diff --git a/.gitmodules b/.gitmodules
index 48c9950..a95c1bd 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,72 +1,100 @@
 [submodule "roles/workstation_packages"]
 	path = roles/workstation_packages
 	url = https://github.com/chaos-bodensee/role_install_workstaton_packages.git
+	branch = master
 [submodule "roles/dotfiles"]
 	path = roles/dotfiles
-	url = https://github.com/chaos-bodensee/role_dotfiles.git
+	url = https://github.com/roles-ansible/ansible_role_dotfiles.git
+	branch = main
 [submodule "roles/pulseaudio"]
 	path = roles/pulseaudio
 	url = https://github.com/chaos-bodensee/role_pulseaudio_archlinux.git
+	branch = master
 [submodule "roles/authorized_keys"]
 	path = roles/do1jlr.auth
-	url = https://github.com/ffbsee/role-ssh_authorized_keys.git
+	url = https://github.com/roles-ansible/ansible_role_auth.git
+	branch = main
 [submodule "files/admin_ssh_keys"]
 	path = files/admin_ssh_keys
 	url = https://backwesen.de/ansible/ssh_public_keys.git
+	branch = main
 [submodule "roles/sshd"]
 	path = roles/do1jlr.sshd
 	url = https://github.com/roles-ansible/ansible_role_sshd.git
+	branch = main
 [submodule "roles/nextcloud"]
 	path = roles/nextcloud
 	url = https://github.com/DO1JLR/role_nextcloud_client.git
+	branch = master
 [submodule "roles/ntp"]
 	path = roles/ntp
-	url = https://github.com/chaos-bodensee/role-ntp.git
+	url = https://github.com/roles-ansible/ansible_role_ntp.git
+	branch = main
 [submodule "roles/arch-fonts"]
 	path = roles/arch-fonts
 	url = https://github.com/chaos-bodensee/role-arch-fonts.git
+	branch = master
 [submodule "roles/akku-warning"]
 	path = roles/akku-warning
 	url = https://github.com/roles-ansible/role_akku_warning.git
+	branch = main
 [submodule "roles/install-firefox"]
 	path = roles/install-firefox
 	url = https://github.com/roles-ansible/ansible_role_install_firefox.git
+	branch = main
 [submodule "roles/xrandr"]
 	path = roles/xrandr
-	url = https://github.com/chaos-bodensee/role-xrandr.git
+	url = https://github.com/roles-ansible/ansible_role_xrandr_help.git
+	branch = main
 [submodule "roles/winehq"]
 	path = roles/winehq
 	url = https://github.com/ekultails/ansible_role_wine.git
+	branch = master
 [submodule "roles/no-sleep"]
 	path = roles/no-sleep
 	url = https://github.com/chaos-bodensee/role_disable_sleep.git
+	branch = master
 [submodule "roles/manage_users"]
 	path = roles/do1jlr.users
-	url = https://github.com/chaos-bodensee/role-manage_users.git
+	url = https://github.com/roles-ansible/ansible_role_users.git
+	branch = main
 [submodule "roles/polybar"]
 	path = roles/polybar
 	url = https://github.com/chaos-bodensee/role_install-polybar.git
+	branch = master
 [submodule "roles/ansible_version"]
 	path = roles/ansible_version
 	url = https://github.com/chaos-bodensee/role-ansible_version.git
+	branch = main
 [submodule "roles/base"]
 	path = roles/do1jlr.base
 	url = https://github.com/roles-ansible/ansible_role_base.git
+	branch = main
 [submodule "roles/bat"]
 	path = roles/bat
 	url = https://github.com/gantsign/ansible_role_bat.git
+	branch = master
 [submodule "roles/amdgpu_firmware"]
 	path = roles/amdgpu_firmware
 	url = https://github.com/DO1JLR/ansible_role_amdgpu_firmware.git
+	branch = main
 [submodule "roles/do1jlr.avahi"]
 	path = roles/do1jlr.avahi_daemon
 	url = https://github.com/roles-ansible/ansible_role_avahi_daemon.git
+	branch = main
 [submodule "roles/do1jlr.avahi_client"]
 	path = roles/do1jlr.avahi_client
 	url = https://github.com/roles-ansible/ansible_role_avahi_client.git
+	branch = main
 [submodule "roles/do1jlr.i3wm"]
 	path = roles/do1jlr.i3wm
 	url = https://github.com/roles-ansible/ansible_role_i3wm.git
+	branch = main
 [submodule "roles/do1jlr.htop"]
 	path = roles/do1jlr.htop
 	url = https://github.com/roles-ansible/ansible_role_htop.git
+	branch = main
+[submodule "collections/ansible_collections/community/general"]
+	path = collections/ansible_collections/community/general
+	url = https://github.com/ansible-collections/community.general.git
+	branch = main
diff --git a/README.md b/README.md
index 46c84ab..42625f3 100644
--- a/README.md
+++ b/README.md
@@ -54,3 +54,7 @@ Or create a new git repo and be inspired by the roles L3D uses.
 If you find this usefull please take a few secounds and say thankyou to L3D.
 
 He is at the most [chaos events](https://events.ccc.de), simple give him a Tschunk or Club Mate there!
+
+ Additional Infos
+------------------
+By the way, to store sensible passwords, I am using the [community.general.passwordstore](https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html) Lookup to access my passwords, stored in [gopass](https://gopass.pw/) Password Manager.
diff --git a/ansible.cfg b/ansible.cfg
index d9d5c2a..09c82d2 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -8,3 +8,6 @@ interpreter_python = /usr/bin/python3
 [privilege_escalation]
 become_method = sudo
 become_user = root
+
+[passwordstore_lookup]
+backend = "gopass"
diff --git a/collections/ansible_collections/community/general b/collections/ansible_collections/community/general
new file mode 160000
index 0000000..42bc2cb
--- /dev/null
+++ b/collections/ansible_collections/community/general
@@ -0,0 +1 @@
+Subproject commit 42bc2cb4d8a61b9f4f501cd45017101f743c858c
diff --git a/inventory.py b/inventory.py
index 0487250..78957aa 100755
--- a/inventory.py
+++ b/inventory.py
@@ -24,6 +24,13 @@ def fqdn():
         hostname = f"{hostname}.local"
     return str(hostname)
 
+def become_pass(host):
+    """
+    return variable for become password using gopass lookup
+    """
+    passstring = str("\"ansible_become_pass\": \"{{ lookup('community.general.passwordstore', 'ansible/hosts/" + host + "/users/root') }}\"")
+    return passstring 
+
 def env(domain):
     """
     map a hostname to a space
@@ -47,7 +54,7 @@ def hostvars(host):
     """
     set variables to local connection
     """
-    local = str('"' + host + '": {"ansible_connection": "local"}')
+    local = str('"' + host + '": {"ansible_connection": "local", ' + str(become_pass(host)) + '}')
     return local
 
 def formated_host_group_list(host, group):
@@ -68,16 +75,4 @@ def main():
     group = env(host)
     print(json.dumps(formated_host_group_list(host, group), sort_keys=True, indent=2))
 
-
-
-#{
-#    "_meta": {
-#        "hostvars": { }
-#    },
-#
-#    "instances": {
-#        "hosts": ["10.66.70.33"]
-#    }
-# }
-
 main()
diff --git a/site.yml b/site.yml
index ebf5567..93b41d6 100644
--- a/site.yml
+++ b/site.yml
@@ -1,11 +1,20 @@
 ---
 - name: check if ansible is not to old
-  hosts: localhost
+  hosts: all
   roles:
     - {role: ansible_version, tags: always, gather_facts: false}
 
+- name: Test
+  hosts: all
+  tasks:
+    - name: TEST1
+      ansible.builtin.debug:
+        msg: "{{ ansible_become_pass }}"
+    - name: T2
+      ansible.builtin.debug:
+        msg: "{{ lookup('community.general.passwordstore', 'ansible/hosts/rarity.local/users/root') }}"
 - name: run do1jlr.base setup roles
-  hosts: localhost
+  hosts: all
   roles:
     #- {role: do1jlr.base, tags: [default, packages, base]}
     #- {role: workstation_packages, tags: [default, workstation_packages, packages, setup]}
@@ -15,7 +24,7 @@
       #- {role: arch-fonts, tags: [font, fonts, arch-fonts]}
 
 #- name: user specific setup
-#  hosts: localhost
+#  hosts: private
 #  roles:
     #- {role: dotfiles, tags: [default, dotfiles, fancy]}
     #- {role: manage_users, tags: [ssh, manage, manage_users]}