diff --git a/.ansible-lint b/.ansible-lint
deleted file mode 100644
index e99d805..0000000
--- a/.ansible-lint
+++ /dev/null
@@ -1,5 +0,0 @@
-parseable: true
-quiet: true
-skip_list:
-  - '501'
-use_default_rules: true
diff --git a/.gitignore b/.gitignore
index c17815f..ad2ea9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,5 @@ node_modules/
 .vaults/
 vault
 vaults/
+
+roles/
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 369b1c8..d9ade6f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,40 +3,24 @@ stages:
   - test
 
 cache:
-  key: "$CI_COMMIT_REF_SLUG"
+  key: $CI_COMMIT_REF_SLUG
   paths:
     - .cache/pip
     - node_modules/
 
 lint:
-  stage: lint
-  image: python:3.7
-  before_script:
-    - pip install ansible ansible-lint --quiet
-  script:
-    - ansible-lint playbook.yml
-  only:
-    refs:
-      - development
-      - merge_requests
-
-pretty-lint:
   stage: lint
   image: node:12
   before_script:
-    - npm install
+    - npm install prettier --no-save
   script:
-    - npx prettier "**/*.yml" --check
-  only:
-    refs:
-      - development
-      - merge_requests
+    - npx prettier '**/*.yml' --check
 
 syntax-test:
   stage: test
   image: python:3.7
   before_script:
-    - pip install ansible ansible-lint --quiet
-    - ansible-galaxy install -r roles/requirements.yml
+    - pip install ansible --quiet
+    - ansible-galaxy install -r requirements.yml
   script:
     - ansible-playbook playbook.yml --syntax-check
diff --git a/.prettier.json b/.prettier.json
deleted file mode 100644
index 9c76f6b..0000000
--- a/.prettier.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "singleQuote": true,
-    "printWidth": 90,
-    "tabWidth": 2,
-    "useTabs": false,
-    "bracketSpacing": true,
-    "parser": "yaml"
-}
-
diff --git a/.prettierrc.yml b/.prettierrc.yml
new file mode 100644
index 0000000..0cb31e6
--- /dev/null
+++ b/.prettierrc.yml
@@ -0,0 +1,5 @@
+singleQuote: true
+printWidth: 90
+tabWidth: 2
+useTabs: false
+bracketSpacing: true
diff --git a/roles/arch/files/desktop/openvpn/ca.crt b/files/desktop/openvpn/ca.crt
similarity index 100%
rename from roles/arch/files/desktop/openvpn/ca.crt
rename to files/desktop/openvpn/ca.crt
diff --git a/roles/arch/files/desktop/openvpn/desktop.crt b/files/desktop/openvpn/desktop.crt
similarity index 100%
rename from roles/arch/files/desktop/openvpn/desktop.crt
rename to files/desktop/openvpn/desktop.crt
diff --git a/roles/arch/files/desktop/openvpn/desktop.key b/files/desktop/openvpn/desktop.key
similarity index 100%
rename from roles/arch/files/desktop/openvpn/desktop.key
rename to files/desktop/openvpn/desktop.key
diff --git a/roles/arch/files/desktop/openvpn/ta.key b/files/desktop/openvpn/ta.key
similarity index 100%
rename from roles/arch/files/desktop/openvpn/ta.key
rename to files/desktop/openvpn/ta.key
diff --git a/roles/arch/files/gpg_key b/files/gpg_key
similarity index 100%
rename from roles/arch/files/gpg_key
rename to files/gpg_key
diff --git a/roles/arch/files/gpg_pub b/files/gpg_pub
similarity index 100%
rename from roles/arch/files/gpg_pub
rename to files/gpg_pub
diff --git a/roles/arch/files/laptop/openvpn/ca.crt b/files/laptop/openvpn/ca.crt
similarity index 100%
rename from roles/arch/files/laptop/openvpn/ca.crt
rename to files/laptop/openvpn/ca.crt
diff --git a/roles/arch/files/laptop/openvpn/laptop.crt b/files/laptop/openvpn/laptop.crt
similarity index 100%
rename from roles/arch/files/laptop/openvpn/laptop.crt
rename to files/laptop/openvpn/laptop.crt
diff --git a/roles/arch/files/laptop/openvpn/laptop.key b/files/laptop/openvpn/laptop.key
similarity index 100%
rename from roles/arch/files/laptop/openvpn/laptop.key
rename to files/laptop/openvpn/laptop.key
diff --git a/roles/arch/files/laptop/openvpn/ta.key b/files/laptop/openvpn/ta.key
similarity index 100%
rename from roles/arch/files/laptop/openvpn/ta.key
rename to files/laptop/openvpn/ta.key
diff --git a/roles/arch/files/tmux_start b/files/tmux_start
similarity index 100%
rename from roles/arch/files/tmux_start
rename to files/tmux_start
diff --git a/roles/arch/handlers/main.yml b/handlers.yml
similarity index 100%
rename from roles/arch/handlers/main.yml
rename to handlers.yml
diff --git a/playbook.yml b/playbook.yml
index b2f17e0..2f548ca 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,3 +1,31 @@
 - hosts: localhost
+  pre_tasks:
+    - name: install shared packages
+      become: yes
+      pacman:
+        name: '{{ packages }}'
+    - name: detecting platform
+      import_tasks: 'tasks/platform.yml'
+    - name: install platform specific packages
+      become: yes
+      pacman:
+        name: '{{ platform_packages }}'
   roles:
-    - arch
+    - common
+  tasks:
+    - import_tasks: 'tasks/setup.yml'
+    - import_tasks: 'tasks/network.yml'
+    - import_tasks: 'tasks/systemd.yml'
+    - import_tasks: 'tasks/openvpn.yml'
+    - import_tasks: 'tasks/git.yml'
+    - import_tasks: 'tasks/mpv.yml'
+    - import_tasks: 'tasks/mpd.yml'
+    - import_tasks: 'tasks/syncthing.yml'
+    - import_tasks: 'tasks/timer.yml'
+  handlers:
+    - import_tasks: 'handlers.yml'
+  vars_files:
+    - 'vars/main.yml'
+    - 'vars/gpg.yml'
+    - 'vars/vpn.yml'
+    - 'vars/mpd.yml'
diff --git a/roles/requirements.yml b/requirements.yml
similarity index 51%
rename from roles/requirements.yml
rename to requirements.yml
index 276b569..ba54c45 100644
--- a/roles/requirements.yml
+++ b/requirements.yml
@@ -2,7 +2,3 @@
   name: common
   version: master
   scm: git
-- src: git+https://git.fudiggity.nl/ansible/npm.git
-  name: npm
-  version: master
-  scm: git
diff --git a/roles/.gitignore b/roles/.gitignore
deleted file mode 100644
index d10cc33..0000000
--- a/roles/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-# ignore all external roles and files in the roles dir
-/*
-
-!.gitignore
-!requirements.yml
-!arch*/
diff --git a/roles/arch/defaults/main/gpg.yml b/roles/arch/defaults/main/gpg.yml
deleted file mode 100644
index 6fcb082..0000000
--- a/roles/arch/defaults/main/gpg.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-gpg_pub_key: "82C21552D732C65C1A4FB340037103F03CA5CBA1"
-gpg_passphrase: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          61383265343062663836623033343538333562636433383735383862306465316439376333373563
-          6131336136653533323561633434633961393061623233640a366430396532326465326530356136
-          36616636363134386333616137656333353439633832633731373834336239393337316366626462
-          6164343331613663620a303363353064376630633939363831373339383961626137376361323438
-          3463
diff --git a/roles/arch/defaults/main/mpd.yml b/roles/arch/defaults/main/mpd.yml
deleted file mode 100644
index 639171a..0000000
--- a/roles/arch/defaults/main/mpd.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-mpd_listen_address: "127.0.0.1"
-mpd_listen_port: "6600"
-
-mpd_database_address: "10.8.0.1"
-mpd_database_port: "21000"
-
-mpd_configuration_dir: "{{ ansible_env.HOME }}/.config/mpd"
-mpd_music_dir: "{{ ansible_env.HOME }}/music"
-mpd_playlist_dir: "{{ mpd_configuration_dir }}/playlists"
-mpd_state_path: "{{ mpd_configuration_dir }}/state"
-mpd_sticker_path: "{{ mpd_configuration_dir }}/sticker.sql"
diff --git a/roles/arch/defaults/main/vpn.yml b/roles/arch/defaults/main/vpn.yml
deleted file mode 100644
index 2ff3851..0000000
--- a/roles/arch/defaults/main/vpn.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-vpn_ip: "178.85.119.159"
-vpn_port: "7531"
-vpn_interface: "tun0"
-vpn_protocol: "udp"
-vpn_verbosity: "1"
diff --git a/roles/arch/meta/main.yml b/roles/arch/meta/main.yml
deleted file mode 100644
index 360c542..0000000
--- a/roles/arch/meta/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-dependencies:
-  - common
-
-galaxy_info:
-  author: sonny
-  description: "Sets up an arch environment"
-  license: "license GPLv3"
-  min_ansible_version: 2.7
-  issue_tracker_url: "https://git.fudiggity.nl/ansible/arch-setup/issues"
-  platforms:
-    - name: Archlinux
-  galaxy_tags:
-    - system
diff --git a/roles/arch/tasks/git.yml b/roles/arch/tasks/git.yml
deleted file mode 100644
index 89f125e..0000000
--- a/roles/arch/tasks/git.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-- name: copy git configuration
-  template:
-    src: "gitconfig.j2"
-    dest: "{{ ansible_env.HOME }}/.gitconfig"
-
-- name: copy keys
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  loop:
-    - {
-      src: "gpg_key", dest: "{{ ansible_env.HOME }}/gpg.key"
-    }
-    - {
-      src: "gpg_pub", dest: "{{ ansible_env.HOME }}/gpg.pub"
-    }
-
-- name: import secret key
-  command: "gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key"
-
-- name: import public key
-  command: "gpg --import ~/gpg.pub"
-
-- name: remove temp keys
-  file:
-    path: "{{ item }}"
-    state: absent
-  loop:
-    - "{{ ansible_env.HOME }}/gpg.key"
-    - "{{ ansible_env.HOME }}/gpg.pub"
diff --git a/roles/arch/tasks/main.yml b/roles/arch/tasks/main.yml
deleted file mode 100644
index a729530..0000000
--- a/roles/arch/tasks/main.yml
+++ /dev/null
@@ -1,69 +0,0 @@
-- name: install shared packages
-  become: yes
-  pacman:
-    name: "{{ packages }}"
-
-- name: detecting platform
-  import_tasks: platform.yml
-
-- name: install platform specific packages
-  become: yes
-  pacman:
-    name: "{{ platform_packages }}"
-
-- name: configuring network
-  import_tasks: network.yml
-
-- name: copy reflector configuration
-  become: yes
-  template:
-    src: "reflector.j2"
-    dest: "/etc/xdg/reflector/reflector.conf"
-    owner: root
-    group: root
-    mode: "0600"
-
-# started by weekly timer
-- name: disable reflector
-  become: true
-  systemd:
-    name: reflector
-    state: stopped
-    enabled: false
-
-- name: copy pacman configuration
-  become: yes
-  template:
-    src: "pacman.j2"
-    dest: "/etc/pacman.conf"
-    owner: root
-    group: root
-    mode: "0644"
-
-- name: create extra conf
-  become: yes
-  file:
-    path: "/etc/pacman.d/extra.conf"
-    owner: root
-    group: root
-    state: touch
-    mode: "0644"
-
-- name: copy powertop service
-  become: yes
-  template:
-    src: "{{ platform }}/powertop.j2"
-    dest: "/etc/systemd/system/powertop.service"
-    owner: root
-    group: root
-    mode: "0644"
-  notify: restart powertop
-  when: platform == "laptop"
-
-- import_tasks: systemd.yml
-- import_tasks: openvpn.yml
-- import_tasks: git.yml
-- import_tasks: mpv.yml
-- import_tasks: mpd.yml
-- import_tasks: syncthing.yml
-- import_tasks: timer.yml
diff --git a/roles/arch/tasks/mpd.yml b/roles/arch/tasks/mpd.yml
deleted file mode 100644
index 22b3f09..0000000
--- a/roles/arch/tasks/mpd.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-- name: set up sudoers configuration
-  become: yes
-  template:
-    src: "sudoers.j2"
-    dest: "/etc/sudoers.d/10-sonny"
-    owner: root
-    group: root
-    mode: "0644"
-
-- name: copy systemd configuration files
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  loop:
-    - {
-        src: "mpd/service.j2",
-        dest: "{{ xdg_config_dir }}/systemd/user/mpd.service",
-      }
-    - {
-        src: "mpd/socket.j2",
-        dest: "{{ xdg_config_dir }}/systemd/user/mpd.socket",
-      }
-
-- name: create mpd files
-  file:
-    path: "{{ item.path }}"
-    state: "{{ item.state }}"
-  loop:
-    - {
-        path: "{{ mpd_configuration_dir }}",
-        state: "directory",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/playlists",
-        state: "directory",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/log",
-        state: "touch",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/database",
-        state: "touch",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/sticker.sql",
-        state: "touch",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/state",
-        state: "touch",
-      }
-
-- name: copy configuration file
-  template:
-    src: "mpd/mpd.j2"
-    dest: "{{ mpd_configuration_dir }}/mpd.conf"
-
-- name: copy nfs connection scripts
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "0755"
-  loop:
-    - {
-        src: "mpd/music_mount.j2",
-        dest: "{{ xdg_script_dir }}/music_mount",
-      }
-    - {
-        src: "mpd/music_umount.j2",
-        dest: "{{ xdg_script_dir }}/music_umount",
-      }
-
-- name: restart mpd service
-  systemd:
-    name: mpd.service
-    state: restarted
-    enabled: no
-    scope: user
-  when: platform == "desktop"
-
-- name: enable mpd socket
-  systemd:
-    name: mpd.socket
-    state: started
-    enabled: yes
-    scope: user
-  when: platform == "desktop"
diff --git a/roles/arch/tasks/mpv.yml b/roles/arch/tasks/mpv.yml
deleted file mode 100644
index 37f13ba..0000000
--- a/roles/arch/tasks/mpv.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-- name: create configuration directory
-  file:
-    path: "{{ ansible_env.HOME }}/.config/mpv"
-    state: directory
-    mode: "0700"
-
-- name: copy configuration files
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "0644"
-  loop:
-    - {
-        src: "mpv/input.j2",
-        dest: "{{ ansible_env.HOME }}/.config/mpv/input.conf",
-      }
-    - {
-        src: "mpv/config.j2",
-        dest: "{{ ansible_env.HOME }}/.config/mpv/mpv.conf",
-      }
diff --git a/roles/arch/tasks/openvpn.yml b/roles/arch/tasks/openvpn.yml
deleted file mode 100644
index 78b7954..0000000
--- a/roles/arch/tasks/openvpn.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-- name: create configuration directories
-  become: yes
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: openvpn
-    group: openvpn
-    mode: "0750"
-  loop:
-    - "/etc/openvpn/client"
-    - "/etc/openvpn/client/zeus"
-    - "/etc/openvpn/server"
-
-- name: copy configuration
-  become: yes
-  template:
-    src: "{{ platform }}/openvpn.j2"
-    dest: "/etc/openvpn/client/zeus.conf"
-    owner: openvpn
-    group: openvpn
-    mode: "0644"
-
-- name: copy desktop credentials
-  become: yes
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: openvpn
-    group: openvpn
-    mode: "0600"
-  loop:
-    - {
-        src: "{{ platform }}/openvpn/ca.crt",
-        dest: "/etc/openvpn/client/zeus/ca.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/desktop.crt",
-        dest: "/etc/openvpn/client/zeus/desktop.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/desktop.key",
-        dest: "/etc/openvpn/client/zeus/desktop.key",
-      }
-    - {
-        src: "{{ platform }}/openvpn/ta.key",
-        dest: "/etc/openvpn/client/zeus/ta.key",
-      }
-  when: platform == "desktop"
-
-- name: copy laptop credentials
-  become: yes
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: openvpn
-    group: openvpn
-    mode: "0600"
-  loop:
-    - {
-        src: "{{ platform }}/openvpn/ca.crt",
-        dest: "/etc/openvpn/client/zeus/ca.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/laptop.crt",
-        dest: "/etc/openvpn/client/zeus/laptop.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/laptop.key",
-        dest: "/etc/openvpn/client/zeus/laptop.key",
-      }
-    - {
-        src: "{{ platform }}/openvpn/ta.key",
-        dest: "/etc/openvpn/client/zeus/ta.key",
-      }
-  when: platform == "laptop"
-
-- name: restart vpn
-  become: true
-  systemd:
-    name: openvpn-client@zeus
-    state: restarted
-    enabled: true
diff --git a/roles/arch/tasks/syncthing.yml b/roles/arch/tasks/syncthing.yml
deleted file mode 100644
index c45e0cc..0000000
--- a/roles/arch/tasks/syncthing.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: create configuration dir
-  file:
-    path: "{{ xdg_config_dir }}/syncthing"
-    state: directory
-
-- name: copy configuration file
-  template:
-    src: "{{ platform }}/syncthing.j2"
-    dest: "{{ xdg_config_dir }}/syncthing/config.xml"
-    mode: "0600"
-  notify: restart syncthing
diff --git a/roles/arch/tasks/systemd.yml b/roles/arch/tasks/systemd.yml
deleted file mode 100644
index 996a099..0000000
--- a/roles/arch/tasks/systemd.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-- name: setup systemd user service folder
-  file:
-    path: "{{ xdg_config_dir }}/systemd/user"
-    state: directory
-    mode: "0755"
-
-- name: add ssh-agent service
-  template:
-    src: "ssh-agent.j2"
-    dest: "{{ xdg_config_dir }}/systemd/user/ssh-agent.service"
-    mode: "0644"
-  notify: restart user ssh-agent
-
-- name: copy tmux service
-  template:
-    src: "tmux.j2"
-    dest: "{{ xdg_config_dir }}/systemd/user/tmux.service"
-    mode: "0644"
-
-- name: copy tmux startup script
-  copy:
-    src: "tmux_start"
-    dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start"
-    mode: "0740"
-    force: false
diff --git a/roles/arch/tasks/timer.yml b/roles/arch/tasks/timer.yml
deleted file mode 100644
index f436939..0000000
--- a/roles/arch/tasks/timer.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-- name: copy timer files
-  become: yes
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    mode: "0644"
-  loop:
-    - {
-        src: "timer/daily_timer.j2",
-        dest: "/etc/systemd/system/daily.timer",
-      }
-    - {
-        src: "timer/weekly_timer.j2",
-        dest: "/etc/systemd/system/weekly.timer",
-      }
-  notify:
-    - enable daily timer
-    - enable weekly timer
-
-- name: copy target files
-  become: yes
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    mode: "0644"
-  loop:
-    - {
-        src: "timer/daily_target.j2",
-        dest: "/etc/systemd/system/daily.target",
-      }
-    - {
-        src: "timer/weekly_target.j2",
-        dest: "/etc/systemd/system/weekly.target",
-      }
-
-- name: create target directories
-  become: yes
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: root
-    mode: "0755"
-  loop:
-    - "/etc/systemd/system/daily.target.wants"
-    - "/etc/systemd/system/weekly.target.wants"
-
-- name: add reflector to weekly timer
-  become: yes
-  file:
-    src: "/usr/lib/systemd/system/reflector.service"
-    dest: "/etc/systemd/system/weekly.target.wants/reflector.service"
-    state: link
diff --git a/tasks/git.yml b/tasks/git.yml
new file mode 100644
index 0000000..3b07f8f
--- /dev/null
+++ b/tasks/git.yml
@@ -0,0 +1,26 @@
+- name: copy git configuration
+  template:
+    src: 'templates/gitconfig.j2'
+    dest: '{{ ansible_env.HOME }}/.gitconfig'
+
+- name: copy keys
+  copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+  loop:
+    - { src: 'files/gpg_key', dest: '{{ ansible_env.HOME }}/gpg.key' }
+    - { src: 'files/gpg_pub', dest: '{{ ansible_env.HOME }}/gpg.pub' }
+
+- name: import secret key
+  command: 'gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key'
+
+- name: import public key
+  command: 'gpg --import ~/gpg.pub'
+
+- name: remove temp keys
+  file:
+    path: '{{ item }}'
+    state: absent
+  loop:
+    - '{{ ansible_env.HOME }}/gpg.key'
+    - '{{ ansible_env.HOME }}/gpg.pub'
diff --git a/tasks/mpd.yml b/tasks/mpd.yml
new file mode 100644
index 0000000..9a24f3e
--- /dev/null
+++ b/tasks/mpd.yml
@@ -0,0 +1,64 @@
+- name: set up sudoers configuration
+  become: yes
+  template:
+    src: 'templates/sudoers.j2'
+    dest: '/etc/sudoers.d/10-sonny'
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: copy systemd configuration files
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+  loop:
+    - {
+        src: 'templates/mpd/service.j2',
+        dest: '{{ xdg_config_dir }}/systemd/user/mpd.service',
+      }
+    - {
+        src: 'templates/mpd/socket.j2',
+        dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket',
+      }
+
+- name: create mpd files
+  file:
+    path: '{{ item.path }}'
+    state: '{{ item.state }}'
+  loop:
+    - { path: '{{ mpd_configuration_dir }}', state: 'directory' }
+    - { path: '{{ mpd_configuration_dir }}/playlists', state: 'directory' }
+    - { path: '{{ mpd_configuration_dir }}/log', state: 'touch' }
+    - { path: '{{ mpd_configuration_dir }}/database', state: 'touch' }
+    - { path: '{{ mpd_configuration_dir }}/sticker.sql', state: 'touch' }
+    - { path: '{{ mpd_configuration_dir }}/state', state: 'touch' }
+
+- name: copy configuration file
+  template:
+    src: 'templates/mpd/mpd.j2'
+    dest: '{{ mpd_configuration_dir }}/mpd.conf'
+
+- name: copy nfs connection scripts
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop:
+    - { src: 'templates/mpd/music_mount.j2', dest: '{{ xdg_script_dir }}/music_mount' }
+    - { src: 'templates/mpd/music_umount.j2', dest: '{{ xdg_script_dir }}/music_umount' }
+
+- name: restart mpd service
+  systemd:
+    name: mpd.service
+    state: restarted
+    enabled: no
+    scope: user
+  when: platform == "desktop"
+
+- name: enable mpd socket
+  systemd:
+    name: mpd.socket
+    state: started
+    enabled: yes
+    scope: user
+  when: platform == "desktop"
diff --git a/tasks/mpv.yml b/tasks/mpv.yml
new file mode 100644
index 0000000..c0e8a8a
--- /dev/null
+++ b/tasks/mpv.yml
@@ -0,0 +1,20 @@
+- name: create configuration directory
+  file:
+    path: '{{ ansible_env.HOME }}/.config/mpv'
+    state: directory
+    mode: '0700'
+
+- name: copy configuration files
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0644'
+  loop:
+    - {
+        src: 'templates/mpv/input.j2',
+        dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf',
+      }
+    - {
+        src: 'templates/mpv/config.j2',
+        dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf',
+      }
diff --git a/roles/arch/tasks/network.yml b/tasks/network.yml
similarity index 69%
rename from roles/arch/tasks/network.yml
rename to tasks/network.yml
index 5df08ff..76a32a8 100644
--- a/roles/arch/tasks/network.yml
+++ b/tasks/network.yml
@@ -1,22 +1,22 @@
 - name: setup desktop systemd networkd
   become: yes
   template:
-    src: "desktop/network.j2"
-    dest:  "/etc/systemd/network/20-wired.network"
+    src: 'templates/desktop/network.j2'
+    dest: '/etc/systemd/network/20-wired.network'
     owner: root
     group: root
-    mode: "0644"
+    mode: '0644'
   notify: restart systemd-networkd
   when: platform == "desktop"
 
 - name: setup laptop systemd networkd
   become: yes
   template:
-    src: "laptop/network.j2"
-    dest:  "/etc/systemd/network/20-wireless.network"
+    src: 'templates/laptop/network.j2'
+    dest: '/etc/systemd/network/20-wireless.network'
     owner: root
     group: root
-    mode: "0644"
+    mode: '0644'
   notify: restart systemd-networkd
   when: platform == "laptop"
 
@@ -38,9 +38,9 @@
 - name: copy firewall template
   become: yes
   template:
-    src: "{{ platform }}/nftables.j2"
-    dest: "/etc/nftables.conf"
+    src: 'templates/{{ platform }}/nftables.j2'
+    dest: '/etc/nftables.conf'
     owner: root
     group: root
-    mode: "0600"
+    mode: '0600'
   notify: restart nftables
diff --git a/tasks/openvpn.yml b/tasks/openvpn.yml
new file mode 100644
index 0000000..9fe4fbf
--- /dev/null
+++ b/tasks/openvpn.yml
@@ -0,0 +1,82 @@
+- name: create configuration directories
+  become: yes
+  file:
+    path: '{{ item }}'
+    state: directory
+    owner: openvpn
+    group: openvpn
+    mode: '0750'
+  loop:
+    - '/etc/openvpn/client'
+    - '/etc/openvpn/client/zeus'
+    - '/etc/openvpn/server'
+
+- name: copy configuration
+  become: yes
+  template:
+    src: 'templates/{{ platform }}/openvpn.j2'
+    dest: '/etc/openvpn/client/zeus.conf'
+    owner: openvpn
+    group: openvpn
+    mode: '0644'
+
+- name: copy desktop credentials
+  become: yes
+  copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: openvpn
+    group: openvpn
+    mode: '0600'
+  loop:
+    - {
+        src: 'files/{{ platform }}/openvpn/ca.crt',
+        dest: '/etc/openvpn/client/zeus/ca.crt',
+      }
+    - {
+        src: 'files/{{ platform }}/openvpn/desktop.crt',
+        dest: '/etc/openvpn/client/zeus/desktop.crt',
+      }
+    - {
+        src: 'files/{{ platform }}/openvpn/desktop.key',
+        dest: '/etc/openvpn/client/zeus/desktop.key',
+      }
+    - {
+        src: 'files/{{ platform }}/openvpn/ta.key',
+        dest: '/etc/openvpn/client/zeus/ta.key',
+      }
+  when: platform == "desktop"
+
+- name: copy laptop credentials
+  become: yes
+  copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: openvpn
+    group: openvpn
+    mode: '0600'
+  loop:
+    - {
+        src: 'files/{{ platform }}/openvpn/ca.crt',
+        dest: '/etc/openvpn/client/zeus/ca.crt',
+      }
+    - {
+        src: 'files/{{ platform }}/openvpn/laptop.crt',
+        dest: '/etc/openvpn/client/zeus/laptop.crt',
+      }
+    - {
+        src: 'files/{{ platform }}/openvpn/laptop.key',
+        dest: '/etc/openvpn/client/zeus/laptop.key',
+      }
+    - {
+        src: 'files/{{ platform }}/openvpn/ta.key',
+        dest: '/etc/openvpn/client/zeus/ta.key',
+      }
+  when: platform == "laptop"
+
+- name: restart vpn
+  become: true
+  systemd:
+    name: openvpn-client@zeus
+    state: restarted
+    enabled: true
diff --git a/roles/arch/tasks/platform.yml b/tasks/platform.yml
similarity index 76%
rename from roles/arch/tasks/platform.yml
rename to tasks/platform.yml
index c9a7dd2..287b9c7 100644
--- a/roles/arch/tasks/platform.yml
+++ b/tasks/platform.yml
@@ -5,18 +5,18 @@
 
 - name: set platform (desktop)
   set_fact:
-    platform: "desktop"
+    platform: 'desktop'
   when: is_laptop.rc == 1
 
 - name: set platform (laptop)
   set_fact:
-    platform: "laptop"
+    platform: 'laptop'
   when: is_laptop.rc == 0
 
 - name: load desktop specific vars
-  include_vars: desktop.yml
+  include_vars: 'vars/desktop.yml'
   when: platform == "desktop"
 
 - name: load laptop specific vars
-  include_vars: laptop.yml
+  include_vars: 'vars/laptop.yml'
   when: platform == "laptop"
diff --git a/tasks/setup.yml b/tasks/setup.yml
new file mode 100644
index 0000000..a39c4f3
--- /dev/null
+++ b/tasks/setup.yml
@@ -0,0 +1,45 @@
+- name: copy reflector configuration
+  become: yes
+  template:
+    src: 'templates/reflector.j2'
+    dest: '/etc/xdg/reflector/reflector.conf'
+    owner: root
+    group: root
+    mode: '0600'
+
+# started by weekly timer
+- name: disable reflector
+  become: true
+  systemd:
+    name: reflector
+    state: stopped
+    enabled: false
+
+- name: copy pacman configuration
+  become: yes
+  template:
+    src: 'templates/pacman.j2'
+    dest: '/etc/pacman.conf'
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: create extra conf
+  become: yes
+  file:
+    path: '/etc/pacman.d/extra.conf'
+    owner: root
+    group: root
+    state: touch
+    mode: '0644'
+
+- name: copy powertop service
+  become: yes
+  template:
+    src: 'templates/{{ platform }}/powertop.j2'
+    dest: '/etc/systemd/system/powertop.service'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart powertop
+  when: platform == "laptop"
diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml
new file mode 100644
index 0000000..5f9b44c
--- /dev/null
+++ b/tasks/syncthing.yml
@@ -0,0 +1,11 @@
+- name: create configuration dir
+  file:
+    path: '{{ xdg_config_dir }}/syncthing'
+    state: directory
+
+- name: copy configuration file
+  template:
+    src: 'templates/{{ platform }}/syncthing.j2'
+    dest: '{{ xdg_config_dir }}/syncthing/config.xml'
+    mode: '0600'
+  notify: restart syncthing
diff --git a/tasks/systemd.yml b/tasks/systemd.yml
new file mode 100644
index 0000000..baee82e
--- /dev/null
+++ b/tasks/systemd.yml
@@ -0,0 +1,25 @@
+- name: setup systemd user service folder
+  file:
+    path: '{{ xdg_config_dir }}/systemd/user'
+    state: directory
+    mode: '0755'
+
+- name: add ssh-agent service
+  template:
+    src: 'templates/ssh-agent.j2'
+    dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service'
+    mode: '0644'
+  notify: restart user ssh-agent
+
+- name: copy tmux service
+  template:
+    src: 'templates/tmux.j2'
+    dest: '{{ xdg_config_dir }}/systemd/user/tmux.service'
+    mode: '0644'
+
+- name: copy tmux startup script
+  copy:
+    src: 'files/tmux_start'
+    dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start'
+    mode: '0740'
+    force: false
diff --git a/tasks/timer.yml b/tasks/timer.yml
new file mode 100644
index 0000000..14702b3
--- /dev/null
+++ b/tasks/timer.yml
@@ -0,0 +1,45 @@
+- name: copy timer files
+  become: yes
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    mode: '0644'
+  loop:
+    - { src: 'templates/timer/daily_timer.j2', dest: '/etc/systemd/system/daily.timer' }
+    - { src: 'templates/timer/weekly_timer.j2', dest: '/etc/systemd/system/weekly.timer' }
+  notify:
+    - enable daily timer
+    - enable weekly timer
+
+- name: copy target files
+  become: yes
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    mode: '0644'
+  loop:
+    - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' }
+    - {
+        src: 'templates/timer/weekly_target.j2',
+        dest: '/etc/systemd/system/weekly.target',
+      }
+
+- name: create target directories
+  become: yes
+  file:
+    path: '{{ item }}'
+    state: directory
+    owner: root
+    mode: '0755'
+  loop:
+    - '/etc/systemd/system/daily.target.wants'
+    - '/etc/systemd/system/weekly.target.wants'
+
+- name: add reflector to weekly timer
+  become: yes
+  file:
+    src: '/usr/lib/systemd/system/reflector.service'
+    dest: '/etc/systemd/system/weekly.target.wants/reflector.service'
+    state: link
diff --git a/roles/arch/templates/desktop/network.j2 b/templates/desktop/network.j2
similarity index 100%
rename from roles/arch/templates/desktop/network.j2
rename to templates/desktop/network.j2
diff --git a/roles/arch/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2
similarity index 100%
rename from roles/arch/templates/desktop/nftables.j2
rename to templates/desktop/nftables.j2
diff --git a/roles/arch/templates/desktop/openvpn.j2 b/templates/desktop/openvpn.j2
similarity index 100%
rename from roles/arch/templates/desktop/openvpn.j2
rename to templates/desktop/openvpn.j2
diff --git a/roles/arch/templates/desktop/syncthing.j2 b/templates/desktop/syncthing.j2
similarity index 100%
rename from roles/arch/templates/desktop/syncthing.j2
rename to templates/desktop/syncthing.j2
diff --git a/roles/arch/templates/gitconfig.j2 b/templates/gitconfig.j2
similarity index 100%
rename from roles/arch/templates/gitconfig.j2
rename to templates/gitconfig.j2
diff --git a/roles/arch/templates/laptop/network.j2 b/templates/laptop/network.j2
similarity index 100%
rename from roles/arch/templates/laptop/network.j2
rename to templates/laptop/network.j2
diff --git a/roles/arch/templates/laptop/nftables.j2 b/templates/laptop/nftables.j2
similarity index 100%
rename from roles/arch/templates/laptop/nftables.j2
rename to templates/laptop/nftables.j2
diff --git a/roles/arch/templates/laptop/openvpn.j2 b/templates/laptop/openvpn.j2
similarity index 100%
rename from roles/arch/templates/laptop/openvpn.j2
rename to templates/laptop/openvpn.j2
diff --git a/roles/arch/templates/laptop/powertop.j2 b/templates/laptop/powertop.j2
similarity index 100%
rename from roles/arch/templates/laptop/powertop.j2
rename to templates/laptop/powertop.j2
diff --git a/roles/arch/templates/laptop/syncthing.j2 b/templates/laptop/syncthing.j2
similarity index 100%
rename from roles/arch/templates/laptop/syncthing.j2
rename to templates/laptop/syncthing.j2
diff --git a/roles/arch/templates/mpd/mpd.j2 b/templates/mpd/mpd.j2
similarity index 100%
rename from roles/arch/templates/mpd/mpd.j2
rename to templates/mpd/mpd.j2
diff --git a/roles/arch/templates/mpd/music_mount.j2 b/templates/mpd/music_mount.j2
similarity index 100%
rename from roles/arch/templates/mpd/music_mount.j2
rename to templates/mpd/music_mount.j2
diff --git a/roles/arch/templates/mpd/music_umount.j2 b/templates/mpd/music_umount.j2
similarity index 100%
rename from roles/arch/templates/mpd/music_umount.j2
rename to templates/mpd/music_umount.j2
diff --git a/roles/arch/templates/mpd/service.j2 b/templates/mpd/service.j2
similarity index 100%
rename from roles/arch/templates/mpd/service.j2
rename to templates/mpd/service.j2
diff --git a/roles/arch/templates/mpd/socket.j2 b/templates/mpd/socket.j2
similarity index 100%
rename from roles/arch/templates/mpd/socket.j2
rename to templates/mpd/socket.j2
diff --git a/roles/arch/templates/mpv/config.j2 b/templates/mpv/config.j2
similarity index 100%
rename from roles/arch/templates/mpv/config.j2
rename to templates/mpv/config.j2
diff --git a/roles/arch/templates/mpv/input.j2 b/templates/mpv/input.j2
similarity index 100%
rename from roles/arch/templates/mpv/input.j2
rename to templates/mpv/input.j2
diff --git a/roles/arch/templates/pacman.j2 b/templates/pacman.j2
similarity index 100%
rename from roles/arch/templates/pacman.j2
rename to templates/pacman.j2
diff --git a/roles/arch/templates/reflector.j2 b/templates/reflector.j2
similarity index 100%
rename from roles/arch/templates/reflector.j2
rename to templates/reflector.j2
diff --git a/roles/arch/templates/ssh-agent.j2 b/templates/ssh-agent.j2
similarity index 100%
rename from roles/arch/templates/ssh-agent.j2
rename to templates/ssh-agent.j2
diff --git a/roles/arch/templates/sudoers.j2 b/templates/sudoers.j2
similarity index 100%
rename from roles/arch/templates/sudoers.j2
rename to templates/sudoers.j2
diff --git a/roles/arch/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2
similarity index 100%
rename from roles/arch/templates/timer/daily_target.j2
rename to templates/timer/daily_target.j2
diff --git a/roles/arch/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2
similarity index 100%
rename from roles/arch/templates/timer/daily_timer.j2
rename to templates/timer/daily_timer.j2
diff --git a/roles/arch/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2
similarity index 100%
rename from roles/arch/templates/timer/weekly_target.j2
rename to templates/timer/weekly_target.j2
diff --git a/roles/arch/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2
similarity index 100%
rename from roles/arch/templates/timer/weekly_timer.j2
rename to templates/timer/weekly_timer.j2
diff --git a/roles/arch/templates/tmux.j2 b/templates/tmux.j2
similarity index 100%
rename from roles/arch/templates/tmux.j2
rename to templates/tmux.j2
diff --git a/roles/arch/vars/desktop.yml b/vars/desktop.yml
similarity index 100%
rename from roles/arch/vars/desktop.yml
rename to vars/desktop.yml
diff --git a/vars/gpg.yml b/vars/gpg.yml
new file mode 100644
index 0000000..542a8a9
--- /dev/null
+++ b/vars/gpg.yml
@@ -0,0 +1,8 @@
+gpg_pub_key: '82C21552D732C65C1A4FB340037103F03CA5CBA1'
+gpg_passphrase: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  61383265343062663836623033343538333562636433383735383862306465316439376333373563
+  6131336136653533323561633434633961393061623233640a366430396532326465326530356136
+  36616636363134386333616137656333353439633832633731373834336239393337316366626462
+  6164343331613663620a303363353064376630633939363831373339383961626137376361323438
+  3463
diff --git a/roles/arch/vars/laptop.yml b/vars/laptop.yml
similarity index 100%
rename from roles/arch/vars/laptop.yml
rename to vars/laptop.yml
diff --git a/roles/arch/defaults/main/main.yml b/vars/main.yml
similarity index 77%
rename from roles/arch/defaults/main/main.yml
rename to vars/main.yml
index c96d116..8d3044e 100644
--- a/roles/arch/defaults/main/main.yml
+++ b/vars/main.yml
@@ -1,5 +1,5 @@
-xdg_config_dir: "{{ ansible_env.HOME }}/.config"
-xdg_script_dir: "{{ ansible_env.HOME }}/.local/bin"
+xdg_config_dir: '{{ ansible_env.HOME }}/.config'
+xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin'
 
 packages:
   - firefox
diff --git a/vars/mpd.yml b/vars/mpd.yml
new file mode 100644
index 0000000..7247e78
--- /dev/null
+++ b/vars/mpd.yml
@@ -0,0 +1,11 @@
+mpd_listen_address: '127.0.0.1'
+mpd_listen_port: '6600'
+
+mpd_database_address: '10.8.0.1'
+mpd_database_port: '21000'
+
+mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd'
+mpd_music_dir: '{{ ansible_env.HOME }}/music'
+mpd_playlist_dir: '{{ mpd_configuration_dir }}/playlists'
+mpd_state_path: '{{ mpd_configuration_dir }}/state'
+mpd_sticker_path: '{{ mpd_configuration_dir }}/sticker.sql'
diff --git a/vars/vpn.yml b/vars/vpn.yml
new file mode 100644
index 0000000..1cca5e3
--- /dev/null
+++ b/vars/vpn.yml
@@ -0,0 +1,5 @@
+vpn_ip: '178.85.119.159'
+vpn_port: '7531'
+vpn_interface: 'tun0'
+vpn_protocol: 'udp'
+vpn_verbosity: '1'