diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 5939916..0dcee37 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -29,6 +29,7 @@ package_list:
   - name: htop
   - name: jq
   - name: ncdu
+  - name: neofetch
   - name: net-tools
   - name: python3
   - name: python3-apt
diff --git a/ansible/group_vars/usg.yml b/ansible/group_vars/usg.yml
new file mode 100644
index 0000000..27d5396
--- /dev/null
+++ b/ansible/group_vars/usg.yml
@@ -0,0 +1 @@
+unifi_wg_priv: "{{ wireguard.usg.wg0._server.private }}"
diff --git a/ansible/hosts b/ansible/hosts
index c18deba..fa0f50d 100644
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -1,18 +1,38 @@
-[arm64]
-devpi docker_apt_arch=arm64
+[raspberries]
+;node01
+;node02
+;pihole
+;devpi
 
 [piholes]
-pihole set_hostname=pihole."{{ secret_local_domain }}"
-pihole2 set_hostname=pihole2."{{ secret_local_domain }}"
+;pihole set_hostname=pihole."{{ secret_local_domain }}"
+;pihole2 set_hostname=pihole2."{{ secret_local_domain }}"
 
 [docker]
-devpi set_hostname=devpi."{{ secret_local_domain }}"
-10.0.0.120 set_hostname=servy."{{ secret_local_domain }}"
-;10.0.0.40
-;10.0.0.41
-;10.0.0.42
+;devpi set_hostname=devpi."{{ secret_local_domain }}"
+;servy set_hostname=servy."{{ secret_local_domain }}"
 
-;[kube]
-;10.0.0.40 set_hostname=kube."{{ secret_local_domain }}"
-;10.0.0.41 set_hostname=kube-node1."{{ secret_local_domain }}"
-;10.0.0.42 set_hostname=kube-node2."{{ secret_local_domain }}"
+[nfs]
+; servy
+
+[zfs]
+; servy
+
+[kube]
+; controlplane is_controlplane=True
+; node01
+; node02
+
+[cloud_key]
+; controller ansible_ssh_pass="{{ secret_ubnt.ck.pass }}"
+
+[usg]
+; usg3
+
+[unifi]
+
+[prox]
+; proxmox
+
+[lxc_guest]
+; controlplane
\ No newline at end of file
diff --git a/ansible/run.yml b/ansible/run.yml
index 5d2eb82..46aafca 100644
--- a/ansible/run.yml
+++ b/ansible/run.yml
@@ -1,6 +1,7 @@
 - hosts: all
   become: "{{ do_become }}"
-  tags: [always]
+  tags:
+    - always
   vars_files:
     - "vars/vault.yml"
   tasks:
@@ -8,6 +9,7 @@
       when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
       ansible.builtin.shell: dpkg --print-architecture
       register: _apt_arch
+      changed_when: false
 
 - hosts: all:!unifi
   become: "{{ do_become }}"
@@ -98,7 +100,8 @@
 
 - hosts: docker
   become: true
-  tags: [docker]
+  tags:
+    - docker
   vars_files:
     - "vars/vault.yml"
   post_tasks:
@@ -136,12 +139,15 @@
       when: ansible_distribution == 'Ubuntu'
 
 - hosts: kube
-  tags: [never, init, kube]
+  tags:
+    - init
+    - kube
+    - never
   vars_files:
     - "vars/vault.yml"
   tasks:
     - name: Install runtime dependencies
-          become: true
+      become: true
       ansible.builtin.apt:
         name: "{{ item }}"
         state: present
@@ -176,7 +182,9 @@
 - hosts: prox
   vars_files:
     - "vars/vault.yml"
-  tags: [update, prox]
+  tags:
+    - prox
+    - update
   pre_tasks:
     - name: Install sudo
       ansible.builtin.apt:
@@ -186,14 +194,13 @@
     - role: ironicbadger_ansible-role-proxmox-nag-removal
     - role: proxmox
 
-- hosts: piholes
+- hosts: raspberries
   vars_files:
     - "vars/vault.yml"
-  tags: [update, pihole]
-  roles:
-    - role: pihole_updatelist
-    - role: pi_dnsmasq
-    - role: pihole
+  tags:
+    - init
+    - raspberries
+    - update
   tasks:
     - name: Install packages
       become: true
@@ -244,7 +251,9 @@
 
 - hosts: all:!unifi
   become: "{{ do_become }}"
-  tags: [update]
+  tags:
+    - init
+    - update
   vars_files:
     - "vars/vault.yml"
 
@@ -267,11 +276,25 @@
         - 50-landscape-sysinfo
         - 50-motd-news
         - 80-livepatch
+        - 88-esm-announce
         - 90-updates-available
+        - 91-contract-ua-esm-status
         - 91-release-upgrade
         - 95-hwe-eol
       when: ansible_distribution == 'Ubuntu'
 
+    - name: Place MoTD
+      become: true
+      when: ansible_distribution == 'Ubuntu'
+      ansible.builtin.copy:
+        content: |
+          #!/bin/sh
+          # Ansible managed
+
+          neofetch
+        mode: 0755
+        dest: /etc/update-motd.d/01-neofetch
+
     - name: Check if pi-hole is installed
       when: inventory_hostname in groups['piholes']
       ansible.builtin.stat:
diff --git a/ansible/tasks/omp.yml b/ansible/tasks/omp.yml
index 97a1fad..7614a3e 100644
--- a/ansible/tasks/omp.yml
+++ b/ansible/tasks/omp.yml
@@ -1,3 +1,13 @@
+- name: Install pip package
+  become: true
+  ansible.builtin.apt:
+    name: python3-pip
+
+- name: Install github package
+  become: true
+  ansible.builtin.pip:
+    name: github3.py
+
 - name: Check if OMP is installed
   ansible.builtin.stat:
     path: /opt/scripts/oh-my-posh
@@ -30,5 +40,12 @@
   ansible.builtin.lineinfile:
     mode: "0644"
     path: /home/{{ users.0.username }}/.bashrc
-    line: eval "$(oh-my-posh --init --shell bash --config https://gist.githubusercontent.com/Roxedus/6a11a5dbd37c24ecacf02fb9aef06e15/raw/bd0955596238ab4e31db64c0ab1551c0ee375619/oh-my.posh.json)"
+    line: eval "$(oh-my-posh init bash --config https://gist.github.com/Roxedus/6a11a5dbd37c24ecacf02fb9aef06e15/raw)"
+    create: yes
+
+- name: Basic VI
+  ansible.builtin.lineinfile:
+    mode: "0644"
+    path: /home/{{ users.0.username }}/.vimrc
+    line: set nocompatible
     create: yes
diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml
index bd2d2ae..47e00e8 100644
--- a/ansible/vars/vault.yml
+++ b/ansible/vars/vault.yml
@@ -1,22 +1,26 @@
 $ANSIBLE_VAULT;1.1;AES256
-31636463333736376266363865666461366431346263363736626130636631313038316131326161
-3466316438386632363965383137376636323961613739350a383539623036643761616463343164
-65363832623038326662643133363530626335353530353037376438666639323232363333663562
-6533653534303837310a663761323437306433626363326164653138323933656430353062663662
-66393666373865313435396239633164336465336338376461613335313761363839643961333266
-38313830336561636165656361623432363630646136343532666134653333653865613961353932
-30656132346139613033356165636339353263633230663039363030373266313162333136376139
-62333435393534386432353763373161333432643264376366373030313939656564356466333032
-32383430633533653564383930356461326464616365346562316433306534333336356265366362
-63653265333539343761393632633638383739333030353466396564653438623030333963346463
-66303539383664336432316233376239366632646636616363633064356262303963666263383133
-37396465663465633037366631663562383536376633633234316666643863326261613761396566
-37646231323266326364386562633932306637363062646463343538636431346231373530336233
-62616432623537303766616637666566313932363635656434643935303162373132616466326136
-62303562613938393665323033396365353564643963373039383634623332393862653161663536
-37373865373764643038633435633462663965646637666133636131303964356431646164313436
-35353064663732633133663165613261373335373339373234333362316362386533316230626339
-36353766356633306130336464663562393132653231636435653832633137303236326663343634
-31663731323665376330323538333463663630383162336435306238643866303033653362663961
-37643138346332396230396335376634353663386435313438313636316533623536656162656438
-36373931353330663663336531626661646330343930393638383565306439333631
+31333662613161383131356664306361306461306265386531316263316464336633353130613363
+3035633232343561313166323432653762306136386565300a396439396335346235306332326637
+63623366373766383939396639313332363666376366333265613734333934613465616666343861
+6338346632363633350a383466383638383338616139346530343837666664636165353463303131
+64373763316434653964306232653031623435626639653335343562346635386662613263336234
+32613763386331663533363835393139313637343763363932343261633264643264363263333637
+61313337633435353163383165633135616531396137633363383662656165393665633838333039
+62316435613338383932326134303064306132343936653930393637656130666232643964323462
+32366338643938643934373463323339333038633666656162343265343036393830386166393837
+32323137373038623333383561626330306631636334656462323337363464316331613634623130
+33323037666237363135333437326237363962363033613962383363396138353137386636613838
+63373034323965626662336130646232663764326635366239646163373561303531353265366638
+36353737383334336538313831643066373336623635626435323266303462363366643661636165
+39393233373732653532376563646337633139323964383165383865333663346536613062343265
+30333239363730643432366562613766366561346232653537636637646635323163636139666163
+66616439343663613964633839613938653834633863656230646638346539306334653535626437
+39373030363337356366313864633737336334323662633639346237373030663131663237623035
+33396639343266326230353135323533303639306637333863636332386562323963653435336630
+31613839323164623335653635343733633365323161633065383861346263343563336134373835
+37616365653034333464653737626533353031333735313634383265646236616634643830626337
+38343264343361333036653138663438636239306332346231373164306639623834313365376636
+61643266346163613231303961623264623133356538613464313030613863623939303363643562
+33313164653461623338313261363334393061393338363339303739316634356638393165353036
+36343735393539326463363434363764343261663462336330373431646166653339653632346636
+3734
diff --git a/ansible/vars/wireguard.yml b/ansible/vars/wireguard.yml
new file mode 100644
index 0000000..2dbdd5e
--- /dev/null
+++ b/ansible/vars/wireguard.yml
@@ -0,0 +1,42 @@
+$ANSIBLE_VAULT;1.1;AES256
+61346363306364616466663338616238653462383166366138333032323663326230613937363533
+6165353638336665343234323931613636346435643737390a383137376337336637666164393962
+39316631643336373431343636383731306333383465616335313762356334623530323830623431
+6636306439643162370a313361666537343461333166633435323034303631393635663230373433
+62613037323262393265356330623536613364343238313338303131633036626261336666366635
+39653536303666356365643332396132383565323263393533396365393265323733313931393131
+61393535636637643364383031376131363861643865643231383332336237343736363863396630
+39363631373333633434343263363236666537636134366463643634373361646636306638353039
+34626165393966353734646533666534316530636339643732643832343062663266313439373863
+66666632303262376339633865343161393435656236376264623262633930343739663631623935
+63666233373630616363623431663137303661336538643432373936366531633636393836393130
+61616465613263393561373066313638373436643734383266386235656661396634323966663238
+36343961643435623538343932303866393836356439656435663830613633646166323861653732
+32656137313538303861626539323361346337313164356339666261653734326238336166326336
+66643631393266626238343962636430643833306632386531303432383263643335303334623535
+66663862333234363134323232646163333031393266303266366533663934653534336434306664
+31623730633438336630643765306234383637316437643639363765626238393239616436636462
+65643339323335623636326161326230356464353631346234643934656161616234623238386263
+31383665393239663639336162343436383036623639336433373131333764623339376666353565
+39316564396639313433633732613665653334313963323830343439616264616536353530333738
+63613735646564313932646562343635396336343866633331343631623835356633613264656333
+30363236356538626139343062303233326232616435653464366264303133663561323938613337
+39366139396435376237346563366237383630393233653933346562633730386536376434313132
+38366433626563343530396361386663356131363066613762653332346163336134666438333130
+34613236373835316361326162353763376239386237333864393565656263653330306662373964
+62396438656232316232366130313135666133313537396439646466383036313038336439623764
+63323934393135346636643366643631323562353133356665666565613738323033323633643362
+36393736306135633862306661303264316366383365646330393461346339613365343033336132
+37663362613338633862383965323439333732326162616235343265323036656139313530376138
+31383763643235663438626163313664663964626162663966363239323430396565623164363464
+66616566386433396536633865356236373766656465303965316537393132643239373866313931
+33653461333138313237636138373666663930666233313734623739383134383930666665303734
+64656564326362636431633463363363313539626530333136363334633039333136306466663861
+63306465343130333361616133383330643932326164636166636631363764326231656163323665
+30633931323934326566346135633032643662346138643464376232323935393266623865623065
+36623939646233633265316264656532343539636266316337333336623437663461353439356266
+33666632393264303063626666366235626131616336363938613266616237616133333631653861
+35323837623239373561663438356634666537316564363266633266653638323765363337653664
+33333165303130343638323261333338616463636531653938393464363961623432316432346166
+38363430353361393339623735313138306239623264616135326237633732333735613830656134
+30363161623732653365333934366262646663326536383037376264663833313635
diff --git a/cloud-init/arm-ubuntu/network-config b/cloud-init/arm-ubuntu/network-config
new file mode 100644
index 0000000..93bfe84
--- /dev/null
+++ b/cloud-init/arm-ubuntu/network-config
@@ -0,0 +1,36 @@
+# This file contains a netplan-compatible configuration which cloud-init will
+# apply on first-boot (note: it will *not* update the config after the first
+# boot). Please refer to the cloud-init documentation and the netplan reference
+# for full details:
+#
+# https://cloudinit.readthedocs.io/en/latest/topics/network-config.html
+# https://cloudinit.readthedocs.io/en/latest/topics/network-config-format-v2.html
+# https://netplan.io/reference
+#
+# Please note that the YAML format employed by this file is sensitive to
+# differences in whitespace; if you are editing this file in an editor (like
+# Notepad) which uses literal tabs, take care to only use spaces for
+# indentation. See the following link for more details:
+#
+# https://en.wikipedia.org/wiki/YAML
+#
+# Some additional examples are commented out below
+
+version: 2
+ethernets:
+  eth0:
+    match:
+      name: eth0
+    mtu: 1500
+vlans:
+  vlan.2:
+    addresses:
+      - 10.0.2.6/26
+    gateway4: 10.0.2.1
+    id: 2
+    link: eth0
+    nameservers:
+      addresses:
+        - 10.0.0.31
+      search:
+        - kube.rostvik.site
diff --git a/cloud-init/arm-ubuntu/user-data b/cloud-init/arm-ubuntu/user-data
index a12d883..a76f570 100644
--- a/cloud-init/arm-ubuntu/user-data
+++ b/cloud-init/arm-ubuntu/user-data
@@ -1,28 +1,23 @@
 #cloud-config
+hostname: node01.kube.rostvik.home
+manage_etc_hosts: false
+packages:
+  - avahi-daemon
+apt:
+  conf: |
+    Acquire {
+      Check-Date "false";
+    };
 
-# This is the user-data configuration file for cloud-init. By default this sets
-# up an initial user called "ubuntu" with password "ubuntu", which must be
-# changed at first login. However, many additional actions can be initiated on
-# first boot from this file. The cloud-init documentation has more details:
-#
-# https://cloudinit.readthedocs.io/
-#
-# Some additional examples are provided in comments below the default
-# configuration.
+users:
+  - name: roxedus
+    groups: users,adm,dialout,audio,netdev,video,plugdev,cdrom,games,input,sudo
+    shell: /bin/bash
+    lock_passwd: false
+    passwd: $5$YxK61GIcH3$2Gkt.6AT8huISMLlVpCiPYEaqfWYMMqvs1/ns0tsl07
+    ssh_authorized_keys:
+      - |
+        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCCAoaJP2lAulXrzWrbJe95q5dAkdwrO+VnOrkRwNF9fTHvJf9nTFYxULerBy1tsi0agtwbpLJ4c3ip6mb6bnFS8LpsBleKwOg4ph7cBZDnscIQcoYiK3CvI82A8BILuTP+WYY4qnsTJWw8AHApnzxCzPWEAVbJ1SqaS1itJlGUpfSgp0d0J+mOLa8IJstNEc9H/ijKwCiM2u5kyIOoDt1Xupa5SAi5AQnsHc2YalJOoX1DEI8U6nk99ms0jYULs5U0l/bJ+yV8VX8L/ZUpf33rvoxQMNHQCE+iZ4pJZL6RD6llkUucNuhyrL7oOom2uwgWg7gbD3aLHoaKQAkNhMyvColXw8QRIzquSdiGRYOiz3IflGZzagAVDSldKWk8mXQAQOonjSqW0F/ryyFoD8gslpeYpmKsfcSPO9tpVHiHrEuEHeEkQv+gUr/Gy/gZlujR8S/aAmKE4KDt+qlj6w74LB4rBKtqv/CygQVvAkiAt40l3ChnNesVulbQiJ7MpojCjNWD5dkjP2p1IC7FzyzxGS6qRybm3R8+/TcmeZeZnUuITNHlZakZh5OcJLFRGQdyIN4J7otZ7SyXWTl7oOEQ09+eopiyYQvYu7zqj+O88ELiWQvBBVrCjovJDVIew7Dh7sDBWXq2hh52BgUBQbQNjJwLzVXtM/Nm+zf/KQamQ== simen@rostvik.no
+    sudo: ALL=(ALL) NOPASSWD:ALL
 
-# https://cloudinit.readthedocs.io/en/latest/topics/examples.html#yaml-examples
-
-chpasswd:
-  expire: false
-  list:
-    - roxedus:roxedus
-
-# Enable password authentication with the SSH daemon
-ssh_pwauth: true
-
-system_info:
-  default_user:
-    name: roxedus
-    plain_text_passwd: roxedus
-    ssh_import_id:
-      - gh:Roxedus
+timezone: Europe/Oslo