diff --git a/.gitignore b/.gitignore
index 5c199eb..2beaf98 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 # ---> Ansible
 *.retry
-
+vault_pass.txt
diff --git a/ansible.cfg b/ansible.cfg
index 2158adc..9b08e4f 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,3 +1,20 @@
 [defaults]
 stdout_callback = dense
-stderr_callback = dense
\ No newline at end of file
+stderr_callback = dense
+
+# (string) Sets the login user for the target machines
+# When blank it uses the connection plugin's default, normally the user currently executing Ansible.
+remote_user = hobbyadmin
+
+# (path) Option for connections using a certificate or key file to authenticate, rather than an agent or passwords, you can set the default value here to avoid re-specifying --private-key with every invocation.
+private_key_file=./ssh/hobbyadmin_pw
+
+# (boolean) This controls whether an Ansible playbook should prompt for a vault password.
+#ask_vault_pass=True
+
+# (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id
+# If executable, it will be run and the resulting stdout will be used as the password.
+vault_password_file=vault_pass.txt
+
+# (boolean) Toggles debug output in Ansible. This is *very* verbose and can hinder multiprocessing.  Debug output can also include secret information despite no_log settings being enabled, which means debug mode should not be used in production.
+;debug=False
diff --git a/files/vscode.list b/files/vscode.list
new file mode 100644
index 0000000..5afc351
--- /dev/null
+++ b/files/vscode.list
@@ -0,0 +1 @@
+deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main
\ No newline at end of file
diff --git a/group_vars/all.yaml b/group_vars/all.yaml
new file mode 100644
index 0000000..ff08d3d
--- /dev/null
+++ b/group_vars/all.yaml
@@ -0,0 +1,8 @@
+
+# VS Code variables
+# https://github.com/avnes/ansible-role-vscode
+vscode_microsoft_asc_url: https://packages.microsoft.com/keys/microsoft.asc
+vscode_ubuntu_required_software:
+  - gpg
+  - libasound2
+  - libxshmfence-dev
\ No newline at end of file
diff --git a/inventory.yaml b/inventory.yaml
index 6fc621f..2b19953 100644
--- a/inventory.yaml
+++ b/inventory.yaml
@@ -1,8 +1,15 @@
-werkstatt:
+werkstatt_rechner:
   hosts:
     plotter:
-      ansible_host: 172.30.30.113
+      ansible_host: plotter-pc.fritz.box
+werkstatt_notebooks:
+  hosts:
     ArduinoKurs:
       ansible_host: 172.30.30.200
-  vars:
-    ansible_user: hobbyadmin
+werkstatt:
+  children:
+    werkstatt_rechner:
+    werkstatt_notebooks:
+it: 
+  children:
+    werkstatt:
diff --git a/pb_setup.yaml b/pb_setup.yaml
index be93b38..1b215c2 100644
--- a/pb_setup.yaml
+++ b/pb_setup.yaml
@@ -1,81 +1,75 @@
 ---
 - name: Allgemeine Software Installieren
-  hosts: werkstatt
+  hosts: "{{ variable_host | default('all') }}"
   become: yes
+  vars_files: secrets.yaml
 
   tasks:
+  - name: Setup apt-transport-https (needed by Microsoft PPA)
+    apt:
+      name: apt-transport-https
+      state: latest
   - name: Add Microsoft PPA Key
-    apt_key:
-      url: https://packages.microsoft.com/keys/microsoft.asc
-      state: present
+    import_tasks: ./tasks/setup_vscode_ppa.yaml
   - name: Add github PPA Key
     apt_key:
       url: https://cli.github.com/packages/githubcli-archive-keyring.gpg
       state: present
 
   - name: Add PPAs
-    ansible.builtin.apt_repository:
+    apt_repository:
       repo: "{{ item }}"
+      update_cache: false
       state: present
     loop:
-      - ppa:inkscape.dev/stable
       - ppa:freecad-maintainers/freecad-stable
-      - https://packages.microsoft.com/repos/code stable main
-      - ppa:ubuntu-mozilla-security/ppa
-      - ppa:nextcloud-devs/client
-      - ppa:libreoffice/ppa
       - ppa:git-core/ppa
+      - ppa:inkscape.dev/stable
+      - ppa:libreoffice/ppa
+      - ppa:mozillateam/ppa
       - ppa:neovim-ppa/stable
-
+      - ppa:nextcloud-devs/client
+      - ppa:ubuntu-mozilla-security/ppa
  
   - name: Software installieren (apt)
     apt: 
       name:
-        - zsh 
-        - inkscape
-        - git
-        - gimp
-        - gimp-help-de
-        - freecad
         - code
         - firefox
-        - nextcloud-desktop
-        - libreoffice
-        - git
+        - freecad
         - gh
+        - gimp
+        - gimp-help-de
+        - git
+        - inkscape
+        - libreoffice
         - neovim
-      state: present
+        - nextcloud-desktop
+        - zsh 
+      state: latest
+      update_cache: true
   - name: Software installieren (Flatpak)
     community.general.flatpak:
       name:
         - com.prusa3d.PrusaSlicer
+        - org.filezillaproject.Filezilla
       state: latest
+  - name: Setup OpenRobertaConnectior
+    import_tasks: ./tasks/openrobertaconnector.yaml
   - name: cups_browserd deaktivieren
-    import_tasks: ./pb_disable_browsed.yaml
- #- name: zsh
- #- name:
- #- name: GIMP Installieren
- #- name: FreeCad Installieren
- #- name: Prusa Slicer Installieren
- #- name: VS Code installieren
- #- name: Firefox installieren
- # todo - name: ublock Installieren
- # todo - name: DSGVO deny Installieren
- # todo - name: ecosia
- # todo - name: do not translate 
- #- name: NextCloud nstallieren
- # todo - name: Fonts installieren
- # todo - name: Links zu Benutzerdaten in Nextcloud installieren
- # todo - name: HobbyEngel und roberta anlegen 
- # todo - name: alle User in Dialout hinzufügen
- # todo - name: ssh passwort zugang stilllegen 
- # todo - name: Hintergrund setzen
- # todo - name: LaserSoftware installieren
- #- name: Paket cups-browsed deinstallieren
- # todo - name: Grafiktreiber installieren
- #- name: LibreOffice installieren
- #- name: git
- #- name: gh
- # todo - name: OpenRobertaConnector
- # todo - name: Filezilla installieren
+    import_tasks: ./tasks/disable_browsed.yaml
+ # done - name: Firefox installieren
+ #   - name: ublock Installieren
+ #   - name: DSGVO deny Installieren
+ #   - name: ecosia
+ #   - name: do not translate 
+ # - name: Fonts installieren
+ # - name: Links zu Benutzerdaten in Nextcloud installieren
+ # - name: HobbyEngel und roberta anlegen 
+ # - name: alle User in Dialout hinzufügen
+ # - name: Hintergrund setzen
+ # - name: LaserSoftware installieren
+ # - name: Grafiktreiber installieren
+
+ # Stop firefox from snap: https://balintreczey.hu/blog/firefox-on-ubuntu-22-04-from-deb-not-from-snap/
   
\ No newline at end of file
diff --git a/pb_update.yaml b/pb_update.yaml
index 893ca19..50aa148 100644
--- a/pb_update.yaml
+++ b/pb_update.yaml
@@ -4,11 +4,16 @@
   become: yes
 
   tasks:
-  - name: Update
-    apt:
-      update_cache: true
- 
   - name: Upgrade
     apt: 
       upgrade: yes
+      update_cache: true
+ 
+  - name: Software Aktualisieren (Flatpak)
+    community.general.flatpak:
+      state: latest
+  - name: Setup OpenRobertaConnectior
+    import_tasks: ./tasks/openrobertaconnector.yaml
+
+
  
\ No newline at end of file
diff --git a/ssh/hobbyadmin_pw b/ssh/hobbyadmin_pw
new file mode 100644
index 0000000..09d765f
--- /dev/null
+++ b/ssh/hobbyadmin_pw
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCIivX8hZ
+yAq6uM6AvZwigjAAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIM61PoKt9DU/oVig
+jEKilZi25hROBiPP6X460Nhf995zAAAAoB0IhgSmq0HWQsLu7jHyU7MBGpZUw5bhDN+Iur
+3nv5SDQu55/K0keGIB5obgXmR3Wxzf9AsLg7PL+pAuOp4w1WgKf2+kZkUsI8b9jDcFEJxP
+A0fKVC7vY7z1rVq/z+GdVQ3Tc/XEplrN7E7tPvuh+1nO2FOhdXHaldQjgW4CEkn1EIue0h
+4lv3zGo8ZV5xMfipj2FqWT6AeauH06v3QLAPA=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/ssh/hobbyadmin_pw.pub b/ssh/hobbyadmin_pw.pub
new file mode 100644
index 0000000..ade0167
--- /dev/null
+++ b/ssh/hobbyadmin_pw.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM61PoKt9DU/oVigjEKilZi25hROBiPP6X460Nhf995z gui@RedX-Linux
diff --git a/pb_disable_browsed.yaml b/tasks/disable_browsed.yaml
similarity index 85%
rename from pb_disable_browsed.yaml
rename to tasks/disable_browsed.yaml
index 4b9140f..0d28068 100644
--- a/pb_disable_browsed.yaml
+++ b/tasks/disable_browsed.yaml
@@ -1,4 +1,10 @@
     # Source https://sysadmin.info.pl/en/blog/disabling-the-cups-browsed-service-on-multiple-systems-using-ansible/
+    # Step 1: Check if systemctl is available (for systemd systems)
+    - name: Check if systemctl is available (neutral Python)
+      raw: "which systemctl"
+      register: systemctl_check
+      changed_when: False
+      ignore_errors: yes
     - name: Check if cups-browsed service exists (systemd)
       command: systemctl cat cups-browsed
       register: cups_browsed_exists
@@ -21,7 +27,6 @@
         msg: |
           {
             "Machine": "{{ inventory_hostname }}",
-            "Python binary": "{{ ansible_python_interpreter }}",
             "Systemd used": "{{ 'Yes' if systemctl_check.rc == 0 else 'No' }}",
             "Cups-browsed service exists": "{{ 'Yes' if (systemctl_check.rc == 0 and cups_browsed_exists is defined and cups_browsed_exists.rc == 0) else 'No' }}",
             "Cups-browsed service stopped and disabled": "{{ 'Stopped and Disabled' if (systemctl_check.rc == 0 and cups_browsed_exists is defined and cups_browsed_exists.rc == 0) else 'Not applicable' }}"
diff --git a/tasks/github_latest_tar.yaml b/tasks/github_latest_tar.yaml
new file mode 100644
index 0000000..a34317b
--- /dev/null
+++ b/tasks/github_latest_tar.yaml
@@ -0,0 +1,21 @@
+
+- name: Create bin
+  file:
+    path: "{{ bin_folder }}"
+    state: directory
+- name: Check latest version available
+  uri:
+    url: "https://api.github.com/repos/{{ app_repo_name }}/releases/latest"
+    return_content: true
+  register: app_gh_latest
+
+- name: "Unpacking latest version available"
+  loop: "{{ app_gh_latest.json.assets }}"
+  when: app_package_pattern in item.name
+  unarchive:
+    remote_src: yes
+    src: "{{ item.browser_download_url }}"
+    dest: "{{ bin_folder }}"
+    keep_newer: yes
+    extra_opts:
+    - --strip=1
\ No newline at end of file
diff --git a/tasks/openrobertaconnector.yaml b/tasks/openrobertaconnector.yaml
new file mode 100644
index 0000000..3270cfd
--- /dev/null
+++ b/tasks/openrobertaconnector.yaml
@@ -0,0 +1,13 @@
+- name: Download OpenRobertaConnectior
+  import_tasks: ./github_latest_tar.yaml
+  vars:
+    - app_name: OpenRobertaConnector
+    - app_repo_name: OpenRoberta/openroberta-connector
+    - app_package_pattern: OpenRobertaConnectorLinux-
+    - bin_folder: "{{ansible_env.HOME}}/OpenRobertaConnector"
+- name: Install OpenRobertaConnector
+  debug:
+    msg: "tbd"
+  # become hobbyuser
+  # do not add user to dialout because then no admin is needed
+  # use different task to add user to dialout
diff --git a/tasks/setup_vscode_ppa.yaml b/tasks/setup_vscode_ppa.yaml
new file mode 100644
index 0000000..d62631e
--- /dev/null
+++ b/tasks/setup_vscode_ppa.yaml
@@ -0,0 +1,16 @@
+- name: Install required software
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ vscode_ubuntu_required_software | flatten }}"
+
+- name: Download ASC file
+  ansible.builtin.apt_key:
+    url: "{{ vscode_microsoft_asc_url }}"
+    state: present
+
+- name: Copy repo list
+  ansible.builtin.copy:
+    src: vscode.list
+    dest: /etc/apt/sources.list.d/vscode.list
+    mode: '0644'
diff --git a/vars/secrets.yaml b/vars/secrets.yaml
new file mode 100644
index 0000000..acf0df2
--- /dev/null
+++ b/vars/secrets.yaml
@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+32326636373263356465613364303233623238336130373766303133363366326661313134306232
+6138323132396334353535393738306463653532343533380a323838386439376233616636636165
+33666439386631376232383236386362356465353130346131383830613331306434663066336566
+6335336464333531310a386566333930653035343734316262363161353763383663656337366561
+65383461633133363131333365306531613934383164666339616433363337313030336630626162
+66353863363539643333666630343030376434363737653434313138623637346366626636316135
+623037623831613737636433653039323035