diff --git a/ubuntu/Vagrantfile b/ubuntu/Vagrantfile
index a26586d..8c7d61b 100644
--- a/ubuntu/Vagrantfile
+++ b/ubuntu/Vagrantfile
@@ -80,4 +80,10 @@ Vagrant.configure("2") do |config|
   
     vb.check_guest_additions = false
   end
+
+  config.vm.provision :ansible do |ansible|
+    ansible.compatibility_mode = "2.0"
+    ansible.limit = "all"
+    ansible.playbook = "ansible.yml"
+  end
 end
diff --git a/ubuntu/ansible.yml b/ubuntu/ansible.yml
new file mode 100644
index 0000000..6abe7f1
--- /dev/null
+++ b/ubuntu/ansible.yml
@@ -0,0 +1,67 @@
+---
+# it should be fair to assume that "hosts: all" will do the trick
+- name: Prepare Ubuntu Environment
+  hosts: all
+  become: true
+  tasks:
+    - name: Correct GPT information
+      ansible.builtin.command: sgdisk /dev/vda -e && partprobe
+    - name: Stretch partition
+      register: parted
+      community.general.parted:
+        device: /dev/vda
+        number: 3
+        label: gpt
+        state: present
+        resize: true
+        part_end: "100%"
+    - name: Stretch LVM PV
+      ansible.builtin.command: pvresize /dev/vda3
+    - name: Stretch logical partition
+      community.general.lvol:
+        vg: ubuntu-vg
+        lv: ubuntu-lv
+        resizefs: true
+        size: 100%FREE
+    - name: Base system update
+      ansible.builtin.apt:
+        update_cache: true
+        name: "*"
+        state: latest
+    - name: Install mirroring packages
+      ansible.builtin.apt:
+        name:
+         - nginx
+         - debmirror
+         - rsync
+         - gnupg
+         - xz-utils
+- name: Prepare mirror environment
+  hosts: all
+  become: true
+  vars_files:
+    - config.yml
+  tasks:
+    - name: Create directory tree
+      loop:
+        - /srv/mirror/ubuntu
+        - /srv/mirror/lanyard
+        - /srv/mirror/bin
+      ansible.builtin.file:
+        name: "{{ item }}"
+        state: directory
+    - name: Download GPG keys
+      ansible.builtin.command: gpg --no-default-keyring --keyring /srv/mirror/lanyard/trustedkeys.gpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg
+    - name: Configure debmirror sync
+      ansible.builtin.template:
+        src: debmirror.sh.j2
+        dest: /srv/mirror/bin/debmirror.sh
+        mode: "0755"
+    - name: Initial mirror sync (this can take a while!)
+      ansible.builtin.command: /srv/mirror/bin/debmirror.sh
+    - name: Crontab configuration
+      ansible.builtin.cron:
+        name: mirror-update
+        hour: 2
+        minute: 0
+        job: /srv/mirror/bin/debmirror.sh
diff --git a/ubuntu/config.yml b/ubuntu/config.yml
new file mode 100644
index 0000000..86fbd9c
--- /dev/null
+++ b/ubuntu/config.yml
@@ -0,0 +1,14 @@
+---
+release: "jammy"
+upstream: "us.archive.ubuntu.com"
+arch: "amd64"
+excluded:
+# see https://packages.ubuntu.com/jammy/ for list of sections you can exclude here
+  - localization
+  - translations
+  - debug
+  - gnu-r
+  - zope
+  - oldlibs
+  - otherosfs
+  - embedded
\ No newline at end of file
diff --git a/ubuntu/debmirror.sh.j2 b/ubuntu/debmirror.sh.j2
new file mode 100644
index 0000000..576350c
--- /dev/null
+++ b/ubuntu/debmirror.sh.j2
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+export GNUPGHOME=/srv/mirror/lanyard
+arch={{ arch }}
+section="main,restricted,universe,multiverse"
+release="{{ release }},{{ release }}-updates,{{ release }}-security,{{ release }}-backports"
+upstream="{{ upstream }}"
+inPath="/ubuntu"
+outPath="/srv/mirror/ubuntu"
+proto="rsync"
+
+debmirror -a $arch --no-source --rsync-options "-aIL --partial" \
+          -s $section -h $upstream -d $release -r $inPath \
+          {% for section in excluded %}
+          --exclude-deb-section={{ section }} \
+          {% endfor %}
+          --method=$proto $outPath