diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 1fa5fdf49..4634d3c5c 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -32,7 +32,6 @@
     - libnss-mdns
     - avahi-daemon
     - avahi-discover
-    - ifupdown 
     - exfat-fuse
     - exfat-utils
   when: is_debuntu
diff --git a/roles/kiwix/tasks/kiwix_install.yml b/roles/kiwix/tasks/kiwix_install.yml
index 3aa9de3ec..a3a078860 100644
--- a/roles/kiwix/tasks/kiwix_install.yml
+++ b/roles/kiwix/tasks/kiwix_install.yml
@@ -10,17 +10,12 @@
   - "{{ kiwix_content_path }}"
   - "{{ iiab_zim_path }}/index"
 
-- name: Check for 'kiwix-serve' binary
+- name: Check for /library/zims/library.xml
   stat:
-    path: "{{ iiab_base }}/kiwix/bin/kiwix-serve"
-  register: kiwix_bin
+    path: "{{ kiwix_library_xml }}"
+  register: kiwix_xml
 
-- name: Set kiwix_first_pass
-  set_fact:
-    kiwix_first_pass: True
-  when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists
-
-- name: Copy Kiwix library file if needed
+- name: Place a stub /library/zims/library.xml if file does not exist
   template:
     src: "{{ item }}"
     dest: "{{ kiwix_library_xml }}"
@@ -30,7 +25,17 @@
     force: no
   with_items:
   - library.xml
-  when: kiwix_first_pass
+  when: not kiwix_xml.stat.exists
+
+- name: Check for /opt/iiab/kiwix/bin/kiwix-serve binary
+  stat:
+    path: "{{ iiab_base }}/kiwix/bin/kiwix-serve"
+  register: kiwix_bin
+
+- name: Set kiwix_first_pass if kiwix-serve not found
+  set_fact:
+    kiwix_first_pass: True
+  when: kiwix_bin.stat.exists is defined and not kiwix_bin.stat.exists
 
 - name: Copy test.zim file
   copy:
@@ -42,12 +47,17 @@
     force: no
   when: kiwix_first_pass
 
-# we get a whole web server for intel but only the kiwix execs for arm
+# We get a whole web server for i686 but only the kiwix execs for linux64 & armhf
 
-- name: Unarchive it to permanent location - not bin_only
+# EXPERIMENTAL i686 CODE PATH: as of Nov 2017 bunzip2 then untar unpacks
+# to /tmp/kiwix-0.10-i686/bin WHOSE CONTENTS NEEDS TO BE MOVED TO
+# /opt/iiab/kiwix/bin (STANZA FURTHER BELOW).  All i686 code needs testing.
+# ALSO: code below may need to be revived to chown -R root:root & chmod
+- name: Unarchive kiwix-*-linux-i686.tar.bz2 to /tmp (not bin_only, i.e. i686)
   unarchive:
     src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
-    dest: "{{ iiab_base }}"
+    dest: /tmp
+    # dest: "{{ iiab_base }}"
     owner: root
     group: root
   when: not kiwix_src_bin_only and kiwix_first_pass
@@ -60,6 +70,29 @@
     mode: 0755
     state: directory
 
+# EXPERIMENTAL i686 CODE PATH
+- name: move /tmp/kiwix*i686/bin/* to permanent location /opt/iiab/kiwix/bin (not bin_only, i.e. i686)
+  shell: "mv /tmp/kiwix*i686/bin/* /opt/iiab/kiwix/bin/"
+  when: not kiwix_src_bin_only and kiwix_first_pass
+
+- name: Unarchive Kiwix to permanent location (bin_only, i.e. not i686)
+  unarchive:
+    src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
+    dest: "{{ iiab_base }}/kiwix/bin"
+    owner: root
+    group: root
+  when: kiwix_src_bin_only and kiwix_first_pass
+
+# MIGHT BE RESTORED LATER FOR i686?  Unused as of Nov 2017:
+# # workaround because unarchive does not set ownership properly
+# - name: "Set ownership as if: 'chown -R root:root /opt/iiab/kiwix'"
+#   file:
+#     path: "{{ iiab_base }}/kiwix"
+#     owner: root
+#     group: root
+#     recurse: yes
+#     mode: ????
+
 - name: Enable the mods which permit Apache to proxy (debuntu)
   apache2_module:
     name: "{{ item }}"
@@ -70,23 +103,6 @@
   - rewrite
   when: is_debuntu
 
-- name: Unarchive Kiwix to permanent location - bin only
-  unarchive:
-    src: "{{ downloads_dir }}/{{ kiwix_src_file }}"
-    dest: "{{ iiab_base }}/kiwix/bin"
-    owner: root
-    group: root
-  when: kiwix_src_bin_only and kiwix_first_pass
-
-# Already done above!
-# # workaround because unarchive does not set ownership properly
-# - name: "Set ownership as if: 'chown -R root:root /opt/iiab/kiwix'"
-#   file:
-#     path: "{{ iiab_base }}/kiwix"
-#     owner: root
-#     group: root
-#     recurse: yes
-
 # workaround because kiwix-serve does not stay running
 - name: Make a crontab entry to restart kiwix-serve at 4AM (debuntu)
 # *  *  *  *  * user-name  command to be executed
@@ -119,7 +135,21 @@
   - { src: 'iiab-make-kiwix-lib.py', dest: '/usr/bin/iiab-make-kiwix-lib.py', mode: '0755'}
   - { src: 'iiab-make-apache-config.py', dest: '/usr/bin/iiab-make-apache-config.py', mode: '0755'}
 
-- name: Add 'kiwix-serve' to list of services
+- name: Enable 'kiwix-serve' service
+  service:
+    name: kiwix-serve
+    enabled: yes
+    state: restarted
+  when: kiwix_enabled
+
+- name: Disable 'kiwix-serve' service
+  service:
+    name: kiwix-serve
+    enabled: no
+    state: stopped
+  when: not kiwix_enabled
+
+- name: Add 'kiwix-serve' to list of services at /opt/iiab/iiab.ini
   ini_file:
     dest: "{{ service_filelist }}"
     section: kiwix-serve
@@ -145,17 +175,3 @@
     value: "{{ kiwix_content_path }}"
   - option: enabled
     value: "{{ kiwix_enabled }}"
-
-- name: Enable 'kiwix-serve' service
-  service:
-    name: kiwix-serve
-    enabled: yes
-    state: restarted
-  when: kiwix_enabled
-
-- name: Disable 'kiwix-serve' service
-  service:
-    name: kiwix-serve
-    enabled: no
-    state: stopped
-  when: not kiwix_enabled
diff --git a/roles/kiwix/tasks/main.yml b/roles/kiwix/tasks/main.yml
index bef4ca38d..b0f745adf 100644
--- a/roles/kiwix/tasks/main.yml
+++ b/roles/kiwix/tasks/main.yml
@@ -1,23 +1,26 @@
-#- name: Set kiwix source file name i686
-#  set_fact:
-#     kiwix_src_file: "kiwix-linux-i686.tar.bz2"
-#     kiwix_src_bin_only: False
-#  when: ansible_machine == "i686"
-
-- name: "Set Kiwix filename to d/l: kiwix-tools_linux64_2017-11-12.tar.gz (x86_64)"
+# EXPERIMENTAL i686 CODE PATH
+- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_i686 }} (i686)"
   set_fact:
-     kiwix_src_file: "kiwix-tools_linux64_2017-11-12.tar.gz"
+     kiwix_src_file: "{{ kiwix_src_file_i686 }}"
+     kiwix_src_bin_only: False
+  when: ansible_machine == "i686"
+
+- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_linux64 }} (x86_64)"
+  set_fact:
+     kiwix_src_file: "{{ kiwix_src_file_linux64 }}"
      kiwix_src_bin_only: True
   when: ansible_machine == "x86_64"
 
-- name: "Set Kiwix filename to d/l: kiwix-tools_armhf_2017-11-12.tar.gz (armv6l or armv71)"
+- name: "Set Kiwix filename to d/l: {{ kiwix_src_file_armhf }} (armv6l or armv71)"
   set_fact:
-     kiwix_src_file: "kiwix-tools_armhf_2017-11-12.tar.gz"
+     kiwix_src_file: "{{ kiwix_src_file_armhf }}"
      kiwix_src_bin_only: True
   when: ansible_machine == "armv7l" or ansible_machine == "armv6l"
 
-- name: Download the Kiwix software to /opt/iiab/downloads
-  get_url: url="{{ iiab_download_url }}/{{ kiwix_src_file }}" dest="{{ downloads_dir }}/{{ kiwix_src_file }}"
+- name: Download Kiwix software to /opt/iiab/downloads
+  get_url:
+    url: "{{ iiab_download_url }}/{{ kiwix_src_file }}"
+    dest: "{{ downloads_dir }}/{{ kiwix_src_file }}"
   when: internet_available
 
 - include_tasks: kiwix_install.yml
@@ -25,5 +28,6 @@
   tags:
     - kiwix
 
-- debug: msg="WARNING kiwix source is not defined for your platform"
+- debug:
+    msg: "WARNING: kiwix-tools SOFTWARE NOT FOUND FOR YOUR OS/ARCHITECTURE."
   when: not kiwix_src_file
diff --git a/roles/network/defaults/main.yml b/roles/network/defaults/main.yml
index ea1de51a8..59d7d238d 100644
--- a/roles/network/defaults/main.yml
+++ b/roles/network/defaults/main.yml
@@ -4,6 +4,7 @@ wireless_lan_present: False
 strict_networking: False
 iiab_demo_mode: False
 gui_static_wan: False
+has_NM: False
 
 # Set defaults for discovery process as strings
 wifi1: "not found-1"
diff --git a/roles/network/tasks/debian.yml b/roles/network/tasks/debian.yml
index bb5650de4..8eb25081d 100644
--- a/roles/network/tasks/debian.yml
+++ b/roles/network/tasks/debian.yml
@@ -37,7 +37,7 @@
 - name: Copy the bridge script
   template: dest=/etc/network/interfaces.d/iiab
             src=network/systemd.j2
-  when: not is_rpi and (iiab_lan_iface == "br0" or wan_ip != "dhcp")
+  when: not is_rpi and not has_NM and (iiab_lan_iface == "br0" or wan_ip != "dhcp")
 
 - name: Copy the bridge script for RPi
   template: dest=/etc/network/interfaces.d/iiab
@@ -57,6 +57,34 @@
   service: name=dnsmasq state=stopped
   when: dnsmasq_install
 
+# do this
+#- name: Copy NetworkManager.conf for has_NM
+#  template: dest=/etc/NetworkManager/NetworkManager.conf
+#            src=network/NetworkManager.conf
+#  when: has_NM and iiab_lan_iface == "br0"
+
+#- name: Copy the bridge script for has_NM
+#  template: dest=/etc/network/interfaces
+#            src=network/systemd.j2
+#  when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
+
+# or provide keyfile layout like the XO's used way back.
+- name: Create uuid for NM
+  shell: uuidgen
+  register: uuid_response
+  when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
+
+- name: Put the uuid in place
+  set_fact:
+    gen_uuid: "{{ uuid_response.stdout_lines[0] }}"
+  when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
+
+# NM might have a watcher on this path and we don't have to restart NM
+- name: Copy the bridge script for has_NM
+  template: dest=/etc/NetworkManager/system-connections/
+            src=network/bridge-br0
+  when: has_NM and not wan_in_interfaces and iiab_lan_iface == "br0"
+
 - name: Reload systemd
   shell: systemctl daemon-reload
 
@@ -67,7 +95,7 @@
 
 - name: Restart the networking service
   service: name=networking  state=restarted
-  when: not nobridge is defined and not no_net_restart
+  when: not nobridge is defined and not has_NM and not no_net_restart
   
 - name: Restart hostapd when WiFi is present
   service: name=hostapd state=restarted
diff --git a/roles/network/tasks/detected_network.yml b/roles/network/tasks/detected_network.yml
index ff876f314..a918c6e02 100644
--- a/roles/network/tasks/detected_network.yml
+++ b/roles/network/tasks/detected_network.yml
@@ -98,7 +98,7 @@
 # LAN - pick non WAN's
 - name: Create list of LAN (non WAN) ifaces
   shell: ls /sys/class/net | grep -v -e wwlan -e ppp -e lo -e br0 -e tun -e {{ device_gw }} -e {{ ap_device }}
-  when: num_lan_interfaces != 0
+  when: num_lan_interfaces != "0"
   register: lan_list_result
 
 # If 2 interfaces found in gateway mode, with one wifi, declare other to be wan
@@ -114,7 +114,7 @@
 - name: Set discovered_wired_iface fact if present
   set_fact:
       discovered_wired_iface: "{{ item|trim }}"
-  when: item|trim != discovered_wireless_iface and lan_list_result is defined
+  when: lan_list_result.stdout_lines is defined and item|trim != discovered_wireless_iface
   with_items:
       - "{{ lan_list_result.stdout_lines }}"
 
diff --git a/roles/network/templates/network/NetworkManager.conf b/roles/network/templates/network/NetworkManager.conf
new file mode 100644
index 000000000..06c5d59a6
--- /dev/null
+++ b/roles/network/templates/network/NetworkManager.conf
@@ -0,0 +1,8 @@
+[main]
+plugins=ifupdown,keyfile
+
+[ifupdown]
+managed=true
+
+[device]
+wifi.scan-rand-mac-address=no
diff --git a/roles/network/templates/network/bridge-br0 b/roles/network/templates/network/bridge-br0
new file mode 100644
index 000000000..ab7f83588
--- /dev/null
+++ b/roles/network/templates/network/bridge-br0
@@ -0,0 +1,16 @@
+[connection]
+id=bridge-br0
+uuid={{ gen_uuid }}
+type=bridge
+interface-name=br0
+permissions=
+
+[ipv4]
+address1={{ iiab_lan_ip }}/19
+dns-search={{ iiab_domain }}
+method=manual
+
+[ipv6]
+addr-gen-mode=stable-privacy
+dns-search=
+method=auto
diff --git a/runansible b/runansible
index ef74c1a06..a559ae4e3 100755
--- a/runansible
+++ b/runansible
@@ -31,8 +31,8 @@ fi
 # iiab.env gets created at the end of stage-4 on First Run
 if [ -f /etc/iiab/iiab.env ]
 then
-  OLD=`grep XSCE /etc/iiab/iiab.env`
-  if [ x"$OLD" != "x" ]
+  OLD=`grep XSCE /etc/iiab/iiab.env | wc -l`
+  if [ "$OLD" -gt 0 ]
   then
     rm /etc/iiab/iiab.env
   else
diff --git a/scripts/local_facts.fact b/scripts/local_facts.fact
index 1735a2b60..5ae59c5a8 100755
--- a/scripts/local_facts.fact
+++ b/scripts/local_facts.fact
@@ -14,6 +14,7 @@ case $OS_VER in
 "debian-9"  | \
 "ubuntu-16" | \
 "ubuntu-17" | \
+"ubuntu-18" | \
 "centos-7"  | \
 "raspbian-8"| \
 "raspbian-9")
diff --git a/vars/ubuntu-17.yml b/vars/ubuntu-17.yml
index 41fd02c1d..a28110715 100644
--- a/vars/ubuntu-17.yml
+++ b/vars/ubuntu-17.yml
@@ -1,5 +1,6 @@
 is_debuntu: True
 is_ubuntu: True
+has_NM: True
 dns_service: bind9
 dns_user: bind
 dhcp_service: isc-dhcp-server
diff --git a/vars/ubuntu-18.yml b/vars/ubuntu-18.yml
new file mode 100644
index 000000000..a28110715
--- /dev/null
+++ b/vars/ubuntu-18.yml
@@ -0,0 +1,22 @@
+is_debuntu: True
+is_ubuntu: True
+has_NM: True
+dns_service: bind9
+dns_user: bind
+dhcp_service: isc-dhcp-server
+proxy: squid
+proxy_user: proxy
+apache_service: apache2
+apache_user: www-data
+apache_config_dir: apache2/sites-available
+apache_log_dir: /var/log/apache2
+smb_service: smbd
+nmb_service: nmbd
+systemctl_program: /bin/systemctl
+# issue raised 
+mysql_service: mysql
+apache_log: /var/log/apache2/access.log
+sshd_service: ssh
+php_version: 7.1
+postgresql_version: 9.6
+systemd_location: /lib/systemd/system