diff --git a/play.sh b/play.sh
deleted file mode 100755
index 25e0e1d041fe9bbc7969e498077ce8271dca0199..0000000000000000000000000000000000000000
--- a/play.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-echo "Bitte nur noch foreman nutzen! https://foreman.teckids.org"
diff --git a/roles/common/meta/packages/blocked b/roles/common/meta/packages/blocked
deleted file mode 100644
index 32128df49513c3b9a684983163354c49988dd2f8..0000000000000000000000000000000000000000
--- a/roles/common/meta/packages/blocked
+++ /dev/null
@@ -1,5 +0,0 @@
-exim4
-exim4-config
-network-manager
-os-prober
-sl
diff --git a/roles/common/meta/packages/essential b/roles/common/meta/packages/essential
deleted file mode 100644
index 8cabf4ae39c78014d8ac50f1d586b77f4cd031bf..0000000000000000000000000000000000000000
--- a/roles/common/meta/packages/essential
+++ /dev/null
@@ -1,54 +0,0 @@
-acl
-audispd-plugins
-auditd
-bc
-bind9-host
-bsd-mailx
-bsdmainutils
-byobu
-ca-certificates
-console-data
-curl
-devscripts
-dnsutils
-eatmydata
-emacs-nox
-haveged
-htop
-iotop
-iputils-ping
-joe
-jupp
-less
-locales-all
-lsof
-ltrace
-lynx
-mc
-mksh
-mosh
-mtr-tiny
-nano
-ncdu
-netcat-openbsd
-ntp
-popularity-contest
-postfix
-pv
-pwgen
-reportbug
-rsync
-rsyslog
-rsyslog-relp
-screen
-sharutils
-ssh
-strace
-sudo
-tig
-vim-nox
-vrms
-wget
-zsh
-zsh-autosuggestions
-zsh-syntax-highlighting
diff --git a/roles/common/meta/packages/monitoring b/roles/common/meta/packages/monitoring
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/roles/common/meta/packages/servers b/roles/common/meta/packages/servers
deleted file mode 100644
index 533314bfc9383b72cebe7fd4df04b463724d1d13..0000000000000000000000000000000000000000
--- a/roles/common/meta/packages/servers
+++ /dev/null
@@ -1,11 +0,0 @@
-apt-listchanges
-atop
-debsums
-dehydrated
-dnsutils
-etckeeper
-git-email
-mlocate
-molly-guard
-needrestart
-unattended-upgrades
diff --git a/roles/common/tasks/base.yaml b/roles/common/tasks/base.yaml
deleted file mode 100644
index 0a43c60f98b843f2e5b4d4b350ab1255682f65d9..0000000000000000000000000000000000000000
--- a/roles/common/tasks/base.yaml
+++ /dev/null
@@ -1,63 +0,0 @@
-- name: Add backports
-  ansible.builtin.apt_repository:
-    repo: deb http:/httpredir.debian.org/debian/ bullseye-backports main
-    state: present
-    filename: 'backports'
-- name: Install essential packages
-  ansible.builtin.package: name={{ item }} state=present
-  with_lines: cat "../meta/packages/essential"
-- name: Install server packages
-  ansible.builtin.package: name={{ item }} state=present
-  with_lines: cat "../meta/packages/servers"
-- name: Uninstall blocked packages
-  ansible.builtin.package: name={{ item }} state=absent
-  with_lines: cat "../meta/packages/blocked"
-- name: Install etckeeper mail hook
-  ansible.builtin.copy:
-    src: ../files/etckeeper-post-commit
-    dest: /etc/.git/hooks/post-commit
-    mode: 0755
-- name: Ignore keytab in etckeeper
-  ansible.builtin.lineinfile:
-    path: /etc/.gitignore
-    insertafter: 'managed by'
-    line: 'krb5.keytab'
-- name: Set root alias
-  ansible.builtin.lineinfile:
-    path: /etc/aliases
-    regexp: '^root'
-    line: 'root: root@teckids.org'
-- name: Enable unattended security updates
-  ansible.builtin.debconf:
-    name: unattended-upgrades
-    question: "unattended-upgrades/enable_auto_updates"
-    value: true
-    vtype: boolean
-  notify: reconfigure unattended-upgrades
-- name: Enable popularity contest
-  ansible.builtin.debconf:
-    name: popularity-contest
-    question: "popularity-contest/participate"
-    value: true
-    vtype: boolean
-  notify: reconfigure popularity-contest
-- name: Install DNS key for dehydrated
-  ansible.builtin.copy:
-    src: ../files/tmp/acme.key
-    dest: /etc/dehydrated/acme.key
-    mode: 0640
-- name: Install dehydrated config
-  ansible.builtin.copy:
-    src: ../files/dehydrated.conf
-    dest: /etc/dehydrated/conf.d/zzz-local.sh
-    mode: 0644
-- name: Install dehydrated DNS update hook
-  ansible.builtin.copy:
-    src: ../files/dehydrated-dns.sh
-    dest: /etc/dehydrated/dns-hook.sh
-    mode: 0755
-- name: Install dehydrated cron job
-  ansible.builtin.copy:
-    src: ../files/dehydrated-cron.sh
-    dest: /etc/cron.daily/dehydrated
-    mode: 0755
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index aa5dba438d04f25432d48fc1ec67807d31290966..0ec40af9365e5ccbfb837a018bc37ee20b5d8fdd 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -3,6 +3,7 @@
     repo: deb http://deb.debian.org/debian/ bullseye-backports main
     state: present
     filename: 'backports'
+  when: ansible_facts['distribution'] == 'Debian'
 - name: Install essential packages
   ansible.builtin.package:
     name:
diff --git a/roles/common/tasks/monitoring.yaml b/roles/common/tasks/monitoring.yaml
deleted file mode 100644
index f755181594a8a2b311822dcd774741f36467d364..0000000000000000000000000000000000000000
--- a/roles/common/tasks/monitoring.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-- hosts: all
-  become: yes
-  tasks:
-  - name: Install monitoring packages
-    ansible.builtin.../package: name={{ item }} state=present
-    with_lines: cat "../meta/packages/monitoring"
-  - name: Configure prometheus-node-exporter
-    ansible.builtin.systemd:
-      name: prometheus-node-exporter
-      enabled: yes
-    notify: restart prometheus-node-exporter
-  - name: Copy agent configuration script
-    ansible.builtin.copy:
-      src: ../files/monitoring/icinga-agent.sh
-      dest: /tmp/icinga-agent.sh
-      mode: a+x
-  - name: Run icinga2 agent configuration script
-    ansible.builtin.command: export INV_HOSTNAME={{ inventory_hostname }}; bash /tmp/icinga-agent.sh
-    notify: restart icinga2
-  - name: Deploy custom check commands
-    ansible.builtin.copy:
-      src: ../files/monitoring/plugins/
-      dest: /usr/local/lib/nagios/plugins
-      mode: a+x
diff --git a/roles/common/tasks/prepare.yaml b/roles/common/tasks/prepare.yaml
deleted file mode 100644
index 69f0d91cae2698e801b47a531389863fa98d21a8..0000000000000000000000000000000000000000
--- a/roles/common/tasks/prepare.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
-- hosts: db.teckids.org
-  become: yes
-  tasks:
-  - name: Get DNS key for dehydrated
-    ansible.builtin.fetch: src=/etc/dehydrated/acme.key dest=../files/tmp/ flat=yes
diff --git a/roles/firewall/handlers/main.yaml b/roles/firewall/handlers/main.yml
similarity index 100%
rename from roles/firewall/handlers/main.yaml
rename to roles/firewall/handlers/main.yml
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index e6b0c0ed78ced16a46379c6d3b414888fd5d753b..1add36c4075387e4d38d5d258e8093b96e943a79 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -1,19 +1,24 @@
 - name: Install firewall packages
-  ansible.builtin.package: name={{ item }} state=present
-  with_lines: cat "roles/firewall/meta/packages"
+  ansible.builtin.package:
+    name:
+      - keepalived
+      - haproxy
+      - shorewall
+      - shorewall6
+    state: present
 - name: Copy static config files
   ansible.builtin.copy:
-    src: "roles/firewall/files/{{ item.src }}"
+    src: "{{ item.src }}"
     dest: "{{ item.dest }}"
   with_items:
-    - { src: "../files/shorewall/", dest: "/tmp/shorewall/" }
-    - { src: "../files/haproxy.cfg", dest: "/tmp/haproxy.cfg" }
-- name: Copy template configs
-  ansible.builtin.template:
-    src: "../templates/{{ item.src }}.j2"
-    dest: "{{ item.dest }}"
-  with_items:
-    - { src: "keepalived.conf", dest: "/etc/keepalived/keepalived.conf" }
+    - { src: "/etc/ansible/roles/firewall/files/shorewall/", dest: "/tmp/shorewall/" }
+    - { src: "/etc/ansible/roles/firewall/files/haproxy.cfg", dest: "/tmp/haproxy.cfg" }
+#- name: Copy template configs
+#  ansible.builtin.template:
+#    src: "/etc/ansible/roles/firewall/templates/{{ item.src }}.j2"
+#    dest: "{{ item.dest }}"
+#  with_items:
+#    - { src: "keepalived.conf", dest: "/etc/keepalived/keepalived.conf" }
 - name: Check shorewall config
   ansible.builtin.command: "shorewall check /tmp/shorewall"
   register: shorewall_config_check
@@ -26,9 +31,11 @@
     src: "/tmp/shorewall/"
     dest: "/etc/shorewall/"
   when: shorewall_config_check.rc == 0
+  notify: restart shorewall
 - name: Copy checked HAProxy config
   ansible.builtin.copy:
     remote_src: True
     src: "/tmp/haproxy.cfg"
     dest: "/etc/haproxy/haproxy.cfg"
   when: haproxy_config_check.rc == 0
+  notify: reload haproxy
diff --git a/run.sh b/run.sh
deleted file mode 100755
index 25e0e1d041fe9bbc7969e498077ce8271dca0199..0000000000000000000000000000000000000000
--- a/run.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-echo "Bitte nur noch foreman nutzen! https://foreman.teckids.org"
diff --git a/teckids.yaml b/teckids.yaml
deleted file mode 100644
index 5224153f9ac347f55f030c0578b12d56674b6e60..0000000000000000000000000000000000000000
--- a/teckids.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
-all:
-  hosts:
-    cloud.teckids.org:
-    commu-intern.teckids.org:
-    commu.teckids.org:
-    db.teckids.org:
-    discourse01.teckids.org:
-    gitlab01.teckids.org:
-    jabber01.teckids.org:
-    k8s-master-1.kube.teckids.org:
-    k8s-master-2.kube.teckids.org:
-    k8s-master-3.kube.teckids.org:
-    k8s-worker-1.kube.teckids.org:
-    k8s-worker-2.kube.teckids.org:
-    k8s-worker-3.kube.teckids.org:
-    k8s-worker-4.kube.teckids.org:
-    k8s-worker-5.kube.teckids.org:
-    k8s-worker-6.kube.teckids.org:
-    lms.teckids.org:
-    matrix01.teckids.org:
-    media.teckids.org:
-    monitoring.teckids.org:
-    rz-sp-backup-01.teckids.org:
-    rz-sp-fw-01.teckids.org:
-    rz-sp-fw-02.teckids.org:
-      ansible_host: 91.184.32.118
-    rz-sp-virt-01.teckids.org:
-    rz-sp-virt-02.teckids.org:
-    rz-sp-virt-03.teckids.org:
-    rz-sp-virt-04.teckids.org:
-    rz-sp-virt-fallback.teckids.org:
-    ticdesk-dev.teckids.org:
-    ticdesk.teckids.org:
-  children:
-    teckids_hosts: # Hosts running on Teckids infrastructure
-      hosts:
-        db.teckids.org:
-        master-1.kube.teckids.org:
-        master-2.kube.teckids.org:
-        master-3.kube.teckids.org:
-        worker-1.kube.teckids.org:
-        worker-2.kube.teckids.org:
-        worker-3.kube.teckids.org:
-        worker-4.kube.teckids.org:
-        worker-5.kube.teckids.org:
-        worker-6.kube.teckids.org:
-        rz-sp-fw-01.teckids.org:
-        rz-sp-fw-02.teckids.org:
-    firewalls:
-      hosts:
-        rz-sp-fw-01.teckids.org:
-          keepalived_priority: 150
-        rz-sp-fw-02.teckids.org:
-          keepalived_priority: 100
-          ansible_host: 91.184.32.118
-
-    k8s_masters:
-      hosts:
-        master-1.kube.teckids.org:
-          primary_control_plane: true
-          cluster_version: v1.23.5
-          package_version: 1.23.5-00
-        master-2.kube.teckids.org:
-        master-3.kube.teckids.org:
-    k8s_workers:
-      hosts:
-        worker-1.kube.teckids.org:
-        worker-2.kube.teckids.org:
-        worker-3.kube.teckids.org:
-        worker-4.kube.teckids.org:
-        worker-5.kube.teckids.org:
-        worker-6.kube.teckids.org: