diff --git a/ansible.sh b/ansible.sh
index dbd7ffdd..6f7307b2 100755
--- a/ansible.sh
+++ b/ansible.sh
@@ -5,20 +5,3 @@ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6125E2A8C77F2818FB
 sudo apt-add-repository --yes 'deb http://ppa.launchpad.net/ansible/ansible/ubuntu focal main'
 sudo apt-get update
 sudo apt-get -y install git ansible
-
-# Install and start the SSH server
-sudo apt-get -y install openssh-client
-sudo apt-get -y install openssh-server
-sudo service ssh start
-
-if [ ! -d ~/.ssh ] ; then
-  mkdir ~/.ssh
-fi
-
-if [ ! -f ~/.ssh/ansible-key ] ; then
-  ssh-keygen -t ed25519 -f ~/.ssh/ansible-key
-fi
-
-ssh-keyscan -H 127.0.0.1 >> ~/.ssh/known_hosts
-ssh-keyscan -H localhost >> ~/.ssh/known_hosts
-
diff --git a/clean.sh b/clean.sh
new file mode 100755
index 00000000..2fb02222
--- /dev/null
+++ b/clean.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+export ANSIBLE_NOCOWS=1
+ansible-playbook -K -i localhost, clean.yml $*
+
+rm -f ansible_inventory.ini
diff --git a/clean.yml b/clean.yml
new file mode 100644
index 00000000..c196d7cf
--- /dev/null
+++ b/clean.yml
@@ -0,0 +1,26 @@
+---
+# 
+
+- hosts: localhost
+  connection: local
+  pre_tasks:
+    - name: Fail if Ansible version is too old 
+      fail: 
+        msg: "Workstation requires a minimum Ansible version of {{ ansible_minimum_version }}. Please update Ansible and run workstation.sh again."
+      when: ansible_version.full is version(ansible_minimum_version, operator='lt', strict=True)
+    - name: abort execution on 32-bit environments
+      fail:
+        msg: "These playbooks are now only available on 64-bit OSes"
+      when: ansible_architecture == "i386"
+  remote_user: ansible
+  become: yes
+  vars_files:
+    - versions.yml
+  roles: # The Alpine roles must remain first in the role list
+    - role: "alpine/common"
+      tags:
+        - "alpine"
+    - role: "alpine/xfce"
+      tags:
+        - "alpine"
+    - clean
diff --git a/roles/clean/tasks/main.yml b/roles/clean/tasks/main.yml
new file mode 100644
index 00000000..d00d54cc
--- /dev/null
+++ b/roles/clean/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+#
+
+- name: remove the ansible user's privileges (sudo)
+  file:
+    path: /etc/sudoers.d/ansible
+    state: absent
+  tags:
+  - clean-legacy
+
+- name: remove the ansible user's account
+  user:
+    name: ansible
+    state: absent
+    remove: yes
+  tags:
+  - clean-legacy
diff --git a/workstation.sh b/workstation.sh
index a30a7a4b..dbb53ecf 100755
--- a/workstation.sh
+++ b/workstation.sh
@@ -1,4 +1,4 @@
 #!/bin/sh
 
 export ANSIBLE_NOCOWS=1
-ansible-playbook --private-key=~/.ssh/ansible-key -i ansible_inventory.ini workstation.yml $*
+ansible-playbook -K -i localhost, workstation.yml $*
diff --git a/workstation.yml b/workstation.yml
index ee718ea6..d3f2b46c 100644
--- a/workstation.yml
+++ b/workstation.yml
@@ -1,7 +1,8 @@
 ---
 # File: workstation.yml
 
-- hosts: all
+- hosts: localhost
+  connection: local
   pre_tasks:
     - name: Fail if Ansible version is too old 
       fail: 
@@ -49,7 +50,7 @@
     - visual_studio
     - security
 
-- hosts: 127.0.0.1
+- hosts: localhost
   connection: local
   pre_tasks:
   - name: Fail if Ansible version is too old