diff --git a/vmhost.yml b/vmhost.yml
index 703dff9..d258e1e 100644
--- a/vmhost.yml
+++ b/vmhost.yml
@@ -13,3 +13,35 @@
   serial: 1
   roles:
   - vmhost
+- hosts: vm-hosts
+  tasks:
+  - name: ensure jenkins user exists
+    user:
+      name: jenkins
+      create_home: false
+      state: present
+    check_mode: true
+    register: jenkins_user
+    tags:
+    - user
+  - name: ensure jenkins user home dir exists
+    file:
+      path: '{{ jenkins_user.home }}'
+      owner: '{{ jenkins_user.uid }}'
+      group: '{{ jenkins_user.group }}'
+      mode: u=rwx,go=
+      state: directory
+    tags:
+    - homedir
+  - name: ensure host provisioner ssh key is authorized
+    authorized_key:
+      user: jenkins
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICoOO/ZYMxRgmyvqZwGN3NM5pHyh3NBdC7iZrXIopt93
+      comment: Host Provisioner
+      manage_dir: true
+      key_options: restrict
+      state: present
+    tags:
+    - authorized_keys
+  tags:
+  - host-provisioner