diff --git a/.ansible-lint b/.ansible-lint
deleted file mode 100644
index e99d805..0000000
--- a/.ansible-lint
+++ /dev/null
@@ -1,5 +0,0 @@
-parseable: true
-quiet: true
-skip_list:
-  - '501'
-use_default_rules: true
diff --git a/.gitignore b/.gitignore
index c17815f..ad2ea9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,5 @@ node_modules/
 .vaults/
 vault
 vaults/
+
+roles/
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
deleted file mode 100644
index 369b1c8..0000000
--- a/.gitlab-ci.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-stages:
-  - lint
-  - test
-
-cache:
-  key: "$CI_COMMIT_REF_SLUG"
-  paths:
-    - .cache/pip
-    - node_modules/
-
-lint:
-  stage: lint
-  image: python:3.7
-  before_script:
-    - pip install ansible ansible-lint --quiet
-  script:
-    - ansible-lint playbook.yml
-  only:
-    refs:
-      - development
-      - merge_requests
-
-pretty-lint:
-  stage: lint
-  image: node:12
-  before_script:
-    - npm install
-  script:
-    - npx prettier "**/*.yml" --check
-  only:
-    refs:
-      - development
-      - merge_requests
-
-syntax-test:
-  stage: test
-  image: python:3.7
-  before_script:
-    - pip install ansible ansible-lint --quiet
-    - ansible-galaxy install -r roles/requirements.yml
-  script:
-    - ansible-playbook playbook.yml --syntax-check
diff --git a/.prettier.json b/.prettier.json
deleted file mode 100644
index 9c76f6b..0000000
--- a/.prettier.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "singleQuote": true,
-    "printWidth": 90,
-    "tabWidth": 2,
-    "useTabs": false,
-    "bracketSpacing": true,
-    "parser": "yaml"
-}
-
diff --git a/ansible.cfg b/ansible.cfg
index 4c41b64..32fe937 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,7 @@
 [defaults]
 roles_path = ./roles
+inventory = inventory.yml
+ask_vault_pass = true
 
 [privilege_escalation]
 become_ask_pass = True
diff --git a/default.yml b/default.yml
new file mode 100644
index 0000000..16df3af
--- /dev/null
+++ b/default.yml
@@ -0,0 +1,40 @@
+- name: Arch Linux provisioning
+  gather_facts: true
+  hosts: all
+  roles:
+    - common
+  tasks:
+    - name: Generic provisioning
+      ansible.builtin.import_tasks: 'tasks/setup.yml'
+      tags: setup
+
+    # TODO: provision ssh client config with modern cyphers
+    - name: Network provisioning
+      ansible.builtin.import_tasks: 'tasks/network/main.yml'
+      tags: network
+
+    # - name: Network host specific provisioning
+    #   ansible.builtin.import_tasks: 'tasks/network/{{ ansible_hostname }}.yml'
+    #   tags: network-specific
+
+    - name: Systemd provisioning
+      ansible.builtin.import_tasks: 'tasks/systemd.yml'
+      tags: systemd
+
+    - name: Systemd timer provisioning
+      ansible.builtin.import_tasks: 'tasks/timer.yml'
+      tags: timers
+
+    # Note: Disable DoH in Firefox to fallback to system's default DNS 
+    # resolver, see
+    # https://support.mozilla.org/en-US/kb/dns-over-https#w_configure-doh-protection-settings
+    - name: MPV provisioning
+      ansible.builtin.import_tasks: 'tasks/mpv.yml'
+      tags: mpv
+
+  handlers:
+    - name: Import default handlers
+      ansible.builtin.import_tasks: 'handlers.yml'
+
+    - name: Import common role handlers
+      ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'
diff --git a/desktop.yml b/desktop.yml
new file mode 100644
index 0000000..ab87111
--- /dev/null
+++ b/desktop.yml
@@ -0,0 +1,34 @@
+- name: Include default playbook
+  ansible.builtin.import_playbook: default.yml
+
+- name: Arch Linux provisioning
+  hosts: desktop
+  gather_facts: true
+  tasks:
+    - name: Wireguard provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard.yml'
+      tags: wireguard
+
+    - name: Wireguard media provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
+      tags: wireguard-media
+
+    - name: MPD provisioning
+      ansible.builtin.import_tasks: 'tasks/mpd.yml'
+      tags: mpd
+
+    - name: Syncthing provisioning
+      ansible.builtin.import_tasks: 'tasks/syncthing.yml'
+      tags: syncthing
+
+    # TODO: provision current macvlan setup
+    - name: Desktop provisioning
+      ansible.builtin.import_tasks: 'tasks/desktop.yml'
+      tags: desktop
+
+  handlers:
+    - name: Import default handlers
+      ansible.builtin.import_tasks: handlers.yml
+
+    - name: Import common role handlers
+      ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'
diff --git a/files/public-keys/desktop.pub b/files/public-keys/desktop.pub
new file mode 100644
index 0000000..9321cdf
--- /dev/null
+++ b/files/public-keys/desktop.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKA8zXGQzpXeWrRhetUsWlEcrsmg+JhcSKaZykalmrw6 sonny@Desktop
diff --git a/files/public-keys/xps.pub b/files/public-keys/xps.pub
new file mode 100755
index 0000000..e36455a
--- /dev/null
+++ b/files/public-keys/xps.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9FTfXKRp1cdRAjE41rKoY+1yTsREytZFLHo9cQXDMM sonny@Laptop
diff --git a/files/tmux_start b/files/tmux_start
new file mode 100755
index 0000000..56d5770
--- /dev/null
+++ b/files/tmux_start
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+MAIN="main"
+
+tmux start-server
+tmux new-session -ds $MAIN
+tmux new-window
+tmux select-window -t 0
diff --git a/files/wireguard-media/desktop/fudiggity.key b/files/wireguard-media/desktop/fudiggity.key
new file mode 100644
index 0000000..8782234
--- /dev/null
+++ b/files/wireguard-media/desktop/fudiggity.key
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+62383364643761623739623632633261343735343465336235386336333234656631363432623535
+6562623634363937356137616131396264633161363461340a343432363362346664646161656563
+35623334326238326135646261666330666531633831656564396139666261623937626338386632
+3233333039623039640a383931633539363238326164643365316236326435643537303866373835
+66393465663364303134376566623736636664353031336537663036636462613766343739336331
+6438643538326533313433616438386165626537373162393430
diff --git a/files/wireguard-media/desktop/fudiggity.pub b/files/wireguard-media/desktop/fudiggity.pub
new file mode 100644
index 0000000..640bf96
--- /dev/null
+++ b/files/wireguard-media/desktop/fudiggity.pub
@@ -0,0 +1 @@
+YDH5lZcxUHM4AU2ZxQrFqjDIV2Z7PSUQKMcYXLExV0E=
diff --git a/files/wireguard-media/desktop/preshared.psk b/files/wireguard-media/desktop/preshared.psk
new file mode 100644
index 0000000..8e41aac
--- /dev/null
+++ b/files/wireguard-media/desktop/preshared.psk
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+34303432393930626266313563613636343439623631633163656532363631313039386231623936
+3336636666626237316532346230303961323263613161320a383436636634376162353863386161
+36663064366461333335613633316630633335666335613464333863656536623230383262623733
+3065363835666231630a616362333233643637613762313437626366363365313831363661313336
+66373966656534646462653833343935623466613662333932666666366430663061366261396330
+3064636536643933613738356461313135363033633366396130
diff --git a/files/wireguard-media/htpc/fudiggity.key b/files/wireguard-media/htpc/fudiggity.key
new file mode 100644
index 0000000..118a8a6
--- /dev/null
+++ b/files/wireguard-media/htpc/fudiggity.key
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+30313239376562613332383265336333613266663264383636666437643436623462663861333639
+3830623835333263353863363535376532623262323535610a663330316133376131303465326665
+35663564623737636136306338623531653162633237636361643764343030353262616139623735
+3532626238316664310a336335633564396638303236333838363264613861616637343833363665
+39366264306438643662313130396135363461656466626436663339313337613830623364646637
+3735323933323563646563393532306237336165633534353735
diff --git a/files/wireguard-media/htpc/fudiggity.pub b/files/wireguard-media/htpc/fudiggity.pub
new file mode 100644
index 0000000..cdbb114
--- /dev/null
+++ b/files/wireguard-media/htpc/fudiggity.pub
@@ -0,0 +1 @@
+XcWpmGrkSQJUEADrDTUmcA7/dm8HQffbdC03rQ/3fwg=
diff --git a/files/wireguard-media/htpc/preshared.psk b/files/wireguard-media/htpc/preshared.psk
new file mode 100644
index 0000000..82ca126
--- /dev/null
+++ b/files/wireguard-media/htpc/preshared.psk
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+65363636336134323530333461393634666334383464356239613765396465373635353465323262
+3163343634336361323765623365633637663436616539340a376566313735316262366237366435
+33666634663966386434656363633136393565336134323465306264633630333131356539623862
+3666343633396634650a626263653632643333346564303065316634643763303036376332336333
+39323430306564346635393535313233363235316535656362363931323862303530363136663961
+6139326230353537643537346664623332383863323332633565
diff --git a/files/wireguard-media/xps/fudiggity.key b/files/wireguard-media/xps/fudiggity.key
new file mode 100644
index 0000000..939f255
--- /dev/null
+++ b/files/wireguard-media/xps/fudiggity.key
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+64663539393065396333623165623833636539633932306437363365656532343565643866616532
+6562373233633237623761376234336331373637393431380a386261306438393837633037383464
+64623965376138313665393239346138383230383565626264393635303835396537663865313237
+6431313635333030390a646466303961663932353830366235643762393039396531316465333837
+61613264356263616332633334386532303761353536663033373639626634396164623335626566
+3632373266313435646338343738656663356635623138623939
diff --git a/files/wireguard-media/xps/fudiggity.pub b/files/wireguard-media/xps/fudiggity.pub
new file mode 100644
index 0000000..aec0b05
--- /dev/null
+++ b/files/wireguard-media/xps/fudiggity.pub
@@ -0,0 +1 @@
+hI4rqlv2afs4RJkt5xR+dYxQODSd6lR0OqWJRlnQdjM=
diff --git a/files/wireguard-media/xps/preshared.psk b/files/wireguard-media/xps/preshared.psk
new file mode 100644
index 0000000..ca1d895
--- /dev/null
+++ b/files/wireguard-media/xps/preshared.psk
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+63643763346434313734663761386539393032613366626230373862643431613963633664353264
+6466616235653963643861643439633537656439363735330a366439356537386662353431643163
+33363830646433336366353363623835373639383663633837313030393162643931353331633133
+6534363438303261320a333364313534336465616336386337383935353631646361623866326232
+64373139636633393236303335396138326638333635663839663734346463303739646431353437
+3838653361383663633632363862306565643531353066623336
diff --git a/files/wireguard/desktop/fudiggity.key b/files/wireguard/desktop/fudiggity.key
new file mode 100644
index 0000000..2a4e787
--- /dev/null
+++ b/files/wireguard/desktop/fudiggity.key
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+64386433373038346364353966343664623636623866656535326139353563396466653663613565
+3265323264623161653131663865343362323530643139340a383238383738303366333666326536
+32373330623636613863303636626536613736323565323632353263363531386339623636613965
+6232626334623437610a623236383763636431323332343237353835666432326439396361386139
+31383538613265633766316565313538663631383833383636376630326130393039623561666232
+3861343261303065363138616564666464653733353864386564
diff --git a/files/wireguard/desktop/fudiggity.pub b/files/wireguard/desktop/fudiggity.pub
new file mode 100644
index 0000000..3045a86
--- /dev/null
+++ b/files/wireguard/desktop/fudiggity.pub
@@ -0,0 +1 @@
+izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4=
diff --git a/files/wireguard/desktop/preshared.psk b/files/wireguard/desktop/preshared.psk
new file mode 100644
index 0000000..3ce2db6
--- /dev/null
+++ b/files/wireguard/desktop/preshared.psk
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+35306261646161313832376338646666383439366336396566366163646263346661373861326630
+3461373866323562356338323837653032346333323962310a353436613736353763373163306163
+63356435306132623264323361333863363038306132333832303035393863616562363833663038
+3265306165623435390a383464343539393964396430343932363364353363323337346565646335
+37373332306534303963386139613931396561643763663438303932373832633565643765353433
+6564326235623439363438626261346264393835636134383664
diff --git a/files/wireguard/xps/fudiggity.key b/files/wireguard/xps/fudiggity.key
new file mode 100644
index 0000000..bb2588a
--- /dev/null
+++ b/files/wireguard/xps/fudiggity.key
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+36393066313764386361376662376266623331313765373666616334356362656332653838346330
+3435643261333262653139636537326164356164373566310a633233623031336437303236636266
+61616165376631353433353463313532643564343664346335363835306430386364303635343432
+3864343464666566310a363563613039333465336164323833316436393236666433333163666137
+33656632343262373463306438333764393031623666393161356539636663346331613539396637
+3631363333623539636561366436613861363932323966666238
diff --git a/files/wireguard/xps/fudiggity.pub b/files/wireguard/xps/fudiggity.pub
new file mode 100644
index 0000000..ff9ddcd
--- /dev/null
+++ b/files/wireguard/xps/fudiggity.pub
@@ -0,0 +1 @@
+EbWLf2+7x/RymeeiVuX72nZOBqPvdhu2V9pYhszpQEw=
diff --git a/files/wireguard/xps/preshared.psk b/files/wireguard/xps/preshared.psk
new file mode 100644
index 0000000..f638877
--- /dev/null
+++ b/files/wireguard/xps/preshared.psk
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+37646336633937663937323736363236383665326635353434333133383164636637343033316338
+3838313835613565646466653139666337626237313737300a333761383466626637336164363235
+64386164386565353666343337376234363730333461386237366362666361613833396438633337
+3633643431326233370a386664366238633533356235613332373630353731306233623364623239
+35356431363137306139353533653239343934343237343533653866633466633563373763303038
+6438616566376131646662316464333765636331343262663437
diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml
new file mode 100644
index 0000000..9084ba3
--- /dev/null
+++ b/group_vars/all/main.yml
@@ -0,0 +1,28 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+xdg_config_dir: '{{ ansible_env.HOME }}/.config'
+xdg_script_dir: '{{ ansible_env.HOME }}/.local/bin'
+
+modprobe_templates: []
+mkinitcpio_templates: []
+
+boot_configuration:
+
+server_domain: fudiggity.nl
+
+register_uefi_entries: false
+
+wezterm_font_size: 11
diff --git a/handlers.yml b/handlers.yml
new file mode 100644
index 0000000..dae3fe5
--- /dev/null
+++ b/handlers.yml
@@ -0,0 +1,91 @@
+- name: enable daily timer
+  become: true
+  systemd:
+    name: daily.timer
+    state: restarted
+    enabled: true
+    daemon-reload: true
+
+- name: enable weekly timer
+  become: true
+  systemd:
+    name: weekly.timer
+    state: restarted
+    enabled: true
+    daemon-reload: true
+
+- name: restart user ssh-agent
+  systemd:
+    name: ssh-agent
+    state: restarted
+    enabled: true
+    daemon-reload: true
+    scope: user
+
+- name: start syncthing
+  systemd:
+    name: syncthing
+    state: started
+    enabled: true
+    scope: user
+
+- name: restart powertop
+  become: true
+  systemd:
+    name: powertop
+    state: restarted
+    enabled: true
+    daemon-reload: true
+
+- name: restart systemd-networkd
+  become: true
+  systemd:
+    name: systemd-networkd
+    state: restarted
+    enabled: true
+
+- name: restart systemd-resolved
+  become: true
+  systemd:
+    name: systemd-resolved
+    state: started
+    enabled: true
+
+- name: restart iwd
+  become: true
+  systemd:
+    name: iwd
+    state: restarted
+    enabled: true
+
+- name: stop mpd service
+  systemd:
+    name: mpd.service
+    state: stopped
+    enabled: false
+    scope: user
+    daemon-reload: true
+
+- name: restart mpd socket
+  systemd:
+    name: mpd
+    state: restarted
+    enabled: true
+    scope: user
+    daemon-reload: true
+
+- name: reload sysctl configuration
+  become: true
+  command: 'sysctl --system'
+
+- name: restart tmux service
+  systemd:
+    name: tmux
+    state: restarted
+    enabled: true
+    scope: user
+
+- name: user daemon-reload
+  ansible.builtin.systemd:
+    daemon-reload: true
+    scope: user
diff --git a/host_vars/desktop/network.yml b/host_vars/desktop/network.yml
new file mode 100644
index 0000000..1010119
--- /dev/null
+++ b/host_vars/desktop/network.yml
@@ -0,0 +1,13 @@
+lan_interface: enp1s0
+lan_interface_mac: 00:d8:61:9f:52:65
+
+local_network_address: 192.168.2.15/24
+local_network_dns: 9.9.9.9 149.112.112.112
+local_network_gateway: 192.168.2.254
+
+hostname: desktop
+
+wireguard:
+  ip: 10.0.0.3
+wireguard_media:
+  ip: 10.0.1.3
diff --git a/host_vars/desktop/syncthing.yml b/host_vars/desktop/syncthing.yml
new file mode 100644
index 0000000..a9f0bc0
--- /dev/null
+++ b/host_vars/desktop/syncthing.yml
@@ -0,0 +1,45 @@
+syncthing_listen_address: '0.0.0.0'
+syncthing_protocol_port: 22000
+syncthing_gui_port: 8384
+
+syncthing_config_version: 37
+syncthing_api_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          39643534383666343331666336356662333165633032356532323730316535616363393330376263
+          6164323430343961646635323739373363623764646361360a666566363736323739313533323562
+          34653032646230313063613265313836383033353336333461376432363530633632313234323733
+          6162646332623837370a646537336139336361666336363861353030633136373063333433643435
+          64666465356566313263376330643664313266646139663433663366316232613562663863366334
+          3061663839656563353663373135393233653130383735366538
+
+syncthing_devices:
+  - name: Desktop
+    id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN
+    address: dynamic
+
+  - name: Fudiggity
+    id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV
+    address: tcp://syncthing.{{ server_domain }}:22000
+
+  - name: XPS15
+    id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH
+    address: tcp://10.0.0.2:22000
+
+syncthing_folders:
+  - id: default
+    label: Default
+    path: '{{ ansible_env.HOME }}/syncthing/default'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
+
+  - id: pictures
+    label: Pictures
+    path: '{{ ansible_env.HOME }}/syncthing/pictures'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
diff --git a/host_vars/desktop/system.yml b/host_vars/desktop/system.yml
new file mode 100644
index 0000000..93a9275
--- /dev/null
+++ b/host_vars/desktop/system.yml
@@ -0,0 +1,55 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+  # custom packages
+  - keepassxc
+  - gimp
+  - firefox
+  - mpv
+  - yt-dlp
+  - nfs-utils
+  - syncthing
+  - mpd
+  - wireguard-tools
+  - okular
+  - postgresql
+  - plasma-meta
+  - wezterm
+  - kmail
+  - pipewire
+  - pipewire-pulse
+  - pipewire-alsa
+  - merkuro
+  - kmail
+  - aspell-nl
+  - aspell-en
+
+modprobe_templates:
+  - src: 'templates/desktop/modprobe/99-amdgpu.conf.j2'
+    dest: '/etc/modprobe.d/99-amdgpu.conf'
+
+mkinitcpio_templates:
+  - src: 'templates/desktop/mkinitcpio/1-modules.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf'
+
+  - src: 'templates/desktop/mkinitcpio/linux.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux.preset'
+
+  - src: 'templates/desktop/mkinitcpio/linux-lts.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux-lts.preset'
+
+boot_configuration:
+  disk: /dev/sdc
+  partition: 1
diff --git a/host_vars/htpc/network.yml b/host_vars/htpc/network.yml
new file mode 100644
index 0000000..10fc32b
--- /dev/null
+++ b/host_vars/htpc/network.yml
@@ -0,0 +1,11 @@
+lan_interface: enp1s0
+lan_interface_mac: bc:fc:e7:6e:73:53
+
+local_network_address: 192.168.2.30/24
+local_network_dns: 9.9.9.9 149.112.112.112
+local_network_gateway: 192.168.2.254
+
+hostname: htpc
+
+wireguard_media:
+  ip: 10.0.1.8
diff --git a/host_vars/htpc/system.yml b/host_vars/htpc/system.yml
new file mode 100644
index 0000000..c26db07
--- /dev/null
+++ b/host_vars/htpc/system.yml
@@ -0,0 +1,47 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+  # custom packages
+  - keepassxc
+  - firefox
+  - mpv
+  - yt-dlp
+  - wireguard-tools
+  - okular
+  - postgresql
+  - plasma-meta
+  - wezterm
+  - pipewire
+  - pipewire-pulse
+  - pipewire-alsa
+
+wezterm_columns: 90
+wezterm_rows: 18
+
+modprobe_templates: []
+
+mkinitcpio_templates:
+  - src: 'templates/htpc/mkinitcpio/1-modules.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/1-amdgpu.conf'
+
+  - src: 'templates/htpc/mkinitcpio/linux.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux.preset'
+
+  - src: 'templates/htpc/mkinitcpio/linux-lts.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux-lts.preset'
+
+boot_configuration:
+  disk: /dev/sda
+  partition: 1
diff --git a/host_vars/xps/network.yml b/host_vars/xps/network.yml
new file mode 100644
index 0000000..864536b
--- /dev/null
+++ b/host_vars/xps/network.yml
@@ -0,0 +1,20 @@
+wireless_interface: wlan0
+
+local_network_ssid: KPNAE51C6
+local_network_address: 192.168.2.9/24
+local_network_dns: 9.9.9.9 149.112.112.112
+local_network_gateway: 192.168.2.254
+
+frans_network_ssid: KPNDD1056
+frans_network_address: 192.168.2.9/24
+frans_network_dns: 9.9.9.9 149.112.112.112
+frans_network_gateway: 192.168.2.254
+
+default_network_dns: 9.9.9.9 149.112.112.112
+
+hostname: xps
+
+wireguard:
+  ip: 10.0.0.2
+wireguard_media: # TODO: add missing credentials
+  ip: 10.0.1.2
diff --git a/host_vars/xps/pa-dlna.yml b/host_vars/xps/pa-dlna.yml
new file mode 100644
index 0000000..4361051
--- /dev/null
+++ b/host_vars/xps/pa-dlna.yml
@@ -0,0 +1,2 @@
+pa_dlna_version: 0.16
+pa_dlna_systemd_version: 0.0.9
diff --git a/host_vars/xps/syncthing.yml b/host_vars/xps/syncthing.yml
new file mode 100644
index 0000000..a817845
--- /dev/null
+++ b/host_vars/xps/syncthing.yml
@@ -0,0 +1,45 @@
+syncthing_listen_address: '0.0.0.0'
+syncthing_protocol_port: 22000
+syncthing_gui_port: 8384
+
+syncthing_config_version: 37
+syncthing_api_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          35346637623066636261633331343438313736356137633466306633613563343630363565643763
+          6631623461663330633537386539376435356338393537620a666234373932636162653830316339
+          65336339383630313837323137613137303862613061326131313437316637383637666638313235
+          6463333235646536620a316163666431323530353330356633393035663933613761313031656561
+          66333431636134366466373533616438326230323965333763316336393764303737663461363636
+          3061373832313462623765353130616237343966333332623262
+
+syncthing_devices:
+  - name: Desktop
+    id: &syncthing_desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN
+    address: tcp://10.0.0.3:22000
+
+  - name: Fudiggity
+    id: &syncthing_server_id ZM5JO5E-UYU6XUI-P25TLIP-TLPQD7J-NSPSYZS-A5OOYST-J62ICAQ-Y2A5YQV
+    address: tcp://syncthing.{{ server_domain }}:22000
+
+  - name: XPS15
+    id: &syncthing_xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH
+    address: dynamic
+
+syncthing_folders:
+  - id: default
+    label: Default
+    path: '{{ ansible_env.HOME }}/syncthing/default'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
+
+  - id: pictures
+    label: Pictures
+    path: '{{ ansible_env.HOME }}/syncthing/pictures'
+    type: sendreceive
+    devices:
+      - *syncthing_desktop_id
+      - *syncthing_server_id
+      - *syncthing_xps_id
diff --git a/host_vars/xps/system.yml b/host_vars/xps/system.yml
new file mode 100644
index 0000000..53ed97b
--- /dev/null
+++ b/host_vars/xps/system.yml
@@ -0,0 +1,62 @@
+packages:
+  - nftables
+  - tmux
+  - unrar
+  - vim
+  - git
+  - openssl
+  - iproute2
+  - curl
+  - reflector
+  - otf-monaspace-nerd
+  - systemd-ukify
+  - efibootmgr
+  - git-delta
+
+  - keepassxc
+  - gimp
+  - firefox
+  - mpv
+  - yt-dlp
+  - nfs-utils
+  - syncthing
+  - mpd
+  - wireguard-tools
+  - okular
+  - postgresql
+  - plasma-meta
+  - wezterm
+  - kmail
+  - pipewire
+  - pipewire-pulse
+  - pipewire-alsa
+  - merkuro
+  - kmail
+  - aspell-nl
+  - aspell-en
+
+  # custom host packages
+  - iwd
+  - nvidia
+  - nvidia-prime
+  - nvidia-utils
+  - lib32-nvidia-utils
+
+boot_configuration:
+  disk: /dev/nvme0n1
+  partition: 1
+
+mkinitcpio_templates:
+  - src: 'templates/xps/mkinitcpio/1-modules.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/1-modules.conf'
+
+  - src: 'templates/xps/mkinitcpio/2-hooks.conf.j2'
+    dest: '/etc/mkinitcpio.conf.d/2-hooks.conf'
+
+  - src: 'templates/xps/mkinitcpio/linux.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux.preset'
+
+  - src: 'templates/xps/mkinitcpio/linux-lts.preset.j2'
+    dest: '/etc/mkinitcpio.d/linux-lts.preset'
+
+wezterm_font_size: 10
diff --git a/htpc.yml b/htpc.yml
new file mode 100644
index 0000000..28ffd78
--- /dev/null
+++ b/htpc.yml
@@ -0,0 +1,19 @@
+- hosts: htpc
+  gather_facts: true
+
+- name: Include default playbook
+  ansible.builtin.import_playbook: default.yml
+
+- name: Arch Linux provisioning
+  hosts: htpc
+  tasks:
+    - name: Wireguard media provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
+      tags: wireguard-media
+
+  handlers:
+    - name: Import default handlers
+      ansible.builtin.import_tasks: handlers.yml
+
+    - name: Import common role handlers
+      ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..6e289f8
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,11 @@
+all:
+  hosts:
+    xps:
+      ansible_connection: local
+      ansible_become_method: community.general.run0
+    desktop:
+      ansible_connection: local
+      ansible_become_method: community.general.run0
+    htpc:
+      ansible_connection: local
+      ansible_become_method: community.general.run0
diff --git a/playbook.yml b/playbook.yml
deleted file mode 100644
index b2f17e0..0000000
--- a/playbook.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- hosts: localhost
-  roles:
-    - arch
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..b20eeb6
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,4 @@
+- src: git+https://forgejo.fudiggity.nl/sonny/common-ansible.git
+  name: common
+  version: master
+  scm: git
diff --git a/roles/.gitignore b/roles/.gitignore
deleted file mode 100644
index d10cc33..0000000
--- a/roles/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-# ignore all external roles and files in the roles dir
-/*
-
-!.gitignore
-!requirements.yml
-!arch*/
diff --git a/roles/arch/defaults/main/gpg.yml b/roles/arch/defaults/main/gpg.yml
deleted file mode 100644
index 6fcb082..0000000
--- a/roles/arch/defaults/main/gpg.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-gpg_pub_key: "82C21552D732C65C1A4FB340037103F03CA5CBA1"
-gpg_passphrase: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          61383265343062663836623033343538333562636433383735383862306465316439376333373563
-          6131336136653533323561633434633961393061623233640a366430396532326465326530356136
-          36616636363134386333616137656333353439633832633731373834336239393337316366626462
-          6164343331613663620a303363353064376630633939363831373339383961626137376361323438
-          3463
diff --git a/roles/arch/defaults/main/main.yml b/roles/arch/defaults/main/main.yml
deleted file mode 100644
index c96d116..0000000
--- a/roles/arch/defaults/main/main.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-xdg_config_dir: "{{ ansible_env.HOME }}/.config"
-xdg_script_dir: "{{ ansible_env.HOME }}/.local/bin"
-
-packages:
-  - firefox
-  - mpv
-  - youtube-dl
-  - keepassxc
-  - gimp
-  - nftables
-  - mpd
-  - nfs-utils
-  - openvpn
-  - okular
-  - postgresql
-  - plasma-meta
-  - syncthing
-  - tmux
-  - unrar
-  - vim
-  - git
-  - openssl
-  - kmail
-  - iproute2
-  - curl
-  - cantata
-  - reflector
-  - laptop-detect
-
-platform_packages: []
-skip_common_setup: true
diff --git a/roles/arch/defaults/main/mpd.yml b/roles/arch/defaults/main/mpd.yml
deleted file mode 100644
index 639171a..0000000
--- a/roles/arch/defaults/main/mpd.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-mpd_listen_address: "127.0.0.1"
-mpd_listen_port: "6600"
-
-mpd_database_address: "10.8.0.1"
-mpd_database_port: "21000"
-
-mpd_configuration_dir: "{{ ansible_env.HOME }}/.config/mpd"
-mpd_music_dir: "{{ ansible_env.HOME }}/music"
-mpd_playlist_dir: "{{ mpd_configuration_dir }}/playlists"
-mpd_state_path: "{{ mpd_configuration_dir }}/state"
-mpd_sticker_path: "{{ mpd_configuration_dir }}/sticker.sql"
diff --git a/roles/arch/defaults/main/vpn.yml b/roles/arch/defaults/main/vpn.yml
deleted file mode 100644
index 2ff3851..0000000
--- a/roles/arch/defaults/main/vpn.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-vpn_ip: "178.85.119.159"
-vpn_port: "7531"
-vpn_interface: "tun0"
-vpn_protocol: "udp"
-vpn_verbosity: "1"
diff --git a/roles/arch/files/desktop/openvpn/ca.crt b/roles/arch/files/desktop/openvpn/ca.crt
deleted file mode 100644
index 4a6838c..0000000
--- a/roles/arch/files/desktop/openvpn/ca.crt
+++ /dev/null
@@ -1,94 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35316431316661643830656365393564343039396661666332333862643631313433373538306163
-6536346339356631396366396332316231643238643332390a623232366437666439346435643739
-36646366313930633635376364383265323330313063376333306263323366336361626638653730
-3464643262623264340a636163383230666539323461343066653030626239633934353362643233
-34303435653364346562316639366365343239396133313138636362613134396539353365656336
-64366236616436373839623735346163313539303032386638366537366330366634613064313534
-64393266393638663963376466383631316264316232653334656631613066376633633139646363
-61383539623261306236346466323039336137313437666639383533656136623339663564383566
-39303566346639643762303763333434383136333964643936623733313338353862656163333063
-64333866313837613536643231653062353930383862383965343462616264626164363564303835
-65346433356633663265613664323864663232646532626435656163393239343665376263663539
-61646130383635303238376431373732316437613135656664663136643636623530393766363633
-36643530363034626536316633666139653566336139653138356533366335623562356137646532
-39666337356362376165386239633264316536646535633132383438343933626339356236346437
-39663635373332396439396464306463323535333434626539373763373665623036653233366633
-65336134623835666536626431623739663839646562323965623433646364383034343963313839
-61333330383037636161336632303365386232663861346562633433323330633263663861343232
-34326136643330353061326464343138376463623863393562353731316262363537356234323663
-31613462383261623139356662623662383437623636303163363262306239666430633264646565
-37656164623930663034656536336231633035353133326237656562383162383339636235353166
-30643333393565313030366335346531366665626461346262663638326665333437396465343836
-39306331636633616463626430376634373832306135313131666562613438666532366432356332
-34646566306333656234383264373665313839633737356134323033643732646139373861646630
-34613061313464616633396266616364343462373437363561383662316639393339353863383664
-36383663633035663430656538643962646132333830353136666538613939633035666262356634
-38636637666234373339303465313435346131373036386463373430623432353864343730303535
-30643638643534383366386663393964313935383431356365633831386264326663346431316133
-35663232666337363765376435663064656138363561366630623838396464666136386636656635
-38393836666436306537376561613638366162613533373432386331393930373965353435353661
-35343635366264393364323561313638633938313039316164303464623238366137303663373932
-39383338323637656231356262303032663861393832326635616630636539303735316631386361
-33333731633762386338643032316563353736333130363734356235383031306463363536663061
-35393232383530373964363937336134376664336465333330356664323630623963346263643032
-33333436613233393837633462313465383339646164303064303733363461613237313430393433
-64366561313633626363353230376464663731346161373765366563353162373538666138383661
-31306362333933333732623563623364386363613135346661623664353163653731383339363834
-38356336386433383663393562393133303037313238323966333464636439653837306532646636
-62386564393132336431306236326136343535666565643139666539333461653631336166646431
-38373637303133343364636533643964353030346465633962333236303436396234346234633864
-34366232643231616361626337616234373766303739623266636531346537383539663166333434
-39393433346638356465376234353534636461383866313137353563626237633436313666656265
-33643437626535386364373030646363363137333530623164346661313039383066646263613231
-66663232623063366639306561633762303662333938626430393139653065353637323862613436
-62316165393531383034383934323136663538626137363031613936303232623362393666373536
-34333634366532326361613932623962343634663562316439313065343361376261323337643564
-34376532353164393430383031396439363234623666386437663037663562613433363332336633
-39613662666339303466376361306536646333613466393239393237363732353934623531636233
-61366230356362313636383432343033386566643337306634303932313438663662323436623230
-62373731356530353633326637306234323962663465336235333234643763316132616166383132
-30623765353566383932636265636265363735343736393761666134313438316635636361643136
-38303335386530396535653965616665646461363563373264353463616133626262356635366334
-35333134343934393561323261393434366261643639656135663439633932313162653063313830
-34326663356164653835376438653035336532393164646266663135643366343462303133613531
-31646632326562306163613735666330666462336132393263346332333031336431326531313361
-37363463373361626465363435396162393035383835656137363766336435373164313663623963
-30663139323636643738383036313561386639316334323861633338613038653331393030663366
-30643061363338646362643862613130313532383065353865623361623461626430356339626461
-30653630386439656237383632343865613736653662663962346234333866643663313538613437
-30323931643932653633313338613836396638366238323136643235303330633863626136616433
-65353130656530646239323461346363643863346136376638383562303938633737366236353731
-31333131326139353635386138386163643363393832383163356639396436366430383763636238
-66643933353839306139373365616466383364306464633164623632383734386339353664343063
-66663965643731353033306638343661616230373530636439646263613631376339623132383764
-64323430353366323733343962636536626161626461316234633435663032363165393032613034
-33646238313537666666343234663732333635383831333766333132663535346565303532633934
-33656232666366323561313266323636646538663361373263333566323064336132633232396637
-35633931313330393161353030653564626337386265643733646434393562653534353665306134
-62323761396136353439643764336636396162353732643639616563663566343239313433633038
-62313534316430356231323530363165373430336336343863343166313032636462356366366162
-34656534333065303265623331373531386465333633383239353731333961396431616163613165
-61323237303931663132656331663837346465306166623534656461336230313661303837326235
-37613465336132653336663134313061393037643631386232326536613337356362383561313333
-30333337643763316364383135326433313636623633316564343438623165353264626265383339
-33653436626133356661346265643537653137383262636239333039616364356365616435306166
-64633334393230373639346262383839623864343639643731396530353065363734386131336336
-62336464336262303036316537373930343733633061633031663764653238313162313762613663
-61326661386437343338653935663232376164343635373236323535323938353930313363346632
-62623536343936653637663162626662646539326265313738316532356439643839663662663865
-66323437373136376166316438373334663762386236643730386662653730653566653965343237
-30343766393739316465616239653430363139376337316364333536356136313230383637646630
-65343431623964633561656661613434313436646532616163636631316438366664633035333561
-65326236353533656666373539306436303038383962393664386235393862343936303739323733
-65643764376137333664623265393635386665343138623738313134346636376235366132626134
-36346366376634666461376137333532366331376463316431326533383462306461373634386536
-31636462663538633763303361646335313462313437616232333030333162633364653333636464
-31613235366363646639343032396163656264353539633166353765353734623031306162333738
-62653566333732633964643934383936656265353862383836626638353233363031316635393435
-37613061333730366230616135316431343833393963633832663536333036376338346264353636
-38633236666132343333383132303364356332636462373535646231343465343431303532376633
-32353830363632343338346230646531343761343731663731636331636438306335663964616364
-39336538316639623065393564326237316666366436306438663065336162646562393336333035
-63336530653739306330343963323235623165376663343839326261626461666566303635353939
-36623962356639343039633166373937343937353133366263313431646436646464
diff --git a/roles/arch/files/desktop/openvpn/desktop.crt b/roles/arch/files/desktop/openvpn/desktop.crt
deleted file mode 100644
index 5814018..0000000
--- a/roles/arch/files/desktop/openvpn/desktop.crt
+++ /dev/null
@@ -1,282 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34366531613730666565633038666163666161636466326630613337633938326234383263653232
-3734616563343532623835623461376234356136646261640a353663356235646163613032663661
-66313461356639336433613734643863303538613631343963336535643231613930303666343632
-3561393861313837310a653763336336376333326361303031643437613537633664383333313566
-32663337363633353038343138356263613835306332373139386562336439393639623035613065
-31346639623735333832326561376433666565613831643133643539343430663231373032616662
-62646635623530336234343965353331346137626365633738363032383965653933653330653635
-63366164316166313761633536386161373066353630633532363064333837333636656138363138
-64376533643036363365323034663633666363363264313132366333643534326132373734626162
-61393365666361616632303162643130666662656361383638353439373938333437386666626561
-61333233313430636437373739633236306133626632333165346535336630663130343764633139
-66333030626665303264653732366537626631653834386433373631663365613331633133323261
-30623833633061373630336331386539616334343063303939383537316437306334336337663962
-36386533376334353834373635316361346663336437383231356564316562656331636132356536
-37376164316630663834303365366631393661333932326438396238643938356139306636306266
-38386566633639356131333863623562303536623164346133376533623461386334646138323133
-30643736326565323665313534656232393866636666363732303736343535333134383033643137
-31336539333736633235356635616366323861643961616562363535313937383439383765316661
-64613532666437396565326533663335333737333430386566313964653464326131653864623738
-61366138346262343239386634646137393838363064343664373235353231653738633036646536
-62343937623734396232663864323034353730656262313133316137376639316537386462336636
-64323738656661663032393231313233363930336236333335346639613565653937316364353332
-36623134643435396337326630303833663039303535356132323431623266613532326332366236
-66303239623531313130323765633266326631336531643033653432323263343039313166303633
-63386334373362386339643330623535333463366162343464313265656336616336653234313364
-31333439336263343462363531393364346331613362623533616662623166613563333230333839
-66306539386465376461643239366564666331376233616533383433366639316263326637333363
-38336631646639383133386630303336643264623637353461323737343561633363306332633365
-64303061303766633565643230373734646165643538386133343362306332333361346436356535
-30376537323238336238646361333764366135333036353764393638626138363333346138323539
-64396463623937636231663465333536663362353336323732333832376137363832613038323866
-30346230306133613138323262333761333334663763623035323261663166643034623461373163
-65313333333131646662656663626261376466653264373663313933633133386432333536303230
-61343432333830396535653562363732393434373738383137383965313863336362323436356435
-39306139303033323633626131343339313039633765336332363736636534393433663563663963
-62633430356162366530633364376633366462323932333134336139623631373664396233636134
-63336338326663663330326432636132386562373362336130656338356639346332333231613166
-32633139313630646139646434326461633861616266633933386237643831393738376434333436
-63623830303262356132333438643739636538383135656161366533646636356465316463616431
-64343437323363653630303230353461653031383735663630346232363932313566623131366331
-34346630326434323661353238366639343136623565643661313662363461663235363764643536
-32396338616138323931633266326334623034323065303163313662653836336262346130333766
-30616530376661353862386133633863393333353665333036363637663164346361613339333534
-63343165313335303433316632656165646635653830646633643731636536303933393261663861
-66653937343461643161373863336238613066306366633234343233356637373531646531353139
-63666264363734326162343637646662656436383331323332356166643932643763363563656236
-63646132396331363163663861383131326134366232373866306566663461376638343361343635
-61646435346262323739363739333630346662363062643039313034323463613337396530666431
-39323439373032653732393535313566333237393934316464343437336162363331306566396564
-34663634366661643538383836313239353937306639363235373132366633363162306630633963
-32656435653963396566633937343766633636663664373963326532663830383361323538306330
-39356330643839363730353963653033356535396263303237373338636630653562313731336235
-63366437393265313232636665623865643335343961376231393765366630306461656461613536
-66326431616237303730343361366137396532643738656665346265616538333231323230316237
-30336262396465343835613934633663613564323239346433343165616134303161663536353337
-62666466613237356230636435353164643538356465313162653763306663373066316538346530
-61373464383133323037643130353934346230376564616561346139633737663937383061383332
-32353461346366646265363563396632306661383433653435323735303936616631646362393961
-62306333346161393266343462666536643431653438636635653435306138613338663533393433
-64646334313965393162343665616335353132323364333433633534343066363662383863323134
-30666465633964313639646561396131323131663263313637333236663464316433393765623664
-39616439666636343836346564666231656133323332633765343530303135373766383538306335
-37646664373062363164303939343332336333356162303038383166323034343631326564306261
-38323138353263363037343864633266356162373237303461313534626537633938333939663431
-36316333373563326137353266326530636365363038353038363734346634623037313937373864
-30643763323731326130386230616339363634353536356561383334336630373133336534656536
-30313431616239616165333062626233393663633432363530386133636231333433653137316265
-65623164633063343931323461623638343038323034396336396237643563313764393166316539
-33613038323336366338666630653161626438353462363439323832353131613031336465663933
-39663733653237656531353864363230313633376165343933353062656330356231623662646638
-35303331313965663533396361626430373063623464386464323830623032363730333932343731
-37386365623734323434613366333730633232386235336436653031656133653739623364353538
-35373333383337363461623838323336383031363636346565643230663933653031333936363861
-61383835656538393030316331346466326466323133303637313438373463333734663464633164
-35316632306430666662303032663932326632663636343138336463333838386264356334666337
-63653832666533613965396532363937643662333563326164373765613363653537623137373666
-31366635653466663161663736396138643966343436666234333062333563656265396433643932
-35306639636261613131336536303564303964316462366661643961626430616335666165316133
-66633430373934376434306131373036626132363761393834333132383632643332643661376537
-32643136663361356335613366626232343864393639643736333263653439356534313336643737
-63386134613237373938333365666366636633386538303862313564383061373832393561653362
-63613062386563643438326166363737316233393233613831663165383137663166393966663566
-61663866633330306363306361623165616562366466303266333231323666383836616635333561
-61303163333866643361366663353166396638346332306136376239393130333965633538643266
-37613933633530323961653537633365626465656362363733356362633966633230333134383865
-31343863626331663061363664313934376539316433383163366663373736376562656230623661
-36346264636365353361363662313866643531356332363962323961373537633833356439333839
-38633163626462316166326363323735393361393233656634303334306437313032383232313037
-37333939643361353866646630356331663166373464636466656639643863653365663431356266
-61346437353637666263613764323864356234316662363937623334616430356363336633643463
-62646631663462316533356331353032366161303230353865316231333535316638626366316137
-39646634623738633438386561353235663636616565316163383530303533396635656363643131
-30663761626234343664663961353132396130653362383537356162373761366533376665623633
-38336166653134343532663231326365376265633533386333323734616636616237343339623364
-66333233663338663333636164656363333166376630366238643866643338633332376363623763
-31316133316236303162356461666537316163346431646336323231613236366538356635646338
-36306631616565666366613763616631333435373031633537373165613066336338616332323137
-37386432343164343933623562303937313734326337306138373966653563663031613561306361
-35323465393239666437373366356435396661383866386461346135313738363131653234646530
-31643038636336623763356533626266346638393234336634393666613139303564653261343433
-38333661623232336637336134303039643164333638636666353232316636323861373566343236
-32666165633032326362643436316161613365633039386635623632303533623462643830326135
-32383537666662643038393839633438633065393034323833393936343435383866383262373262
-37343936656465396435323036303363613634336238363365343165333035356335343430323434
-32363139393766323232663764306465643434643533316537623830356437656338613135643363
-32663836326639353830313330386330643563353336613531313136386666353135633335643832
-63333931396336366633633066623535383761396534656338643262623562363239646363323030
-64643234306531663763663535323332326465343234306334653439326365623237613335343739
-39633464363535336333306338616262353631323763613236666537333035383661393865636233
-32363838383936353532366430333762356334626465623563643736303834316534353531366465
-64643039366263303630346639333435333763313335333238373432333962356464633539663666
-36343837656265386531346264363134313966376161633563343538363163653561393536613932
-37393437313239363635373934386436663864633763333637626331316535306539306563646561
-36666232336435333164623737633635306536353362373832633136343639393863353463633131
-65636537303365383036396633313962333030653064333662373365366135363764633236646139
-65316334616335326532643764313235383964646463633137346236333337303861343833323034
-39643065323161653963336365666332376263643266633664656139646536333236303565376239
-36356530623563313434313362313838346663626431646462376136366433646265653232383163
-30386231323165383236383730646435373131326333363662663038613436643530346335356266
-63393236623231663930616661366235366365303238383739363633643637313164623031363134
-38346133326263323034626161646532666334323035313934386664326539623437376162363831
-36383437373936316236306635613862386138396630313637376632356238383534313638326538
-36333031616335336437653534326264356330383031663161316166646436653236383333653838
-36643733393363313036326633353561363862373339346665383635323066323861633863656138
-33306630306438306235626334313236666265366539346137363564613861326136636536666233
-30363936363231356539663864653230313538373935386232373437613764386438646231623431
-63663538393066646431376230376535366531396362373563656538643231613031376236343739
-37633736376132326139353530393933303065303533313164623334316439366334396330333030
-31396632653165326465336239373366623363636331366235323531643032333931396435653962
-37373862623737633037343339386538333639346564663431643537613931313366616365343762
-38393435343631326438383933343734333866336263636131323331633464343335633939656166
-33373834366465393066636337633665616334333565386661393633326539336334386538323361
-35323434396436366465323938333766383031326331376462393632343766623937363138326238
-66386565383763633336653031306335623839363839636635386633326135336233376630643366
-35383836666638613063333138306336306232393834656236663832313537666365323230343066
-62303536643262353737323964363366313361643032353736666531626632613733643338346534
-63383261373838663333666165653863326163336334373666363963386465303130323936386634
-34323961623662636535396264346533383531663164623735303266316566366561326530333561
-31643839393238613964396233646266346165623535353563663931386165376131623263346361
-66386261366330376566343363383631396233393966613232353832353035393338336435623034
-31353462313766343335613363663763626662663134653161653238396633313062353939656139
-35626365326166653734626435633839323565343663663633383966323136626331393134646261
-66393666643932666431326534646338353630366234656238313036613438363537613965623765
-37643631303131643033386633326531393232326533386539306263353964646264623431363634
-39333335306334663337363966323435333937373633326231383230636338353132653739356236
-36636366373461353065646536343436653631623439663837386235313566653762306662303764
-38643733323330346163346561306431303634623361663563306139646533316335613030303466
-66613863393965393031376530313766343733663463396361613237313435303262346234303766
-33313461333933666632383038316233386663386533653165383334613130643635383062623362
-66626138363835313037636132303565643737383735343761346533663765653864313362336366
-36383862333165336435373433613063396664643566613734633633373730626266646462373033
-62376233353533356430386665376135386337356237303364316230393336386264316537316437
-63393465376638303535666233373965363966383565666337646634366630343266653538626539
-39346364363133363831653334373933343937636131343631323836336338386235646435663138
-30393862333866323938386235316237346666323163653166373839643835623632336632313662
-30346130393563613038653938626130326439303365393036383633613431323938316430343036
-66626635643638636335666437373130333764663636353764393133373331373562383966346236
-37663437363639326239353434653336313436353862363737666564326138623931363661303263
-62656363396562303935343233353039626231313038343661333662313939646563376233653566
-38353233633632626165663130663566623839346430303235343637346566626139613336666561
-62633965653532363763393035333331303230343130393238376536303135343139363064353135
-39363734663365333936376137656666663564373663613931666633306632336462356439393265
-34653734613632353734333936393136323237653664643066376565643932393961306362616231
-32393532306331653266393763346163366239663239343566313834346633663038303231626366
-35376530653765643431613034656636626434646466663730666530323063656661383539316433
-62363533626335326238653135623435633463303230396462393332666438653834346633616561
-66393730633330343265343364626332323163656562383966333762383633336535643036326639
-35313733633032663434633439343430313437623561363261666362356461363835383637313733
-66363662653331313963656264663965353664336662393862383933636235303231663630326134
-38653738333930646336336563323531356436633132363933636437656161353231306365363531
-30653536386635623738663138636263383335663431636263623063303431333631663361336264
-37303262356565663632653466666664613331663036623766616562343765646136336562363365
-39613332383262306262633966323163653736396435373431653135653831383730316362636330
-64333632633938646533623436363134386463366233326639646436336532363065313738366162
-61393564326465313961646361346139396434613463613766663434646262326430343634326632
-38633461363034646536323163386132616665643166353931383035626463323265326434656563
-39636464366262326533323962336132623561306138373862333234383532353636333736396638
-37333436316564666665366137663365303764376136343531323834353435643264306639623666
-31333831336334646339636431653161616232383537363434396635623764393166643666623463
-65386337373930616562313233303630656266656436623139636463616230343266636362636233
-65613031323430323432316432323333633434656363613161323431643364626139356336363065
-34383963316665623763346464303137356564383463666233633134663932633364623763323966
-64396632633762396235323034633765323565333136366265626433366239363531373839333337
-30373937623663623734643264636532623962346636303833316163333832353138386565383930
-35383736613866663061396465363431636139653539373835666439366636383461336361353933
-63333130363538626239346166656431643762303362653861396464366437386639666532653766
-63313231393163643934343839613030656338306133373339333266373264383235373833626461
-63346230663566626561346561333539313662373737313033656130663134323433376533313464
-38623530326262353438333965656136356337643232333266656439656461343538643866613638
-34336437393539336237306463316261633964626261383133646131386638633930383266343965
-31643934326364346366623661396237376530633261636436646630336433393834393535643034
-38616466393635623362663631393932643565303636323565646162363762623966653433633737
-36333331303939396138633134396165646630376432626161366436393735303366616233313136
-62633834616539363537313330646362633930303761663463366561323338396230383139393536
-65636234303261313662363836623833396538663633393236323962666562623237393430343835
-63386466373230336536303639653366653262623336633838373462376235343034376638316336
-36393563383332313330626562646335646135623231313234613733666464623030616138396361
-32363736656132633538383430343531656135306562343537366438316435353962393962353336
-33383566343236663437613634393336316435313637656666313137663439663933626139643134
-63336365663966376438613737626461366566336462636130393465313030323634653361343437
-34343630326261643934323039383037373038636562376163353265616565373962373834626562
-65653361666433663231336261646464646263613034656638636332613462366335663538386535
-33383731613362363938626433643531656339313631633638613737356231376233636238336238
-32313836353961306136366337663231643565326633353534663239396361313130396662396632
-32313466366439313862383666323061396462313738656261346265616265663832626466333738
-32316463386565636462653132326164663561373863323636653163333662326134373337366366
-39333837376537316564303664623936303064643665303566343033303662393536306465396533
-37626162613834343430623037303133636532383238313262633333623131343735396463346663
-62313166393934383461303639376230346331333532313863363137303863656333613036373935
-65633361613039623331613834303830363736376332313035353639383365386136336566396337
-66366632373936653866613236363232393038666239386537633162333031316436326635333835
-32353466646234313834363439336134666132376535363939393661653733343936376665333564
-33663365326435663030353435623038653239386639633362383539393638646335363132383838
-66363562633863373437326532643739633734666538383161393934663238306335306433386335
-31383734326532356434396637303563373635336366336338366165393333616362386334326266
-66663530326339306561383739343866333332356566663662613433616366363938343864396434
-37396430623866643138313961373766303930366636306235393864663830343437646537363838
-64613837333639303965366464323461386364323835353465656238643062663434336132313530
-62366432643761323735663666316635616437303037303161346535623332356237366338356166
-35636365663961373434356430303665393161663631363135353466633131343563613865323961
-31343838653332313765626164353230663463386135336665663939336363383737646662623661
-38666463663035313966343134613733663339376637316232346432303237643333326133633338
-32613666323737313139313862663362323831616631373932376533323639333464323531663863
-61333538356463336639366636373739663332316236376238303963613436303033353636653434
-30353463303138646438646430373863396162653431633932323132336439373634636630303861
-37323262303765333365656336653564366566626261343461303761633433363034656537363931
-66353533623861343166383661303230333436386465633163643934343262373536626331666532
-64323361666661656336396130373031663365623733656537353137383536313366393534323263
-64353164623831346538363530333435613734653631336462333065333738636130316133376135
-33393761343065633765366434343265666539326131653061636136666263383534356462646332
-61303734626339343962613532336433346562636262396633616162343962616239653033376532
-65633439616230646339623861303662336133303437363331653431643964303235653937316437
-62333732373461333630336235303631333835666565363761636432386638356530636362343239
-35366237636262323364633563353866356464323462323965643832396566313233616331373863
-62386264363861623065643531316564346662623234366234373463633732333739393434383662
-30313635346535363163306465383438306665323735356535666339343131623734363863323161
-34633835326334336261343136353661666666623831313033353935626463333661656439383432
-33383135346336316364393137646663373666636363636363393132643637343135393763343766
-64323466613562303639393061643533633231326239376634663565323437646132646565626362
-30313132396536363734613562366266333839353637343066373238653835623165626232623766
-64366334663934633366636666663535656234313432353638386638316564386139366434313434
-32356162386366636666396162633839623862313030613338333436333535656430613964303262
-34363563646534373738376430363462386433366432326666623139396665623834363937396564
-32393131653862613736376631373235663064353739333039356330643533396533653838616333
-63343937303539316236326239636163613532366462636339333466646331353164643132636334
-66353930316465363430626236303635326366366234623837323435663039613536343439626430
-33663661343663633838656234343764613832366635373566646164653764373930643330336237
-36656532386364336262613231663239643863313131306636356530333961313731323138373532
-36633834346233336661663238386233623836656565386238613534643163323861656166313436
-33616364373739343965656439646331353031366630643630396537663561393861373237393966
-33613064373038616339626163616434323331326161303666353132643438353139346665336362
-36346339353762653037613432343039666339306239386239383933316562333163393433653566
-36623437316135656436363465316331336331383033366331343337313666383562333035323464
-37303535663762323162616235656437613063356634363865383661656465323839386539303863
-32393765386239343963613735643665343266373139363839313831373863613439616639636264
-34346637623932613736363433646530303933623532356236653238376364653465383963653138
-61303562303463326337303261326266316566636136656536613931373465663731313932663538
-65323838623536623961316334613839393333316637656135366237323430623630356137633663
-35306530616664323832383566306462313730643238616537373031653437643634333337643465
-33386464643339323736303239636431633037303633306261333361626234666562613661356435
-66613465366362383230373731346465363833313035653065353864373466356463376664613466
-32646131313033616366616637356435346438643731616234396563323931383830306466636532
-63613364383035643536316534616262643163643365376332383330343066306363343262646566
-32393762313031383437366239326166316434663437626563333936316365323532636265626631
-61613566663735376234333736383337316262646130346366343632303431623765383937616335
-31353036376664323361353261393865373232633535663635363964303431373139623031656339
-61626335656333393266666536356262393662383064346631653730343339313165396630636139
-63356633656236343164656636313937633266366137343132356137343338626262376633316661
-31633432313030666632633761666566323935363230663063356662393366643065363731333133
-32363263353531396564313063366338393736656632366539343131613865383062623166316163
-34623432336162363933383961643638653432663237616461313839643038386330656561386232
-65613132356166656261353761613633353038393464613064373839373265373834343366303936
-32653730373134653535353134363532633330653035643632643961386166663131343437643639
-35643035666434373437633934373630613833666137656263323138353765313836656338326534
-63343964336233663335646539303664663231353334313434393832353739366265326632316432
-34386236616631373563323030633335653739653437346536313566323465353035613739653461
-37373565313532653237646434343765316231333230663030666533353836613365316332343165
-35643331613164333632653332313765396662303766353937316231383738393634353930663361
-61623837303665396266396162396239663530613233633463666635363065386134373663393033
-61666133353239333231633636646263333838653130313836343566313864633161613863326362
-62303561306366343839343163643733613466646231353331363933376564333236
diff --git a/roles/arch/files/desktop/openvpn/desktop.key b/roles/arch/files/desktop/openvpn/desktop.key
deleted file mode 100644
index 33260dd..0000000
--- a/roles/arch/files/desktop/openvpn/desktop.key
+++ /dev/null
@@ -1,90 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34333438393535353533333461636632616138326232376363653666363539383530303532643530
-6137346336616263653933336435393034366439633865650a636666343730646534626261666565
-39323434626333653033303166613338393035333738353665613230353834623566666233353663
-3131666130306161380a623532346661346630653636616334666463396364366234366561386264
-33393062663464306135363064303865383164343939616439343164646136303262366136303536
-38376339613139303162643165313231373931353938663838326661333438313661653732333731
-64623866323030396637653037343064316565376137633464636239333961303464356163313465
-32643537633261303438353330643862636336313564343464336630643933666265613765643366
-38313365353431613230306165326137393539363137343063356436666565306135363733376464
-30666364336338376433333962376161306334373366373639316562613237393935306230353862
-38333232393463653636643737366635613262653134626438616663313330333262326266653436
-61383938336337666563396238636563613966663666343736356663353737346538656637306438
-63326462383932336334333433343537363830303861313561303735393036386131666439643130
-34616161626166306331663235333336326537356463326166376637646563626365323566633164
-39656136343338363262346663613738336131623566343634623263646433663561323936356332
-34343564316561313535313964373738656531376265383632613966636637353766303137633337
-64386664323233316334343339333037353365613962616139613530316665306261343666633835
-61343631353963393332313662646630396635616332626438346266666363356664623333643964
-62653932613533636661313939386436313632616538643838373234613539313137346634383965
-31373532333533323132663266633139343839393165323463353434626332353439626634323561
-65643332323763383865643634313632353461326533633466323664353565653264303435303035
-64363939333430666162393662303465313333663466343134663030366361623833353961666661
-62383832376233383662343137643163326664343635333337666263663163323062643038373531
-35323733656631623536363636646239666339383738656135353634313465353733653864653965
-36663238396466363836646161313137633535626230666363623736366531376361353338383066
-34303134366366343738623139633636653932656265626331383732373462663361636431313862
-63326134616633646638653038343439303131613330306163383830353235613637353630396633
-39663161363264313138633963613130323036666662356337326463363862653264346263343139
-35656261376639326534653166326666313637613366626631623735313162373939316364333561
-39613935633934626538353630666462616238346538346537383864323562323736646231663038
-62646134656237653733343362303066306566626133616530376436393766363661306232356336
-30313265393539663938346239366263353534396563343462343334376134303264626435643364
-62333666633234643765323563373233333231386433363762353231616435383433303733393932
-33306536386538623564306665623031373633313035303836643339323537336239393663313530
-64366230313436363034366434383230623230663531363130636561613639623335643032646531
-62316361376631633836333866343939343539346332313030336665613635383462313937376666
-66613631626361303538623963623366313033363766356139306130663939346165643534373434
-62613430633034306138326439366134343930393765646162326261333461343833643431323836
-33316664313035373138313332396666626133363831643562313162303938613264383034623035
-38343365623333313862623435306534306533373035623631303638356233646262623161343739
-34376631663736633563333032666137366639626433306132326539333464636161386131363666
-30303636313038623464653330623066626431326162336463383831616333643334666531386365
-38306536376430393539356334313438643538343538303264376662633765396563626266346366
-65353230376534643739613838306161303238303230356433636466336239633563353737346236
-35343534633162323133333061383932663036643765343434356634333136666539356533326663
-37376663623065333839633338633637383237316337363434356637623339646534366435336164
-30356338313437646235616564656439663937383761363337363531663835303030616630306339
-37393237656532663264643133616537643264633731393866636462386263656537333232666139
-32623165653032363865653963383130613730323862656139323866393235666536643931323764
-33633031323537393631623163333866313333353538613734663665633539303432666635636565
-31646538633663313866636237383165303634653234366336323237646332333338376664326230
-30303431343131393863343636316463623864326535376663623161303061303639656264393830
-35306461666339623163656236356564306231633066613731323761343466663436323064393235
-39353036616330333934323365393539333963656134383736306634643533333130653835633731
-37373133313665396661656361393163306233333733313138623263326530663438356462623766
-64393830356630393364666531356163613634303234623663626637633863343437643730393337
-31333533626363346635626231336165303964633262623362323365383132356433663533613961
-63396631366132303538336532616336646238616665366235363364626166646464626665373336
-64653430393137636665306461346433303136383964333861656435363436366565363139346466
-31373864373761386463376162363765633533613833656163383830306332313365613433316536
-64643638343966383061616336356531613037353666316166363936646165323864643632363931
-32343230343230633338633864663331303236613664336135663466663038396463313465613639
-64366439303938366131333735643432663830313734356631363034616666316566633236373263
-66346564353137643064386138303264396138303430636333353732656530393434393234346261
-33303030336666313830653137343430343161343032353939376531326131646632313832666232
-37646364373537323961346666343535313338386539313530353438663562623064636434623263
-31646539363035383836316561626639623738306562383564383361373939303865633935343632
-65663033333162346662636430616634373464353266363466373137643162636634383337613263
-62396161643937623365613864353830376631383536646632376339666230663936656634366531
-30333630633066366636633330656537663836336136383235323964646532396138393831633033
-65663861363432303933393936383132663632373961653834363337656431376236346564373533
-62333462333233623530666138306333383162346565623838623534363762366533633739616530
-66303164343335623034336630383063316136393063383362313637386363616363333963616235
-63326133323264653161306237323263623632303237636132643633333561346665613933646330
-61313036613836396633613137306133383432666663663336373963383836343030633461323239
-34666135393537643438363261623631393561303336323033343062663430343638643834626131
-31396431323738653865386636383262393630613436346633656131323235643363623831366632
-35653064323538386537383737366338663062373135623331646364613531643537366163356564
-62343135326239616138326133623264663835343566646231653166336364613363346133326336
-30653134366633373035623162616663613264643438616133653739643264623964653463663539
-63303930613538373339373762313934393566633562613836376637356231356133306234626639
-36386233366636386164386362646133623862313161313732653833613263313833653866313535
-64303335333931356266613930366666363162383330353731613437373465633235333863643661
-66353034376263323331633365616137626361636465613831366466353238666533363830336530
-63396166333836616333363733393335343565616261356462373931356163663966366237383765
-33393831373331303062633065383638643539383634313763633064333234656261303730343235
-32346238633361303238333133663437316366663864613936623465363933653663636330323733
-62613530666264336239626363633239306638646133393762373763366437386364373264313136
-31383733343136643161636132313233383337623566396136393862343938613335
diff --git a/roles/arch/files/desktop/openvpn/ta.key b/roles/arch/files/desktop/openvpn/ta.key
deleted file mode 100644
index 7f5298c..0000000
--- a/roles/arch/files/desktop/openvpn/ta.key
+++ /dev/null
@@ -1,37 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34623436623763346364643937653661393233633664383365633166613665316335313339326462
-3434346262633138393033343933666561343833346262620a333661656462343064633035613333
-30356265323663333266343665366536383235306664356666383964346261626533333633663966
-3839666562666363310a613662363636363961626530383966383438353939303036356132363030
-31336230633862653739396338373133366234386332333266393935363233393636343834306532
-66306333623261343131363832343662333931663830653565643133386237333062306531383238
-65396638323732306530363365346331386330666464303564663039333338343539363734613034
-39363463653662613430383765313839653636323631626237316261343330333633333761356430
-35336163336366663430326239333764373431373032323062656438393661636464396334663465
-37396537393466366238646663353066363938653932343831363932386532393764623262336236
-66363966666165393435656633386638303633623339396238633432636263303564393963396338
-30633130643133333530373436383862353862353136386431313131643561313434656166316265
-65336163343632373762653639663662366433313034313862313931393062343531383830643035
-36653132353135666563383031623766303237323861643664373936663762373961666231633662
-62356538376561336434633434326331666466623539633737303363663535656338663333303636
-35646635656437666266643562613537633065346231663066303336366665663662306361633636
-34383065393436616537323531323562616665616264656536353664643364323238343435313832
-34363536656634353062393835646661613966396430386338326432316263663638333566316131
-37366532343737666330323766636432613135613236356632346163383737393034633766333938
-37373764373339393434356262643665653137646635643734343265306334656461613835373438
-33393365393833326165643734306537663864316538373733623532336264313764313031653239
-37356436303763396330363366376265306139393834316436383333633030306632333364346439
-30343462313833633734653539333230623038363334366637396436316230623035316438313034
-64323765383266663831633435313566353464643262303636666636333663386138353832663639
-32633632653435393334346263343637646635373564353239643334366634643465303363366330
-34623036396430653137643535376462623563653535633837633961343065313964376235643837
-31313532316435376431373636396562626237366131656337663333343136306430323334623934
-33306633326139316131303535303064386531353839333834386536653965643530313331646363
-38616332633866643139343132316631356435393539303464653864353836326535333234636137
-35656634653964373866313634623231626434303331396163656664343431633461356237633937
-66326132333230383235613432326336323562303934323737653836656132616332653665353432
-35346565373566383963303337616434666536663638393637346566383163383466313636356131
-30373035306366633261306239373933363330306464363531653063333537313339343838636465
-32373165383835653035346432613761303861616565306339643131393963643033613866666166
-62643138623338336230383436633036376237386565393033623437613739373137623630666664
-32393230616531653632
diff --git a/roles/arch/files/gpg_key b/roles/arch/files/gpg_key
deleted file mode 100644
index 5fcab22..0000000
--- a/roles/arch/files/gpg_key
+++ /dev/null
@@ -1,264 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34663932363439393536333037386165353635363461356133643930373232633664343737396263
-6332613133646434333332356135336164346237383237360a643035653161363964333136346533
-37353332656361653662623137643735326532393234366165316234323364656261343132393831
-3034626136656162350a333362643166383138306136646331373439623232373532633130313262
-36356134386565343333353136616263623265623438653663336435376134346563663365373930
-30616435316364613139666661343633363436343635666661646635393661373739653765373363
-30343434396537666234306561353636323365666165333131623365383535396634623539626565
-39363138323638323234326433333066393933373839623834663632373438613339613963383333
-38333866386466303634363362323964653663613966333032633130613336366363326561363433
-30633737316535303366396563333532313036623236376430613234376637336131323666373762
-61383338303536316462616332613562636263343236616635656238653532336561623334356533
-30313662353662376530353933656464383039336664333935653834303833313230323838373838
-63643766303462306130386130333066336466313862366538383230366661373666306638353137
-62643466306435343739363138313433656336643538333133343764326238336137333939636336
-65613238396437623866616330393166363462666532373731613232393966323835346566306333
-32646432623833653761363839323237633863383666373862363761346665306265623366363635
-65326237363361353233646661646330386630653961363862363463326339633532346130396134
-31313730613134633133633362393464623663313031623862373937313763653838343935366335
-35626466346666633961363132343933393066303539353239653662373432623432336662343661
-31343434313461326263373264613538653937336336613031313637633564316134323335653638
-66353733386662616162303032363361393661653935633237323131613331613364333264353232
-30626637663366363630343764303863353035653535343931346636633636643365373237383030
-35393734663661323334373436323437393830636637383566366434663666366531323434653535
-38353064373038336362623735386532396433353063616337326636383065633035386134326533
-37323761393465303563306661646433646532643935323665636265323133623265383437336131
-31316366643932356538393932343238353165303565643663396363636135313561626132353635
-37613737356136623061353734353561653332363031613738636362363061646330303432326436
-62633334393066353835653430363561396131646534653138333263646436633038303135383564
-62386639663833346565356362633662626139666431323830323134613633343062626565653837
-37666366643631666639303131656264613665636631333335316462326431393866626131613962
-31393330663537356438623564313164316439313136333033666663303662633763363264346363
-32663634303131303939333639386536363835346539623835326530303334353463316261393665
-35613365316337363664623739323632333062393662336662323330363162636333623031323166
-37626166653166333136643764663161386434393838633566633835616235656666346464313733
-63636333666432666137373366313261656566646338626264633764633164376235326433646163
-35333935666563366631376366626335653261383033633031393631363435346233323230373266
-62333538616339333532353039343932636633363838376230336465303963663932396265613064
-30323034316232343562386261303264353238346262366639366561303931633563666134393632
-63376330663534346466363439393864373536643230316564373463356231393632666161626432
-61636330356330646432663636383764363431376364626331326664666361326636613031323161
-39633965373763326337646436653739643831376661353562663438333562306238613562326136
-64363231616362653965363039356463363735363231396566336562373762333534646430626534
-36643335663037643066656266636237636161336163326237613964393664666339333833393264
-34323235636431316537303964306165613636656465636131373037353530386136343864306466
-33386662613564646332343866313534316534303738366431626662376562346662663231383039
-30636363373336356438656636363966663563353734643230666233343539643838373065313361
-35336338303631333332646266303162383064626237623335663766613931363233366161663438
-64306236366432383663346639626162353365626137353239356531323662613163643635663262
-37666363393331336531653433323038626537336634326164356632373635303236613935643538
-31313064646136373862366535396266633430313338303533383463373933313836633066666535
-64643034316366656534393163633732323339356337616632383036646366656633303435386664
-65663831356432616538336565343639653062623937663766613361623566336463303165313832
-32353466373430386662343165306264333833656339623639383938663330333464616338343230
-34636433333130306635666633383961363366393036373465396432386534653065643231366166
-30643064353638653762363864313931616336386630356630623838373934346633356364386634
-61643632626636313461363862653532636634623563666237616632396233303338356162326536
-33376264383438376364306530653839303062313264366238343834343063363066383534373365
-61633863343939303433396461353963663331326363316333393339633637343933306563663034
-39356665663435336238326230633135383337306662393935353433623437343836376436613864
-31373136633434623130383436383737396232643033633638356536613932663166633461376633
-62623064623064396638343866663931323061383036313961316632636435653435346263323233
-66396465366266363462303165376133656262663664383963386438326635313161643861306237
-32346531303237343161333261323536386366666135386364316233643361366138363633333566
-37333838333433633336343639333134386233383738373563346536323138383733623831613635
-38663237303363386664373236373033623238373933313236383439346564363538613863633466
-33343166653136653264643130346438393238366637376337653835386539656133356361666430
-32373162363134326631333965646562353132623064623430366334616666636632623039623639
-64373334356334646561313031643331643463306566383163393534303936656532303064666235
-30373262373138383438316361653665393833653164346465323438396430343165393735316561
-62653034653565343239663838646362376538653033343863643339356532646238393362346133
-64613330653565623166636264373663623138313362393833353932653361363138623538343164
-38646666323065363034376536656431613936303133396232383166386534326339323061376337
-61396661313030376536363939346365343235616465633264643731316535313863303562353030
-32303530303762303466303262643537326531376264343634646534333932333136636238623138
-34616663643430303865353963633735333762356562373762333265616438313434393938323938
-66336235656530633838653331663263643432323763393963313661323731343365396364616361
-62346335353133383630613963323838323361333166346132323066616239633261613039666532
-32663365356330383438623863626334313962356431333730353264623337643239653465653037
-35316131336565393063656564353132313136366364376535613761326632396162633166313763
-63306562363061376261323064313465346231336539656430643165376337363434393163663238
-34613132316465663561623265313833643964323430376239646262653833633462396134343565
-31613837323362356464633739613464663435613734653432373566353461633366343836623233
-32346432363234343934653432383732346230323932373635643362633530333837313332383165
-37616231346163363734633030333464616438626138616163663161373362623961626362353234
-39353262323664663861663637386634623463626433386538386531653537616633326533323734
-66326530393537363538306337383738353164326161383736653465346265393837633831643732
-63623764393737653062623462626563363561386531386630336639316230633663356235653036
-30363439376637373364373331306564343135633864393934373365376361623937613133613435
-36373036313838373362656134323138346264303333326237356562313164353636396334316237
-31376136323037326139373930663635313864323061656132356239623763623233646562393939
-64636661666139633331343131633731336365623335353633313363346231396336346339346438
-62353266396566386539306132373636646134363962646131313938356135373632383437333865
-32373163616461373464613661623232623162643334646364333535373437333437666665623065
-33326366646338626662636134653965303866646463366630653939623031316564303664623862
-33393661316638663661646434393934313534623465313766643638373134383764333634376333
-30313263613539333638653439303038383835646137653435636338623165386539633463323663
-62323933653733346566666234333930343466613563653365386237373963636536666636393838
-31636266396236633336383434323131626464393061386566316132303064636434623838643039
-62303136373234623961333336323764643034613664653963366336356332393761633233646534
-66623464626165356432303633653338636264386462343233653139626431633466316330356538
-66393035623035653163343231316230316661666337643461633136306663663231313237643038
-65633366643238323162336166613662313536623866616262663965343565646237393861353263
-62653634653131303433353635656239666436623663306464396133656664383430323832336632
-33363066376237323661353330646233633865666439313964396462373733336465326434626336
-32363362393536356463666233633664306235633732626434623033633632636330663463336365
-66363631303836613332643566333930643333333536356234323666353130396230353630376263
-30353530303865636461356634336534633362363763353961383631343061656435623261616363
-36326132386432653065666163373430623435336666653366333065343334643832643730336331
-61386434326434323761323433343838306238643534376238623730613463396337323862303264
-33373966353033623064353562666639343732353965653366623533373034656135633065343463
-37616332663232613865333062383539633531613735653436323337643063653463333937353632
-62303364366134643830303363303633386266343137633134653537356633383832303932643863
-66356662306434346338333536623061333864376539663135383938323238393638656639623436
-39663930356363616138643736303062306136626239626434303062393035333762373933313638
-39646331626464626339663232326430613163663763316232663837633363343432633662393531
-38313462313830653863376637393765366239393734356334323765396632346138303038313834
-32353637343038363039643164646362313866376562633161343763316164393736663565393166
-66653462633936653364636530383333323636313230323030323131383736643262383561333938
-35393934333361383562373935363465373436356662396331633233633566346231323863346637
-38636631656364376335336638666563333466386437366533613564366132316430646562646232
-64393533333933626439313935373335643332326564333932366634316463343039633630616265
-65363162366634613763653061366138616663643630336430386661616564616264636263383932
-32343766373839356539663432643230386263343630326162633363326262663937646564343365
-61316564333365373230313463383731653337326263303935633438643934623135623763616564
-34376363393531353162303163653265386566396135313161393836336439393139646530623438
-31376631316233333234396533653061663461666632313839653531643432343530353132646132
-36373738643465643634316637373763666338666633623263666134346634373836313266613732
-35326539383534353437613962343732646533326139643263343236396462306666316165663665
-37643961623662663836383837303939613864373163303734623663646632376162356564663031
-31626334316565656464326537323163373938316562386166666137356632316363343237346531
-37656166343639343565653433616136353533353531336561633330313861326237343739316165
-39313232663630396136386137633039313561373930386233663862643734373532313632373538
-63353938663434653630633038323665333462663731646537353765323361353762653637613331
-35663331323831313865306664313131336633636264313061316164303137353836366266366261
-32626165646363623663613263633131396264623531386561336563393539363839393433393563
-64633762393838636338353566373864363364646538353536346332623662353034326638633038
-36336566626636666138353334363437363265653331343130653836636335663736653634313662
-38633135623732336166366136316531306565326435346235643563633932383637393236636666
-66616562393564623165646261646533313238346362353431306135653938636663663232323830
-62393333326135396636646662333332303434396235343639633939396664356463333533333430
-66383231616339353932613836666632303064393136366632663439353062356565343634386364
-64303736376639363762386237336630653132633063656363333136303631386430353662316463
-65363666666434346364333937636137343734636163303166653062396330343835616165386663
-35663563353134623336386363356632643138626135366137636563623532373764633966346437
-61353861326535663431623235653665633030626365333134383434626330313930343462353662
-32353965623662353637326562613266633866616334333563646430613763383739333637363034
-35616263393066383138336366353061386364613666633131646262383230393766393864393735
-64643633336136376132303065353630326465366336646435396663616364663036616639393637
-35386633303433616337396262336330376536356366653536363861616539343936323539373766
-65396638353163636664666333663139343762623335646366336564393036353932323561353931
-38373636636464373035663163356562636230616633636565353166663563616365363037656364
-64623861353164323262343532626232646264626164373536653531333938663734323866653636
-30326364333561353966323463623936333266663831383736386233633964613066356461303965
-33343730623936613036333266313533666530313261303765646536346134346331643935376463
-33326630313436653839303663336636373239633232353865366531663138666466306638653265
-34393664646636636366346438313133393961373231333561313366396538363634333264613166
-38353562663732613064396461346231633464626333663736356431323361616236343430613830
-66356361333135363236636434326534323466636531356539613462306533353336373363353330
-37633661303738363436366234633439383138363030323561333564616133306432383336646431
-37653364316165653666633539316539336465643832356133653736313239626466643162363939
-36323562383865633134393232343439353836306364646632636661363339393139386639356661
-63306232326431343532373737626233363036333763343933633832653766376432376235623534
-36323765666133353238393435376262343233633162633964363038643834636537396562333736
-38363935633134326461376530373630343937323036326563626364316335313839626665393837
-38313435323761343139386530346662326265626666353239356462326333333538346161313438
-36313430386332623365393835343862613338343666633930663634336263306361333861636337
-34313334613761386533636337306664613665643334396661316137376135613161353035383633
-31333664396638316465306635656139616265353639333164656666383733373433333762363435
-37666432326462393135616338633330343332383065356265653563346465343234383036316336
-39653438353839386337396530366364323235393463633464313239356333333163656561376330
-35613137636131306630363335343031633161613733376262636336313638326131343165383231
-64326566393536363937623539386235373561323935646366353165616463376237633964633464
-33353732376337323338316166643236303336393034356639623861333766303034353963396236
-38356338643634363765313664643862323061376331376232366165633830626263303163643433
-65626634343339303031653432663531366639613362613039653638383465353434333639333865
-64383030623538646465363363393161633762313135616432386130663164353033343466393132
-35633763636261616434313531663039363662653962333139303138623838363163653866613539
-36323031633230376632376533613435616239323231613635396435373833353064623834653863
-65663163393933323934323364366535383935303233323639373531646165663535356634393464
-34623532333831306563326237373933383832643637326464656666373339303237363232313938
-63373936393563386530646565346563373337383262616338383531396262626134376136303163
-31653839316339616439366135346337366231363630366264373936356538316564636330373766
-33373961636233383231333464663962666136396437373361666538343065366662623364323237
-64666237663236326661313866306336323564666263373334303266306562343239383866666365
-34313665633465353865333362666564336532663766393134363764653736653237653133313833
-63306463326161373639363362333538373263393564303065656236323363663939366638323762
-36663763313537643066623161313035616462343631336264656664643861643232383561636664
-36633836353435373161666662633838623336366161643365363136386466323937646633313731
-64373739623335353966333833316563386237373031633132353638663435646234666263633435
-34663365313863633236343936633865356166366430383339303138646163383237396239663132
-62353465623566613564333039653466666366396436386461326335373662343262386263356264
-30616538666665393561333630383037656131646239336437393737623862333532356463656435
-63623766373934393264613237653363636261333265613438373762353230393835313235633164
-62323335636333376236306261643931616230666465366666373230393438633365323135666233
-39653332643336313537396463623639646364356136303533623764376538353439303037316535
-61643961353364373638366232363461336238343363636230373834346464376261646630393866
-39376633393735646662613834626263333163383534366463333161396165343666626639326639
-32643064366565333432353430636235336238353836363331646166396533313966663664666666
-61626462653134643266353039653033383431626538346430356564353664633439356434383930
-66353736343839383165383064663039333061643363363265383030396333393762393763616638
-31386535653432323661656132343363646661656637313130353137313362373439373032613731
-65333463623961613138396633353837353061353166383837656333643836343635623363613366
-63346336636165326661363533306139643930393437666332386337373965373761393034616631
-63366632306539623633623731313233333966633735626665643562623639396537343434633835
-33383638613031356631643235326138383664376430623463323062663635623732326639396636
-38336331353336663831346530336439376634396338633664616562363135326430666238653261
-64653132613533383738663832316561613232366339316662633630366164393334356332386162
-64393965393534316136653234396162313631646332653539623362353662333337336634383736
-65616335656663393239643533623466656435383732333666396661663662306635313034306362
-38623137653464376431393731636463613866313166643165636630316364326433326132396161
-61343335336664366536656639653238313736633565343533643034646361653430396132616439
-64373231393232346163643262396233613231373561663835333065363461343263356565336530
-35333535646632303039636664306364623839306139343265666632383638333735613837316561
-33323733353937393831383565363436303638353362323432653963326562333532653864616634
-35616632646234343862643531613236636236616534623231643663393633363831663661626138
-35633763366530363339346132643163613739653532626263336565626261646264303334393834
-31663231326562663964643633316438363161653535396435646362383036656363356137663636
-31336163303766633236333465653864663539353633386664303038646663366363646566336466
-33303435393739636131636166656237323436636237353863646365326639636166363739333439
-64373139626465656264313837363233653334393033343663396563666530373538613036653064
-39396231393662396565313066616164353031613833396331666131653031623261663038336563
-36653835333538386561643033623865383338366463646465666431383833633939376565616230
-62643063333631643439643333316563303465383563393130303634333130303330663134363436
-66386132663065656464323034306132613531343037396561626234626438333063393433316633
-63636264306163636631653732396166643934643866393064353364316264333662646665636663
-66393265636230303536656535623962643934316138393532663262653966626536323233623737
-38353730343538323231623531336436333133326334343238616630656531613538316130623761
-34646233613139343231366232636565316232356365643164653933643132356432613761613636
-34363831353935656437633034333232653938613365613066333361393164623864373339313730
-62373537366466356162343663626561316530373365386437656264396433303433623134616464
-36616530363438366238393136663239623362326533636363353435653261386137616361346164
-38653636373063663932336435626361613934393432646139353833306436346662356539333131
-62326361366635643830356639326234656662316435383031343039653830393664373033653735
-61616233313138663438376632336162656139346430326562363231333430626166363031336435
-62333338623339613633313061656332613630383338306534623034316135393233616539376434
-38326234353963616234623232643839373038643933383631636635613538393262303431373364
-63376463656263313230653832626262363537363735336237306636373435616566613832316338
-64393361393064346432666539643364313433336361333262383934633066363535646562383262
-33383334376238653339323362316330303863653762306636373931633534303731336234636532
-34356361346436323363333430313231643732623461366236306338636431303632373264616139
-36376630323265623831636265633866366136316631396239646266666564313062646637636262
-35353165643464346564323937636463643832616331623036396636383133643731613033393432
-61393833656430333537653332313931663435663838646633303435626139306336623762636462
-32313934306531643662343163323630646562363134303266366530323766353138643266396633
-35396662303566343235653131613830323538363263643939666362656665313135306362363037
-36303238616634363337613935373435303931313866333565666638383835656637366464396136
-64303237646138373339376161666265303632626136353261383438386637616564616436306336
-33613164323037303530373431333565643734313636613838373638326234343531613136356566
-30636337393463396436303530653330323639386438353439613761643831316533353166333539
-30393161646239663935393438646334666530363565333964366364353530353861666633646563
-65626262643666656166306633326463363666633731363431626463616433643732353962633464
-39666533396232616130666131613232643762623562383662346366316466333339313836393737
-33353635396536333464663836366262356164666266663039623334666334343939313638346464
-63383664346635633365633962376238653365656331313362313536663138663464666436613132
-62656638396261613136393330623437383561386163653938323831373932353764623865306664
-35393130323464653266353563383663336233313361323133313435643564663063336335626266
-39396239643031666133656461393535663661643036326666663330656130313038636537386562
-39346439613333363061633364316166643135353832386432616362643337373363313931383135
-64613366373464363062386231303736336130613164366661363434346464383936646366613737
-38313730376436306165663466623335646533666138623564363466633938393139323836643865
-37373636653937343937303462663235353238656439353837663264663366396664386466646638
-34653266313135326130613531386239336538666364356234663164353662396565626361323238
-656463383063623064336666333062386432
diff --git a/roles/arch/files/gpg_pub b/roles/arch/files/gpg_pub
deleted file mode 100644
index c38c90d..0000000
--- a/roles/arch/files/gpg_pub
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGNBGAPMBMBDAC8AI3gYcB8R4psS4OLUTzt45sL8wimEmHCZNGBgLShtg7AfpES
-AuXArVLEQSsUH8rL9/ninRyfwTsRj1tSouxVVwprdxXGZdPkksE/l+TjlB5FlAyp
-nb/nCo7lrmw+xsPc/rjrlGoGJXrrxpVUYYbWLGciKcecUJ17sL0vS8KZQbSSw9pI
-W37DFNq5m3R9/6MSnxcPZPErmyqbcNe4FDxc8jToxdyzqADar1vb/JTIQGkzObCy
-a05sU8Q/G1adKt27lW+v4SWC8d4LQX5Z3nyvAvE87cWVFAGiz4mf1fTLotqwyXot
-vVv05kl66Z58shlE61q+1Qm+SD2OKyd3Cl2s+RpfyYOVoB3SRLDZvM7bppXr58PF
-3Lhmpl61/mpOMI0MNT5OFYCVKOsiNgP7FKlHvOZVk4Ldybfis1Y4TI1mg/OghjLQ
-vjm9Hxlpsr93hpWxlmU6BBpSWUOxggKr96WoR56sQGjn/KCxPBRl17PqwXJmMbi9
-ex9uV6K6iQDRDf0AEQEAAbQMU29ubnkgQmFra2VyiQHUBBMBCAA+FiEEgsIVUtcy
-xlwaT7NAA3ED8Dyly6EFAmAPMBMCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwEC
-HgECF4AACgkQA3ED8Dyly6GUQAv/RGHTt0CQANUC/CQQaY23XDGiqYCbmFqmIwuT
-YIE/QHl7+Zg7p02KGsBKrSWOMylFToTphnWWvJCEPYxW74WO2L2vrRplPVC0zbRz
-ftx2s6IJopb4j5ftkg/b8V7NjQKO+EWXGgqZz+o9j0I3b1CLO4Fc/Sux/+khuG6x
-m7wLHIOQn3ab9yX2e7cL/LgaJSKkXKwhYnaFnwuWZJRX/Dcqev2zZD37a9s1c3Au
-cdvdp5d/cHi+osZ5D6HwT6LnkxVlAYtzKXyQbZNUMattHFK7L/UCYQmvcRPXy6FD
-1+T0bX7cOcsaBXSUEhIt+IKvYUa22ZsHl6Eq8gCxXmvaIDIIGpFLGA6boJBAPFHL
-WATZqonLmGYikumOwomv4730iXBVJKu+mCCPKSzSRAxTTowCF7NVdc6+X62mbvOp
-R4LM+E/bCxtndGfxDhHm1nF0JexgTDGwUwLJPg5aAYjjrAIhsUk729GyJhHPK3if
-0eocxv1PqKrGT8AUHosIOn2idnf5uQGNBGAPMBMBDAC1/f799inkL5w8KoysKrSp
-QRYFiVpIN2CpYCU/MrjpBDU1d4GJ4s1EhVhvaCrNfwUBWyqN1kZpT9f2e8MNVB5U
-nmwHBynCwiK/gHeJKIdwOENE09NcErDQnEbbK7tFl/LDbh0BYdzyAEoOo37XYt/G
-0DXj0Y6GLphmlXfG9a/wXcvXCRdln3q1xyn0BVHMC8fz5F6RsivOEYMXunCMQ4WW
-XFVgRe/jM+plWdQZQuP4RgRGv4kJ2ba9y9NQD8/GFXtnecWjv1ILlyzqyZtEa6ua
-Jq0FrgYvZ1YH0jDKCcanHb0nlMlEhrpQneJTW+qmMgjZAJ+2wA8yPeuU6a+T/05I
-tnbLUSlqgwjrzV71whp79l9p7FOG9kzwwKhhDAKxTqL3WshvXMlcnku6qlTyrymP
-CHF6ZJYCQJEWPLYrThwWx+/6Yssg+Mm87LsciHVYgeBtaZWrN49kZXN2K1Py/WUK
-Ev9+IjKlaFbqfq1W60xh4liiZ3AB9L5jTS6n98O+r8kAEQEAAYkBtgQYAQgAIBYh
-BILCFVLXMsZcGk+zQANxA/A8pcuhBQJgDzATAhsMAAoJEANxA/A8pcuh8PUL+wdi
-YYZpVqvbvnRbzWtYNEY6QYsn/qI0aS5jAURoMpCB3AFX6+aS6olAS8rWNx8sqWnL
-psfZf0vSd/FXl0ja2a5MLLeQaKlK7/cP3RZjGDa6/eMqL0UyKpe5/a4mkBaczo18
-Fa2BK1X1wIUaWYfhp53mBGB9JgwKItdbEPJTBqIyjZRPab/Q5OUb/xOWCLQP+VpU
-8p5c4rnONTdjKBfuyeEMWIlhG1QhobfIuZcbWaXZXj+HLiiugZCPxum8tFbMp05/
-FaPKmDS4TbeEk7wizsnBRDL3UjFCfySBsR/SOP+adut75t6h18pm0yeYRU73otZA
-TES5LVpW7i6TiJEK7qPDQ/Sv34vAtVF0c7ntnYbxiLzX7x0uJF16O4XLw0Uba4HM
-ZntDUsaxvlLfxcDeeDHR/24wOaJKRKKzX0b+wjRXfw26XEo4vHHBPyEB1DvGZu3P
-hVot85SDDFS5LzLqkyGDiCOkkE5RqJYLCzQ6+4DfrQvkg682zD587894j+VV6g==
-=KJ2a
------END PGP PUBLIC KEY BLOCK-----
diff --git a/roles/arch/files/laptop/openvpn/ca.crt b/roles/arch/files/laptop/openvpn/ca.crt
deleted file mode 100644
index 940cad0..0000000
--- a/roles/arch/files/laptop/openvpn/ca.crt
+++ /dev/null
@@ -1,94 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34366165366430333835356532303930396235316235376130653233396465383830346638636432
-3632333561616530636135336138313535396134666264300a646161353132346335326438356266
-61333234313366363466303738653265366462333933373139333035616363656231613266663035
-6631613830356466640a376335376561613863323933366137616664336338666330313931326439
-35343765373339386531636637323635373665316533616235383037343466326332313538363438
-32393733313865376363336666666333643834316262306630343235666661303830613935326638
-37326637376564616166396132376436646338653132623964306536323435363931333765363762
-31633934363465393932356632343232353863656461613931323733626234383266376466353635
-31303039343264353837643739656163626236613061666166366261353235643437323933663634
-39376235373862663632313163323164393131303430376337363333393535323132386565623532
-31363934353763613063616637303433343862396565643737366663336266393634336532353061
-33396133656463646235666263646636336464636563623732373036666135383161343965323364
-37616431343764333865386663656435386564336463613862303162626134386539623061623865
-62633135363961653365393230623735663537336134623837663434646136333463373637666361
-31383432306533633766633163363765336665616133663335643464313235363136323738323862
-35363530666238373865643036393535393036373230383838393635653164636333323130366662
-39313966633866306266333735356431623763393432303132323132383761343932386139383563
-62616438666638653730646236653033333761346639353134623538666362303165646631396233
-37303936343437663561376336373032393865333733343066343434393764323030353465353433
-39633031373161333162353630613062356661336261316463666638656436336631353931323731
-32346662376136613863336464366230303732313731333031666265393133376339663963353430
-65386265626632646463373732316636343061633662393434613162303634636339313635653465
-62336331336264333532366133363066636565623566333730323430656431646330386337316434
-34373538643563363766366133396533363865613235633233303039633330313134363963343565
-39306539333339393062636333373965356536633864623938383433616631393061646630306364
-35643539636235653738363236316534373330346231343164613631653562663261613165666163
-62636230396662393164323036393866313161623330626232626364623665656430656534666130
-39383764326139336535656233376264313439653634643465323366653766313831396334363438
-35343263623566396331653665643766613265643833323262373866346438313331326637353461
-66333561616234663637326565336366623130363534383763386333386136323733643361626534
-39343138613966343163383630353461316366393938646331653831353465623262613837303862
-63316563313938326263633834333062666233613733343839663632393231373933613162633763
-33343738363937303234313931343131373032373061323563323463383065336431306366643130
-63313333646234626330356164633336663166363735626130346565633236616139396139636363
-34346634366130653262396336356461366631663963306266623866393561323131326366653836
-64623530346365323966623836666637643231646336653839383061393439623639373635633862
-64303430313662653633613336366663643838323066613935613532656239396566303634393464
-36363661656264396335653233656537626535373339353764616234656339343738346366626162
-66346163396633313530346366316530643335663536653864653631323463306634393264643431
-61636532613563623536373964356234653630323237633163643038373934353339353230393636
-35653763646166353966613139356330323437623066313334623130353034336362623737616534
-61303932336531613862643539663661643564383332323435396561643161316436306566373166
-30373666323032306566363930393535323137313530363736386265616633636433643434376639
-36346461363639643231303536663964303864653733343462613664613630353561626265376235
-36303463666364306531663566646139373166643538386235333266633730383165616164326334
-39343637336330333132356539666363346664306632363038616334643831396634313238356134
-64333666356236616562306237613933306134363664343664636666323032323836636333303762
-31626164363437623632373562366261326263393665633261323331303966306432386632393039
-33376638373538373962366138383036356535353231336433323365643230633261633135323166
-36386230313938656631626561623936333633366137663335616130333330303765323362303364
-65613664366138303331323763366139613337366633363336626262353436636435326662623238
-66306365636539643632316539636635343865306136666638393839633432356136663034373364
-36373139663538346130616138303036306334663234663733333736616263643364613935353162
-32353933356666363561323631333661373566633133653461653239653966646130383632326162
-62393335343561313836343036333136333737666361626630636563666235386533306532346666
-61346531306331356131363934613335646636623666313332353964653161343237663862663264
-36616239363032363330393238666464656463316534303163633861616138363935383135643234
-34363364653139363339656666353535363061353538623936313332313138363636633039306639
-35363237346535376336386664373061373534383234393762613030346236623365326137323833
-34316236623261616563653439303363396435306162306564623933623838326238386164656564
-38303664373231623836663239393061393936393538313462366131326532336336663335323732
-61316261646635326138333566663839373037393034616266386133363933656130373635633530
-65633433616334396636303935636435346430656462386661376562316438666436306131373461
-66343439663337366636626138363536663231663739636661323037326138643232643861373135
-32646264376538626362643038616266663963613033633539376536373365306266623737313833
-30373537646637656533666561373162353566636238333464333130623562336164333366396466
-37336134663635633962353163343665653438643434363630393837623239326663353930653862
-63356533616336626633626636323236353232306466653133333430646539643063396561313135
-35646234363461373136333839353662343766383330636134303266663833323233626535373330
-64376362333032636139313234353833373263626461383830343033313937666637366632313037
-30613134376362333465306163303839333165333063333930383437346630363261363264363336
-65623835396466323030333939663330313135373665306430306433366634383834353065383962
-39393564633737633366633862346665653965643132323934373365623932366163343061326538
-38306239343637643833633633376561393662323964663835366166653762363534366338613834
-36653634643236383737636566373564343830383731653566343132333433643334323461343732
-65643736393937353434643730623939643661396433646339303633383831353862363538626561
-32346362366163333438616136316539366239303233336139383265633338386335323032653632
-66346466313938316339316463313133313366643262636361623465666665396639616163646265
-33343965666362333836303235373330623231306163386536633165633536623039393633643561
-63343435626566653863336238303338353130346538666438333933636465383531306364616665
-31393138623237383937373230633235346331663738666336316233643436376337396330323639
-33333663656130343634663138646636333636323338366239643161376239623039613732383364
-65343632616134353136323062653738373933643663383362653935393336626466663430306532
-31366662363863663963666464633530383837326436666531383336643161663337333333393861
-66363964366231356436656363356162316566366630663662663335313136643362383364303962
-32643034316164313165623834653162376339366631626564386536326139346132343234376663
-38636339336130633339363537313364613063383834313036356464323837653832633332356231
-37636166353366343865616161336665646138386536616235383233616330353131633862616634
-38313330346437316163373036613434653634313233383337323039373934316463363565373464
-64633633326665376665306236326662363263653133333737626336363362633030383631366539
-38373335613636656466636561366563633161393534663236383165336166613466346133356464
-62643265666133373736343937303162616135623465323262356665386536366134626362633331
-61636530613337656531646662316332666332613062316531643466336230353861
diff --git a/roles/arch/files/laptop/openvpn/laptop.crt b/roles/arch/files/laptop/openvpn/laptop.crt
deleted file mode 100644
index a5b70cd..0000000
--- a/roles/arch/files/laptop/openvpn/laptop.crt
+++ /dev/null
@@ -1,282 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-34636361336132646336326263323032623539326461306565663534373733663135376665656534
-6437343766653937613463333133363635623261326632660a323131373563313338623961373462
-30323139633137336566633535393439626638386130336133373138343963316634613164663531
-3162623561666566620a646538613963333737303032366465646232386261613962666362613366
-36333533346331343562333436376435383433323134393063653231363766636664373830393331
-62363237633662333661306333666464393331393631653861343936323433653037333765396163
-65323338363538663635356264356638346637393138623132663431313262343630373936356366
-62653839626332323332383935363566363334363464376538633631393430346138646262613061
-62303134376165346438333935656537363338393831323936306562383565303932643335643037
-34326538356630633839346335363863643633323165343136393738613065656437386638333066
-31356331366635653135376539316237383365333533373465336334373138646538326331626237
-36383463623165376330383637623264333832616332383330386231323637333465666464303664
-38633764623139363339663736303163336666383232333135373764666361366538313638356163
-35363163383932393037383539386339643531326138336261666139353433333763353034383862
-64346132306461666635333461366366656238386434333036306435383066363130613330363364
-39343461616133316461306664316366323530323261613430346462383637353630363936353964
-32613030323030636662316237616661626335346565326337316465643034306336376138373333
-32633463623665313938663663336632353362363635396631623561313865303933303735366230
-36393664306533336435373232393833363331616664353164313264313835363734666662646661
-30663037323032396539326165663564373064323235626663376137393063626261373563663636
-30643239323031316631373532623739663231623331366263333664396337313065316130626333
-30343165656163653461343266613834333335333637303865636137346433653639356137626164
-66626462646563363930383930333635363365306137663435343937656439313664336466353635
-63393132366337383234616161306138633331383638303230356632383731376230316433653364
-38633264666239383530343637643265313464376135636666366530643137373335313330396163
-39326535643535313032623338353964363737313130316232383433633430663938313366306662
-33623739643536623262343139383739356134333363363236616165393339653134363030666132
-66313464323563386562636362373561656437303932656430656637666130383966643632356539
-62643533383938646334333961373863366434313861306437323836376663616537663964653330
-39663930366666653634383936373136393063356661663463623062613765326537366464326533
-66633463326530663531656563393366373731623862336134616339323434643961323865373961
-63633031366335336165336433343034303861653537363830643332393230326333343161356265
-33333331616464633564363731356237633965303130623534643766323338663630353239663234
-33326137303830636564663164653836656238303964646234323161663034623435333334363538
-30623137343632376261336265363736363861383835353736623835613134373565646133316637
-63356663666238383733346137333832373134373233383939656465363631666439386364396564
-61366639373933393461396631306261366535383737363532653038336461613462313466656435
-34386563313037346430353439613234333931333538323132646262336366303263383966383261
-38663733633530323734383665643639383762666438663862613365393736323363323133633133
-62343062663266663362346135333932363161333066623032653365303763336564303636663534
-39386632643866613338646331383337343839323361633837363935663536636338333335316261
-63376662393431663165383961313165393338346333353136326538386436356565626631616163
-33623635633031626437313066613132616463396261663736373036653362363234613135346333
-66643930343165366563306533346133366262613033383763346265633134653337633330646564
-38626337313466663232636261633330643733353466613234383064336638333039623331393962
-65346463646464653234326432383465386437613464383934303461643862663766633566653265
-31303631353438356334316464303065663965393439396336663138326234326261353366303235
-62613238623165376262353661343164636166636565613663633563336435313136383565343135
-33393539316430396133333835623230616135393135346164656661613533663065613037343061
-38336462346436316262373336336439636437356530366265626363323638653764646164323936
-64663061366363386236393661623733323331366663396237316161633964353438646138623831
-39663765326161376663333037306630383338623465333362633431643339383737373661616536
-66633437653531383663653030346662356162323931393231666462383338626633396430313236
-65643566333738613161636333303133653864663031643632306561366338373662326162353163
-33376239383334373661353761636264626561346238656665353930663734366366343936363338
-64356132373231313864366364396464323132623136303032373432323733303364313732336330
-30336636646362646565306364333437393963393462636465623261663938343065373232663538
-36653930373763613564656431666536616636383339313332353337393530613131326231393335
-34333030633437333334386537336133613237326361313032313432633534346164333861666138
-64316331346666363932656633643539643636353363616636376139626532636263336535383866
-66646438626565316535346464653263623631643634666633303731613139663532646432613131
-37386562313338316263336464353165393236626633666563623633633934643235343432643238
-66343633373130343965313338653338303536373731393230643161613636646332396566383032
-33666335333762626239313536613736383537323764653838306239323132356366613365626666
-32643938393862613464636634633831353634346263393261303736633666363961363531643162
-34616131323433323838653339356337303836646662616230373765373237666631386564663936
-61626530383831313036343261316537396462353665356534666135363365623361303861633662
-35326530613133646232303538343131663266396265633638646139626538666134343632376135
-63343132323933373837356463343336353439373065353863613833363266633365393432343565
-66376161623235303734633630663434356338646161343565623961656365303064313966623866
-61663162326339623962323737636537613662636333363061343036396331643265346561336664
-61636232316634623535633763613538643131386535623938376366623330616632633135363837
-64623466653434656136333937666461393330616331623030663863376561323761393833393233
-36613438656432306430633963623634373939313462393166646530343864616665326162303731
-62376566393633636365316464346632373234336331663838346238363537613233323430383864
-37306465663635366165373133303637373066356539623239333034633739383838336432376533
-66353735373766393862336330396333303832363532316532386334393166653431616562633266
-36643737376334393365376530356262636333663631303164323964313331633433333931653033
-61653338353565613363623033343233303166326662383338396364383564326366396265313039
-39303530356638373865383038646232393766653664623639333933303463376266346461313062
-37313036613639663466643934386630326434613730346530316664393636343865666263353732
-64663731663939383832626165323863373061393437333764326266356531633332313637643631
-66313963313761373337636139363036306530626166333462636336313636346336326234646561
-39336336656664653038643066383166663032653538353532323731306364663061303738643135
-31386666663234386538363438653532313432396636643739346331643630643231313135353539
-65323037616263356639333863373562346361666461623033306261346637356638383462373331
-36356530636434633664336664613961373266323266366465626231373365643431633364663536
-62343532366230346536663139366536396236363337373737623562316335656530613935643839
-66393862373263333938613764613336653561353432366332383366333236663437313531333166
-37656335383365393434326330396261626639343966326365366230333537353263336365323231
-61376561326135653339376136633233633164306236663030353566313233313538366537336638
-37626337653566346661623963623761393831626138383230633864346465623065376233373133
-32623932633564346232336639666638326235366436313564386465663864356665343162616537
-30636462383064616363633266313164383362633636346437323061333366303731643036303933
-33306131656430663933343934333765326163653532633334313164613262643230666239363266
-61383566393733376262646132303465663864656133636562393737356532633631643132656166
-62376631666636663739656132393136383739643539333261666337316136396363653762373332
-66396666396462396262646361663930666635626631646237316666343135343263616139396333
-66656566363063663363313566366138613933656333656337336437343430666133336361663137
-61636330386562396132363861633535386335353464613334336235333763353264616266656465
-31383139373037316432303662626531626664616236343936383538313235376439336362623334
-62633935393465326461323935336530633034613932316237353164306237316433373862313539
-36633031653531333438633265633863643930633936393063616439616238656662356238383834
-37343332383936656335326330333636313936336135366464346135626532353430663831646637
-35306663656434343062313361333135346635383936646237313630396266663331396466343864
-39393837633433343638626336393336616164653639623631386532616436666135356366626436
-36666138363864666466393732656663353830376335343139666233626265383366633461393034
-66346635343364366135396162306137613230386631373931643165353439346237643330353938
-31323433326437643964306430376230656563643234393537633035366661306338663462396336
-34656238353565626231333838363163636235663230356439373930666635393134303132623665
-62616266386630633037613561333662666232303265626239396264616132613735303134393730
-39633630363934383637353564316363336362346236633237313062643965303762393130343366
-34343863663430386265643838613133326362613863366631353635363563383363303734396638
-38323861353466353131643336356431363537346636626630643264623530316437333364616133
-62646266356166643430613563386335313037346339666366376636653838336262336537343863
-61393461336438363837333438343734376132656533363331363566326564373465366533343933
-63663238656635303538363236646166306664383864333866333331626163376635353461633462
-65323537393534386339366336386166326665366332656135643630373766653632623339343139
-66383330303862313532633735336564646361366562383733663139366335663530336430316631
-62333339366364383364373637616435653733363438353938353430353132376439353461336436
-63363030373364383664346537663130616530656161323134313536313033623032333430393031
-33346339303566636230363937393362393565643430663265326437616166326535663663626631
-31393539316630303139336438343039393833613531343935373765386437343738663064323361
-61333762626363336138356532313834656363373735376262616337323131393464336364376530
-61343062663162663965663832656239313534616366653338633864633139633535663730623031
-64336136656631303038366233623432346165343833396163306335333465336661333533393533
-34613433326434356634303238323736653338313332393134653161353731313762643631613133
-38393130306363663831323034353036366362373962363233333337373033636236313964643333
-39313134343366653861626138346366343432333832396561366565643665646634333432373437
-66353965393832396535383765303431323532613861303865356231646132646538623737313937
-33626638306561663439333334336539653963373335656239336334313436343739626661346638
-66656532633864303264393833656339613530326230373233383466643163326635626466313861
-65626432396636343265313235363134363465316234646638356636666231336433353864333332
-38623238343736353937626564303732356137346238323864323066616330336464646636356638
-34653033316232613765343964363762303065343434613639383261313130323664633361663663
-39633961663432626334643565636631346139363333636363333035613961373336303937313738
-37363339333766313534336133343535613430633762626231663965366337316133636437323935
-64353731656231636233353232663331646163393866326131373739303739393833613161616564
-38613833333233373735633764353236643835346638333936613335396339316465653466326239
-37653565303332613565356433646365633039653639666230373132313561316136323465383033
-64366630636162323032653138373133643530303365656334663539393533346131626439613431
-30393064633234636136303532303064373362643463343839383733393937363030653733346262
-62306239376135393534343963313537373839373134313065316137653831386634656565393763
-35326430613561643133313863356332303330663237343031373533626138653835333961373331
-65666263383562373262626464366261333738343433386138353035663366376135643237366231
-32626362316365353436623137663566616432393338336535393164633538303233323439666633
-62653765643337623066326334326232323136313435313161316637393737373136383736353931
-64623430323934303937343264326663313262626135613932633832306230383966643635383763
-31663364336233383738646230353963623930646366363537633162363837633138313166343232
-34666630373763336637646138376135356638656230613866626531363265616239333034623966
-36613963613362326136313134663862636134313766666138393934363264666435333463373531
-38386262666538663133323237386439626634306439343165353938306533623537333862373138
-64383165383337316666653532366132363037336563633431316339353938393666666637626337
-63663634373665626131663464326138323265626237613066363539353466303031373433313461
-31623165393564346334396362366235306634363331393233356332373736643162663165636166
-37356463353735613331663630363235303037306561623032633233363833353036653739643932
-35303432373861316637623233383238313835316635616532636239316166396164336162343135
-39653636303461373663393862343537316439356131376339376261323338323038623236613138
-66303037613339343638613665373539306661353332636535616631353865343432633433616132
-61363562346535313837326138623235396330626663393436373565323162646566643832313337
-35326463333666303930323037383036343636343631636265303336306135303064383762643237
-30323234623739613739333065303361313062663461303639303665303434643830656166656437
-61623438653934316635313562333862613361313437376330326465313932646531383763633838
-37633637346663343335343033343134323931663862653438386138363766386161383238356161
-35393430646130386166626338333466386132353930326138333261656332346165333937343534
-30396265336336643133313637386566336330343465336236396366316430373334383735383534
-65643330656166353939663030666331323737313236383639383363376461393333376164336338
-36386162373838396537363136353432613232383235316136643062353662663735363738613835
-32303633316663656531326362326433353236323934663532333731393532616438313230666362
-36336531633133393037323839383632366561333936326663386262626131373433333032356331
-37633261353336393536643461336534646134306134376436333735363561313066633935386662
-63646138643131396632383139363566653330663232373366626239363035613539656438396364
-65656336326436366139316536623131303634383532303461386461316236333739636633613635
-30323036633433393630313361373464353538333866323536383533653765356538663764663263
-39653237643134346432663536383364383036663236613361653037326134343633353032356434
-37623033353036396366313465316439623338393738326230306664663633376232316533366163
-62623235373837313761636433376230633762313834366639356439303039663535633463643439
-33333331626236643331326263343730396261623736323137393565343464633865363135653566
-39353938333662343939663833646566313136376535613030626264343563653231343239356166
-37333266326234323030323431653662383130383239346339633437306562323033396634373734
-37626338613533323864353537616538343238613338633261666639656435393337393230373166
-34313365633736663964316435313531663064356239636666633763393665663633633762373830
-61643935393964346466333662346562383834393561376363626538353530623466323831383935
-62396434663365653939373263343936346431303061323263623837633334613066646361396434
-38306163623933306338336433356234383031356639623339363962386436653338653834303832
-37623261373033626431363230323965666635376562646237663765356465323833616366323331
-62343936643561623834613937313162306366363736393461663631336163396334663236336663
-66613731323266393765336264346261646533303532306430623336373361333730353136376330
-63383330323861313763363833326635643039363238303832303435396232633864363963653639
-35363632373730333637396263373762356263623438633163356333393066663038663065333230
-66653662393864393565326232363361366164396136356161663561616639626464303963373038
-31636432623665386164656361663261626162336264336537383561303765346638363064633830
-63386261626537353237333136666265373464313066346438643733636366643038386664306232
-64316136343039626534306666346263613032383236326637383163376238333632346233626230
-62656364373339636632663535636535646661646532303763373662356362666332376233653437
-32666663666334333362313233343462643735643931613764376264303233653438353833376539
-66333161363130653935303236323863616164333139346230333064333231396433373631393533
-38313233376563653265393738636538646431646633313061383334343234356564653135323436
-66346631316433393538383936636334353038633230393535616333633932383966323937313130
-36633133316261643037363336303830643138383135346239373861346266383630643338303236
-33323337363134323730623565343463353964353035343737376365373039353738623466303964
-64653134303836636463333134613162386131373764633935383165353133666433373763316633
-36386231316163643666343561346335646638353631623739383664303364363731663761313666
-37363035326365623638353730393066363834656464316465623038653431663337643938663134
-38343334323932366461653234376161313135636331663765323730623063343666356439343136
-61316365333661353833643662623565333036656439326437623230653833353938323737336264
-31373433326566393436396262373031653065313933663534323366333935376462643532623135
-33353133666432353537343037643333656136303866306162623064336132376330316134363032
-63343765303466393966656133333263653633306435313966303662333139323032346462396661
-62623961343035366162343537383164663964333237386538656539323134323939356131613630
-36306161666534393263343364336235343864313865313437613838643862306535623438656131
-66616539306132393035623434666539623639316263323030303965303432366361343766313032
-35363533613135366461366362663736396334313665666230626430313163366539303763376134
-30636435303736623131656130376239646539666138666532343835616635313835396431633530
-36333134393063303065373362616430356536356464636432623130396536616137663534383135
-31333362343966633563356130633261306438323238306130616363373633613432343565653766
-35376231366636383031653439303064336439333962323865313761633232306234316136623962
-32363635346137316237613864316536393065626430393236336262656532346534633936363361
-38376231636365646166613164383136333561393936663732633931353762653434366561626261
-61396435356330303537366437656662393361653665383263376536383866623234373661313034
-66393235303536633362343933393566303036316130363031313164323037656532376464313061
-39663237323362353539333937383962333534393036653365613239386334323061306231646239
-35393731356234303262353338333230623465363566616264303166366462366136333966616161
-31373766356538356132396132386431333332626164343261303731373834613437356361353064
-61643261636166663062633834643631306163373030633831393338663938653962393032323734
-35363632396566336265643963383935643239343434316666636133313931363432643737656238
-31353231666166376463303666393730653563373565323166653165396236353733393830626633
-62346138383466323862306166336663643138313663346666393738666638386566316265346533
-64373362363032396430353132373832326231376631666638393536373135356462376230623732
-66623436626133656334663934656430336137383238663639363763646330663537633836383734
-32653535383561393337366362393731653364643330353331626636616535613862646536643463
-62376436613263363864316638613035323436326133636639393261373235313837326339343438
-36623766356561316633653565663663303631666664373061353338323232363263313535653637
-65626462383035386238313331343633326338336332386236323165313639336332376265356631
-31356665643463633135346565343066666262313135643038363835336139353466376536633263
-65353037383739633233313062653230626435666465666164336261343461646262353665373239
-35643462393330323739366430306233633765663062616531343032303364623865346334323530
-37656661613866353662343663623463613861613238393565623563306639633638366462623933
-64663762393862613430303731316330663837616131333330623363363730306666333333383063
-36393464303161616539313034613339363062646661373831663336396462393534343632373634
-35613437346637393464353964663332333830306233613232316464333239663637386361326638
-35623862306366376664613935653365613137616264383235363532303666316535363938323963
-62653565646433656634353333346566306431396366363061373830386533323733303630373863
-37333465303663383631336433303461623464376263623031383538326466313339636237626334
-62626139383637356432346264323161373330336463373336336436333264313961666265363964
-34613831383639343333353138643761653439373862306439393333656631316166373938396234
-33656466646365613734343566666661656635663738623061393137336562346339643537663732
-34343330373532653232653638623663336664636561643139316264346234323036306564343236
-31336535663762643263633231313265623661303439623566623533623166393335363866663463
-39663761613463646165313664326465303964626266613837333262323339643134306135636536
-34323130663437383937636339626237366234353633336532613665666331353266383239363530
-62613732623863653062373130346230616261613838643539366130336133643261383165626266
-38616138386561623665633434633439333030326165653765313139626534656466663431396363
-33303061623266626136383439613266353565303863396239373238386261366636333034333038
-38366331323231663933663462396266376264633539666536666432383634323364666532643766
-37393936303765343966306366353334646332666265393066616661633638346165626234313131
-65373236333264656566373538303061363463616338323764313030643463333637393738363362
-62303366383635376666306334393166623639356361346635316438393339343562396234373330
-35363339666461373536393134623233313532303531373630313864346236343536343531366430
-35613434356263646336323832616665313164626264353864346330353863643065663333653436
-62326265346630383264656565643665626638656637323435656132323965656565633664333139
-36626532643237653139666163626464356563336663363237336632346331343133656630643063
-64306137333765336230666138383837653436616136356436346462613961616266626336336339
-39303361336666323336313632663134373432346263376439353966653061653839333934356532
-36636531613734353736626531646338666630326166393561323038653066363933353932363837
-65636663343339363932326636386434623861613062353939306535313362343937376237396563
-39393739303364376130663262613337346133653338373431303237653238373131653032616535
-36393362353337306666383930383031333433663965346362343964343632356665333934626534
-39376637366235313132623931386536376562626138643630633632323637613938383631336263
-66343634666165633765313930366365306135316663373964333131656135633565643063386335
-34326634313937646235326130346234633365663664316536663138663037396233666530626238
-63613862666237663133396337653939633430393330623766373364316632383634303066343733
-66323732623466636137353833646431633262646336656637343137653663363632383135346163
-38613539303731663036616265303361616536363234393437376636316237623632306564613637
-30366534373134393166343233636266306330306362613931663638346233633266386239396266
-32663663396531656239363865326236663561343135326435663161353438363931613939333565
-36333138633130363166663761396334346436616465386465303830373362643937316563363235
-66396433326332363030356338323235613466626333313837366134323861623661316361376562
-64396261636632326234633565326463663264316166356533376639613232373161363165613463
-33366362393930356264343133303334623662663236616438376337386563666363333837326438
-65353436386466616463386636343432613766643530373761353330356566643339
diff --git a/roles/arch/files/laptop/openvpn/laptop.key b/roles/arch/files/laptop/openvpn/laptop.key
deleted file mode 100644
index 1538db3..0000000
--- a/roles/arch/files/laptop/openvpn/laptop.key
+++ /dev/null
@@ -1,90 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-63366334653464393538623464646135313830663361633335623836333234306236323462363063
-3432393439326438326533346635653630653261623164340a633032366435636636616337646334
-61313062333539353332376263626436616333356461303730633064633437636634643737303137
-3466356534663330330a383636366564326135636330393363613431363764663132323064353339
-65333662353831393238666665363663326333346536303438616537303238346234363732323335
-39636230333765336334326334636334663766383261376464383032643136613937313237653566
-65363136663137393539643131613834396135646564656166616361303930306133623938376134
-65376431336632373964343366306132663465343036636135323961616531643437646430386564
-33336530346134386534613261633762643933306132386433376334366233353331636434316332
-36323066613961656131303038336632376632396535343564343930643338336435396236356263
-32643331363963636138613134373134663138366138633463636166623930626566666430613733
-61636137313639366537353861613539656262373439386235353362306266643630366166333731
-30346438313036343561396532353537336237333161366638336364643139343135633538383762
-37343537316531393932646661646365336638386164353562303363346562363530646166636233
-66646265313134623866376365646531363565356261653836393563396635393332663039313139
-65363830356261346637303237316138623230303335323331316661333037663062313237653430
-31663062333139633434623931396230356561346430623037616632643961643333396131306238
-62366636656432356538343338326363383930323539363138623265656234323964356365373138
-63616337373939353836333736313562653735346662633831663430616436363164313761613731
-31383830653833663131653834313530353266633039633534656330633138313064376666613664
-63306335663933653531333836326665346435613939376333356436623133373036353266616334
-64353762663632636631646262333239383237376333653235303963633931333230376432633165
-33373962333036633965393830333831616663353664313263633030643433643934646237353036
-37303738623263323365633833373237633266343161613235666132346631316537333937303765
-30626361656139666663373864353931663630303462613239316562376262303364363937666363
-35313832363830373734613037646262366562626661623664316430313062626664613432353939
-38613264643138613631323332336538386562343039333763636264373064363036316663383430
-38653836393566346532343837343338393834633166356138386130633262356266663430366431
-35393537363531333036316564653738343935393333666361643666396239386238386435663735
-32313666333134376162386532303030646561396666393339623439633665373739616439353536
-31353333323331663337663966343535333832386133363932666164636337373662396138303665
-65363861633539353963363731656431383633656661663932626134386630363239323663386532
-61386662303062383265373536373833383731333034383436313363623739333365633133333063
-62656137623565396438353033333835646161653834383032373136663937623237386264666236
-62653366303564343636363431393332316335666136353530343030356433653634656233633663
-31363566353232303864656161333535663439306538653134383365333139646236646164376331
-30366565636162633265633962653162333636633431376566363665323937386661383038636438
-63376166396361366533363063613037306231306263353036326331323431373434643431343730
-62313135616634333463333632666137383163333838643934373264366532373964363835363732
-66646130613064643966613933646135643434643433353332653237316464353165613737623034
-35383836313237323732343136303739613231663062303435313434613836613235633639393466
-39356232333866623965363763316536313330613130303838633765346232623833623364346462
-64643833353064626232343437346239646532313665396635366465393666363261393864363432
-66643830323132346233343366646639393465376664326165393433393832366165326137386130
-33353336613733333965313437666131313637366536626235336433326134336532643731656165
-30373737323963346134323737366631386462393533623265646530626365366262646664636437
-34313731343863363766353336323965303234383665376139646261636433653061383632323937
-66643765353239363031393132656432636436373130373439303066313130386134306234353933
-37623638363132373462393561633334343164333635313561353965663937633864633938663739
-38666663323564306130313532306230303535316539383438656631356335373134313862393032
-36633162303065663063333832376639303137636466386265653431383133353931386439343864
-33303063353162346366363838313932343438316464306166326239356333323166336365333861
-35633266663836633162626366623231613034653338353033633165626361303738666364613631
-33313837353430656561316463336563623836343330313066633037356531336266656461663263
-33613166346238646130353665386331326635383162653163663061336466323865303536633735
-38653930343738373662376364333035616162636232383466633030613037633039333462616430
-66663731383663343061616438383631623364343937336532303632616666633532613835353339
-38316334653163633235666536346636616565643135373265663031353463313035383961343132
-36323063653334323366636666636236396563616562636536313034663936356665303066396362
-61623762316138333638643766386637383364366437666433613838376337633266633438356637
-35663731623834306461623666643265343330396238613039633762373431383663313761363561
-64623831363637303435633736643834356261383833616664393936343937313265323537353962
-30333136666633333231653863623366393562643232633962653362393836633837353831643138
-31326631663035663238326330396335366333393664343637643838633639376636356630626531
-38396363316137653166356531313033363237326264366435633865663962326362636566333930
-31343262333365303734636364626263323764343533333432336332653761306464313937353061
-31343138393064303662383234393532303136656365626136356434363132663334373163623734
-36636230663633386131323533623734626664333062323961646561306136626266303366626461
-38663838643164396530366566356432366266316539323838616330303235306431376236653937
-38313761323161353237396265336562353365663965656137326562653462376636313335303162
-64323463383630386530363265323132306563323630366662383638616538313630386435393434
-34343365653138613632366665366632653937626162373134653133323337363262626133323164
-66376337306333636261613538373831326631363134633833633362333963336439333236393561
-34653563643433646232613064336562356639303763653537326562303038386561616365373862
-36383561323032333565306536653966333537353435623636313931373838346336376332343038
-64636637353730363833393631313735393432626163323663663737633464383938343134616438
-37326431623039323864616365646638613436383166333634633235313838376632663964343062
-35346338643163313832316636326231313933626332313366393136656263613966653838326539
-61316430343962333661313835626562316638313039306461393837623531626335656564613636
-30306364323231343135333332373534363335643734313765343535366630343336376264653836
-33363935336164613536376230316136616231303034376361663664333733323134316536346235
-36646535636232343136613766363339316138366238626338623366616262616338613030343631
-64633866313631346162386433343365636337346230396330623034346563646539393736393561
-31396638333165333234616361636639646261343766356337346361623065646565613930636533
-38653831613735303436363632666231306262623765333234663539353031396534356564396362
-65643862396639366462326337336131356539363739656163346538303861653931333535366235
-64303636303935313861333366366165646365323863643432616361623933373332613362356135
-36656666633830613365383434613032393435326362316637396434363137383766636237383638
-30306631393563306131363538323932363333363730356630633764343662313833
diff --git a/roles/arch/files/laptop/openvpn/ta.key b/roles/arch/files/laptop/openvpn/ta.key
deleted file mode 100644
index bd04e87..0000000
--- a/roles/arch/files/laptop/openvpn/ta.key
+++ /dev/null
@@ -1,37 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-31346264386665653537646639613235373635376563666638653735353936633961383230363963
-3931633464666465316334343266316433633638396437300a613861393966643935346361386133
-66663231316163613937346633383635663533313861663961393431333164636534303662656532
-3933623033333430640a376266323565373433386661386433626265636264306431623739353862
-37323436373366396135623436646232666236653265343630313865653234323639343161306533
-37376261653162353661343164346433613938376237303031316434643162333639333438613962
-33313132373663393935326361363766316630643962333938376662303561353337386533656538
-34623565353731356461356134306637366264633361613463613036313731316663353563616333
-63356533656138386338303839313163666132653538353930636530383430386338616534663830
-39646533303365613065656439663866356339633863653930353836633632316331663662353939
-33376532323037303363323035336561376230303732386336623136336265386133613639393934
-30363331316538366538366130656466333739306536393430396535663732633334396461323239
-62396261616336383834356165623264396136353632633239383534313139656436343065303032
-30393666376432626436326462616364663635666330366634326130306562343535653964643932
-37653235643237383332643365633066383734306538373966303966623930613961653934616130
-32326265313164363866643865356439653434366635616336306537303834613232653731656662
-35326263616564663137363132346536633838326134353733313662653561303232626331643363
-36343730386537383261373762646531666666613730303631623335393962313630373862653562
-32343435346464336363323532636636616231323361633936616266386263653634316266383633
-66663836336163373336393830326335306636383130373832303434626130346266313038313631
-36623331336537376666643561316664623762323766663531363335323761383338663365343463
-33393461363661636263303466323631613061366563303965623237623731396232363066656361
-33346264653963306165633131623533646361396466326632396366623063646466613331313864
-62613330656363326266333938346139393731653265656630623839636532373830376330653965
-66623638613138646339316536646433346639383962316136616633623364386432636138323839
-39373231636566663333616431393433653666643365653633396634663964323032626137376661
-38386333663335336237316563376466316232613465313863313633306237626633393134623236
-34353431613937323539333362306334383433633430363638323463306236336434613863663736
-64306339383737336165393562313539353033663534383037343532663563326432626632356666
-65646237623537333333383162626664376136363134613763613936376333313965356136633338
-64303830363330626561303838383062303734643064653134663361643330316635636561336635
-37383233353866343535363930386131383538623437656161656530333735373330396562326161
-37626231333065363235386433306565653330306231316539633563316236643737336637323364
-38356537326231643165313333623530663737623666376234376432626133356239623732616537
-35623765386239386636343439616265386137633534333130613866343366376437356234383835
-31636238383661643939
diff --git a/roles/arch/files/tmux_start b/roles/arch/files/tmux_start
deleted file mode 100755
index 4e6646d..0000000
--- a/roles/arch/files/tmux_start
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-MAIN="main"
-DEVELOPMENT="development"
-
-tmux start-server
-tmux new-session -ds $MAIN
-tmux new-window
-tmux new-window
-tmux select-window -t 0
-
-tmux new-session -ds $DEVELOPMENT
-tmux new-window
-tmux new-window
-tmux new-window
-tmux select-window -t 0
diff --git a/roles/arch/handlers/main.yml b/roles/arch/handlers/main.yml
deleted file mode 100644
index 6ae7096..0000000
--- a/roles/arch/handlers/main.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-- name: enable daily timer
-  become: true
-  systemd:
-    name: daily.timer
-    state: restarted
-    enabled: true
-    daemon-reload: true
-
-- name: enable weekly timer
-  become: true
-  systemd:
-    name: weekly.timer
-    state: restarted
-    enabled: true
-    daemon-reload: true
-
-- name: restart user ssh-agent
-  systemd:
-    name: ssh-agent
-    state: restarted
-    enabled: true
-    daemon-reload: true
-    scope: user
-
-- name: restart syncthing
-  systemd:
-    name: syncthing
-    state: restarted
-    enabled: true
-    scope: user
-
-- name: restart powertop
-  become: yes
-  systemd:
-    name: powertop
-    state: restarted
-    enabled: true
-    daemon-reload: true
diff --git a/roles/arch/meta/main.yml b/roles/arch/meta/main.yml
deleted file mode 100644
index 360c542..0000000
--- a/roles/arch/meta/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-dependencies:
-  - common
-
-galaxy_info:
-  author: sonny
-  description: "Sets up an arch environment"
-  license: "license GPLv3"
-  min_ansible_version: 2.7
-  issue_tracker_url: "https://git.fudiggity.nl/ansible/arch-setup/issues"
-  platforms:
-    - name: Archlinux
-  galaxy_tags:
-    - system
diff --git a/roles/arch/tasks/git.yml b/roles/arch/tasks/git.yml
deleted file mode 100644
index 89f125e..0000000
--- a/roles/arch/tasks/git.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-- name: copy git configuration
-  template:
-    src: "gitconfig.j2"
-    dest: "{{ ansible_env.HOME }}/.gitconfig"
-
-- name: copy keys
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  loop:
-    - {
-      src: "gpg_key", dest: "{{ ansible_env.HOME }}/gpg.key"
-    }
-    - {
-      src: "gpg_pub", dest: "{{ ansible_env.HOME }}/gpg.pub"
-    }
-
-- name: import secret key
-  command: "gpg --passphrase {{ gpg_passphrase }} --import ~/gpg.key"
-
-- name: import public key
-  command: "gpg --import ~/gpg.pub"
-
-- name: remove temp keys
-  file:
-    path: "{{ item }}"
-    state: absent
-  loop:
-    - "{{ ansible_env.HOME }}/gpg.key"
-    - "{{ ansible_env.HOME }}/gpg.pub"
diff --git a/roles/arch/tasks/main.yml b/roles/arch/tasks/main.yml
deleted file mode 100644
index a729530..0000000
--- a/roles/arch/tasks/main.yml
+++ /dev/null
@@ -1,69 +0,0 @@
-- name: install shared packages
-  become: yes
-  pacman:
-    name: "{{ packages }}"
-
-- name: detecting platform
-  import_tasks: platform.yml
-
-- name: install platform specific packages
-  become: yes
-  pacman:
-    name: "{{ platform_packages }}"
-
-- name: configuring network
-  import_tasks: network.yml
-
-- name: copy reflector configuration
-  become: yes
-  template:
-    src: "reflector.j2"
-    dest: "/etc/xdg/reflector/reflector.conf"
-    owner: root
-    group: root
-    mode: "0600"
-
-# started by weekly timer
-- name: disable reflector
-  become: true
-  systemd:
-    name: reflector
-    state: stopped
-    enabled: false
-
-- name: copy pacman configuration
-  become: yes
-  template:
-    src: "pacman.j2"
-    dest: "/etc/pacman.conf"
-    owner: root
-    group: root
-    mode: "0644"
-
-- name: create extra conf
-  become: yes
-  file:
-    path: "/etc/pacman.d/extra.conf"
-    owner: root
-    group: root
-    state: touch
-    mode: "0644"
-
-- name: copy powertop service
-  become: yes
-  template:
-    src: "{{ platform }}/powertop.j2"
-    dest: "/etc/systemd/system/powertop.service"
-    owner: root
-    group: root
-    mode: "0644"
-  notify: restart powertop
-  when: platform == "laptop"
-
-- import_tasks: systemd.yml
-- import_tasks: openvpn.yml
-- import_tasks: git.yml
-- import_tasks: mpv.yml
-- import_tasks: mpd.yml
-- import_tasks: syncthing.yml
-- import_tasks: timer.yml
diff --git a/roles/arch/tasks/mpd.yml b/roles/arch/tasks/mpd.yml
deleted file mode 100644
index 22b3f09..0000000
--- a/roles/arch/tasks/mpd.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-- name: set up sudoers configuration
-  become: yes
-  template:
-    src: "sudoers.j2"
-    dest: "/etc/sudoers.d/10-sonny"
-    owner: root
-    group: root
-    mode: "0644"
-
-- name: copy systemd configuration files
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  loop:
-    - {
-        src: "mpd/service.j2",
-        dest: "{{ xdg_config_dir }}/systemd/user/mpd.service",
-      }
-    - {
-        src: "mpd/socket.j2",
-        dest: "{{ xdg_config_dir }}/systemd/user/mpd.socket",
-      }
-
-- name: create mpd files
-  file:
-    path: "{{ item.path }}"
-    state: "{{ item.state }}"
-  loop:
-    - {
-        path: "{{ mpd_configuration_dir }}",
-        state: "directory",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/playlists",
-        state: "directory",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/log",
-        state: "touch",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/database",
-        state: "touch",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/sticker.sql",
-        state: "touch",
-      }
-    - {
-        path: "{{ mpd_configuration_dir }}/state",
-        state: "touch",
-      }
-
-- name: copy configuration file
-  template:
-    src: "mpd/mpd.j2"
-    dest: "{{ mpd_configuration_dir }}/mpd.conf"
-
-- name: copy nfs connection scripts
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "0755"
-  loop:
-    - {
-        src: "mpd/music_mount.j2",
-        dest: "{{ xdg_script_dir }}/music_mount",
-      }
-    - {
-        src: "mpd/music_umount.j2",
-        dest: "{{ xdg_script_dir }}/music_umount",
-      }
-
-- name: restart mpd service
-  systemd:
-    name: mpd.service
-    state: restarted
-    enabled: no
-    scope: user
-  when: platform == "desktop"
-
-- name: enable mpd socket
-  systemd:
-    name: mpd.socket
-    state: started
-    enabled: yes
-    scope: user
-  when: platform == "desktop"
diff --git a/roles/arch/tasks/mpv.yml b/roles/arch/tasks/mpv.yml
deleted file mode 100644
index 37f13ba..0000000
--- a/roles/arch/tasks/mpv.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-- name: create configuration directory
-  file:
-    path: "{{ ansible_env.HOME }}/.config/mpv"
-    state: directory
-    mode: "0700"
-
-- name: copy configuration files
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    mode: "0644"
-  loop:
-    - {
-        src: "mpv/input.j2",
-        dest: "{{ ansible_env.HOME }}/.config/mpv/input.conf",
-      }
-    - {
-        src: "mpv/config.j2",
-        dest: "{{ ansible_env.HOME }}/.config/mpv/mpv.conf",
-      }
diff --git a/roles/arch/tasks/network.yml b/roles/arch/tasks/network.yml
deleted file mode 100644
index 5df08ff..0000000
--- a/roles/arch/tasks/network.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-- name: setup desktop systemd networkd
-  become: yes
-  template:
-    src: "desktop/network.j2"
-    dest:  "/etc/systemd/network/20-wired.network"
-    owner: root
-    group: root
-    mode: "0644"
-  notify: restart systemd-networkd
-  when: platform == "desktop"
-
-- name: setup laptop systemd networkd
-  become: yes
-  template:
-    src: "laptop/network.j2"
-    dest:  "/etc/systemd/network/20-wireless.network"
-    owner: root
-    group: root
-    mode: "0644"
-  notify: restart systemd-networkd
-  when: platform == "laptop"
-
-- name: start systemd-resolved service
-  become: yes
-  systemd:
-    name: systemd-resolved
-    state: started
-    enabled: yes
-
-- name: start iwd service
-  become: yes
-  systemd:
-    name: iwd
-    state: started
-    enabled: yes
-  when: platform == "laptop"
-
-- name: copy firewall template
-  become: yes
-  template:
-    src: "{{ platform }}/nftables.j2"
-    dest: "/etc/nftables.conf"
-    owner: root
-    group: root
-    mode: "0600"
-  notify: restart nftables
diff --git a/roles/arch/tasks/openvpn.yml b/roles/arch/tasks/openvpn.yml
deleted file mode 100644
index 78b7954..0000000
--- a/roles/arch/tasks/openvpn.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-- name: create configuration directories
-  become: yes
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: openvpn
-    group: openvpn
-    mode: "0750"
-  loop:
-    - "/etc/openvpn/client"
-    - "/etc/openvpn/client/zeus"
-    - "/etc/openvpn/server"
-
-- name: copy configuration
-  become: yes
-  template:
-    src: "{{ platform }}/openvpn.j2"
-    dest: "/etc/openvpn/client/zeus.conf"
-    owner: openvpn
-    group: openvpn
-    mode: "0644"
-
-- name: copy desktop credentials
-  become: yes
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: openvpn
-    group: openvpn
-    mode: "0600"
-  loop:
-    - {
-        src: "{{ platform }}/openvpn/ca.crt",
-        dest: "/etc/openvpn/client/zeus/ca.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/desktop.crt",
-        dest: "/etc/openvpn/client/zeus/desktop.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/desktop.key",
-        dest: "/etc/openvpn/client/zeus/desktop.key",
-      }
-    - {
-        src: "{{ platform }}/openvpn/ta.key",
-        dest: "/etc/openvpn/client/zeus/ta.key",
-      }
-  when: platform == "desktop"
-
-- name: copy laptop credentials
-  become: yes
-  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: openvpn
-    group: openvpn
-    mode: "0600"
-  loop:
-    - {
-        src: "{{ platform }}/openvpn/ca.crt",
-        dest: "/etc/openvpn/client/zeus/ca.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/laptop.crt",
-        dest: "/etc/openvpn/client/zeus/laptop.crt",
-      }
-    - {
-        src: "{{ platform }}/openvpn/laptop.key",
-        dest: "/etc/openvpn/client/zeus/laptop.key",
-      }
-    - {
-        src: "{{ platform }}/openvpn/ta.key",
-        dest: "/etc/openvpn/client/zeus/ta.key",
-      }
-  when: platform == "laptop"
-
-- name: restart vpn
-  become: true
-  systemd:
-    name: openvpn-client@zeus
-    state: restarted
-    enabled: true
diff --git a/roles/arch/tasks/platform.yml b/roles/arch/tasks/platform.yml
deleted file mode 100644
index c9a7dd2..0000000
--- a/roles/arch/tasks/platform.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-- name: detect platform
-  command: laptop-detect
-  register: is_laptop
-  failed_when: is_laptop.rc == 2
-
-- name: set platform (desktop)
-  set_fact:
-    platform: "desktop"
-  when: is_laptop.rc == 1
-
-- name: set platform (laptop)
-  set_fact:
-    platform: "laptop"
-  when: is_laptop.rc == 0
-
-- name: load desktop specific vars
-  include_vars: desktop.yml
-  when: platform == "desktop"
-
-- name: load laptop specific vars
-  include_vars: laptop.yml
-  when: platform == "laptop"
diff --git a/roles/arch/tasks/syncthing.yml b/roles/arch/tasks/syncthing.yml
deleted file mode 100644
index c45e0cc..0000000
--- a/roles/arch/tasks/syncthing.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: create configuration dir
-  file:
-    path: "{{ xdg_config_dir }}/syncthing"
-    state: directory
-
-- name: copy configuration file
-  template:
-    src: "{{ platform }}/syncthing.j2"
-    dest: "{{ xdg_config_dir }}/syncthing/config.xml"
-    mode: "0600"
-  notify: restart syncthing
diff --git a/roles/arch/tasks/systemd.yml b/roles/arch/tasks/systemd.yml
deleted file mode 100644
index 996a099..0000000
--- a/roles/arch/tasks/systemd.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-- name: setup systemd user service folder
-  file:
-    path: "{{ xdg_config_dir }}/systemd/user"
-    state: directory
-    mode: "0755"
-
-- name: add ssh-agent service
-  template:
-    src: "ssh-agent.j2"
-    dest: "{{ xdg_config_dir }}/systemd/user/ssh-agent.service"
-    mode: "0644"
-  notify: restart user ssh-agent
-
-- name: copy tmux service
-  template:
-    src: "tmux.j2"
-    dest: "{{ xdg_config_dir }}/systemd/user/tmux.service"
-    mode: "0644"
-
-- name: copy tmux startup script
-  copy:
-    src: "tmux_start"
-    dest: "{{ ansible_env.HOME }}/.local/bin/tmux_start"
-    mode: "0740"
-    force: false
diff --git a/roles/arch/tasks/timer.yml b/roles/arch/tasks/timer.yml
deleted file mode 100644
index f436939..0000000
--- a/roles/arch/tasks/timer.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-- name: copy timer files
-  become: yes
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    mode: "0644"
-  loop:
-    - {
-        src: "timer/daily_timer.j2",
-        dest: "/etc/systemd/system/daily.timer",
-      }
-    - {
-        src: "timer/weekly_timer.j2",
-        dest: "/etc/systemd/system/weekly.timer",
-      }
-  notify:
-    - enable daily timer
-    - enable weekly timer
-
-- name: copy target files
-  become: yes
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    mode: "0644"
-  loop:
-    - {
-        src: "timer/daily_target.j2",
-        dest: "/etc/systemd/system/daily.target",
-      }
-    - {
-        src: "timer/weekly_target.j2",
-        dest: "/etc/systemd/system/weekly.target",
-      }
-
-- name: create target directories
-  become: yes
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: root
-    mode: "0755"
-  loop:
-    - "/etc/systemd/system/daily.target.wants"
-    - "/etc/systemd/system/weekly.target.wants"
-
-- name: add reflector to weekly timer
-  become: yes
-  file:
-    src: "/usr/lib/systemd/system/reflector.service"
-    dest: "/etc/systemd/system/weekly.target.wants/reflector.service"
-    state: link
diff --git a/roles/arch/templates/desktop/network.j2 b/roles/arch/templates/desktop/network.j2
deleted file mode 100644
index 3329399..0000000
--- a/roles/arch/templates/desktop/network.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Match]
-Name=enp*
-
-[Network]
-DHCP=yes
diff --git a/roles/arch/templates/desktop/nftables.j2 b/roles/arch/templates/desktop/nftables.j2
deleted file mode 100644
index 5d3e23f..0000000
--- a/roles/arch/templates/desktop/nftables.j2
+++ /dev/null
@@ -1,65 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-#!/usr/bin/nft -f
-# vim:set ts=2 sw=2 et:
-
-table inet filter {
-  chain input {
-    type filter hook input priority 0;
-
-    # allow established/related connections
-    ct state { established, related } accept
-
-    # early drop of invalid connections
-    ct state invalid drop
-
-    # allow from loopback
-    iifname lo accept
-
-    # allow icmp
-    ip protocol icmp accept
-    ip6 nexthdr icmpv6 accept
-
-    # allow ssh
-    tcp dport ssh accept
-
-    # syncthing
-    ip saddr 10.8.1.1 tcp dport 22000 accept
-
-    # allow dhcp requests for bridget connections
-    iifname "vmbr0" udp dport { 53, 67 } accept
-
-    # everything else
-    reject with icmpx type port-unreachable
-  }
-
-  chain forward {
-    type filter hook forward priority security; policy drop;
-
-    ct state { established, related } accept;
-
-    mark 1 accept
-
-    iifname "vmbr0" oifname "enp34s0" accept
-    iifname "enp34s0" oifname "vmbr0" accept
-  }
-}
-
-table ip filter {
-  chain DOCKER-USER {
-    mark set 1
-  }
-}
-
-table ip nat {
-  chain prerouting {
-    type nat hook prerouting priority 0; policy accept;
-
-    # iifname "enp34s0" tcp dport { http } dnat to 10.4.0.243
-  }
-
-  chain postrouting {
-    type nat hook postrouting priority 0; policy accept;
-    oifname "enp34s0" masquerade
-  }
-}
diff --git a/roles/arch/templates/desktop/openvpn.j2 b/roles/arch/templates/desktop/openvpn.j2
deleted file mode 100644
index 3e5ba0a..0000000
--- a/roles/arch/templates/desktop/openvpn.j2
+++ /dev/null
@@ -1,93 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server.     #
-#                                            #
-# This configuration can be used by multiple #
-# clients, however each client should have   #
-# its own cert and key files.                #
-#                                            #
-# On Windows, you might want to rename this  #
-# file so it has a .ovpn extension           #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-dev {{ vpn_interface }}
-
-# Are we connecting to a TCP or
-# UDP server?  Use the same setting as
-# on the server.
-proto {{ vpn_protocol }}
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote {{ vpn_ip }}
-port {{ vpn_port }}
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server.  Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Ping every 30s - Inactivity restart 120s
-keepalive 30 120
-
-# Don't ping until connected to remote
-ping-timer-rem
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# SSL/TLS parms.
-# See the server config file for more
-# description.  It's best to use
-# a separate .crt/.key file pair
-# for each client.  A single ca
-# file can be used for all clients.
-ca /etc/openvpn/client/zeus/ca.crt
-cert /etc/openvpn/client/zeus/desktop.crt
-key /etc/openvpn/client/zeus/desktop.key
-
-# Verify server certificate by checking that the
-# certicate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-#  http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-#   digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-#   serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-tls-auth /etc/openvpn/client/zeus/ta.key 1
-auth SHA512
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-cipher AES-256-CBC
-
-# Set log file verbosity.
-verb {{ vpn_verbosity }}
diff --git a/roles/arch/templates/desktop/syncthing.j2 b/roles/arch/templates/desktop/syncthing.j2
deleted file mode 100644
index dba711e..0000000
--- a/roles/arch/templates/desktop/syncthing.j2
+++ /dev/null
@@ -1,134 +0,0 @@
-<!-- {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -->
-
-<configuration version="32">
-    <folder id="Pictures" label="Pictures" path="/home/sonny/Pictures/" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="false" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN" introducedBy=""></device>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>10</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <folder id="default" label="Default Folder" path="/home/sonny/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN" introducedBy=""></device>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning type="simple">
-            <param key="keep" val="5"></param>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>-1</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <device id="CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN" name="Desktop" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>dynamic</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" name="Zeus" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>tcp://10.8.0.1:22000</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <gui enabled="true" tls="true" debugging="false">
-        <address>127.0.0.1:8384</address>
-        <apikey>Qo5fAhxR7LnwvJ7eGYr4gigkHm2LrT6y</apikey>
-        <theme>dark</theme>
-    </gui>
-    <ldap></ldap>
-    <options>
-        <listenAddress>default</listenAddress>
-        <globalAnnounceServer>default</globalAnnounceServer>
-        <globalAnnounceEnabled>true</globalAnnounceEnabled>
-        <localAnnounceEnabled>true</localAnnounceEnabled>
-        <localAnnouncePort>21027</localAnnouncePort>
-        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <reconnectionIntervalS>60</reconnectionIntervalS>
-        <relaysEnabled>true</relaysEnabled>
-        <relayReconnectIntervalM>10</relayReconnectIntervalM>
-        <startBrowser>true</startBrowser>
-        <natEnabled>true</natEnabled>
-        <natLeaseMinutes>60</natLeaseMinutes>
-        <natRenewalMinutes>30</natRenewalMinutes>
-        <natTimeoutSeconds>10</natTimeoutSeconds>
-        <urAccepted>3</urAccepted>
-        <urSeen>0</urSeen>
-        <urUniqueID>rxdDP3h2</urUniqueID>
-        <urURL>https://data.syncthing.net/newdata</urURL>
-        <urPostInsecurely>false</urPostInsecurely>
-        <urInitialDelayS>1800</urInitialDelayS>
-        <restartOnWakeup>true</restartOnWakeup>
-        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
-        <upgradeToPreReleases>false</upgradeToPreReleases>
-        <keepTemporariesH>24</keepTemporariesH>
-        <cacheIgnoredFiles>false</cacheIgnoredFiles>
-        <progressUpdateIntervalS>5</progressUpdateIntervalS>
-        <limitBandwidthInLan>false</limitBandwidthInLan>
-        <minHomeDiskFree unit="%">1</minHomeDiskFree>
-        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
-        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
-        <tempIndexMinBlocks>10</tempIndexMinBlocks>
-        <unackedNotificationID>authenticationUserAndPassword</unackedNotificationID>
-        <trafficClass>0</trafficClass>
-        <defaultFolderPath>~</defaultFolderPath>
-        <setLowPriority>true</setLowPriority>
-        <maxFolderConcurrency>0</maxFolderConcurrency>
-        <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
-        <crashReportingEnabled>true</crashReportingEnabled>
-        <stunKeepaliveStartS>180</stunKeepaliveStartS>
-        <stunKeepaliveMinS>20</stunKeepaliveMinS>
-        <stunServer>default</stunServer>
-        <databaseTuning>auto</databaseTuning>
-        <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
-    </options>
-</configuration>
diff --git a/roles/arch/templates/gitconfig.j2 b/roles/arch/templates/gitconfig.j2
deleted file mode 100644
index 00bfd77..0000000
--- a/roles/arch/templates/gitconfig.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-
-[user]
-email = sonny871@hotmail.com
-name = Sonny Bakker
-signingkey = {{ gpg_pub_key }}
-
-[pull]
-rebase = false
diff --git a/roles/arch/templates/laptop/network.j2 b/roles/arch/templates/laptop/network.j2
deleted file mode 100644
index 894c5db..0000000
--- a/roles/arch/templates/laptop/network.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Match]
-Name=wlan0
-
-[Network]
-DHCP=ipv4
diff --git a/roles/arch/templates/laptop/openvpn.j2 b/roles/arch/templates/laptop/openvpn.j2
deleted file mode 100644
index 8e329e6..0000000
--- a/roles/arch/templates/laptop/openvpn.j2
+++ /dev/null
@@ -1,102 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-##############################################
-# Sample client-side OpenVPN 2.0 config file #
-# for connecting to multi-client server.     #
-#                                            #
-# This configuration can be used by multiple #
-# clients, however each client should have   #
-# its own cert and key files.                #
-#                                            #
-# On Windows, you might want to rename this  #
-# file so it has a .ovpn extension           #
-##############################################
-
-# Specify that we are a client and that we
-# will be pulling certain config file directives
-# from the server.
-client
-
-# Use the same setting as you are using on
-# the server.
-# On most systems, the VPN will not function
-# unless you partially or fully disable
-# the firewall for the TUN/TAP interface.
-dev {{ vpn_interface }}
-
-# Use unprivileged ip command
-#iproute /usr/local/sbin/unpriv-ip
-
-# Are we connecting to a TCP or
-# UDP server?  Use the same setting as
-# on the server.
-proto {{ vpn_protocol }}
-
-# The hostname/IP and port of the server.
-# You can have multiple remote entries
-# to load balance between the servers.
-remote {{ vpn_ip }}
-port {{ vpn_port }}
-
-# Keep trying indefinitely to resolve the
-# host name of the OpenVPN server.  Very useful
-# on machines which are not permanently connected
-# to the internet such as laptops.
-resolv-retry infinite
-
-# Ping every 30s - Inactivity restart 120s
-keepalive 30 120
-
-# Don't ping until connected to remote
-ping-timer-rem
-
-# Most clients don't need to bind to
-# a specific local port number.
-nobind
-
-# Try to preserve some state across restarts.
-persist-key
-persist-tun
-
-# SSL/TLS parms.
-# See the server config file for more
-# description.  It's best to use
-# a separate .crt/.key file pair
-# for each client.  A single ca
-# file can be used for all clients.
-ca /etc/openvpn/client/zeus/ca.crt
-cert  /etc/openvpn/client/zeus/laptop.crt
-key  /etc/openvpn/client/zeus/laptop.key
-
-# Verify server certificate by checking that the
-# certicate has the correct key usage set.
-# This is an important precaution to protect against
-# a potential attack discussed here:
-#  http://openvpn.net/howto.html#mitm
-#
-# To use this feature, you will need to generate
-# your server certificates with the keyUsage set to
-#   digitalSignature, keyEncipherment
-# and the extendedKeyUsage to
-#   serverAuth
-# EasyRSA can do this for you.
-remote-cert-tls server
-
-# If a tls-auth key is used on the server
-# then every client must also have the key.
-tls-auth ta.key 1
-auth SHA512
-
-# Select a cryptographic cipher.
-# If the cipher option is used on the server
-# then you must also specify it here.
-cipher AES-256-CBC
-
-# Enable compression on the VPN link.
-# Don't enable this unless it is also
-# enabled in the server config file.
-# Disabled as advised on https://openvpn.net/security-advisories/
-#compress lz4
-
-# Set log file verbosity.
-verb {{ vpn_verbosity }}
diff --git a/roles/arch/templates/laptop/powertop.j2 b/roles/arch/templates/laptop/powertop.j2
deleted file mode 100644
index 6b15cc7..0000000
--- a/roles/arch/templates/laptop/powertop.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Unit]
-Description=Powertop tunings
-
-[Service]
-ExecStart=/usr/bin/powertop --auto-tune
-RemainAfterExit=true
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/arch/templates/laptop/syncthing.j2 b/roles/arch/templates/laptop/syncthing.j2
deleted file mode 100644
index 6c1117b..0000000
--- a/roles/arch/templates/laptop/syncthing.j2
+++ /dev/null
@@ -1,134 +0,0 @@
-<!-- {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }} -->
-
-<configuration version="32">
-    <folder id="Pictures" label="Pictures" path="/home/sonny/Pictures/" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <device id="2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>10</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <folder id="default" label="Sync" path="/home/sonny/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
-        <filesystemType>basic</filesystemType>
-        <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" introducedBy=""></device>
-        <device id="2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH" introducedBy=""></device>
-        <minDiskFree unit="">0</minDiskFree>
-        <versioning type="simple">
-            <param key="keep" val="5"></param>
-            <cleanupIntervalS>3600</cleanupIntervalS>
-        </versioning>
-        <copiers>0</copiers>
-        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
-        <hashers>0</hashers>
-        <order>random</order>
-        <ignoreDelete>false</ignoreDelete>
-        <scanProgressIntervalS>0</scanProgressIntervalS>
-        <pullerPauseS>0</pullerPauseS>
-        <maxConflicts>10</maxConflicts>
-        <disableSparseFiles>false</disableSparseFiles>
-        <disableTempIndexes>false</disableTempIndexes>
-        <paused>false</paused>
-        <weakHashThresholdPct>25</weakHashThresholdPct>
-        <markerName>.stfolder</markerName>
-        <copyOwnershipFromParent>false</copyOwnershipFromParent>
-        <modTimeWindowS>0</modTimeWindowS>
-        <maxConcurrentWrites>0</maxConcurrentWrites>
-        <disableFsync>false</disableFsync>
-        <blockPullOrder>standard</blockPullOrder>
-        <copyRangeMethod>standard</copyRangeMethod>
-        <caseSensitiveFS>false</caseSensitiveFS>
-        <junctionsAsDirs>true</junctionsAsDirs>
-    </folder>
-    <device id="PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ" name="Zeus" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>tcp://10.8.0.1:22000</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <device id="2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH" name="XPS" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
-        <address>dynamic</address>
-        <paused>false</paused>
-        <autoAcceptFolders>false</autoAcceptFolders>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <maxRequestKiB>0</maxRequestKiB>
-    </device>
-    <gui enabled="true" tls="true" debugging="false">
-        <address>127.0.0.1:8384</address>
-        <apikey>2y25PxNtQjtDoe6qnDSiWpmSMpJnvoyi</apikey>
-        <theme>dark</theme>
-    </gui>
-    <ldap></ldap>
-    <options>
-        <listenAddress>default</listenAddress>
-        <globalAnnounceServer>default</globalAnnounceServer>
-        <globalAnnounceEnabled>true</globalAnnounceEnabled>
-        <localAnnounceEnabled>true</localAnnounceEnabled>
-        <localAnnouncePort>21027</localAnnouncePort>
-        <localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
-        <maxSendKbps>0</maxSendKbps>
-        <maxRecvKbps>0</maxRecvKbps>
-        <reconnectionIntervalS>60</reconnectionIntervalS>
-        <relaysEnabled>true</relaysEnabled>
-        <relayReconnectIntervalM>10</relayReconnectIntervalM>
-        <startBrowser>true</startBrowser>
-        <natEnabled>true</natEnabled>
-        <natLeaseMinutes>60</natLeaseMinutes>
-        <natRenewalMinutes>30</natRenewalMinutes>
-        <natTimeoutSeconds>10</natTimeoutSeconds>
-        <urAccepted>-1</urAccepted>
-        <urSeen>0</urSeen>
-        <urUniqueID>A3FvpLVX</urUniqueID>
-        <urURL>https://data.syncthing.net/newdata</urURL>
-        <urPostInsecurely>false</urPostInsecurely>
-        <urInitialDelayS>1800</urInitialDelayS>
-        <restartOnWakeup>true</restartOnWakeup>
-        <autoUpgradeIntervalH>12</autoUpgradeIntervalH>
-        <upgradeToPreReleases>false</upgradeToPreReleases>
-        <keepTemporariesH>24</keepTemporariesH>
-        <cacheIgnoredFiles>false</cacheIgnoredFiles>
-        <progressUpdateIntervalS>5</progressUpdateIntervalS>
-        <limitBandwidthInLan>false</limitBandwidthInLan>
-        <minHomeDiskFree unit="%">1</minHomeDiskFree>
-        <releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
-        <overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
-        <tempIndexMinBlocks>10</tempIndexMinBlocks>
-        <unackedNotificationID>authenticationUserAndPassword</unackedNotificationID>
-        <trafficClass>0</trafficClass>
-        <defaultFolderPath>~</defaultFolderPath>
-        <setLowPriority>true</setLowPriority>
-        <maxFolderConcurrency>0</maxFolderConcurrency>
-        <crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
-        <crashReportingEnabled>true</crashReportingEnabled>
-        <stunKeepaliveStartS>180</stunKeepaliveStartS>
-        <stunKeepaliveMinS>20</stunKeepaliveMinS>
-        <stunServer>default</stunServer>
-        <databaseTuning>auto</databaseTuning>
-        <maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
-    </options>
-</configuration>
diff --git a/roles/arch/templates/mpd/mpd.j2 b/roles/arch/templates/mpd/mpd.j2
deleted file mode 100644
index 24ec414..0000000
--- a/roles/arch/templates/mpd/mpd.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-music_directory       "{{ mpd_music_dir }}"
-playlist_directory    "{{ mpd_playlist_dir }}"
-state_file            "{{ mpd_state_path }}"
-sticker_file          "{{ mpd_sticker_path }}"
-log_level             "secure"
-
-bind_to_address       "{{ mpd_listen_address }}"
-port                  "{{ mpd_listen_port }}"
-
-auto_update           "yes"
-filesystem_charset    "UTF-8"
-
-samplerate_converter  "1"
-
-database {
-  plugin  "proxy"
-  host    "{{ mpd_database_address }}"
-  port    "{{ mpd_database_port }}"
-}
-
-audio_output {
-  type                  "pulse"
-  name                  "mpd"
-  replay_gain_handler   "software"
-  mixer_type            "hardware"
-  format                "96000:24:1"
-}
-
-input {
-  enabled   "no"
-  plugin    "tidal"
-}
-
-input {
-  enabled   "no"
-  plugin    "qobuz"
-}
-
-decoder {
-  plugin    "wildmidi"
-  enabled   "no"
-}
diff --git a/roles/arch/templates/mpd/music_mount.j2 b/roles/arch/templates/mpd/music_mount.j2
deleted file mode 100644
index 615712b..0000000
--- a/roles/arch/templates/mpd/music_mount.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-#
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-sudo mount -t nfs -o vers=4,soft,async,proto=tcp,port=2049 10.8.0.1:/srv/nfs4/music {{ mpd_music_dir }}
diff --git a/roles/arch/templates/mpd/music_umount.j2 b/roles/arch/templates/mpd/music_umount.j2
deleted file mode 100644
index 9bc55a2..0000000
--- a/roles/arch/templates/mpd/music_umount.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-#
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-pkill cantata
-sudo umount {{ mpd_music_dir }}
diff --git a/roles/arch/templates/mpd/service.j2 b/roles/arch/templates/mpd/service.j2
deleted file mode 100644
index dd79222..0000000
--- a/roles/arch/templates/mpd/service.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-[Unit]
-Description=Music Player Daemon
-Documentation=man:mpd(1) man:mpd.conf(5)
-
-[Service]
-Type=notify
-ExecStartPre={{ xdg_script_dir }}/music_mount
-ExecStart=/usr/bin/mpd --no-daemon {{ mpd_configuration_dir }}/mpd.conf
-ExecStopPost={{ xdg_script_dir }}/music_umount
-Restart=on-failure
-RestartSec=15s
-TimeoutStopSec=3
diff --git a/roles/arch/templates/mpv/config.j2 b/roles/arch/templates/mpv/config.j2
deleted file mode 100644
index 706daf1..0000000
--- a/roles/arch/templates/mpv/config.j2
+++ /dev/null
@@ -1,12 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-volume=100
-sub-auto=fuzzy
-gpu-api=vulkan
-vo=gpu
-hwdec=vaapi
-
-ytdl-format=best
-
-audio-samplerate=96000
-audio-format=s64
diff --git a/roles/arch/templates/sudoers.j2 b/roles/arch/templates/sudoers.j2
deleted file mode 100644
index 5d41d4c..0000000
--- a/roles/arch/templates/sudoers.j2
+++ /dev/null
@@ -1,4 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
-sonny ALL=(ALL) NOPASSWD: /usr/bin/mount
-sonny ALL=(ALL) NOPASSWD: /usr/bin/umount
diff --git a/roles/arch/vars/desktop.yml b/roles/arch/vars/desktop.yml
deleted file mode 100644
index 28d4ccb..0000000
--- a/roles/arch/vars/desktop.yml
+++ /dev/null
@@ -1 +0,0 @@
-platform_packages: []
diff --git a/roles/arch/vars/laptop.yml b/roles/arch/vars/laptop.yml
deleted file mode 100644
index 3ea944c..0000000
--- a/roles/arch/vars/laptop.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-platform_packages:
-  - iwd
-  - powertop
diff --git a/roles/requirements.yml b/roles/requirements.yml
deleted file mode 100644
index 276b569..0000000
--- a/roles/requirements.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- src: git+https://git.fudiggity.nl/ansible/common.git
-  name: common
-  version: master
-  scm: git
-- src: git+https://git.fudiggity.nl/ansible/npm.git
-  name: npm
-  version: master
-  scm: git
diff --git a/tasks/desktop.yml b/tasks/desktop.yml
new file mode 100644
index 0000000..a5134cd
--- /dev/null
+++ b/tasks/desktop.yml
@@ -0,0 +1,12 @@
+- name: Create xdg-desktop-portal.service.d directory
+  ansible.builtin.file:
+    path: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d'
+    state: directory
+    mode: '0755'
+
+- name: Copy xdg-desktop-portal.service drop-in
+  ansible.builtin.template:
+    src: templates/desktop/xdg-desktop-portal.service.j2
+    dest: '{{ xdg_config_dir }}/systemd/user/xdg-desktop-portal.service.d/override.conf'
+    mode: '0755'
+  notify: user daemon-reload
diff --git a/tasks/mpd.yaml b/tasks/mpd.yaml
new file mode 100644
index 0000000..f3e29b7
--- /dev/null
+++ b/tasks/mpd.yaml
@@ -0,0 +1,71 @@
+- name: Include mpd defaults
+  ansible.builtin.include_vars:
+    file: vars/mpd.yml
+
+- name: Copy systemd configuration files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0644'
+  loop:
+    - src: 'templates/mpd/service.j2'
+      dest: '{{ xdg_config_dir }}/systemd/user/mpd.service'
+
+    - src: 'templates/mpd/socket.j2'
+      dest: '{{ xdg_config_dir }}/systemd/user/mpd.socket'
+  notify:
+    - stop mpd service
+    - restart mpd socket
+
+- name: Create mpd files
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: '{{ item.state }}'
+    mode: '0755'
+  loop:
+    - path: '{{ mpd_configuration_dir }}'
+      state: 'directory'
+    - path: '{{ ncmpc_configuration_dir }}'
+      state: 'directory'
+    - path: '{{ ncmpcpp_configuration_dir }}'
+      state: 'directory'
+    - path: '{{ mpd_configuration_dir }}/playlists'
+      state: 'directory'
+    - path: '{{ mpd_configuration_dir }}/state'
+      state: 'touch'
+
+- name: Remove previous mpd files
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    state: '{{ item.state }}'
+    mode: '0755'
+  loop:
+    - path: '{{ mpd_configuration_dir }}/log'
+      state: 'absent'
+    - path: '{{ mpd_configuration_dir }}/database'
+      state: 'absent'
+    - path: '{{ mpd_configuration_dir }}/sticker.sql'
+      state: 'absent'
+    - path: '{{ ncmpc_configuration_dir }}'
+      state: 'absent'
+
+- name: Copy configuration files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop:
+    - src: 'templates/mpd/mpd.conf.j2'
+      dest: '{{ mpd_configuration_dir }}/mpd.conf'
+    - src: 'templates/mpd/ncmpcpp/config.j2'
+      dest: '{{ ncmpcpp_configuration_dir }}/config'
+    - src: 'templates/mpd/ncmpcpp/bindings.j2'
+      dest: '{{ ncmpcpp_configuration_dir }}/bindings'
+  notify:
+    - stop mpd service
+
+# TODO: install https://aur.archlinux.org/mpd-mpris-bin.git from AUR
+# Use mpc to control local mpd server.
+# Use $ mpc add http://{{ mpd_remote_address }}:{{ mpd_remote_stream_port }}
+# to add the HTTP stream to the playlist.
+# Use nmcpc to control remote mpd server.
diff --git a/tasks/mpv.yml b/tasks/mpv.yml
new file mode 100644
index 0000000..3b4c52a
--- /dev/null
+++ b/tasks/mpv.yml
@@ -0,0 +1,16 @@
+- name: Create configuration directory
+  ansible.builtin.file:
+    path: '{{ ansible_env.HOME }}/.config/mpv'
+    state: directory
+    mode: '0700'
+
+- name: Copy configuration files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0644'
+  loop:
+    - src: 'templates/mpv/input.j2'
+      dest: '{{ ansible_env.HOME }}/.config/mpv/input.conf'
+    - src: 'templates/mpv/config.j2'
+      dest: '{{ ansible_env.HOME }}/.config/mpv/mpv.conf'
diff --git a/tasks/network/desktop.yml b/tasks/network/desktop.yml
new file mode 100644
index 0000000..4eb16d8
--- /dev/null
+++ b/tasks/network/desktop.yml
@@ -0,0 +1,27 @@
+- name: Desktop configuration
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+  block:
+    - name: Setup network configuration
+      become: true
+      ansible.builtin.template:
+        src: '{{ item.src }}'
+        dest: '{{ item.dest }}'
+        owner: root
+        group: systemd-network
+        mode: '0640'
+      loop:
+        - src: 'templates/desktop/network/enp1s0.link.j2'
+          dest: '/etc/systemd/network/20-enp1s0.link'
+        - src: 'templates/desktop//network/enp1s0.network.j2'
+          dest: '/etc/systemd/network/20-enp1s0.network'
+
+    - name: Remove leftover configuration files
+      become: true
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - '/etc/systemd/network/30-vmbr0.network'
+        - '/etc/systemd/network/30-vmbr0.netdev'
diff --git a/tasks/network/htpc.yml b/tasks/network/htpc.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tasks/network/main.yml b/tasks/network/main.yml
new file mode 100644
index 0000000..f8586b1
--- /dev/null
+++ b/tasks/network/main.yml
@@ -0,0 +1,28 @@
+# Note that Wireguard does DNS resolution only once during connection.
+# When a client's IP changes, the server should be notified in some way,
+# using `wg set wg0 peer izHzmRwh2yzICps6pFI2Bg3TnmTD66/8uH4loJpkuD4= endpoint <NEW-IP>:<PORT>`
+# for example.
+
+- name: Set hostname
+  become: true
+  ansible.builtin.hostname:
+    name: '{{ hostname }}'
+    use: systemd
+
+- name: Copy hosts file
+  become: true
+  ansible.builtin.template:
+    src: templates/hosts.j2
+    dest: /etc/hosts
+    mode: '0644'
+    owner: root
+
+- name: Copy firewall template
+  become: true
+  ansible.builtin.template:
+    src: 'templates/{{ ansible_hostname }}/nftables.j2'
+    dest: /etc/nftables.conf
+    owner: root
+    group: root
+    mode: '0600'
+  notify: restart nftables
diff --git a/tasks/network/xps.yml b/tasks/network/xps.yml
new file mode 100644
index 0000000..0c99843
--- /dev/null
+++ b/tasks/network/xps.yml
@@ -0,0 +1,47 @@
+- name: Setup network configuration
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - src: 'templates/xps/network/wlan0-local.network.j2'
+      dest: '/etc/systemd/network/10-wireless.network'
+
+    - src: 'templates/xps/network/wlan0-frans.network.j2'
+      dest: '/etc/systemd/network/11-wireless.network'
+
+    - src: 'templates/xps/network/wlan0.network.j2'
+      dest: '/etc/systemd/network/20-wireless.network'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Create iwd directory
+  become: true
+  ansible.builtin.template:
+    src: templates/xps/iwd.j2
+    dest: /etc/iwd
+    mode: '0644'
+    owner: root
+
+- name: Provision iwd configuration
+  become: true
+  ansible.builtin.template:
+    src: templates/xps/iwd.j2
+    dest: /etc/iwd/main.config
+    mode: '0755'
+    owner: root
+  notify: restart iwd
+
+- name: Remove leftover configuration files
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: absent
+  loop:
+    - /etc/systemd/network/30-vmbr0.network
+    - /etc/systemd/network/30-vmbr0.netdev
+    - /etc/systemd/network/10-wlan0.link
diff --git a/tasks/setup.yml b/tasks/setup.yml
new file mode 100644
index 0000000..e2c0d73
--- /dev/null
+++ b/tasks/setup.yml
@@ -0,0 +1,205 @@
+- name: Provision pollkit administrator configuration
+  become: true
+  ansible.builtin.template:
+    src: 'templates/polkit.j2'
+    dest: '/etc/polkit-1/rules.d/49-nopasswd_global.rules'
+    mode: '0755'
+
+- name: Install shared packages
+  become: true
+  community.general.pacman:
+    name: '{{ packages }}'
+
+- name: Copy reflector configuration
+  become: true
+  ansible.builtin.template:
+    src: 'templates/reflector.j2'
+    dest: '/etc/xdg/reflector/reflector.conf'
+    mode: '0600'
+
+# started by weekly timer
+- name: Disable reflector
+  become: true
+  ansible.builtin.systemd:
+    name: reflector
+    state: stopped
+    enabled: false
+
+- name: Copy pacman configuration
+  become: true
+  ansible.builtin.template:
+    src: 'templates/pacman.j2'
+    dest: '/etc/pacman.conf'
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Create extra conf
+  become: true
+  ansible.builtin.file:
+    path: '/etc/pacman.d/extra.conf'
+    owner: root
+    group: root
+    state: touch
+    mode: '0644'
+
+- name: Setup Wezterm
+  when: "'wezterm' in packages"
+  block:
+    - name: Create wezterm configuration dir
+      ansible.builtin.file:
+        path: '{{ xdg_config_dir }}/wezterm/includes'
+        state: directory
+        mode: '0755'
+
+    - name: Copy wezterm configuration files
+      ansible.builtin.template:
+        src: '{{ item.src }}'
+        dest: '{{ item.dest }}'
+        mode: '0755'
+      loop:
+        - src: 'templates/wezterm/wezterm.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/wezterm.lua'
+
+        - src: 'templates/wezterm/includes/colors.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/includes/colors.lua'
+
+        - src: 'templates/wezterm/includes/fonts.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/includes/fonts.lua'
+
+        - src: 'templates/wezterm/includes/window.lua.j2'
+          dest: '{{ xdg_config_dir }}/wezterm/includes/window.lua'
+
+- name: Enable fstrim timer
+  become: true
+  ansible.builtin.systemd:
+    name: fstrim.timer
+    enabled: true
+
+- name: Remove the sysctl.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/sysctl.d
+    state: absent
+
+- name: Recreate the sysctl.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/sysctl.d
+    state: directory
+    mode: '0755'
+
+- name: Copy sysctl files
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop:
+    - src: 'templates/sysctl/99-sysrq.conf.j2'
+      dest: '/etc/sysctl.d/99-sysrq.conf'
+    - src: 'templates/sysctl/98-forward.conf.j2'
+      dest: '/etc/sysctl.d/98-foward.conf'
+  notify: reload sysctl configuration
+
+- name: Remove the modprobe.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/modprobe.d
+    state: absent
+
+- name: Recreate the modprobe.d directory
+  become: true
+  ansible.builtin.file:
+    path: /etc/modprobe.d
+    state: directory
+    mode: '0755'
+
+- name: Copy modprobe configuration files
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop: '{{ modprobe_templates }}'
+  when: modprobe_templates
+
+- name: Copy kernel parameters template
+  become: true
+  ansible.builtin.template:
+    src: 'templates/{{ ansible_hostname }}/cmdline.j2'
+    dest: '/etc/kernel/cmdline'
+    mode: '0755'
+
+- name: Remove the mkinitcpio directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: absent
+  loop:
+    - /etc/mkinitcpio.conf.d
+    - /etc/mkinitcpio.d
+
+- name: Recreate the mkinitcpio directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    state: directory
+    mode: '0755'
+  loop:
+    - /etc/mkinitcpio.conf.d
+    - /etc/mkinitcpio.d
+
+- name: Copy mkinitcpio configuration files
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    mode: '0755'
+  loop: '{{ mkinitcpio_templates }}'
+  when: '{{ mkinitcpio_templates | length > 0 }}'
+
+- name: Regenerate initramfs images
+  become: true
+  ansible.builtin.command: 'mkinitcpio --allpresets'
+  register: mkinitcpio_stats
+
+- name: Log mkinitcpio stdout
+  ansible.builtin.debug:
+    var: mkinitcpio_stats.stdout_lines
+
+- name: Create a Linux UEFI boot entry
+  become: true
+  ansible.builtin.command: efibootmgr \
+    --create \
+    --disk '{{ boot_configuration.disk }}' \
+    --part '{{ boot_configuration.partition }}' \
+    --label 'Arch Linux'  \
+    --loader '\EFI\Linux\linux.efi'\
+    --unicode
+    --index 0
+  register: efi_linux_stats
+  when: register_uefi_entries
+
+- name: Log efibootmgr stdout
+  ansible.builtin.debug:
+    var: efi_linux_stats.stdout_lines
+  when: register_uefi_entries
+
+- name: Create a Linux LTS UEFI boot entry
+  become: true
+  ansible.builtin.command: efibootmgr \
+    --create \
+    --disk '{{ boot_configuration.disk }}' \
+    --part '{{ boot_configuration.partition }}' \
+    --label 'Arch Linux LTS'  \
+    --loader '\EFI\Linux\linux-lts.efi'\
+    --unicode
+    --index 1
+  register: efi_linux_lts_stats
+  when: register_uefi_entries
+
+- name: Log efibootmgr LTS stdout
+  ansible.builtin.debug:
+    var: efi_linux_lts_stats.stdout_lines
+  when: register_uefi_entries
diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml
new file mode 100644
index 0000000..c54fde5
--- /dev/null
+++ b/tasks/syncthing.yml
@@ -0,0 +1,18 @@
+- name: Create configuration dir
+  ansible.builtin.file:
+    path: '{{ xdg_config_dir }}/syncthing'
+    state: directory
+    mode: '0755'
+
+- name: Stop syncthing service
+  ansible.builtin.systemd:
+    name: syncthing
+    scope: user
+    state: stopped
+
+- name: Copy configuration file
+  ansible.builtin.template:
+    src: 'templates/syncthing/config.j2'
+    dest: '{{ xdg_config_dir }}/syncthing/config.xml'
+    mode: '0640'
+  notify: start syncthing
diff --git a/tasks/systemd.yml b/tasks/systemd.yml
new file mode 100644
index 0000000..4b6e6e5
--- /dev/null
+++ b/tasks/systemd.yml
@@ -0,0 +1,28 @@
+- name: Setup systemd user service folder
+  ansible.builtin.file:
+    path: '{{ xdg_config_dir }}/systemd/user'
+    state: directory
+    mode: '0755'
+
+- name: Add ssh-agent service
+  ansible.builtin.template:
+    src: 'templates/ssh-agent.j2'
+    dest: '{{ xdg_config_dir }}/systemd/user/ssh-agent.service'
+    mode: '0644'
+  notify: restart user ssh-agent
+
+- name: Copy tmux service
+  ansible.builtin.template:
+    src: 'templates/tmux.j2'
+    dest: '{{ xdg_config_dir }}/systemd/user/tmux.service'
+    mode: '0644'
+  notify:
+    - user daemon-reload
+    - restart tmux service
+
+- name: Copy tmux startup script
+  ansible.builtin.copy:
+    src: 'files/tmux_start'
+    dest: '{{ ansible_env.HOME }}/.local/bin/tmux_start'
+    mode: '0740'
+    force: false
diff --git a/tasks/timer.yml b/tasks/timer.yml
new file mode 100644
index 0000000..7a2aa56
--- /dev/null
+++ b/tasks/timer.yml
@@ -0,0 +1,45 @@
+- name: copy timer files
+  become: true
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    mode: '0644'
+  loop:
+    - { src: 'templates/timer/daily_timer.j2', dest: '/etc/systemd/system/daily.timer' }
+    - { src: 'templates/timer/weekly_timer.j2', dest: '/etc/systemd/system/weekly.timer' }
+  notify:
+    - enable daily timer
+    - enable weekly timer
+
+- name: copy target files
+  become: true
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    mode: '0644'
+  loop:
+    - { src: 'templates/timer/daily_target.j2', dest: '/etc/systemd/system/daily.target' }
+    - {
+      src: 'templates/timer/weekly_target.j2',
+      dest: '/etc/systemd/system/weekly.target',
+    }
+
+- name: create target directories
+  become: true
+  file:
+    path: '{{ item }}'
+    state: directory
+    owner: root
+    mode: '0755'
+  loop:
+    - '/etc/systemd/system/daily.target.wants'
+    - '/etc/systemd/system/weekly.target.wants'
+
+- name: add reflector to weekly timer
+  become: true
+  file:
+    src: '/usr/lib/systemd/system/reflector.service'
+    dest: '/etc/systemd/system/weekly.target.wants/reflector.service'
+    state: link
diff --git a/tasks/wireguard-media.yml b/tasks/wireguard-media.yml
new file mode 100644
index 0000000..b22e477
--- /dev/null
+++ b/tasks/wireguard-media.yml
@@ -0,0 +1,71 @@
+- name: Include wireguard media defaults
+  ansible.builtin.include_vars:
+    file: vars/wireguard-media.yml
+
+- name: Create Wireguard directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    owner: root
+    group: systemd-network
+    mode: '0750'
+    state: directory
+    recurse: true
+  loop:
+    - '{{ vpn_config_dir }}'
+    - '{{ wireguard_media_defaults.private_key_path | dirname }}'
+    - '{{ wireguard_media_defaults.public_key_path | dirname }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard credentials
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - dest: '{{ wireguard_media_defaults.public_key_path }}'
+      src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub'
+
+    - dest: '{{ wireguard_media_defaults.private_key_path }}'
+      src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard preshared keys
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.preshared_key_source_path }}'
+    dest: '{{ item.preshared_key_path }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop: '{{ wireguard_media_defaults.peers }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Setup network configuration
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2'
+      dest: '/etc/systemd/network/40-wg1.network'
+
+    - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2'
+      dest: '/etc/systemd/network/40-wg1.netdev'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+  vars:
+    wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"
diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml
new file mode 100644
index 0000000..bfd9418
--- /dev/null
+++ b/tasks/wireguard.yml
@@ -0,0 +1,71 @@
+- name: Include wireguard defaults
+  ansible.builtin.include_vars:
+    file: vars/wireguard.yml
+
+- name: Create Wireguard directories
+  become: true
+  ansible.builtin.file:
+    path: '{{ item }}'
+    owner: root
+    group: systemd-network
+    mode: '0750'
+    state: directory
+    recurse: true
+  loop:
+    - '{{ vpn_config_dir }}'
+    - '{{ wireguard_defaults.private_key_path | dirname }}'
+    - '{{ wireguard_defaults.public_key_path | dirname }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard credentials
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - dest: '{{ wireguard_defaults.public_key_path }}'
+      src: 'files/wireguard/{ ansible_hostname }}/fudiggity.pub'
+
+    - dest: '{{ wireguard_defaults.private_key_path }}'
+      src: 'files/wireguard/{{ ansible_hostname }}/fudiggity.key'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Copy Wireguard preshared keys
+  become: true
+  ansible.builtin.copy:
+    src: '{{ item.preshared_key_source_path }}'
+    dest: '{{ item.preshared_key_path }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop: '{{ wireguard_defaults.peers }}'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+
+- name: Setup network configuration
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: systemd-network
+    mode: '0640'
+  loop:
+    - src: 'templates/{{ ansible_hostname }}/network/wg0.network.j2'
+      dest: '/etc/systemd/network/40-wg0.network'
+
+    - src: 'templates/{{ ansible_hostname }}/network/wg0.netdev.j2'
+      dest: '/etc/systemd/network/40-wg0.netdev'
+  notify:
+    - restart systemd-networkd
+    - restart systemd-resolved
+  vars:
+    wireguard: "{{ wireguard | ansible.builtin.combine(wireguard_defaults) }}"
diff --git a/tasks/xps.yml b/tasks/xps.yml
new file mode 100644
index 0000000..06aeb90
--- /dev/null
+++ b/tasks/xps.yml
@@ -0,0 +1,46 @@
+- name: Provision powertop systemd service
+  become: true
+  ansible.builtin.file:
+    path: /etc/systemd/system/powertop.service
+    state: absent
+
+- name: Provision python pa-dlna
+  block:
+    - name: Create configuration directory
+      ansible.builtin.file:
+        path: '{{ xdg_config_dir }}/pa-dlna'
+        state: directory
+        mode: '0755'
+
+    - name: Copy configuration file
+      ansible.builtin.template:
+        src: templates/xps/pa-dlna/config.j2
+        dest: '{{ xdg_config_dir }}/pa-dlna/pa-dlna.conf'
+        mode: '0755'
+
+    - name: Copy systemd service
+      ansible.builtin.template:
+        src: templates/xps/pa-dlna/service.j2
+        dest: '{{ xdg_config_dir }}/systemd/user/pa-dlna.service'
+        mode: '0755'
+
+    - name: Create virtualenv directory
+      become: true
+      ansible.builtin.file:
+        path: /opt/virtualenv/pa-dlna
+        state: directory
+        owner: sonny
+        group: sonny
+        mode: '0755'
+
+    - name: Install pa-dlna
+      ansible.builtin.pip:
+        name: 'pa-dlna=={{ pa_dlna_version }}'
+        virtualenv: /opt/virtualenv/pa-dlna
+        virtualenv_command: python3.13 -m venv
+
+    - name: Install python-systemd
+      ansible.builtin.pip:
+        name: 'python-systemd=={{ pa_dlna_systemd_version }}'
+        virtualenv: /opt/virtualenv/pa-dlna
+        virtualenv_command: python3.13 -m venv
diff --git a/templates/desktop/cmdline.j2 b/templates/desktop/cmdline.j2
new file mode 100644
index 0000000..08259b5
--- /dev/null
+++ b/templates/desktop/cmdline.j2
@@ -0,0 +1 @@
+root=UUID=c5fe300d-97bf-476d-abd4-edfe7460bc81 rw bgrt_disable
diff --git a/templates/desktop/mkinitcpio/1-modules.conf.j2 b/templates/desktop/mkinitcpio/1-modules.conf.j2
new file mode 100644
index 0000000..82581fb
--- /dev/null
+++ b/templates/desktop/mkinitcpio/1-modules.conf.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+MODULES=(amdgpu)
diff --git a/templates/desktop/mkinitcpio/linux-lts.preset.j2 b/templates/desktop/mkinitcpio/linux-lts.preset.j2
new file mode 100644
index 0000000..71d2550
--- /dev/null
+++ b/templates/desktop/mkinitcpio/linux-lts.preset.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux-lts.efi"
+default_kver="/boot/vmlinuz-linux-lts"
diff --git a/templates/desktop/mkinitcpio/linux.preset.j2 b/templates/desktop/mkinitcpio/linux.preset.j2
new file mode 100644
index 0000000..22097bb
--- /dev/null
+++ b/templates/desktop/mkinitcpio/linux.preset.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux.efi"
+default_kver="/boot/vmlinuz-linux"
diff --git a/templates/desktop/modprobe/99-amdgpu.conf.j2 b/templates/desktop/modprobe/99-amdgpu.conf.j2
new file mode 100644
index 0000000..2ef56d7
--- /dev/null
+++ b/templates/desktop/modprobe/99-amdgpu.conf.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+# disable Panel Self Refresh for 6.10
+# see https://bbs.archlinux.org/viewtopic.php?pid=2191514#p2191514
+options amdgpu dcdebugmask=0x12
diff --git a/templates/desktop/network/enp1s0.link.j2 b/templates/desktop/network/enp1s0.link.j2
new file mode 100644
index 0000000..4ed6b79
--- /dev/null
+++ b/templates/desktop/network/enp1s0.link.j2
@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+[Match]
+MACAddress={{ lan_interface_mac }}
+
+[Link]
+Name={{ lan_interface }}
diff --git a/templates/desktop/network/enp1s0.network.j2 b/templates/desktop/network/enp1s0.network.j2
new file mode 100644
index 0000000..af57302
--- /dev/null
+++ b/templates/desktop/network/enp1s0.network.j2
@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ lan_interface }}
+
+[Network]
+Address={{ local_network_address }}
+Gateway={{ local_network_gateway }}
+DNS={{ local_network_dns }}
+MulticastDNS=yes
+DNSOverTLS=yes
+DNSSEC=yes
+DHCP=no
+LinkLocalAddressing=no
+IPv6AcceptRA=no
+IPv6SendRA=no
+RequiredForOnline=routable
diff --git a/templates/desktop/network/wg0.netdev.j2 b/templates/desktop/network/wg0.netdev.j2
new file mode 100644
index 0000000..85ba97e
--- /dev/null
+++ b/templates/desktop/network/wg0.netdev.j2
@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ wireguard.interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ wireguard.interface }}
+
+[WireGuard]
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main
+
+{% for peer in wireguard.peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
diff --git a/templates/desktop/network/wg0.network.j2 b/templates/desktop/network/wg0.network.j2
new file mode 100644
index 0000000..76731d3
--- /dev/null
+++ b/templates/desktop/network/wg0.network.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireguard.interface }}
+
+[Network]
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ lan_interface }}
diff --git a/templates/desktop/network/wg1.netdev.j2 b/templates/desktop/network/wg1.netdev.j2
new file mode 100644
index 0000000..85ba97e
--- /dev/null
+++ b/templates/desktop/network/wg1.netdev.j2
@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ wireguard.interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ wireguard.interface }}
+
+[WireGuard]
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main
+
+{% for peer in wireguard.peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
diff --git a/templates/desktop/network/wg1.network.j2 b/templates/desktop/network/wg1.network.j2
new file mode 100644
index 0000000..76731d3
--- /dev/null
+++ b/templates/desktop/network/wg1.network.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireguard.interface }}
+
+[Network]
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ lan_interface }}
diff --git a/templates/desktop/nftables.j2 b/templates/desktop/nftables.j2
new file mode 100644
index 0000000..29f4cd1
--- /dev/null
+++ b/templates/desktop/nftables.j2
@@ -0,0 +1,46 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+flush ruleset
+
+table inet filter {
+  chain input {
+    type filter hook input priority 0; policy drop;
+
+    # allow established/related connections
+    ct state { established, related } accept
+
+    # early drop of invalid connections
+    ct state invalid drop
+
+    # allow from loopback
+    iifname lo accept
+
+    # allow icmp
+    ip protocol icmp accept
+    ip6 nexthdr icmpv6 accept
+
+    # allow mDNS
+    udp dport 5353 accept
+
+    # allow ssh
+    tcp dport ssh accept
+
+    # syncthing
+    ip saddr 10.0.0.1 tcp dport 22000 accept
+  }
+
+  chain forward {
+    type filter hook forward priority security; policy drop;
+
+    ct state { established, related } accept;
+
+    mark 1 accept
+  }
+}
+
+table ip filter {
+  chain DOCKER-USER {
+    mark set 1
+  }
+}
diff --git a/templates/desktop/xdg-desktop-portal.service.j2 b/templates/desktop/xdg-desktop-portal.service.j2
new file mode 100644
index 0000000..7d06561
--- /dev/null
+++ b/templates/desktop/xdg-desktop-portal.service.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[Unit]
+Requires=plasma-core.target
+After=plasma-core.target
diff --git a/templates/hosts.j2 b/templates/hosts.j2
new file mode 100644
index 0000000..58cf68c
--- /dev/null
+++ b/templates/hosts.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+127.0.0.1   localhost.localdomain localhost
+127.0.1.1   localhost.localdomain {{ hostname }}
+::1         localhost.localdomain localhost
diff --git a/templates/htpc/cmdline.j2 b/templates/htpc/cmdline.j2
new file mode 100644
index 0000000..f1e2797
--- /dev/null
+++ b/templates/htpc/cmdline.j2
@@ -0,0 +1 @@
+rd.luks.name=d6272853-f41c-47a3-aa27-31ca9b559087=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap
diff --git a/templates/htpc/mkinitcpio/1-modules.conf.j2 b/templates/htpc/mkinitcpio/1-modules.conf.j2
new file mode 100644
index 0000000..82581fb
--- /dev/null
+++ b/templates/htpc/mkinitcpio/1-modules.conf.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+MODULES=(amdgpu)
diff --git a/templates/htpc/mkinitcpio/linux-lts.preset.j2 b/templates/htpc/mkinitcpio/linux-lts.preset.j2
new file mode 100644
index 0000000..71d2550
--- /dev/null
+++ b/templates/htpc/mkinitcpio/linux-lts.preset.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux-lts.efi"
+default_kver="/boot/vmlinuz-linux-lts"
diff --git a/templates/htpc/mkinitcpio/linux.preset.j2 b/templates/htpc/mkinitcpio/linux.preset.j2
new file mode 100644
index 0000000..22097bb
--- /dev/null
+++ b/templates/htpc/mkinitcpio/linux.preset.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux.efi"
+default_kver="/boot/vmlinuz-linux"
diff --git a/templates/htpc/network/enp1s0.link.j2 b/templates/htpc/network/enp1s0.link.j2
new file mode 100644
index 0000000..4ed6b79
--- /dev/null
+++ b/templates/htpc/network/enp1s0.link.j2
@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+[Match]
+MACAddress={{ lan_interface_mac }}
+
+[Link]
+Name={{ lan_interface }}
diff --git a/templates/htpc/network/enp1s0.network.j2 b/templates/htpc/network/enp1s0.network.j2
new file mode 100644
index 0000000..af57302
--- /dev/null
+++ b/templates/htpc/network/enp1s0.network.j2
@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ lan_interface }}
+
+[Network]
+Address={{ local_network_address }}
+Gateway={{ local_network_gateway }}
+DNS={{ local_network_dns }}
+MulticastDNS=yes
+DNSOverTLS=yes
+DNSSEC=yes
+DHCP=no
+LinkLocalAddressing=no
+IPv6AcceptRA=no
+IPv6SendRA=no
+RequiredForOnline=routable
diff --git a/templates/htpc/network/wg1.netdev.j2 b/templates/htpc/network/wg1.netdev.j2
new file mode 100644
index 0000000..85ba97e
--- /dev/null
+++ b/templates/htpc/network/wg1.netdev.j2
@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ wireguard.interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ wireguard.interface }}
+
+[WireGuard]
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main
+
+{% for peer in wireguard.peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
diff --git a/templates/htpc/network/wg1.network.j2 b/templates/htpc/network/wg1.network.j2
new file mode 100644
index 0000000..76731d3
--- /dev/null
+++ b/templates/htpc/network/wg1.network.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireguard.interface }}
+
+[Network]
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ lan_interface }}
diff --git a/templates/htpc/nftables.j2 b/templates/htpc/nftables.j2
new file mode 100644
index 0000000..9a8cb01
--- /dev/null
+++ b/templates/htpc/nftables.j2
@@ -0,0 +1,29 @@
+#!/usr/bin/nft -f
+# vim:set ts=2 sw=2 et:
+
+flush ruleset
+
+table inet filter {
+  chain input {
+    type filter hook input priority 0; policy drop;
+
+    # allow established/related connections
+    ct state { established, related } accept
+
+    # early drop of invalid connections
+    ct state invalid drop
+
+    # allow from loopback
+    iifname lo accept
+
+    # allow icmp
+    ip protocol icmp accept
+    ip6 nexthdr icmpv6 accept
+
+    # allow mDNS
+    udp dport 5353 accept
+
+    # allow ssh
+    tcp dport ssh accept
+  }
+}
diff --git a/templates/mpd/mpd.conf.j2 b/templates/mpd/mpd.conf.j2
new file mode 100644
index 0000000..af43ed2
--- /dev/null
+++ b/templates/mpd/mpd.conf.j2
@@ -0,0 +1,40 @@
+# {{ ansible_managed }}
+#
+bind_to_address       "{{ mpd_listen_address }}"
+port                  "{{ mpd_listen_port }}"
+
+playlist_directory     "{{ mpd_configuration_dir }}/playlists"
+state_file             "{{ mpd_configuration_dir }}/state"
+
+database {
+  plugin  "proxy"
+  host    "{{ mpd_remote_address }}"
+  port    "{{ mpd_remote_port }}"
+}
+
+audio_output {
+  name    "mpd"
+  type    "pipewire"
+  dsd     "yes"
+}
+
+audio_output {
+  type    "fifo"
+  name    "my_fifo"
+  path    "/tmp/mpd.fifo"
+}
+
+input {
+  enabled   "no"
+  plugin    "tidal"
+}
+
+input {
+  enabled   "no"
+  plugin    "qobuz"
+}
+
+decoder {
+  enabled   "no"
+  plugin    "wildmidi"
+}
diff --git a/templates/mpd/ncmpc.j2 b/templates/mpd/ncmpc.j2
new file mode 100644
index 0000000..2b02e99
--- /dev/null
+++ b/templates/mpd/ncmpc.j2
@@ -0,0 +1,32 @@
+## {{ ansible_managed }}
+#
+##
+## Configuration file for ncmpc (~/.config/ncmpc/config)
+##
+
+############## Connection ###################
+## Connect to mpd running on a specified host
+host = {{ mpd_remote_address }}
+
+## Connect to mpd on the specified port.
+port = {{ mpd_remote_port }}
+
+############## Theme ###################
+# Topbar
+color title = 0/254
+color line = 0/254
+
+# Main window
+color background = 15
+color list = 239/15
+color browser-directory = 239/15
+color browser-playlist = 239/15
+
+# Selected
+color list-bold = 147/255
+
+# Bottombar
+color progressbar = 0
+color status-state = 0/255
+color status-song = 0/255
+color status-time = 0/255
diff --git a/templates/mpd/ncmpcpp/bindings.j2 b/templates/mpd/ncmpcpp/bindings.j2
new file mode 100644
index 0000000..1f85833
--- /dev/null
+++ b/templates/mpd/ncmpcpp/bindings.j2
@@ -0,0 +1,323 @@
+# {{ ansible_managed }}
+
+# enabled bindings
+def_key "a"
+  add_item_to_playlist
+
+def_key "l"
+  jump_to_playing_song
+
+def_key "l"
+  next_column
+
+def_key "h"
+  previous_column
+
+def_key "k"
+  scroll_up
+
+def_key "j"
+  scroll_down
+
+def_key "tab"
+  next_screen
+
+def_key "shift-tab"
+  previous_screen
+
+def_key "f1"
+  show_help
+
+def_key "1"
+  show_playlist
+
+def_key "2"
+  show_browser
+
+def_key "2"
+  change_browse_mode
+
+def_key "3"
+  show_search_engine
+
+def_key "3"
+  reset_search_engine
+
+def_key "4"
+  show_media_library
+
+def_key "4"
+  toggle_media_library_columns_mode
+
+def_key "5"
+  show_playlist_editor
+
+def_key "6"
+  show_tag_editor
+
+def_key "7"
+  show_outputs
+
+def_key "8"
+  show_visualizer
+
+def_key "["
+  scroll_up_album
+
+def_key "]"
+  scroll_down_album
+
+def_key "{"
+  scroll_up_artist
+
+def_key "}"
+  scroll_down_artist
+
+def_key "page_up"
+  page_up
+
+def_key "page_down"
+  page_down
+
+def_key "home"
+  move_home
+
+def_key "end"
+  move_end
+
+def_key "enter"
+  enter_directory
+
+def_key "enter"
+  toggle_output
+
+def_key "enter"
+  run_action
+
+def_key "enter"
+  play_item
+
+def_key "delete"
+  delete_playlist_items
+
+def_key "delete"
+  delete_browser_items
+
+def_key "delete"
+  delete_stored_playlist
+
+def_key "s"
+  stop
+
+def_key "p"
+  pause
+
+def_key ">"
+  next
+
+def_key "<"
+  previous
+
+def_key "ctrl-h"
+  replay_song
+
+def_key "f"
+  seek_forward
+
+def_key "b"
+  seek_backward
+
+def_key "ctrl-r"
+  toggle_repeat
+
+def_key "ctrl-z"
+  toggle_random
+
+def_key "ctrl-s"
+  toggle_single
+
+def_key "u"
+  update_database
+
+def_key "/"
+  find_item_forward
+  find
+
+def_key "q"
+  quit
+
+def_key "v"
+  select_range
+
+def_key "c"
+  remove_selection
+
+def_key "C"
+  clear_playlist
+
+
+# default dummy bindings
+def_key "mouse"
+  dummy
+
+def_key "up"
+  dummy
+
+def_key "shift-up"
+  dummy
+
+def_key "down"
+  dummy
+
+def_key "shift-down"
+  dummy
+
+def_key "insert"
+  dummy
+
+def_key "space"
+  dummy
+
+def_key "right"
+  dummy
+
+def_key "+"
+  dummy
+
+def_key "left"
+  dummy
+
+def_key "-"
+  dummy
+
+def_key ":"
+  dummy
+
+def_key "="
+  dummy
+
+def_key "@"
+  dummy
+
+def_key "backspace"
+  dummy
+
+def_key "y"
+  dummy
+
+def_key "R"
+  dummy
+
+def_key "Y"
+  dummy
+
+def_key "T"
+  dummy
+
+def_key "|"
+  dummy
+
+def_key "#"
+  dummy
+
+def_key "Z"
+  dummy
+
+def_key "x"
+  dummy
+
+def_key "X"
+  dummy
+
+def_key "ctrl-f"
+  dummy
+
+def_key "ctrl-_"
+  dummy
+
+def_key "?"
+  dummy
+
+def_key "."
+  dummy
+
+def_key ","
+  dummy
+
+def_key "w"
+  dummy
+
+def_key "e"
+  dummy
+
+def_key "i"
+  dummy
+
+def_key "I"
+  dummy
+
+def_key "g"
+  dummy
+
+def_key "ctrl-v"
+  dummy
+
+def_key "B"
+  dummy
+
+def_key "m"
+  dummy
+
+def_key "n"
+  dummy
+
+def_key "M"
+  dummy
+
+def_key "A"
+  dummy
+
+def_key "S"
+  dummy
+
+def_key "o"
+  dummy
+
+def_key "G"
+  dummy
+
+def_key "~"
+  dummy
+
+def_key "E"
+  dummy
+
+def_key "U"
+  dummy
+
+def_key "P"
+  dummy
+
+def_key "\\"
+  dummy
+
+def_key "!"
+  dummy
+
+def_key "L"
+  dummy
+
+def_key "F"
+  dummy
+
+def_key "alt-l"
+  dummy
+
+def_key "ctrl-l"
+  dummy
+
+def_key "`"
+  dummy
+
+def_key "ctrl-p"
+  dummy
diff --git a/templates/mpd/ncmpcpp/config.j2 b/templates/mpd/ncmpcpp/config.j2
new file mode 100644
index 0000000..a7cc08a
--- /dev/null
+++ b/templates/mpd/ncmpcpp/config.j2
@@ -0,0 +1,42 @@
+# {{ ansible_managed }}
+#
+
+############## Connection ###################
+## Connect to mpd running on a specified host
+mpd_host = {{ mpd_remote_address }}
+
+## Connect to mpd on the specified port.
+mpd_port = {{ mpd_remote_port }}
+
+# header_visibility = yes
+# playlist_show_mpd_host = yes
+# titles_visibility = yes
+# enable_window_title = yes
+
+
+connected_message_on_startup = no
+
+display_bitrate = yes
+
+visualizer_data_source = "/tmp/mpd.fifo"
+visualizer_output_name = "my_fifo"
+visualizer_in_stereo = "yes"
+visualizer_type = "spectrum"
+visualizer_look = "+|"
+
+############## Theme ###################
+
+user_interface = classic
+
+song_columns_list_format = "(40)[9]{t|f} (25)[245]{a} (25)[245]{b} (25)[245]{l}"
+song_list_format = "{$5 %a$9 $1│$9 $8%t$9 }|{ $8%f$9}$R{$5%b $7}"
+
+# Column Names
+header_window_color = 1
+
+# Main window
+main_window_color = 1
+
+# Bottombar
+progressbar_color = 1
+player_state_color = 1
diff --git a/templates/mpd/service.j2 b/templates/mpd/service.j2
new file mode 100644
index 0000000..54d1304
--- /dev/null
+++ b/templates/mpd/service.j2
@@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+#
+
+[Unit]
+Description=Music Player Daemon
+Documentation=man:mpd(1) man:mpd.conf(5)
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/mpd --systemd
+Restart=on-failure
+RestartSec=15s
+TimeoutStopSec=3
diff --git a/roles/arch/templates/mpd/socket.j2 b/templates/mpd/socket.j2
similarity index 66%
rename from roles/arch/templates/mpd/socket.j2
rename to templates/mpd/socket.j2
index 7188f2c..f6c6d2f 100644
--- a/roles/arch/templates/mpd/socket.j2
+++ b/templates/mpd/socket.j2
@@ -1,4 +1,5 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
+#
 
 [Socket]
 ListenStream=/run/user/1000/mpd.socket
diff --git a/templates/mpv/config.j2 b/templates/mpv/config.j2
new file mode 100644
index 0000000..cb9323b
--- /dev/null
+++ b/templates/mpv/config.j2
@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+#
+gpu-api=opengl
+vo=gpu
+hwdec=vaapi
+
+audio-samplerate=128000
+audio-format=s64
+volume=100
+
+keep-open=yes # do not close the window on exit
+keepaspect-window=no # add black bars if window aspect and video aspect mismatch
+
+sub-auto=fuzzy # load all subs containing the media filename
diff --git a/roles/arch/templates/mpv/input.j2 b/templates/mpv/input.j2
similarity index 74%
rename from roles/arch/templates/mpv/input.j2
rename to templates/mpv/input.j2
index b63757d..a405e81 100644
--- a/roles/arch/templates/mpv/input.j2
+++ b/templates/mpv/input.j2
@@ -1,14 +1,13 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
 #
-## Seek units are in seconds, but note that these are limited by keyframes
+# See /usr/share/doc/mpv/input.conf for more options.
+#
+## Seek units are in seconds, but note that these are limited by keyframes.
 RIGHT seek  5
 LEFT  seek -5
 SHIFT+RIGHT seek 60
 SHIFT+LEFT seek -60
 
-# UP    add volume 2
-# DOWN  add volume -2
-
 UP add ao-volume 2
 DOWN add ao-volume -2
 m cycle ao-mute
@@ -19,8 +18,7 @@ PGDWN add chapter -1                   # skip to previous chapter
 q quit
 
 j cycle sub                            # cycle through subtitles
-
-#SHARP cycle audio                      # switch audio streams
+- cycle audio                          # switch audio track
 
 f cycle fullscreen                     # toggle fullscreen
 s screenshot                           # take a screenshot
diff --git a/roles/arch/templates/pacman.j2 b/templates/pacman.j2
similarity index 91%
rename from roles/arch/templates/pacman.j2
rename to templates/pacman.j2
index 7b2a63b..76ce942 100644
--- a/roles/arch/templates/pacman.j2
+++ b/templates/pacman.j2
@@ -1,8 +1,8 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
 #
 # /etc/pacman.conf
 #
-# Add platform specific settings in /etc/pacman.d/extra.conf
+# Add environment specific settings in /etc/pacman.d/extra.conf
 #
 # See the pacman.conf(5) manpage for option and repository directives
 
@@ -27,7 +27,7 @@ HoldPkg     = pacman glibc
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
-#IgnorePkg =
+#IgnorePkg   =
 #IgnoreGroup =
 
 #NoUpgrade   =
@@ -36,9 +36,12 @@ Architecture = auto
 # Misc options
 #UseSyslog
 #Color
-#TotalDownload
+#NoProgressBar
 CheckSpace
 VerbosePkgLists
+ParallelDownloads = 5
+DownloadUser = alpm
+#DisableSandbox
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
@@ -73,19 +76,16 @@ LocalFileSigLevel = Optional
 # repo name header and Include lines. You can add preferred servers immediately
 # after the header, and they will be used before the default mirrors.
 
-#[testing]
+#[core-testing]
 #Include = /etc/pacman.d/mirrorlist
 
 [core]
 Include = /etc/pacman.d/mirrorlist
 
-[extra]
-Include = /etc/pacman.d/mirrorlist
-
-#[community-testing]
+#[extra-testing]
 #Include = /etc/pacman.d/mirrorlist
 
-[community]
+[extra]
 Include = /etc/pacman.d/mirrorlist
 
 # If you want to run 32 bit applications on your x86_64 system,
diff --git a/templates/polkit.j2 b/templates/polkit.j2
new file mode 100644
index 0000000..86a4b5f
--- /dev/null
+++ b/templates/polkit.j2
@@ -0,0 +1,11 @@
+/* {{ ansible_managed }}
+ *
+ * Allow members of the wheel group to execute any actions
+ * without password authentication, similar to "sudo NOPASSWD:"
+ * without password authentication, similar to "sudo NOPASSWD:"
+ */
+polkit.addRule(function(action, subject) {
+    if (subject.isInGroup("wheel")) {
+        return polkit.Result.YES;
+    }
+});
diff --git a/roles/arch/templates/reflector.j2 b/templates/reflector.j2
similarity index 91%
rename from roles/arch/templates/reflector.j2
rename to templates/reflector.j2
index fbd1a42..6d6eb4d 100644
--- a/roles/arch/templates/reflector.j2
+++ b/templates/reflector.j2
@@ -1,4 +1,4 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
 #
 # Reflector configuration file for the systemd service.
 #
diff --git a/roles/arch/templates/ssh-agent.j2 b/templates/ssh-agent.j2
similarity index 69%
rename from roles/arch/templates/ssh-agent.j2
rename to templates/ssh-agent.j2
index 67fdbea..d625c48 100644
--- a/roles/arch/templates/ssh-agent.j2
+++ b/templates/ssh-agent.j2
@@ -1,5 +1,5 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
+# {{ ansible_managed }}
+#
 [Unit]
 Description=SSH key agent
 
diff --git a/templates/syncthing/config.j2 b/templates/syncthing/config.j2
new file mode 100644
index 0000000..c48c0d8
--- /dev/null
+++ b/templates/syncthing/config.j2
@@ -0,0 +1,152 @@
+<!-- {{ ansible_managed }} -->
+
+<configuration version="{{ syncthing_config_version }}">
+  {% for folder in syncthing_folders -%}
+    <folder
+      id="{{ folder.id }}"
+      label="{{ folder.label }}"
+      path="{{ folder.path }}"
+      type="{{ folder.type }}">
+
+      {% for id in folder.devices -%}
+        <device id="{{ id }}">
+          <encryptionPassword></encryptionPassword>
+        </device>
+      {%- endfor %}
+
+      <filesystemType>basic</filesystemType>
+      <minDiskFree unit="%">20</minDiskFree>
+      <versioning>
+        <cleanupIntervalS>3600</cleanupIntervalS>
+        <fsPath></fsPath>
+        <fsType>basic</fsType>
+      </versioning>
+
+      <copiers>0</copiers>
+      <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+      <hashers>0</hashers>
+      <order>random</order>
+      <ignoreDelete>false</ignoreDelete>
+      <scanProgressIntervalS>0</scanProgressIntervalS>
+      <pullerPauseS>0</pullerPauseS>
+      <maxConflicts>-1</maxConflicts>
+      <disableSparseFiles>false</disableSparseFiles>
+      <disableTempIndexes>false</disableTempIndexes>
+      <paused>false</paused>
+      <weakHashThresholdPct>25</weakHashThresholdPct>
+      <markerName>.stfolder</markerName>
+      <copyOwnershipFromParent>false</copyOwnershipFromParent>
+      <modTimeWindowS>0</modTimeWindowS>
+      <maxConcurrentWrites>2</maxConcurrentWrites>
+      <disableFsync>false</disableFsync>
+      <blockPullOrder>standard</blockPullOrder>
+      <copyRangeMethod>standard</copyRangeMethod>
+      <caseSensitiveFS>false</caseSensitiveFS>
+      <junctionsAsDirs>false</junctionsAsDirs>
+      <syncOwnership>false</syncOwnership>
+      <sendOwnership>false</sendOwnership>
+      <syncXattrs>false</syncXattrs>
+      <sendXattrs>false</sendXattrs>
+    </folder>
+  {%- endfor %}
+
+  {% for device in syncthing_devices -%}
+    <device
+      id="{{ device.id }}"
+      name="{{ device.name }}"
+      compression="metadata">
+        <address>{{ device.address }}</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+        <numConnections>0</numConnections>
+    </device>
+  {%- endfor %}
+
+  <gui enabled="true" tls="true" debugging="false">
+    <address>{{ syncthing_listen_address }}:{{ syncthing_gui_port }}</address>
+    <apikey>{{ syncthing_api_key }}</apikey>
+    <theme>default</theme>
+    <insecureAdminAccess>true</insecureAdminAccess>
+  </gui>
+
+  <options>
+    <listenAddress>tcp://{{ syncthing_listen_address }}:{{ syncthing_protocol_port }}</listenAddress>
+  </options>
+
+  <defaults>
+    <folder 
+      id=""
+      label=""
+      path="~"
+      type="sendreceive"
+      rescanIntervalS="3600"
+      fsWatcherEnabled="true"
+      fsWatcherDelayS="10"
+      fsWatcherTimeoutS="0"
+      ignorePerms="false"
+      autoNormalize="true">
+
+        <filesystemType>basic</filesystemType>
+
+        <device id="S7UKX27-GI7ZTXS-GC6RKUA-7AJGZ44-C6NAYEB-HSKTJQK-KJHU2NO-CWV7EQW" introducedBy="">
+            <encryptionPassword></encryptionPassword>
+        </device>
+
+        <minDiskFree unit="%">1</minDiskFree>
+
+        <versioning>
+            <cleanupIntervalS>3600</cleanupIntervalS>
+            <fsPath></fsPath>
+            <fsType>basic</fsType>
+        </versioning>
+
+        <copiers>0</copiers>
+        <pullerMaxPendingKiB>0</pullerMaxPendingKiB>
+        <hashers>0</hashers>
+        <order>random</order>
+        <ignoreDelete>false</ignoreDelete>
+        <scanProgressIntervalS>0</scanProgressIntervalS>
+        <pullerPauseS>0</pullerPauseS>
+        <maxConflicts>10</maxConflicts>
+        <disableSparseFiles>false</disableSparseFiles>
+        <disableTempIndexes>false</disableTempIndexes>
+        <paused>false</paused>
+        <weakHashThresholdPct>25</weakHashThresholdPct>
+        <markerName>.stfolder</markerName>
+        <copyOwnershipFromParent>false</copyOwnershipFromParent>
+        <modTimeWindowS>0</modTimeWindowS>
+        <maxConcurrentWrites>2</maxConcurrentWrites>
+        <disableFsync>false</disableFsync>
+        <blockPullOrder>standard</blockPullOrder>
+        <copyRangeMethod>standard</copyRangeMethod>
+        <caseSensitiveFS>false</caseSensitiveFS>
+        <junctionsAsDirs>false</junctionsAsDirs>
+    </folder>
+
+    <device
+      id=""
+      compression="metadata"
+      introducer="false"
+      skipIntroductionRemovals="false"
+      introducedBy="">
+        <address>dynamic</address>
+        <paused>false</paused>
+        <autoAcceptFolders>false</autoAcceptFolders>
+        <maxSendKbps>0</maxSendKbps>
+        <maxRecvKbps>0</maxRecvKbps>
+        <maxRequestKiB>0</maxRequestKiB>
+        <untrusted>false</untrusted>
+        <remoteGUIPort>0</remoteGUIPort>
+        <numConnections>0</numConnections>
+    </device>
+
+    <ignores>
+        <line>(?d).DS_Store</line>
+    </ignores>
+  </defaults>
+</configuration>
diff --git a/templates/sysctl/98-forward.conf.j2 b/templates/sysctl/98-forward.conf.j2
new file mode 100644
index 0000000..16f90a8
--- /dev/null
+++ b/templates/sysctl/98-forward.conf.j2
@@ -0,0 +1,2 @@
+# {{ ansible_managed }}
+net.ipv4.ip_forward = 1
diff --git a/templates/sysctl/99-sysrq.conf.j2 b/templates/sysctl/99-sysrq.conf.j2
new file mode 100644
index 0000000..a4c7283
--- /dev/null
+++ b/templates/sysctl/99-sysrq.conf.j2
@@ -0,0 +1,2 @@
+# {{ ansible_managed }}
+kernel.sysrq = 1
diff --git a/roles/arch/templates/timer/daily_target.j2 b/templates/timer/daily_target.j2
similarity index 73%
rename from roles/arch/templates/timer/daily_target.j2
rename to templates/timer/daily_target.j2
index bf4d594..e562de4 100644
--- a/roles/arch/templates/timer/daily_target.j2
+++ b/templates/timer/daily_target.j2
@@ -1,4 +1,5 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
+#
 #
 # Add the following to your service unit to make use of this target:
 # Wants=daily.target
diff --git a/roles/arch/templates/timer/daily_timer.j2 b/templates/timer/daily_timer.j2
similarity index 70%
rename from roles/arch/templates/timer/daily_timer.j2
rename to templates/timer/daily_timer.j2
index cdc47f0..4290470 100644
--- a/roles/arch/templates/timer/daily_timer.j2
+++ b/templates/timer/daily_timer.j2
@@ -1,6 +1,5 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
 #
-
 [Unit]
 Description=Timer which runs all services on a daily basis inside the daily.target.wants directory
 
diff --git a/roles/arch/templates/timer/weekly_target.j2 b/templates/timer/weekly_target.j2
similarity index 74%
rename from roles/arch/templates/timer/weekly_target.j2
rename to templates/timer/weekly_target.j2
index 7e944cb..88109e6 100644
--- a/roles/arch/templates/timer/weekly_target.j2
+++ b/templates/timer/weekly_target.j2
@@ -1,4 +1,4 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
 #
 # Add the following to your service unit to make use of this target:
 # Wants=weekly.target
diff --git a/roles/arch/templates/timer/weekly_timer.j2 b/templates/timer/weekly_timer.j2
similarity index 71%
rename from roles/arch/templates/timer/weekly_timer.j2
rename to templates/timer/weekly_timer.j2
index e4c33f4..00117a1 100644
--- a/roles/arch/templates/timer/weekly_timer.j2
+++ b/templates/timer/weekly_timer.j2
@@ -1,6 +1,5 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+# {{ ansible_managed }}
 #
-
 [Unit]
 Description=Timer which runs all services on a weekly basis inside the weekly.target.wants directory
 
diff --git a/roles/arch/templates/tmux.j2 b/templates/tmux.j2
similarity index 60%
rename from roles/arch/templates/tmux.j2
rename to templates/tmux.j2
index 8fa1473..3044e2b 100644
--- a/roles/arch/templates/tmux.j2
+++ b/templates/tmux.j2
@@ -1,10 +1,10 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-
+# {{ ansible_managed }}
+#
 [Unit]
 Description=Tmux startup script
 
 [Service]
-Environment=DISPLAY=:0
+Environment=WAYLAND_DISPLAY=wayland-0
 ExecStart=/home/sonny/.local/bin/tmux_start
 Type=forking
 RemainAfterExit=yes
diff --git a/templates/wezterm/includes/colors.lua.j2 b/templates/wezterm/includes/colors.lua.j2
new file mode 100644
index 0000000..46a1194
--- /dev/null
+++ b/templates/wezterm/includes/colors.lua.j2
@@ -0,0 +1,35 @@
+-- {{ ansible_managed }}
+
+local wezterm = require 'wezterm'
+
+-- wezterm.gui is not available to the mux server, so take care to
+-- do something reasonable when this config is evaluated by the mux
+local function get_appearance()
+  if wezterm.gui then
+    return wezterm.gui.get_appearance()
+  end
+  return 'Dark'
+end
+
+local function scheme_for_appearance(appearance)
+  if appearance:find 'Dark' then
+    return 'Dark'
+  else
+    return 'Light'
+  end
+end
+
+return {
+  color_schemes = {
+    ['Dark'] = {
+      background = 'rgb(41, 46, 50)',
+      foreground = 'white'
+    },
+    ['Light'] = {
+      background = 'white',
+      foreground = 'black'
+    },
+  },
+
+  color_scheme = scheme_for_appearance(get_appearance()),
+}
diff --git a/templates/wezterm/includes/fonts.lua.j2 b/templates/wezterm/includes/fonts.lua.j2
new file mode 100644
index 0000000..fb2735d
--- /dev/null
+++ b/templates/wezterm/includes/fonts.lua.j2
@@ -0,0 +1,26 @@
+-- {{ ansible_managed }}
+
+local wezterm = require 'wezterm';
+
+return {
+  font = wezterm.font(
+    'MonaspiceNe Nerd Font Mono',
+    { weight = 'Regular', stretch = 'Normal', style = 'Normal' }
+  ),
+
+  font_size = {{ wezterm_font_size }},
+  freetype_load_target = 'Light',
+  freetype_render_target = 'HorizontalLcd',
+  harfbuzz_features = {
+    'calt', -- texture healing
+    'ss01',
+    'ss02',
+    'ss03',
+    'ss04',
+    'ss05',
+    'ss06',
+    'ss07',
+    'ss08',
+    'liga'
+  }
+}
diff --git a/templates/wezterm/includes/window.lua.j2 b/templates/wezterm/includes/window.lua.j2
new file mode 100644
index 0000000..b822f71
--- /dev/null
+++ b/templates/wezterm/includes/window.lua.j2
@@ -0,0 +1,17 @@
+-- {{ ansible_managed }}
+
+return {
+  -- disable the tabbar
+  enable_tab_bar = false,
+
+  -- window size
+  initial_cols = {{ wezterm_columns | default(145) }},
+  initial_rows = {{ wezterm_rows | default(35) }},
+
+  window_padding = {
+    left = 0,
+    right = 0,
+    top = 0,
+    bottom = 0,
+  }
+}
diff --git a/templates/wezterm/wezterm.lua.j2 b/templates/wezterm/wezterm.lua.j2
new file mode 100644
index 0000000..557bebb
--- /dev/null
+++ b/templates/wezterm/wezterm.lua.j2
@@ -0,0 +1,22 @@
+-- {{ ansible_managed }}
+
+local wezterm = require 'wezterm';
+local config = wezterm.config_builder();
+
+config.term = 'wezterm';
+
+local modules = {
+  'colors',
+  'fonts',
+  'window',
+}
+
+for _, module_name in pairs(modules) do
+  local module_path = string.format('includes.%s', module_name)
+  local module = require(module_path)
+  for key, value in pairs(module) do
+    config[key] = value;
+  end
+end
+
+return config
diff --git a/templates/xps/cmdline.j2 b/templates/xps/cmdline.j2
new file mode 100644
index 0000000..e23cec7
--- /dev/null
+++ b/templates/xps/cmdline.j2
@@ -0,0 +1 @@
+rd.luks.name=4483183a-4881-4bf6-b20c-3ba918642cc4=cryptlvm root=/dev/VolumeGroup/root rw resume=/dev/VolumeGroup/swap pcie_port_pm=off acpi_rev_override=1
diff --git a/templates/xps/iwd.j2 b/templates/xps/iwd.j2
new file mode 100644
index 0000000..ece78b8
--- /dev/null
+++ b/templates/xps/iwd.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[General]
+AddressRandomization=network
diff --git a/templates/xps/mkinitcpio/1-modules.conf.j2 b/templates/xps/mkinitcpio/1-modules.conf.j2
new file mode 100644
index 0000000..0095973
--- /dev/null
+++ b/templates/xps/mkinitcpio/1-modules.conf.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+MODULES=(intel_agp i915 i8k)
diff --git a/templates/xps/mkinitcpio/2-hooks.conf.j2 b/templates/xps/mkinitcpio/2-hooks.conf.j2
new file mode 100644
index 0000000..0a885cd
--- /dev/null
+++ b/templates/xps/mkinitcpio/2-hooks.conf.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+HOOKS=(base systemd autodetect modconf keyboard sd-vconsole sd-encrypt block lvm2 filesystems fsck)
diff --git a/templates/xps/mkinitcpio/linux-lts.preset.j2 b/templates/xps/mkinitcpio/linux-lts.preset.j2
new file mode 100644
index 0000000..71d2550
--- /dev/null
+++ b/templates/xps/mkinitcpio/linux-lts.preset.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux-lts.efi"
+default_kver="/boot/vmlinuz-linux-lts"
diff --git a/templates/xps/mkinitcpio/linux.preset.j2 b/templates/xps/mkinitcpio/linux.preset.j2
new file mode 100644
index 0000000..22097bb
--- /dev/null
+++ b/templates/xps/mkinitcpio/linux.preset.j2
@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+#
+# mkinitcpio preset file for the 'linux' package
+
+PRESETS=('default')
+
+default_uki="/boot/EFI/Linux/linux.efi"
+default_kver="/boot/vmlinuz-linux"
diff --git a/templates/xps/network/wg0.netdev.j2 b/templates/xps/network/wg0.netdev.j2
new file mode 100644
index 0000000..85ba97e
--- /dev/null
+++ b/templates/xps/network/wg0.netdev.j2
@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ wireguard.interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ wireguard.interface }}
+
+[WireGuard]
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main
+
+{% for peer in wireguard.peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
diff --git a/templates/xps/network/wg0.network.j2 b/templates/xps/network/wg0.network.j2
new file mode 100644
index 0000000..0254f34
--- /dev/null
+++ b/templates/xps/network/wg0.network.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireguard.interface }}
+
+[Network]
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ wireless_interface }}
diff --git a/templates/xps/network/wg1.netdev.j2 b/templates/xps/network/wg1.netdev.j2
new file mode 100644
index 0000000..85ba97e
--- /dev/null
+++ b/templates/xps/network/wg1.netdev.j2
@@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+
+[NetDev]
+Name={{ wireguard.interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ wireguard.interface }}
+
+[WireGuard]
+PrivateKeyFile={{ wireguard.private_key_path }}
+RouteTable=main
+
+{% for peer in wireguard.peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+PresharedKeyFile={{ peer.preshared_key_path }}
+{% for ip in peer.allowed_ips %}
+AllowedIPs={{ ip }}
+{% endfor %}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}
diff --git a/templates/xps/network/wg1.network.j2 b/templates/xps/network/wg1.network.j2
new file mode 100644
index 0000000..0254f34
--- /dev/null
+++ b/templates/xps/network/wg1.network.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireguard.interface }}
+
+[Network]
+Address={{ wireguard.ip }}/{{ wireguard.prefix }}
+DNS={{ wireguard.dns }}
+Domains={{ wireguard.domains | join(' ') }}
+BindCarrier={{ wireless_interface }}
diff --git a/templates/xps/network/wlan0-frans.network.j2 b/templates/xps/network/wlan0-frans.network.j2
new file mode 100644
index 0000000..8ff0b0d
--- /dev/null
+++ b/templates/xps/network/wlan0-frans.network.j2
@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireless_interface }}
+SSID={{ frans_network_ssid }}
+
+[Network]
+Address={{ frans_network_address }}
+Gateway={{ frans_network_gateway }}
+DNS={{ frans_network_dns }}
+MulticastDNS=yes
+DNSOverTLS=yes
+DNSSEC=yes
+DHCP=no
+LinkLocalAddressing=no
+IPv6AcceptRA=no
+IPv6SendRA=no
+
+[Link]
+RequiredForOnline=routable
diff --git a/templates/xps/network/wlan0-local.network.j2 b/templates/xps/network/wlan0-local.network.j2
new file mode 100644
index 0000000..880606c
--- /dev/null
+++ b/templates/xps/network/wlan0-local.network.j2
@@ -0,0 +1,20 @@
+# {{ ansible_managed }}
+
+[Match]
+Name={{ wireless_interface }}
+SSID={{ local_network_ssid }}
+
+[Network]
+Address={{ local_network_address }}
+Gateway={{ local_network_gateway }}
+DNS={{ local_network_dns }}
+MulticastDNS=yes
+DNSOverTLS=yes
+DNSSEC=yes
+DHCP=no
+LinkLocalAddressing=no
+IPv6AcceptRA=no
+IPv6SendRA=no
+
+[Link]
+RequiredForOnline=routable
diff --git a/templates/xps/network/wlan0.network.j2 b/templates/xps/network/wlan0.network.j2
new file mode 100644
index 0000000..30d588b
--- /dev/null
+++ b/templates/xps/network/wlan0.network.j2
@@ -0,0 +1,12 @@
+[Match]
+Name={{ wireless_interface }}
+
+[Network]
+DNS={{ default_network_dns }}
+DNSOverTLS=yes
+DNSSEC=yes
+DHCP=yes
+IgnoreCarrierLoss=3s
+
+[Link]
+RequiredForOnline=routable
diff --git a/roles/arch/templates/laptop/nftables.j2 b/templates/xps/nftables.j2
similarity index 54%
rename from roles/arch/templates/laptop/nftables.j2
rename to templates/xps/nftables.j2
index 8d6dcf3..f1f7d40 100644
--- a/roles/arch/templates/laptop/nftables.j2
+++ b/templates/xps/nftables.j2
@@ -1,5 +1,3 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
 #!/usr/bin/nft -f
 # vim:set ts=2 sw=2 et:
 
@@ -22,14 +20,17 @@ table inet filter {
     ip protocol icmp accept
     ip6 nexthdr icmpv6 accept
 
+    # allow mDNS
+    udp dport 5353 accept
+
     # allow ssh
     tcp dport ssh accept
 
-    # syncthing
-    ip saddr 10.8.1.1 tcp dport 22000 accept
+    ip saddr 192.168.2.11 tcp dport 8080 accept comment "HTTP pa-dlna server"
+    ip saddr 192.168.2.11 udp dport 1900 accept comment "UPnP"
 
-    # allow dhcp requests for bridged connections
-    iifname "vmbr0" udp dport { 53, 67 } accept
+    # syncthing
+    ip saddr 10.0.0.1 tcp dport 22000 accept
   }
 
   chain forward {
@@ -38,9 +39,6 @@ table inet filter {
     ct state { established, related } accept;
 
 		mark 1 accept
-
-    iifname "vmbr0" oifname "wlan0" accept
-    iifname "wlan0" oifname "vmbr0" accept
   }
 }
 
@@ -49,18 +47,3 @@ table ip filter {
 		mark set 1
 	}
 }
-
-table ip nat {
-  chain prerouting {
-    type nat hook prerouting priority 0; policy accept;
-
-    # iifname "wlan0" tcp dport { http } dnat to 10.4.0.243
-  }
-
-  chain postrouting {
-    type nat hook postrouting priority 0; policy accept;
-
-    oifname "wlan0" masquerade
-  }
-}
-
diff --git a/templates/xps/pa-dlna/config.j2 b/templates/xps/pa-dlna/config.j2
new file mode 100644
index 0000000..865a203
--- /dev/null
+++ b/templates/xps/pa-dlna/config.j2
@@ -0,0 +1,26 @@
+# {{ ansible_managed }}
+#
+# This is the built-in pa-dlna configuration written as text. It can be
+# parsed by a Python Configuration parser and consists of sections, each led
+# by a [section] header, followed by option/value entries separated by
+# '='. See https://docs.python.org/3/library/configparser.html.
+#
+# The 'selection' option is written as a multi-line in which case all the
+# lines after the first line start with a white space.
+#
+# The default value of 'selection' lists the encoders in this order:
+#     - mp3 encoders first as mp3 is the most common encoding
+#     - lossless encoders
+#     - then lossy encoders
+# See https://trac.ffmpeg.org/wiki/Encode/HighQualityAudio.
+
+[DEFAULT]
+selection =
+    FFMpegFlacEncoder,
+    FFMpegOpusEncoder,
+sample_format = s24be
+rate = 96000
+channels = 2
+track_metadata = yes
+soap_minimum_interval = 5
+args = None
diff --git a/templates/xps/pa-dlna/service.j2 b/templates/xps/pa-dlna/service.j2
new file mode 100644
index 0000000..feef6f1
--- /dev/null
+++ b/templates/xps/pa-dlna/service.j2
@@ -0,0 +1,40 @@
+# {{ ansible_managed }}
+#
+# When enabled, the pa-dlna service unit is started automatically after the
+# pulseaudio or pipewire service unit is started. It will also stop when the
+# pulseaudio or pipewire service unit stops. However it will stop when the
+# pulseaudio or pipewire service unit is restarted but it will not start.
+#
+# Both pa-dlna and pulseaudio service units are of 'Type=notify'. This means
+# that pa-dlna will only start after pulseaudio has notified systemd that it
+# is ready and pa-dlna may connect successfully to libpulse.
+#
+# However the pipewire service unit is of 'Type=simple'. In that case and if
+# pa-dlna fails to start with the error:
+#       LibPulseStateError(('PA_CONTEXT_FAILED', 'Connection refused'))
+# add a delay to the pa-dlna start up sequence with the directive:
+#       ExecStartPre=/bin/sleep 1
+#
+# Any pa-dlna option may be added to the 'ExecStart' directive, for example to
+# restrict the allowed NICs or IP addresses (recommended) or to change the
+# log level.
+# The '--systemd' option is required.
+#
+# The 'python-systemd' package is required.
+
+[Unit]
+Description=Pa-dlna Service
+Documentation=https://pa-dlna.readthedocs.io/en/stable/
+
+After=pipewire-session-manager.service
+
+[Service]
+Type=simple
+ExecStart=/opt/virtualenv/pa-dlna/bin/pa-dlna
+Slice=session.slice
+
+NoNewPrivileges=yes
+UMask=0077
+
+[Install]
+WantedBy=pipewire-session-manager.service
diff --git a/vars/mpd.yml b/vars/mpd.yml
new file mode 100644
index 0000000..f28520a
--- /dev/null
+++ b/vars/mpd.yml
@@ -0,0 +1,10 @@
+mpd_listen_address: 127.0.0.1
+mpd_listen_port: 6600
+
+mpd_remote_address: 'mpd.{{ server_domain }}'
+mpd_remote_port: 21000
+mpd_remote_stream_port: 8000
+
+mpd_configuration_dir: '{{ ansible_env.HOME }}/.config/mpd'
+ncmpc_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpc'
+ncmpcpp_configuration_dir: '{{ ansible_env.HOME }}/.config/ncmpcpp'
diff --git a/vars/wireguard-media.yml b/vars/wireguard-media.yml
new file mode 100644
index 0000000..71c9f9c
--- /dev/null
+++ b/vars/wireguard-media.yml
@@ -0,0 +1,22 @@
+vpn_config_dir: '/etc/wireguard'
+
+wireguard_media_defaults:
+  prefix: 24
+  interface: wg1
+  dns: 10.0.1.1
+  domains:
+    - '~media-vpn.{{ server_domain }}'
+    - '~jellyfin.{{ server_domain }}'
+
+  public_key_path: '{{ vpn_config_dir }}/keys/public/media/fudiggity.pub'
+  private_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.key'
+
+  peers:
+    - name: fudiggity
+      allowed_ips:
+        - 10.0.1.0/24
+        - 172.8.238.0/24
+      endpoint: '{{ server_domain }}:51903'
+      public_key: EugKeo63C5N5kz9ShMHtYswO9Qh6mE00MtfLSFmqqjg=
+      preshared_key_path: '{{ vpn_config_dir }}/keys/private/media/fudiggity.psk'
+      preshared_key_source_path: files/wireguard-media/{{ ansible_hostname }}/preshared.psk
diff --git a/vars/wireguard.yml b/vars/wireguard.yml
new file mode 100644
index 0000000..4109b86
--- /dev/null
+++ b/vars/wireguard.yml
@@ -0,0 +1,28 @@
+vpn_config_dir: '/etc/wireguard'
+
+wireguard_defaults:
+  prefix: 24
+  interface: wg0
+  dns: 10.0.0.1
+  domains:
+    - '~vpn.{{ server_domain }}'
+    - '~transmission.{{ server_domain }}'
+    - '~syncthing.{{ server_domain }}'
+    - '~radicale.{{ server_domain }}'
+    - '~mpd.{{ server_domain }}'
+
+  public_key_path: '{{ vpn_config_dir }}/keys/public/default/fudiggity.pub'
+  private_key_path: '{{ vpn_config_dir }}/keys/private/default/fudiggity.key'
+
+  peers:
+    - name: fudiggity
+      allowed_ips:
+        - 10.0.0.0/24
+        - 172.16.238.0/24
+        - 172.32.238.0/24
+        - 172.64.238.0/24
+        - 172.128.238.0/24
+      endpoint: '{{ server_domain }}:51902'
+      public_key: CeybSMpJiicXmndIuhe89Bay3z3PEdYNyAwIFsacBEo=
+      preshared_key_path: '{{ vpn_config_dir }}/keys/private/default/preshared-fudiggity.psk'
+      preshared_key_source_path: files/wireguard/{{ ansible_hostname }}/preshared.psk
diff --git a/xps.yml b/xps.yml
new file mode 100644
index 0000000..ca3ab0d
--- /dev/null
+++ b/xps.yml
@@ -0,0 +1,34 @@
+- name: Include default playbook
+  ansible.builtin.import_playbook: default.yml
+
+- name: Arch Linux provisioning
+  hosts: xps
+  gather_facts: true
+  tasks:
+
+    - name: Wireguard provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard.yml'
+      tags: wireguard
+
+    - name: Wireguard media provisioning
+      ansible.builtin.import_tasks: 'tasks/wireguard-media.yml'
+      tags: wireguard-media
+
+    - name: MPD provisioning
+      ansible.builtin.import_tasks: 'tasks/mpd.yml'
+      tags: mpd
+
+    - name: Syncthing provisioning
+      ansible.builtin.import_tasks: 'tasks/syncthing.yml'
+      tags: syncthing
+
+    - name: Desktop provisioning
+      ansible.builtin.import_tasks: 'tasks/xps.yml'
+      tags: xps
+
+  handlers:
+    - name: Import default handlers
+      ansible.builtin.import_tasks: handlers.yml
+
+    - name: Import common role handlers
+      ansible.builtin.import_tasks: 'roles/common/handlers/user.yml'