diff --git a/ansible/Dockerfile b/ansible/Dockerfile
index 463da18..e26e748 100644
--- a/ansible/Dockerfile
+++ b/ansible/Dockerfile
@@ -46,6 +46,7 @@ RUN python3 -m venv /opt/ansible-venv --system-site-packages && \
 
 # Create a directory for Ansible configuration
 RUN mkdir /etc/ansible/
+WORKDIR /etc/ansible/
 
 # Set environment variables for Ansible
 ENV PATH="/opt/ansible-venv/bin:$PATH"
diff --git a/ansible/etc-ansible-config/ansible.cfg b/ansible/etc-ansible-config/ansible.cfg
index 24a7d9a..666d002 100644
--- a/ansible/etc-ansible-config/ansible.cfg
+++ b/ansible/etc-ansible-config/ansible.cfg
@@ -1,9 +1,13 @@
 [defaults]
 inventory = /etc/ansible/hosts
 remote_user = sysadmin
-host_key_checking = True
+host_key_checking = False
 retry_files_enabled = False
 private_key_file = /home/sysadmin/.ssh/id_rsa
 
+[privilege_escalation]
+become=True
+become_password=''
+
 [web:vars]
-ansible_python_interpreter=/usr/bin/python3
\ No newline at end of file
+ansible_python_interpreter=/usr/bin/python3
diff --git a/ansible/etc-ansible-config/roles/wordpress/tasks/main.yml b/ansible/etc-ansible-config/roles/wordpress/tasks/main.yml
new file mode 100644
index 0000000..f4d174c
--- /dev/null
+++ b/ansible/etc-ansible-config/roles/wordpress/tasks/main.yml
@@ -0,0 +1,79 @@
+- name: Add Apache2's www-data user to sudo group
+  user:
+    name: www-data
+    groups: sudo
+    append: yes
+
+- name: Enable passwordless startup for www-data
+  copy:
+    dest: /etc/sudoers.d/www-data_startupservice
+    content: "www-data ALL=(ALL) NOPASSWD:ALL"
+    mode: '0440'  # Correct mode for sudoers file
+
+- name: Ensure wp directory exists and has correct permissions
+  file:
+    path: /usr/local/bin/wp
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: '0755'
+
+- name: Install WordPress CLI (WP-CLI)
+  get_url:
+    url: https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
+    dest: /usr/local/bin/wp
+    mode: '0755'
+
+
+- name: Create WP-CLI directory for www-data
+  file:
+    path: /var/www/.wp-cli
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: '0755'
+
+- name: Create the WordPress directory and set permissions
+  file:
+    path: /var/www/dev/wp-content/uploads
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: '0755'
+
+- name: Check Wordpress installed
+  stat:
+    path: /var/www/dev/wp-config.php
+  register: wp_config
+
+- name: Use WP_CLI to install WordPress
+  shell: sudo -u www-data /usr/local/bin/wp/wp-cli.phar core download --version={{wp_version}}
+  when: not wp_config.stat.exists
+  args:
+    chdir: /var/www/dev
+  vars:
+    wp_version: 6.3.4
+
+# Download wp-config-docker.php for use as wp-config.php
+- name: WordPress basic configuration
+  get_url:
+    url: https://raw.githubusercontent.com/docker-library/wordpress/master/latest/php8.2/apache/wp-config-docker.php
+    dest: /var/www/dev/wp-config.php
+    owner: www-data
+    group: www-data
+    mode: '0644'
+
+- name: Use awk to replace all instances of "put your unique phrase here" with a unique string
+  shell: |
+    awk '
+    /put your unique phrase here/ {
+        cmd = "head -c1m /dev/urandom | sha1sum | cut -d\\\\  -f1";
+        cmd | getline str;
+        close(cmd);
+        gsub("put your unique phrase here", str);
+    }
+    { print }
+    ' /var/www/dev/wp-config.php > /var/www/dev/wp-config.tmp \
+    && mv /var/www/dev/wp-config.tmp /var/www/dev/wp-config.php
+  args:
+    chdir: /var/www/dev
\ No newline at end of file
diff --git a/ansible/etc-ansible-config/site.yml b/ansible/etc-ansible-config/site.yml
new file mode 100644
index 0000000..400c6f4
--- /dev/null
+++ b/ansible/etc-ansible-config/site.yml
@@ -0,0 +1,3 @@
+- hosts: web
+  roles:
+    - wordpress
diff --git a/db/Dockerfile b/db/Dockerfile
index c0481dd..d367b98 100644
--- a/db/Dockerfile
+++ b/db/Dockerfile
@@ -30,6 +30,11 @@ RUN mkdir -p /run/sshd
 
 # Expose SSH port
 EXPOSE 22
+EXPOSE 3306
 
-# Start SSH service
-CMD ["/usr/sbin/sshd", "-D"]
+# Add mariadb service startup script
+COPY ./db/startupservice.sh /startupservice.sh
+RUN chmod +x /startupservice.sh
+
+ENTRYPOINT ["/startupservice.sh"]
+CMD ["mariadbd"]
\ No newline at end of file
diff --git a/db/startupservice.sh b/db/startupservice.sh
new file mode 100644
index 0000000..d21d0ca
--- /dev/null
+++ b/db/startupservice.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+
+# https://en.wikipedia.org/wiki/ANSI_escape_code
+E0="$(printf "\e[0m")"        # reset
+E1="$(printf "\e[1m")"        # bold
+
+echo "${E1}Starting mariadb: http://127.0.0.1:3306${E0}"
+
+# Start mariadb in the background
+docker-entrypoint.sh "$@"
+
+# Start SSH service
+/usr/sbin/sshd -D
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 651cdae..401156f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -57,6 +57,7 @@ services:
       - '22002:22'
     restart: on-failure
     volumes:
+      - ./web/etc-apache2-sites-available:/etc/apache2/sites-available
       - wp-data:/var/www/dev
       - ./sysadmin-ssh-keys/rsa_sysadmin:/home/sysadmin/.ssh/id_rsa:ro
       - ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/id_rsa.pub:ro
diff --git a/web/Dockerfile b/web/Dockerfile
index f64a651..6d3eaa7 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -1,5 +1,4 @@
-# https://docs.docker.com/engine/reference/builder/
-# https://hub.docker.com/_/debian
+# Use the Debian Bookworm Slim base image
 FROM debian:bookworm-slim
 
 # Configure apt not to prompt during docker build
@@ -47,6 +46,9 @@ RUN useradd -m -s /bin/bash sysadmin && \
     echo "sysadmin:sysadmin" | chpasswd && \
     usermod -aG sudo sysadmin
 
+# Copy the sudoers file for sysadmin user to the appropriate directory
+COPY ./web/etc-sudoers.d/sysadmin_all_nopass /etc/sudoers.d/sysadmin_all_nopass
+
 # Ensure SSH directory exists with correct permissions
 RUN mkdir -p /home/sysadmin/.ssh && \
     chown sysadmin:sysadmin /home/sysadmin/.ssh && \
@@ -57,10 +59,10 @@ RUN mkdir -p /run/sshd
 
 # Add Apache2's www-data user to sudo group and enable passwordless startup
 RUN adduser www-data sudo
-COPY web/config-web/www-data_startupservice /etc/sudoers.d/www-data_startupservice
+COPY ./web/etc-sudoers.d/www-data_startupservice /etc/sudoers.d/www-data_startupservice
 
 # Add Apache2 service startup script
-COPY web/config-web/startupservice.sh /startupservice.sh
+COPY ./web/startupservice.sh /startupservice.sh
 RUN chmod +x /startupservice.sh
 CMD ["sudo", "--preserve-env", "/startupservice.sh"]
 
@@ -76,50 +78,13 @@ RUN a2enmod php8.2
 RUN a2enmod rewrite
 
 # Configure PHP
-COPY web/config-web/90-local.ini /etc/php/8.2/apache2/conf.d/
-
-# Install WordPress CLI (WP-CLI)
-# https://wp-cli.org/#installing
-RUN curl -L \
-    https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar \
-    -o wp-cli.phar \
-    && chmod +x wp-cli.phar \
-    && mv wp-cli.phar /usr/local/bin/wp
+COPY ./web/etc-php-8.2-apache2-conf.d/90-local.ini /etc/php/8.2/apache2/conf.d/
 
-# Create WP-CLI directory for www-data
-RUN mkdir /var/www/.wp-cli
-RUN chown -R www-data:www-data /var/www/.wp-cli
+# Create the wp directory and set permissions
+RUN mkdir -p /usr/local/bin/wp/
+RUN chown -R www-data:www-data /usr/local/bin/wp/
 
 # Create the dev directory and set permissions
 RUN mkdir -p /var/www/dev/wp-content/uploads
 RUN chown -R www-data:www-data /var/www/dev
 
-# Use WP-CLI to install WordPress
-USER www-data
-WORKDIR /var/www/dev
-ARG WP_VERSION
-RUN wp core download --version=$WP_VERSION
-
-# Add WordPress basic configuration
-# 1) Download wp-config-docker.php for use as wp-config.php. Friendly view at:
-# https://github.com/docker-library/wordpress/blob/master/latest/php8.2/apache/wp-config-docker.php
-RUN curl -L \
-    https://raw.githubusercontent.com/docker-library/wordpress/master/latest/php8.2/apache/wp-config-docker.php \
-    -o /var/www/dev/wp-config.php
-
-# 2) Use awk to replace all instances of "put your unique phrase here" with a
-#    properly unique string (for AUTH_KEY and friends to have safe defaults if
-#    they aren't specified with environment variables)
-#    Based on:
-# https://github.com/docker-library/wordpress/blob/master/latest/php8.2/apache/docker-entrypoint.sh
-RUN awk ' \
-    /put your unique phrase here/ { \
-        cmd = "head -c1m /dev/urandom | sha1sum | cut -d\\  -f1"; \
-        cmd | getline str; \
-        close(cmd); \
-        gsub("put your unique phrase here", str); \
-    } \
-    { print } \
-    ' /var/www/dev/wp-config.php > /var/www/dev/wp-config.tmp \
-    && mv /var/www/dev/wp-config.tmp /var/www/dev/wp-config.php
-
diff --git a/web/config-web/etc-apache2-sites-available/000-default.conf b/web/etc-apache2-sites-available/000-default.conf
similarity index 98%
rename from web/config-web/etc-apache2-sites-available/000-default.conf
rename to web/etc-apache2-sites-available/000-default.conf
index 10f65a3..b963b3f 100644
--- a/web/config-web/etc-apache2-sites-available/000-default.conf
+++ b/web/etc-apache2-sites-available/000-default.conf
@@ -71,4 +71,4 @@ ServerName localhost:8080
 
 </VirtualHost>
 
-# vim: ft=apache ts=4 sw=4 sts=4 sr et
\ No newline at end of file
+# vim: ft=apache ts=4 sw=4 sts=4 sr et
diff --git a/web/config-web/90-local.ini b/web/etc-php-8.2-apache2-conf.d/90-local.ini
similarity index 100%
rename from web/config-web/90-local.ini
rename to web/etc-php-8.2-apache2-conf.d/90-local.ini
diff --git a/web/etc-sudoers.d/sysadmin_all_nopass b/web/etc-sudoers.d/sysadmin_all_nopass
new file mode 100644
index 0000000..090dd70
--- /dev/null
+++ b/web/etc-sudoers.d/sysadmin_all_nopass
@@ -0,0 +1,5 @@
+# vim: ft=sudoers
+#
+# This file MUST be edited with `/usr/sbin/visudo -sf FILENAME`.
+
+%sudo ALL =(ALL) NOPASSWD:ALL
diff --git a/web/config-web/www-data_startupservice b/web/etc-sudoers.d/www-data_startupservice
similarity index 100%
rename from web/config-web/www-data_startupservice
rename to web/etc-sudoers.d/www-data_startupservice
diff --git a/web/config-web/startupservice.sh b/web/startupservice.sh
similarity index 100%
rename from web/config-web/startupservice.sh
rename to web/startupservice.sh