diff --git a/all.yml b/all.yml
index 43256516be46302010c62b32c1998d72b30b9e0a..40e8625cb9df11c52fa65bbb2e777b31d15c2a6f 100644
--- a/all.yml
+++ b/all.yml
@@ -6,8 +6,11 @@
     - autoupdate
     - ssh
     - etckeeper
-- import_playbook: revproxy.yml
-- import_playbook: dhcpserver.yml
+- import_playbook: role_backbone_babel.yml
+- import_playbook: role_dhcpserver.yml
+- import_playbook: role_dns.yml
+- import_playbook: role_dns_records.yml
+- import_playbook: role_revproxy.yml
   #- hosts: mailgw03.freifunk-stuttgart.de
   #  roles:
   #    - lihas_variables
diff --git a/dns.yml b/dns.yml
deleted file mode 100644
index f2e00f7c248a89d3c2ef0b05f542568cac37be14..0000000000000000000000000000000000000000
--- a/dns.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-- hosts: dns_secondary
-  roles:
-    - dns
-- hosts: dns01.freifunk-stuttgart.net
-  roles:
-    - dns
diff --git a/group_vars/ffspveguests/dns_records_vault b/group_vars/ffspveguests/dns_records_vault
new file mode 100644
index 0000000000000000000000000000000000000000..add7614e71c7143cc080fd4883d5cd660fe2e15e
--- /dev/null
+++ b/group_vars/ffspveguests/dns_records_vault
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.2;AES256;ansible-ffs
+30346238653933333035626133653431653735396266346336373266633431653761666232643930
+3431353464626466323565336161323266633430643034630a663566336566366333336636613830
+32393239363934393637613138613731343439643461626538356565323536353331323763356334
+3635303037313530350a353133323537396531303932343836343934336332666134313038306264
+36363537343334336339323931643435653561306339643638303232383264356434393437356134
+34316561336166386539343266356437626230313638633435333535613839653961666239363735
+66386535633839303534383661613839393330613038623430353933656138623963373864386233
+30373838316662363135613933316565303533633364366330336230363336386238393532333464
+30363064366339383236353331346233353933316162333037333666313038343437636132303431
+61313138333139393338653664636634303434323135376666623864346130643932643165646661
+31643336393034386434633037623831666663323734613064316265613032633963393462346539
+65303632353637326630363135376637666536623336623837366663396461363861626238666262
+33346432356533316539396565663236636439353831643434396566313662346138626435326364
+63373038613333396161636531303130383832376663383866326439616137303831356639616432
+34636266663431396430303735666432333461306364643632353631393237653565323534396135
+33613265616531626564373938326464613064633232646161393635623936656665363933663863
+37353136666637343634323361626436373363376133313261306632613636363532
diff --git a/group_vars/ffspveguests b/group_vars/ffspveguests/users
similarity index 100%
rename from group_vars/ffspveguests
rename to group_vars/ffspveguests/users
diff --git a/inventory/backbone b/inventory/backbone
deleted file mode 100644
index f18c0888df6020dbbd802ea0ef639e7dd673215e..0000000000000000000000000000000000000000
--- a/inventory/backbone
+++ /dev/null
@@ -1,9 +0,0 @@
----
-backbone:
-  hosts:
-    nrb-backbonetest.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs-backbonetest
-    nrb-backbonetest2.freifunk-stuttgart.de:
-      ansible_ssh_host: 192.168.122.3
-      ansible_ssh_user: root
-    gw09n03.gw.freifunk-stuttgart.de:
diff --git a/inventory/boxes b/inventory/boxes
new file mode 100644
index 0000000000000000000000000000000000000000..3f91d1df5fc2f8b30de473c16374d017255f6305
--- /dev/null
+++ b/inventory/boxes
@@ -0,0 +1,9 @@
+---
+# Physical Boxes (Bleche)
+boxes:
+  hosts:
+    ffs05.freifunk-stuttgart.de:
+    ffs08.freifunk-stuttgart.de:
+    ffs11.freifunk-stuttgart.de:
+    ffs13.freifunk-stuttgart.de:
+    ffs14.freifunk-stuttgart.de:
diff --git a/inventory/dhcpserver b/inventory/dhcpserver
deleted file mode 100644
index ebf9e6a0e024cfd0add083251fb5262d6b440916..0000000000000000000000000000000000000000
--- a/inventory/dhcpserver
+++ /dev/null
@@ -1,15 +0,0 @@
----
-dhcpserver:
-  hosts:
-    dhcp04.freifunk-stuttgart.de:
-      ansible_ssh_host: 3254.ffs11
-      ansible_ssh_user: root
-    dhcp02.freifunk-stuttgart.de:
-      ansible_ssh_host: dhcp02.gw.freifunk-stuttgart.de
-      ansible_ssh_user: root
-    dhcp03.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs-dhcp03
-      ansible_ssh_user: root
-    dhcp01.freifunk-stuttgart.de:
-      ansible_ssh_host: dhcp01.freifunk-stuttgart.de
-      ansible_ssh_user: root
diff --git a/inventory/dns_secondary b/inventory/dns_secondary
deleted file mode 100644
index 608835a3acad7f0edecdfd9803fbfb44ea60da15..0000000000000000000000000000000000000000
--- a/inventory/dns_secondary
+++ /dev/null
@@ -1,8 +0,0 @@
----
-dns_secondary:
-  hosts:
-    dns02.as208772.net:
-      ansible_ssh_user: root
-    dns03.freifunk-stuttgart.eu:
-      ansible_ssh_host: 3201.ffs11
-      ansible_ssh_user: root
diff --git a/inventory/external_vm b/inventory/external_vm
new file mode 100644
index 0000000000000000000000000000000000000000..dc466f1ebe142f8b7a2afc2c9ec20a0e3951624a
--- /dev/null
+++ b/inventory/external_vm
@@ -0,0 +1,9 @@
+---
+# VMs/Containers in infrastructure where the hypervisor is not under our control
+external_vm:
+  hosts:
+    mailgw03.freifunk-stuttgart.de:
+    dhcp01.freifunk-stuttgart.de:
+    dhcp03.freifunk-stuttgart.de:
+      ansible_ssh_port: 44353
+    dns02.as208772.net:
diff --git a/inventory/ffs05 b/inventory/ffs05
deleted file mode 100644
index 2dd06b7d1e969463a4b3f6512f2cfd2e855e7731..0000000000000000000000000000000000000000
--- a/inventory/ffs05
+++ /dev/null
@@ -1,21 +0,0 @@
----
-ffs05:
-  hosts:
-    ffs05.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs05
-    revproxy-05.freifunk-stuttgart.de:
-      ansible_ssh_host: 3215.ffs05
-    openslides.freifunk-stuttgart.de:
-      ansible_ssh_host: 3161.ffs05
-    gw04n03.gw.freifunk-stuttgart.de:
-      ansible_ssh_host: 3043.ffs05
-    glrunner-ffs05.freifunk-stuttgart.de:
-      ansible_ssh_host: 3247.ffs05
-    dhcp05.freifunk-stuttgart.de:
-      ansible_ssh_host: 3250.ffs05
-    dhcp06.freifunk-stuttgart.de:
-      ansible_ssh_host: 3249.ffs05
-    gw04n06.gw.freifunk-stuttgart.de:
-      ansible_ssh_host: 3046.ffs05
-    routingvm-ffs05.freifunk-stuttgart.de:
-      ansible_ssh_host: 3176.ffs05
diff --git a/inventory/ffs07 b/inventory/ffs07
deleted file mode 100644
index 5869cdf7e01612f994e1afc1f7aacd1a05681d98..0000000000000000000000000000000000000000
--- a/inventory/ffs07
+++ /dev/null
@@ -1,5 +0,0 @@
----
-ffs07:
-  hosts:
-    ffs07.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs07
diff --git a/inventory/ffs08 b/inventory/ffs08
deleted file mode 100644
index b6ed44bd5556b3ac952cac901bd1ddf2f115527d..0000000000000000000000000000000000000000
--- a/inventory/ffs08
+++ /dev/null
@@ -1,21 +0,0 @@
----
-ffs08:
-  hosts:
-    ffs08.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs08
-    monitor01.freifunk-stuttgart.de:
-      ansible_ssh_host: monitor01.gw.freifunk-stuttgart.de
-      ansible_ssh_user: root
-    glrunner-ffs08.freifunk-stuttgart.de:
-      ansible_ssh_host: 85.236.195.74
-      ansible_ssh_user: root
-    gw09n03.gw.freifunk-stuttgart.de:
-      ansible_ssh_user: root
-    gw09n04.gw.freifunk-stuttgart.de:
-      ansible_ssh_user: root
-    core01-z10a.freifunk-stuttgart.net:
-      ansible_ssh_host: 8177.ffs08
-      ansible_ssh_user: root
-    ffs-fsck-eventrouter.freifunk-stuttgart.net:
-      ansible_ssh_host: ffs-fsck-eventrouter
-      ansible_ssh_user: root
diff --git a/inventory/ffs09 b/inventory/ffs09
deleted file mode 100644
index d3b4f85bdb111fff7ce35a0878696a59818874ce..0000000000000000000000000000000000000000
--- a/inventory/ffs09
+++ /dev/null
@@ -1,8 +0,0 @@
----
-ffs09:
-  hosts:
-    ffs09.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs09
-    gw09n09.gw.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs-gw09n09
-      ansible_ssh_user: root
diff --git a/inventory/ffs10 b/inventory/ffs10
deleted file mode 100644
index 40f94d61ea8f30cbe61b5c76e621a5eeeb3c3ad4..0000000000000000000000000000000000000000
--- a/inventory/ffs10
+++ /dev/null
@@ -1,8 +0,0 @@
----
-ffs10:
-  hosts:
-    ffs10.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs10
-    ffs-testgw-nrb.ffs10.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs-testgw-nrb
-      ansible_ssh_user: root
diff --git a/inventory/ffs11 b/inventory/ffs11
deleted file mode 100644
index 3b0f3c89e47e53fa287e06af9379e33ba39d936b..0000000000000000000000000000000000000000
--- a/inventory/ffs11
+++ /dev/null
@@ -1,89 +0,0 @@
----
-ffs11:
-  hosts:
-    ffs11.freifunk-stuttgart.de:
-      ansible_ssh_host: ffs11
-    nodealarm01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3165.ffs11
-    prometheus02.freifunk-stuttgart.de:
-      ansible_ssh_host: 3173.ffs11
-    prometheus03.freifunk-stuttgart.de:
-      ansible_ssh_host: 3175.ffs11
-    wiki-testing.freifunk-stuttgart.de:
-      ansible_ssh_host: 3194.ffs11
-    mailexpand.freifunk-stuttgart.de:
-      ansible_ssh_host: 3202.ffs11
-    pad.freifunk-stuttgart.de:
-      ansible_ssh_host: 3182.ffs11
-    revproxy-03.freifunk-stuttgart.de:
-      ansible_ssh_host: 3213.ffs11
-    gitlab01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3220.ffs11
-    wiki.freifunk-stuttgart.de:
-      ansible_ssh_host: 3221.ffs11
-    unifi.freifunk-stuttgart.de:
-      ansible_ssh_host: 3222.ffs11
-    unms.freifunk-stuttgart.de:
-      ansible_ssh_host: 3223.ffs11
-    db-postgres01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3224.ffs11
-    www-staging.freifunk-stuttgart.de:
-      ansible_ssh_host: 3226.ffs11
-    www-prod.freifunk-stuttgart.de:
-      ansible_ssh_host: 3228.ffs11
-    www-beuren.freifunk-stuttgart.de:
-      ansible_ssh_host: 3163.ffs11
-    mailgw01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3230.ffs11
-    mailgw02.freifunk-stuttgart.de:
-      ansible_ssh_host: 3231.ffs11
-    maillist.freifunk-stuttgart.de:
-      ansible_ssh_host: 3232.ffs11
-    mailbox.freifunk-stuttgart.de:
-      ansible_ssh_host: 3233.ffs11
-    ticket.freifunk-stuttgart.de:
-      ansible_ssh_host: 3234.ffs11
-    passbolt.freifunk-stuttgart.de:
-      ansible_ssh_host: 3235.ffs11
-    yanic01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3236.ffs11
-    grafana.freifunk-stuttgart.de:
-      ansible_ssh_host: 3237.ffs11
-    mariadb01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3238.ffs11
-    letsencrypt.freifunk-stuttgart.de:
-      ansible_ssh_host: 3239.ffs11
-    gitlab-runner04:
-      ansible_ssh_host: 3246.ffs11
-    dhcp04.freifunk-stuttgart.de:
-      ansible_ssh_host: 3254.ffs11
-    monitor02.freifunk-stuttgart.de:
-      ansible_ssh_host: 3241.ffs11
-    gw04n05.freifunk-stuttgart.de:
-      ansible_ssh_host: 3045.ffs11
-    recursor01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3162.ffs11
-    cloud.freifunk-stuttgart.de:
-      ansible_ssh_host: 3164.ffs11
-    ticket02.freifunk-stuttgart.de:
-      ansible_ssh_host: 3166.ffs11
-    gitlab-runner02.freifunk-stuttgart.de:
-      ansible_ssh_host: 3225.ffs11
-    matterbridge01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3167.ffs11
-    matrix.freifunk-stuttgart.de:
-      ansible_ssh_host: 3168.ffs11
-    meshviewer01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3169.ffs11
-    dns01.freifunk-stuttgart.de:
-      ansible_ssh_host: 3201.ffs11
-    sso01.freifunk-stuttgart.net:
-      ansible_ssh_host: 3203.ffs11
-    vpn-1nce.freifunk-stuttgart.net:
-      ansible_ssh_host: 3174.ffs11
-    homebox.freifunk-stuttgart.net:
-      ansible_ssh_host: 3183.ffs11
-    vaultwarden.freifunk-stuttgart.net:
-      ansible_ssh_host: 3184.ffs11
-    nextbox.freifunk-stuttgart.net:
-      ansible_ssh_host: 3204.ffs11
diff --git a/inventory/ffs12 b/inventory/ffs12
deleted file mode 100644
index ad0fb62e76c71ef0ec4a8abd17b0db040e54a449..0000000000000000000000000000000000000000
--- a/inventory/ffs12
+++ /dev/null
@@ -1,7 +0,0 @@
----
-ffs12:
-  hosts:
-    ffs12.freifunk-stuttgart.net:
-      ansible_ssh_host: ffs12
-    gw06n01.freifunk-stuttgart.net:
-      ansible_ssh_host: 9061.ffs12
diff --git a/inventory/ffs13 b/inventory/ffs13
deleted file mode 100644
index af916946dbbcfa84c4765b523da1692cacaf3d3a..0000000000000000000000000000000000000000
--- a/inventory/ffs13
+++ /dev/null
@@ -1,11 +0,0 @@
----
-ffs13:
-  hosts:
-    ffs13.freifunk-stuttgart.net:
-      ansible_ssh_host: ffs13
-    core02-z10a.freifunk-stuttgart.net:
-      ansible_ssh_host: 8179.ffs13
-      ansible_ssh_user: root
-    ffs13r.freifunk-stuttgart.net:
-      ansible_ssh_host: 8186.ffs13
-      ansible_ssh_user: root
diff --git a/inventory/ffs14 b/inventory/ffs14
deleted file mode 100644
index 8f4262729bd15ce1cb9bb340ce7a291e343f9481..0000000000000000000000000000000000000000
--- a/inventory/ffs14
+++ /dev/null
@@ -1,5 +0,0 @@
----
-ffs14:
-  hosts:
-    ffs14.freifunk-stuttgart.net:
-      ansible_ssh_host: ffs14
diff --git a/inventory/ffspveguests b/inventory/ffspveguests
index 79441792b9d307a56e1612ac249a199be27449bf..978c6516d68a7c9bc8d6acf32977da97b07f4a66 100644
--- a/inventory/ffspveguests
+++ b/inventory/ffspveguests
@@ -1,18 +1,130 @@
 ---
+# VMs or containers running in FFS Infrastructure
 ffspveguests:
   hosts:
-    revproxy.as208772.net:
-      ansible_ssh_user: root
-    dns01.freifunk-stuttgart.net:
-      ansible_ssh_user: root
-    defgw-a.services.as208772.net:
-      ansible_ssh_user: root
-    nat.pve.as208772.net:
+    revproxy.vm.freifunk-stuttgart.de:
+      ffspve_id: 8124
+    dns01.vm.freifunk-stuttgart.de:
+      ffspve_id: 8196
+    services-defgw-a.vm.freifunk-stuttgart.de:
+      ffspve_id: 12221
+    nat.vm.freifunk-stuttgart.de:
       ansible_ssh_host: 3001.ffs11
-      ansible_ssh_user: root
-    pbs01.freifunk-stuttgart.de:
+      ffspve_id: 8001
+    pbs01.vm.freifunk-stuttgart.de:
       ansible_ssh_host: 3194.ffs11
-      ansible_ssh_user: root
-    ripe-atlas01.pve.as208772.net:
+      ffspve_id: 8194
+    ripe-atlas01.vm.freifunk-stuttgart.de:
       ansible_ssh_host: 3187.ffs11
-      ansible_ssh_user: root
+      ffspve_id: 8187
+    dhcp04.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3254.ffs11
+    revproxy-05.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3215.ffs05
+    openslides.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3161.ffs05
+    gw04n03.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3043.ffs05
+    glrunner-ffs05.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3247.ffs05
+    gw04n06.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3046.ffs05
+    routingvm-ffs05.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3176.ffs05
+    monitor01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: monitor01.gw.freifunk-stuttgart.de
+    glrunner-ffs08.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 85.236.195.74
+    gw09n03.vm.freifunk-stuttgart.de:
+    gw09n04.vm.freifunk-stuttgart.de:
+    core01-z10a.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 8177.ffs08
+    core02-z10a.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 8179.ffs13
+    nodealarm01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3165.ffs11
+    prometheus02.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3173.ffs11
+    prometheus03.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3175.ffs11
+    wiki-testing.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3194.ffs11
+    mailexpand.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3202.ffs11
+    pad.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3182.ffs11
+    revproxy-03.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3213.ffs11
+    gitlab01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3220.ffs11
+    wiki.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3221.ffs11
+    unifi.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3222.ffs11
+    unms.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3223.ffs11
+    db-postgres01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3224.ffs11
+    www-prod.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3228.ffs11
+    www-beuren.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3163.ffs11
+    mailgw01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3230.ffs11
+    mailgw02.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3231.ffs11
+    maillist.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3232.ffs11
+    mailbox.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3233.ffs11
+    ticket.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3234.ffs11
+    passbolt.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3235.ffs11
+    yanic01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3236.ffs11
+    grafana.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3237.ffs11
+    mariadb01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3238.ffs11
+    letsencrypt.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3239.ffs11
+    dhcp04.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3254.ffs11
+    monitor02.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3241.ffs11
+    gw04n05.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3045.ffs11
+    recursor01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3162.ffs11
+    cloud.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3164.ffs11
+    ticket02.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3166.ffs11
+    gitlab-runner02.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3225.ffs11
+    matterbridge01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3167.ffs11
+    matrix.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3168.ffs11
+    meshviewer01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3169.ffs11
+    sso01.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3203.ffs11
+    vpn-1nce.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3174.ffs11
+    homebox.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3183.ffs11
+    vaultwarden.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3184.ffs11
+    nextbox.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3204.ffs11
+    ffs13r.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 8186.ffs13
+    revproxy-z10a.vm.freifunk-stuttgart.de:
+    dns03.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: 3201.ffs11
+    ffs10.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: ffs10
+    dhcp02.vm.freifunk-stuttgart.de:
+      ansible_ssh_host: dhcp02.gw.freifunk-stuttgart.de
diff --git a/inventory/hetzner b/inventory/hetzner
new file mode 100644
index 0000000000000000000000000000000000000000..8922d7bbecedd40cdc82e25b6510cafbd3015c88
--- /dev/null
+++ b/inventory/hetzner
@@ -0,0 +1,3 @@
+---
+# Dedicated Servers
+gt
diff --git a/inventory/lihas b/inventory/lihas
deleted file mode 100644
index 7260bd1b95b9de0b03192403fce47c64e7f32699..0000000000000000000000000000000000000000
--- a/inventory/lihas
+++ /dev/null
@@ -1,6 +0,0 @@
----
-lihas:
-  hosts:
-    mailgw03.freifunk-stuttgart.de:
-      ansible_ssh_host: mailgw03.freifunk-stuttgart.de
-    dhcp01.freifunk-stuttgart.de:
diff --git a/inventory/backbone_babel b/inventory/role_backbone_babel
similarity index 87%
rename from inventory/backbone_babel
rename to inventory/role_backbone_babel
index 9c7e2f3ed5bc02332555627d8f56bd3fe25b0beb..4f32a3ba7d097b569b24fb8f061bc24ac46440fe 100644
--- a/inventory/backbone_babel
+++ b/inventory/role_backbone_babel
@@ -1,8 +1,7 @@
 ---
-backbone_babel:
+role_backbone_babel:
   hosts:
     ffs05.freifunk-stuttgart.de:
     ffs08.freifunk-stuttgart.de:
     ffs11.freifunk-stuttgart.de:
     ffs13.freifunk-stuttgart.de:
-    
diff --git a/inventory/role_dhcpserver b/inventory/role_dhcpserver
new file mode 100644
index 0000000000000000000000000000000000000000..5992fe2454a36aff255d3b7acfcf54fec65b603a
--- /dev/null
+++ b/inventory/role_dhcpserver
@@ -0,0 +1,7 @@
+---
+role_dhcpserver:
+  hosts:
+    dhcp01.freifunk-stuttgart.de:
+    dhcp02.freifunk-stuttgart.de:
+    dhcp03.freifunk-stuttgart.de:
+    dhcp04.freifunk-stuttgart.de:
diff --git a/inventory/role_dns_primary b/inventory/role_dns_primary
new file mode 100644
index 0000000000000000000000000000000000000000..73550de8336481e30787f03eb8042a262d02c16e
--- /dev/null
+++ b/inventory/role_dns_primary
@@ -0,0 +1,4 @@
+---
+role_dns_primary:
+  hosts:
+    dns01.vm.freifunk-stuttgart.de:
diff --git a/inventory/role_dns_secondary b/inventory/role_dns_secondary
new file mode 100644
index 0000000000000000000000000000000000000000..72b33e4dc7d6a245c773eac74d5284da44c04834
--- /dev/null
+++ b/inventory/role_dns_secondary
@@ -0,0 +1,5 @@
+---
+role_dns_secondary:
+  hosts:
+    dns02.as208772.net:
+    dns03.freifunk-stuttgart.eu:
diff --git a/inventory/revproxy b/inventory/role_revproxy
similarity index 72%
rename from inventory/revproxy
rename to inventory/role_revproxy
index 96cea117ab77bc3b575780af430045e20ffc8c84..5831c37c80447b89e5b5a49083cd9faf649224ac 100644
--- a/inventory/revproxy
+++ b/inventory/role_revproxy
@@ -1,8 +1,6 @@
 ---
-revproxy:
+role_revproxy:
   hosts:
     revproxy-05.freifunk-stuttgart.de:
     revproxy-03.freifunk-stuttgart.de:
     revproxy.as208772.net:
-      ansible_ssh_user: root
-    
diff --git a/requirements.yml b/requirements.yml
index 95e148ef262eb5d60dd6c7af614da3f74826dc0d..339ea790fbcff9d845a7db0691f6ec285114f269 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,6 +1,7 @@
 ---
 roles:
   - name: hifis.unattended_upgrades
+  - name: community.general.nsupdate
   - name: lihas_apache
     src: https://github.com/LinuxHaus/ansible_lihas_apache.git
     version: origin/master
diff --git a/backbone.yml b/role_backbone.yml
similarity index 54%
rename from backbone.yml
rename to role_backbone.yml
index 36b80a54515563c757aee359162bf3633ed56f83..c286a7e5ca35ea71732d18926f057135127b4666 100644
--- a/backbone.yml
+++ b/role_backbone.yml
@@ -1,4 +1,4 @@
 ---
-- hosts: backbone
+- hosts: role_backbone
   roles:
     - backbone
diff --git a/backbone_babel.yml b/role_backbone_babel.yml
similarity index 53%
rename from backbone_babel.yml
rename to role_backbone_babel.yml
index 44fecbd2e7fc84c87fc598639fff38a136ddca40..9586b1e913c47734b45f5c60cd9fce2e776ce50b 100644
--- a/backbone_babel.yml
+++ b/role_backbone_babel.yml
@@ -1,4 +1,4 @@
 ---
-- hosts: backbone_babel
+- hosts: role_backbone_babel
   roles:
     - backbone_babel
diff --git a/dhcpserver.yml b/role_dhcpserver.yml
similarity index 100%
rename from dhcpserver.yml
rename to role_dhcpserver.yml
diff --git a/role_dns.yml b/role_dns.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b03e1b7db09cbd24b7ef8856a54e9fa947b65556
--- /dev/null
+++ b/role_dns.yml
@@ -0,0 +1,7 @@
+---
+- hosts: role_dns_secondary
+  roles:
+    - dns
+- hosts: role_dns_primary
+  roles:
+    - dns
diff --git a/role_dns_records.yml b/role_dns_records.yml
new file mode 100644
index 0000000000000000000000000000000000000000..537cbb1137be995e07fd0018632723472fb77397
--- /dev/null
+++ b/role_dns_records.yml
@@ -0,0 +1,4 @@
+---
+- hosts: ffspveguests
+  roles:
+    - dns_records
diff --git a/revproxy.yml b/role_revproxy.yml
similarity index 54%
rename from revproxy.yml
rename to role_revproxy.yml
index f8073bd65c0a53426f04b52cb1a30606e3836852..227132855b0d5eb191e0b00c8b936f1853af4981 100644
--- a/revproxy.yml
+++ b/role_revproxy.yml
@@ -1,4 +1,4 @@
 ---
-- hosts: revproxy
+- hosts: role_revproxy
   roles:
     - revproxy
diff --git a/roles/dns_records/defaults/main.yml b/roles/dns_records/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..583f87afc7350e8f6966cecb258da7da94e834b9
--- /dev/null
+++ b/roles/dns_records/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+dns_records_nsupdate_key_algorithm: hmac-sha512
diff --git a/roles/dns_records/meta/argument_specs.yml b/roles/dns_records/meta/argument_specs.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9e1a9b488f35e60eb990b1cc5bc4631fdedd101b
--- /dev/null
+++ b/roles/dns_records/meta/argument_specs.yml
@@ -0,0 +1,29 @@
+---
+argument_specs:
+  main:
+    short_description: Create DNSv6 records for hosts
+    description:
+      - This will create forward and in the future also reverse lookup records for the discovered IPv6 addresses of the targeted host.
+    author:
+      - Nico Boehr
+    options:
+      dns_records_nsupdate_key_name:
+        type: str
+        required: true
+        description:
+          - The name of the nsupdate TSIG key to use for signing DNS update messages.
+      dns_records_nsupdate_key_secret:
+        type: str
+        required: true
+        description:
+          - The secret of the nsupdate TSIG key to use for signing DNS update messages.
+      dns_records_nsupdate_key_algorithm:
+        type: str
+        default: hmac-sha512
+        description:
+          - The algorithm of the TSIG key.
+      dns_records_nsupdate_server:
+        type: str
+        required: true
+        description:
+          - The server to send nsupdates to.
diff --git a/roles/dns_records/tasks/main.yml b/roles/dns_records/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9bef27eddb19ed0effae0ba3fea4be373ca873ed
--- /dev/null
+++ b/roles/dns_records/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: "Create DNS forward record for {{ inventory_hostname }}"
+  community.general.nsupdate:
+    key_name: "{{ dns_records_nsupdate_key_name }}"
+    key_secret: "{{ dns_records_nsupdate_key_secret }}"
+    key_algorithm: "{{ dns_records_nsupdate_key_algorithm }}"
+    server: "{{ dns_records_nsupdate_server }}"
+    # The dot at the end of the record is important
+    record: "{{ inventory_hostname }}."
+    type: "AAAA"
+    value: "{{ ansible_facts['locally_reachable_ips']['ipv6'] | ansible.utils.ipaddr('public') }}"
+  delegate_to: localhost