diff --git a/ansible/playbooks/99_vm_destroy.yaml b/ansible/playbooks/99_vm_destroy.yaml
new file mode 100644
index 0000000..ac25d78
--- /dev/null
+++ b/ansible/playbooks/99_vm_destroy.yaml
@@ -0,0 +1,22 @@
+---
+- name: create the vms
+  hosts: hv00
+  gather_facts: true
+  become: true
+  roles:
+    - vm_destroy
+
+# - name: python bootstrap
+#   hosts: k8s
+#   gather_facts: false
+#   become: true
+#   roles:
+#     - python-install
+
+# - name: vm hardening
+#   hosts: k8s
+#   gather_facts: true
+#   become: true
+#   roles:
+#     - sshd
+#     - firewall
\ No newline at end of file
diff --git a/ansible/roles/vm_deploy/defaults/main.yml b/ansible/roles/vm_deploy/defaults/main.yml
index 22d42af..57250e6 100644
--- a/ansible/roles/vm_deploy/defaults/main.yml
+++ b/ansible/roles/vm_deploy/defaults/main.yml
@@ -16,6 +16,7 @@ vm_mac_prefix: "52:54:00:e3:af:"
 vm_subnet_prefix: "192.168.199.1" # vm suffix will be appended to this
 vm_subnet_suffix: "/24"
 vm_gateway: "192.168.199.254"
+vm_ntp: "192.168.199.254"
 vm_domain: "balsillie.net"
 vm_machine_type: "pc-q35-7.1"
 vm_machine_arch: "x86_64"
diff --git a/ansible/roles/vm_deploy/tasks/deploy.yaml b/ansible/roles/vm_deploy/tasks/deploy.yaml
index 1abfa12..91814dc 100644
--- a/ansible/roles/vm_deploy/tasks/deploy.yaml
+++ b/ansible/roles/vm_deploy/tasks/deploy.yaml
@@ -40,6 +40,7 @@
         virt-customize --format qcow2 \
         -a {{ root_vhd_pool_dir }}/{{ vm_name }}_vda.qcow2 \
         --hostname {{ vm_name }}.{{ vm_domain }} \
+        --write /etc/hostname:{{ vm_name }} \
         --upload /tmp/eno1_{{ vm_name }}.network:/etc/systemd/network/10-eno1.network \
         --append-line "/etc/hosts:127.0.1.1 {{ vm_name }}.{{ vm_domain }} {{ vm_name }}" \
         --password ladmin:password:{{ hostvars[vm_name]['ansible_become_pass'] }} \
diff --git a/ansible/roles/vm_deploy/templates/eno1.network.j2 b/ansible/roles/vm_deploy/templates/eno1.network.j2
index 7eaf4e3..66b9b70 100644
--- a/ansible/roles/vm_deploy/templates/eno1.network.j2
+++ b/ansible/roles/vm_deploy/templates/eno1.network.j2
@@ -1,13 +1,20 @@
 [Match]
 MACAddress={{ vm_mac_prefix }}{{ vm_number }}
 
+[Link]
+ARP=yes
+
 [Address]
-{{ vm_subnet_prefix }}{{ vm_number }}{{ vm_subnet_suffix }}
+Address={{ vm_subnet_prefix }}{{ vm_number }}{{ vm_subnet_suffix }}
 
 [Route]
 Gateway={{ vm_gateway }}
+Destination=0.0.0.0/0
+Metric=10
 
 [Network]
 DHCP=no
+LinkLocalAddressing=no
 DNS={{ vm_gateway }}
 Domains={{ vm_domain }}
+NTP={{ vm_ntp }}
diff --git a/ansible/roles/vm_destroy/defaults/main.yml b/ansible/roles/vm_destroy/defaults/main.yml
new file mode 100644
index 0000000..2320692
--- /dev/null
+++ b/ansible/roles/vm_destroy/defaults/main.yml
@@ -0,0 +1,27 @@
+---
+vm_name_prefix: "kube"
+vm_name_suffixes: ["01","02","03"]
+vhd_template: "arch_template_vda.qcow2"
+root_vhd_pool_dir: "/vhds/root" # No trailing /
+firmware_vhd_pool_dir: "/vhds/firmware" # No trailing /
+containers_vhd_pool_dir: "/vhds/containers" # No trailing /
+data_nvme_vhd_pool_dir: "/vhds/data_nvme" # No trailing /
+data_hdd_vhd_pool_dir: "/vhds/data_hdd" # No trailing /
+vm_memory: "16"
+vm_cpu: "4"
+vm_cpu_cores: "2"
+vm_cpu_threads: "2"
+vm_bridge: "br1"
+vm_mac_prefix: "52:54:00:e3:af:"
+vm_subnet_prefix: "192.168.199.1" # vm suffix will be appended to this
+vm_subnet_suffix: "/24"
+vm_gateway: "192.168.199.254"
+vm_ntp: "192.168.199.254"
+vm_domain: "balsillie.net"
+vm_machine_type: "pc-q35-7.1"
+vm_machine_arch: "x86_64"
+containers_vhd_size: "64G"
+data_nvme_vhd_size: "64G"
+data_hdd_vhd_size: "3T"
+delete_root_vhd: true
+delete_data_vhd: false
\ No newline at end of file
diff --git a/ansible/roles/vm_destroy/tasks/destroy.yaml b/ansible/roles/vm_destroy/tasks/destroy.yaml
new file mode 100644
index 0000000..e048637
--- /dev/null
+++ b/ansible/roles/vm_destroy/tasks/destroy.yaml
@@ -0,0 +1,48 @@
+---
+- name: set vm_name
+  ansible.builtin.set_fact:
+    vm_name: "{{ vm_name_prefix }}{{ vm_number }}"
+
+- name: debug vm_name
+  ansible.builtin.debug:
+    msg:
+      - "VM name is {{ vm_name }}"
+
+- name: list vms
+  community.libvirt.virt:
+    command: list_vms
+  register: vm_list
+
+- name: debug vm list
+  ansible.builtin.debug:
+    var: vm_list.list_vms
+
+- name: proceed if vm exists
+  when: vm_name in vm_list.list_vms
+  block:
+
+  - name: stop the vm
+    community.libvirt.virt:
+      state: shutdown
+      name: "{{ vm_name }}"
+
+  - name: destroy the vm
+    community.libvirt.virt:
+      state: destroyed
+      name: "{{ vm_name }}"
+
+  - name: delete the root vhd
+    when: delete_root_vhd
+    ansible.builtin.file:
+      path: "{{ root_vhd_pool_dir }}/{{ vm_name }}_vda.qcow2"
+      state: absent
+
+  - name: delete the data vhds
+    when: delete_data_vhd
+    ansible.builtin.file:
+      path: "{{ item }}"
+      state: absent
+    with_items: 
+      - "{{ containers_vhd_pool_dir }}/{{ vm_name }}_vdb.qcow2"
+      - "{{ data_nvme_vhd_pool_dir }}/{{ vm_name }}_vdc.qcow2"
+      - "{{ data_hdd_vhd_pool_dir }}/{{ vm_name }}_vdd.qcow2"
\ No newline at end of file
diff --git a/ansible/roles/vm_destroy/tasks/main.yaml b/ansible/roles/vm_destroy/tasks/main.yaml
new file mode 100644
index 0000000..1151f56
--- /dev/null
+++ b/ansible/roles/vm_destroy/tasks/main.yaml
@@ -0,0 +1,6 @@
+---
+- name: create k8s vms
+  with_items: "{{ vm_name_suffixes }}"
+  loop_control:
+    loop_var: vm_number
+  ansible.builtin.include_tasks: destroy.yaml
\ No newline at end of file