diff --git a/host_files/gopass/ssh/caladan/id_ed25519 b/host_files/gopass/ssh/caladan/id_ed25519
new file mode 100644
index 0000000..4712e1f
--- /dev/null
+++ b/host_files/gopass/ssh/caladan/id_ed25519
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+34383032373963613231396533626437346433633538376462383861636434626530306139353032
+6235363039613731633261643730616535353331323936640a363163363732373266343539356136
+66313162396236373333363663636439333733653761393337363332386435346562636265653538
+6264323638353739630a373432636464353265623339663230353839613939663733363261353661
+38663734376439373665333230656332363666633764656335653963396262633566376361386537
+38663363393333643065323065376233396265323831383136346662366339633039363134343963
+62373438656130386333633865383563383336323935346238353065393438643632376539623433
+30316334626533653464616136623162663032643563646630613766356636656137303266623332
+66643431363330643634613432643565356237353935306266643465316664336539343838616439
+32616433346537316635303164346237626666313364633265356635383936636435353631343538
+34303338376533643132393233663134373934613861613439373865343739386262326633373837
+31656438643834663035653462313236633735653362336533323732613936613662363064303731
+30613134616535363137363461373464366637623432326230396631373432666336313530313638
+32313538383065313463383966393965623662373231336163616232393262393130646534613562
+33623533616531626134313230313830643032383937313135343562306434613938656536373366
+39323730636661373836343134626134333432343937343166303165303039613665363263666331
+64343739393061633265323164383830616165393163303632623934633665363262383038613632
+31636662383536393231326435636337646135633834313739663865336537643362623663356131
+63646136353362383262643364636532303961653766656238666134393664663435613034313063
+34303335346331643466646563386233376539376661306633323731313031303138613834376564
+62646566303234346533376232376436396533643762373164663262636334373465306332323762
+65383531393439386134323735303639613337643062396335376564646164323361636564313462
+31623565373961653362656439336264366533663765373733343364343563326433393534663737
+65613037636337306638323665653338336530396664633735653466626136396236366532313831
+6133
diff --git a/host_files/gopass/ssh/caladan/id_ed25519.pub b/host_files/gopass/ssh/caladan/id_ed25519.pub
new file mode 100644
index 0000000..fbaca3b
--- /dev/null
+++ b/host_files/gopass/ssh/caladan/id_ed25519.pub
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+32643933306465633266303062633930626438313638333433623139326164613632656638396330
+3663623032346536333534316439373665306236323639370a633431653234373163373834373961
+39666666366534373364333133333637336236636164373034626536393363666462646164663539
+3564636430313138320a386438653430386538333162343233396239383432353764326135623238
+31663966383131333030336535376463313532666533373030323739373732613861303834623662
+63303365363233353138363561376262653264303332613538646432346239646332633631626430
+34373963656639306533383832663631326434633335336632396465306230376463333836346234
+61313536346161373430386239313531353662363536393733373364326461346538366637306163
+64643032306433326430386539366631316165333834656234613338306362616634
diff --git a/host_files/gopass/ssh/fugu/id_ed25519 b/host_files/gopass/ssh/fugu/id_ed25519
new file mode 100644
index 0000000..a33a31a
--- /dev/null
+++ b/host_files/gopass/ssh/fugu/id_ed25519
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+31626138303462336333393639376166333564353130396564633036653036643531393936353136
+6164396238646332373330383465396537646533383834320a366136666633666231636166336337
+37383461393261323730326131613435656366636138356662616666333665353666363438663134
+3430653763373532660a633463646339363965663937303130353762316334613637313932383837
+38653039653464666565646530346363353138386135326433393633386531356130663835663964
+33666236643762626433656663393165323563613739353234636262616131616535353735613435
+36313463616132326561636461303234323832393566646236323462313339653166306336343738
+37333335633539373030626537616133313937636361393832343061636166343133353634633033
+39666466326630356139666130373161663730666539663636646661306131333934646664316338
+37623430313761376666346365616632366663373731303131373661396163633830363266383230
+61393339356364373266313666383966663137626365303532303061656662666631666135626165
+37333534653638363136346634333735643830653034656364323330306164303431653330613539
+62323865313539653835666564316239373466393138353062316532616530366338343535343038
+30343633646136636137363533373864616464636365363336666164663363363436336133623263
+36373734393234656365633534643736633330323833623832646331613433623633663766313035
+33326331376165323664383664373537353465356139396532666539343666626265393535343263
+34376238316430626664666437323931363738336130383263306634653236383531363065336535
+30613266303161323564306233643261613936633961653832643830306531356139623536633063
+66326564393931353937313835333864333736366662373032653930383435343334333866323562
+66316637623035653336656464363339646135616536303264373136633665323861363566303662
+39303365323535343561616639313535626237343531353830383063313465636561393439643062
+65316165653738626663653364386635663464343166366530333862626334313435643463343861
+37333738666132313634663461613662613961326563393032616231303161383132333166376665
+32383836323532363638363363393963643761303631636363373038346464363230313131653739
+3161
diff --git a/host_files/gopass/ssh/fugu/id_ed25519.pub b/host_files/gopass/ssh/fugu/id_ed25519.pub
new file mode 100644
index 0000000..13fda3c
--- /dev/null
+++ b/host_files/gopass/ssh/fugu/id_ed25519.pub
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+62616332353964363030333133383438383630616536653135383462363530323364343434626134
+6331306164323031626236373666356564316530313633330a326337383866333633663963613865
+36306636336261343537666233643963306636306232663234313762613335643734373263666637
+3634393836363663650a333166613430396166376131363938313632653365386232636132613964
+30323966363338346637653732646136303561633339346231393239393331653561613962626361
+37643734333937376237336130323939373838303834356232663134626639663166333638393365
+39623537653566323333353635333335636361353862336539363736326336383865386661313437
+35393735363766333535333837346235646165623937396339333464663364383830316663666565
+38636236386363656638393032363663393335323162323062333962336165666563
diff --git a/host_files/gopass/ssh/narwhal/id_ed25519 b/host_files/gopass/ssh/narwhal/id_ed25519
new file mode 100644
index 0000000..b128fdf
--- /dev/null
+++ b/host_files/gopass/ssh/narwhal/id_ed25519
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+38313264636163316164336433666637636537633435313337653562393234613162653235303337
+3964646364613664666664636531623835386131303938330a336631353261326636313237356234
+33346461343866396531393562663664626339393962376661623462393933613536616336366230
+3932613239363131360a313334323033333635333434326261613464663966393839336632396264
+38363437343635306566613234383239336636303065326537643332653362313937663866383566
+37613532386237613337313339373665323231313538656465623965386439646364396532343739
+34663933393365336364323531383432333561373362666462623938356332303361356236326431
+63633530623534383832383431616365376431316463633061323032353730373762343830326365
+62323764663539376237633939666462636362323936313032303637303935366565656238613233
+39643963313738653037376364646333313762613232396562393530313262393635616565326234
+64376333336433613065366635303336653134323038356161646264646664663738353963356133
+39313632313233326165313965623637623165386565643438383265386430376538613731613337
+64643362346630306436636430353761666133313533376335373535366638343338383335343630
+33306330313765346265386365303237326633383635316466653133333234306365363530393031
+37363633633661376139333538623265363135636132373833383738633732666234363561333334
+61343066373634393030323863623362633139306136633031383561383536613432363064363162
+64386434383663336334623962383937393663333137306130306333353732373039316664303630
+66346330346533653830373732633934393230613366313335623736353038373166336161326464
+65356133353732666163383831366230396433393263643935656136616666396337383963643063
+30363964383332373266653963323733623937663666616634333561343162393739643934333565
+65396136666430313463623232396539633163313431656139323632303733633061666539303365
+66613732376535643137353337396361363339616366326430393464636239326239333336316234
+63316132363138356162363236363635346530396464313434383839346339643832353561353936
+33623762396439383735636635663861653264393936306631323833353166663831623238316164
+3636
diff --git a/host_files/gopass/ssh/narwhal/id_ed25519.pub b/host_files/gopass/ssh/narwhal/id_ed25519.pub
new file mode 100644
index 0000000..d35a1e5
--- /dev/null
+++ b/host_files/gopass/ssh/narwhal/id_ed25519.pub
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+30346234646333616336346130323264623635383731333133326436363139623130386564303435
+6465663936613233333435616663363339313833643035660a306364336336373534386636313766
+38663138643539616334653436353734656330303730666265313938356530616639633666396230
+3131306366383666370a316331316637383335326464323363326535333933666132656331306363
+62396265393030646332666137626134616133343931636239353935613337336235356437626336
+32373339373233653765396533373662643064636638663438656432353761363862653439636661
+65663564646361396438326264343935336337633262653538316363646638383965303034376335
+65613437316439613663386264366162366561376137666630613863333766343535653330313038
+61393363386336376266376561333336393532643339653433623339663032636461
diff --git a/roles/basic/tasks/main.yml b/roles/basic/tasks/main.yml
index c93fd26..9516d8d 100644
--- a/roles/basic/tasks/main.yml
+++ b/roles/basic/tasks/main.yml
@@ -1,15 +1,20 @@
 ---
 - name: install python3
   apk:
-    name: python3
+    name:
+      - acl
+      - python3
   when: ansible_distribution == "Alpine"
 
 - name: install python3
   apt:
-    name: python3
+    name:
+      - acl
+      - python3
   when: ansible_distribution in ["Debian", "Ubuntu"]
 
 - name: install python3
   openbsd_pkg:
-    name: python3
+    name:
+      - python3
   when: ansible_distribution == "OpenBSD"
diff --git a/roles/gopass/tasks/gitconfig.yml b/roles/gopass/tasks/gitconfig.yml
new file mode 100644
index 0000000..a6cc013
--- /dev/null
+++ b/roles/gopass/tasks/gitconfig.yml
@@ -0,0 +1,8 @@
+---
+
+- name: setup gopass gitconfig
+  template:
+    src: gitconfig.j2
+    dest: /var/lib/gopass/.gitconfig
+    mode: "0644"
+    owner: gopass
diff --git a/roles/gopass/tasks/main.yml b/roles/gopass/tasks/main.yml
index d8f08a3..5fcce89 100644
--- a/roles/gopass/tasks/main.yml
+++ b/roles/gopass/tasks/main.yml
@@ -2,3 +2,9 @@
 
 - name: install gopass
   include_tasks: install.yml
+
+- name: copy ssh keys
+  include_tasks: ssh_keys.yml
+
+- name: gitconfig
+  include_tasks: gitconfig.yml
diff --git a/roles/gopass/tasks/ssh_keys.yml b/roles/gopass/tasks/ssh_keys.yml
new file mode 100644
index 0000000..0a23f29
--- /dev/null
+++ b/roles/gopass/tasks/ssh_keys.yml
@@ -0,0 +1,25 @@
+---
+
+- name: make gopass ssh directory
+  file:
+    state: directory
+    path: /var/lib/gopass/.ssh
+    owner: gopass
+    group: gopass
+    mode: '0700'
+
+- name: copy gopass private ssh key
+  copy:
+    src: "host_files/gopass/ssh/{{ ansible_hostname }}/id_ed25519"
+    dest: "/var/lib/gopass/.ssh/id_ed25519"
+    owner: gopass
+    group: gopass
+    mode: '0600'
+
+- name: copy gopass public ssh key
+  copy:
+    src: "host_files/gopass/ssh/{{ ansible_hostname }}/id_ed25519.pub"
+    dest: "/var/lib/gopass/.ssh/id_ed25519.pub"
+    owner: gopass
+    group: gopass
+    mode: '0644'
diff --git a/roles/gopass/templates/gitconfig.j2 b/roles/gopass/templates/gitconfig.j2
new file mode 100644
index 0000000..4d93491
--- /dev/null
+++ b/roles/gopass/templates/gitconfig.j2
@@ -0,0 +1,3 @@
+[user]
+	email = gopass@{{ ansible_hostname }}
+	name = {{ ansible_hostname }}