diff --git a/host_vars/portainer.yml b/host_vars/portainer.yml
index 816ca30..5183cb5 100644
--- a/host_vars/portainer.yml
+++ b/host_vars/portainer.yml
@@ -1,5 +1,5 @@
 ansible_user: howard
-ansible_password: "Papadopolus0"     # TIP: Put this in Ansible Vault.
+ansible_password: "Papadopolus0"         # English: SSH password for howard@portainer
 ansible_connection: ssh
 ansible_port: 22
 ansible_ssh_common_args: >-
@@ -7,8 +7,13 @@ ansible_ssh_common_args: >-
   -o UserKnownHostsFile=/dev/null
   -J root@192.168.69.2
 
-# If howard is NOT in the 'docker' group, we need sudo:
+# English: We escalate to root via sudo.
 ansible_become: true
 ansible_become_method: sudo
-# If sudo asks for a password, also set:
-# ansible_become_password: "*******"   # ideally via Vault
\ No newline at end of file
+
+# English: SUDO password for howard (often same as SSH password; change if different).
+ansible_become_password: "Papadopolus0"
+
+# (Optional, for older installs—harmless to keep both)
+ansible_ssh_pass: "Papadopolus0"
+ansible_sudo_pass: "Papadopolus0"
\ No newline at end of file
diff --git a/nextcloud/collections/miniplay b/nextcloud/collections/miniplay
new file mode 100644
index 0000000..adf06b1
--- /dev/null
+++ b/nextcloud/collections/miniplay
@@ -0,0 +1,23 @@
+---
+- name: Sanity check SSH + sudo on portainer
+  hosts: nextcloud_host
+  gather_facts: false
+
+  tasks:
+    - name: Who am I as SSH user?
+      ansible.builtin.command: whoami
+      changed_when: false
+      register: who
+
+    - ansible.builtin.debug:
+        msg: "SSH user is: {{ who.stdout }}"
+
+    - name: Who am I with sudo?
+      become: true
+      become_method: sudo
+      ansible.builtin.command: whoami
+      changed_when: false
+      register: who_root
+
+    - ansible.builtin.debug:
+        msg: "Become user is: {{ who_root.stdout }}"
\ No newline at end of file