diff --git a/forge-pod.yml b/forge-pod.yml
index 628c1be..c3d5755 100644
--- a/forge-pod.yml
+++ b/forge-pod.yml
@@ -71,9 +71,20 @@ spec:
       image: setup
       volumeMounts:
         - mountPath: /certs
-          subPath: ssh
           name: ublue-os_forge-certs-pvc
           readOnly: true
+      env:
+        - name: ANSIBLE_FORGE_HOST_USER
+          valueFrom:
+            secretKeyRef:
+              name: ublue-os_forge-secure
+              key: ANSIBLE_FORGE_HOST_USER
+
+        - name: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: ublue-os_forge-secure
+              key: ANSIBLE_FORGE_HOST_BECOME_PASSWORD
       workingDir: /ansible
       command:
         - ansible-playbook
diff --git a/setup/Containerfile b/setup/Containerfile
index f3844d0..8c8af2d 100644
--- a/setup/Containerfile
+++ b/setup/Containerfile
@@ -1,6 +1,9 @@
 # Source Image
 FROM docker.io/library/python:alpine3.17
 
+# Install SSH
+RUN apk add openssh
+
 # Install ansible and dependencies
 WORKDIR /ansible
 COPY ./ansible .
diff --git a/setup/ansible/ansible.cfg b/setup/ansible/ansible.cfg
index af089fc..dc4d238 100644
--- a/setup/ansible/ansible.cfg
+++ b/setup/ansible/ansible.cfg
@@ -7,6 +7,8 @@ roles_path = ./roles
 collections_paths = ./collections
 # Localtion for plugins & modules
 library = ./library
+# SSH
+private_key_file = /certs/ssh/ublue-os_forge-id_ed25519
 # Console log settings
 display_skipped_hosts = false
 # Use the stdout_callback when running ad-hoc commands.
diff --git a/setup/ansible/main.yml b/setup/ansible/main.yml
index cdcfa6a..3888b1e 100644
--- a/setup/ansible/main.yml
+++ b/setup/ansible/main.yml
@@ -20,6 +20,8 @@
         groups:
           - forge
         ansible_host: "{{ container_host_ip }}"
+        ansible_user: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_USER') }}"
+        ansible_become_password: "{{ lookup('ansible.builtin.env', 'ANSIBLE_FORGE_HOST_BECOME_PASSWORD') }}"
 
     - name: Add Ansible Semaphore to inventory
       ansible.builtin.add_host:
@@ -30,7 +32,31 @@
         ansible_connection: local
         ansible_python_interpreter: "{{ ansible_playbook_python }}"
 
-## TODO: Add play to configure host system
+- name: Configure host system
+  hosts: forge
+  gather_facts: true
+  tasks:
+    - name: Add ublue.local entries to /etc/hosts
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        search_string: 127.0.0.1 registry.ublue.local forge.ublue.local
+        line: 127.0.0.1 registry.ublue.local forge.ublue.local
+        state: present
+      become: true
+
+    - name: Add ublue.local TSL root certificate to trust anchors
+      ansible.builtin.copy:
+        src: /certs/tls/ublue-os_forge-root.pem
+        dest: /etc/pki/ca-trust/source/anchors/ublue-os_forge-root.pem
+        force: true
+        mode: "0644"
+      become: true
+
+    - name: Update ca-trust store
+      ansible.builtin.command:
+        cmd: update-ca-trust
+      changed_when: false
+      become: true
 
 - name: Configure Ansible Semaphore
   hosts: semaphore