@
       ansible_facts.lsb.description|default("") is match("Debian") )
 
 - name: Set detected_distribution to ArchLinux (ARM64)
-  set_fact:
+  ansible.builtin.set_fact:
     detected_distribution: Archlinux
   when:
     - ansible_facts.architecture is search("aarch64")
diff --git a/roles/raspberrypi/tasks/prereq/Archlinux.yml b/roles/raspberrypi/tasks/prereq/Archlinux.yml
index 8251abb..367f44d 100644
--- a/roles/raspberrypi/tasks/prereq/Archlinux.yml
+++ b/roles/raspberrypi/tasks/prereq/Archlinux.yml
@@ -1,14 +1,15 @@
 ---
 - name: Enable cgroup via boot commandline if not already enabled for Archlinux
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /boot/boot.txt
     search_string: setenv bootargs console=ttyS1,115200 console=tty0 root=PARTUUID=${uuid} rw rootwait smsc95xx.macaddr="${usbethaddr}"
     line: setenv bootargs console=ttyS1,115200 console=tty0 root=PARTUUID=${uuid} rw rootwait smsc95xx.macaddr="${usbethaddr}" cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
   register: kernel_cmdline_cgroup
 
 - name: Create
-  shell: ./mkscr
+  ansible.builtin.command: ./mkscr
   args:
     chdir: /boot
   notify: reboot
-  when: kernel_cmdline_cgroup.changed
+  changed_when: false
+  when: kernel_cmdline_cgroup.changed  # noqa: no-handler