diff --git a/.gitmodules b/.gitmodules
index a93a9ad..f97b0c0 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,7 +1,3 @@
-[submodule "roles/workstation_packages"]
-	path = roles/workstation_packages
-	url = https://github.com/chaos-bodensee/role_install_workstaton_packages.git
-	branch = master
 [submodule "roles/dotfiles"]
 	path = roles/dotfiles
 	url = https://github.com/roles-ansible/ansible_role_dotfiles.git
@@ -22,26 +18,10 @@
 	path = roles/do1jlr.sshd
 	url = https://github.com/roles-ansible/ansible_role_sshd.git
 	branch = main
-[submodule "roles/nextcloud"]
-	path = roles/nextcloud
-	url = https://github.com/DO1JLR/role_nextcloud_client.git
-	branch = master
-[submodule "roles/arch-fonts"]
-	path = roles/arch-fonts
-	url = https://github.com/chaos-bodensee/role-arch-fonts.git
-	branch = master
 [submodule "roles/akku-warning"]
 	path = roles/akku-warning
 	url = https://github.com/roles-ansible/role_akku_warning.git
 	branch = main
-[submodule "roles/install-firefox"]
-	path = roles/install-firefox
-	url = https://github.com/roles-ansible/ansible_role_install_firefox.git
-	branch = main
-[submodule "roles/xrandr"]
-	path = roles/xrandr
-	url = https://github.com/roles-ansible/ansible_role_xrandr_help.git
-	branch = main
 [submodule "roles/winehq"]
 	path = roles/winehq
 	url = https://github.com/ekultails/ansible_role_wine.git
diff --git a/roles/arch-fonts b/roles/arch-fonts
deleted file mode 160000
index ed81782..0000000
--- a/roles/arch-fonts
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit ed81782a5afa614e648b79b3fd1b1c53d1e86961
diff --git a/roles/copy_files/defaults/main.yml b/roles/copy_files/defaults/main.yml
deleted file mode 100644
index 732b813..0000000
--- a/roles/copy_files/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-copy_to_user: "{{ ansible_user_id }}"
diff --git a/roles/copy_files/tasks/main.yml b/roles/copy_files/tasks/main.yml
deleted file mode 100644
index 44c1d7c..0000000
--- a/roles/copy_files/tasks/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: copy files
-  copy: 
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  with_items:
-    - { src: 'files/background.png', dest: "/home/{{ copy_to_user }}/.config/background.png" }
-    - { src: 'files/lockscreen.png', dest: '/home/{{ copy_to_user }}/.config/lockscreen.png' }
-    - { src: 'files/xinitrc', dest: '/home/{{ copy_to_user }}/.xinitrc' }
-
diff --git a/roles/install-firefox b/roles/install-firefox
deleted file mode 160000
index 6b7d8d4..0000000
--- a/roles/install-firefox
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 6b7d8d470f81f46a067f9ed05a2b69d6d7c7784c
diff --git a/roles/l3d.etesync_dav b/roles/l3d.etesync_dav
index ee8044a..2425294 160000
--- a/roles/l3d.etesync_dav
+++ b/roles/l3d.etesync_dav
@@ -1 +1 @@
-Subproject commit ee8044a7be41599fbf340fade4e4f4342413e456
+Subproject commit 242529420b856b5923529e50652a9b2e553e1aca
diff --git a/roles/nextcloud b/roles/nextcloud
deleted file mode 160000
index 7fdf73f..0000000
--- a/roles/nextcloud
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 7fdf73f58b81c3b49aa8dff4578b0ca2a4da81d7
diff --git a/roles/openvpn/requirements.yml b/roles/openvpn/requirements.yml
new file mode 100644
index 0000000..a5a1e10
--- /dev/null
+++ b/roles/openvpn/requirements.yml
@@ -0,0 +1,4 @@
+---
+collections:
+  - name: 'community.general'
+    version: ">=7.5.0,<=8.0.0"
diff --git a/roles/openvpn/tasks/install.yml b/roles/openvpn/tasks/install.yml
new file mode 100644
index 0000000..9d0f853
--- /dev/null
+++ b/roles/openvpn/tasks/install.yml
@@ -0,0 +1,24 @@
+---
+- name: Run the equivalent of "pacman -Sy" as a separate step  # noqa: H1901
+  become: true
+  community.general.pacman:
+    update_cache: true
+  when: ansible_os_family == 'Archlinux'
+
+- name: Update Debian apt cache
+  become: true
+  ansible.builtin.apt:
+    cache_valid_time: 3600
+    update_cache: true
+  when:
+    - ansible_pkg_mgr == "apt"
+
+- name: Install OpenVPN all
+  become: true
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: 'present'
+  loop:
+    - 'openvpn'
+    - 'bridge-utils'
+    - 'easy-rsa'
diff --git a/roles/openvpn/tasks/main.yml b/roles/openvpn/tasks/main.yml
index 061b523..a76d07e 100644
--- a/roles/openvpn/tasks/main.yml
+++ b/roles/openvpn/tasks/main.yml
@@ -1,42 +1,12 @@
 ---
-- name: perform versionscheck
-  ansible.builtin.include_tasks: versioncheck.yml
+- name: Perform versionscheck
+  ansible.builtin.include_tasks:
+    file: 'versioncheck.yml'
 
-- name: Run the equivalent of "pacman -Syu" as a separate step
-  become: true
-  ansible.builtin.pacman:
-    update_cache: true
-    upgrade: true
-  when: ansible_os_family == 'Archlinux'
+- name: Install openvpn packages
+  ansible.builtin.include_tasks:
+    file: 'install.yml'
 
-- name: Install OpenVPN for ArchLinux
-  become: true
-  ansible.builtin.pacman:
-    name:
-      - openvpn
-      - bridge-utils
-      - easy-rsa
-    state: present
-  when: ansible_os_family == 'Archlinux'
-
-- name: Install OpenVPN all
-  become: true
-  ansible.builtin.package:
-    name:
-      - openvpn
-      - bridge-utils
-      - easy-rsa
-    state: present
-  when: ansible_os_family != 'Archlinux'
-
-- name: Add the tun module
-  become: true
-  community.general.modprobe:
-    name: tun
-    state: present
-
-- name: Add the bridge module
-  become: true
-  community.general.modprobe:
-    name: bridge
-    state: present
+- name: Make sure openvpn modules are present
+  ansible.builtin.include_tasks:
+    file: 'modprobe.yml'
diff --git a/roles/openvpn/tasks/modprobe.yml b/roles/openvpn/tasks/modprobe.yml
new file mode 100644
index 0000000..f059cc6
--- /dev/null
+++ b/roles/openvpn/tasks/modprobe.yml
@@ -0,0 +1,12 @@
+---
+- name: Add the tun module  # noqa: H1901
+  become: true
+  community.general.modprobe:
+    name: 'tun'
+    state: 'present'
+
+- name: Add the bridge module  # noqa: H1901
+  become: true
+  community.general.modprobe:
+    name: 'bridge'
+    state: 'present'
diff --git a/roles/openvpn/tasks/versioncheck.yml b/roles/openvpn/tasks/versioncheck.yml
index 0806f2c..7dd80c5 100644
--- a/roles/openvpn/tasks/versioncheck.yml
+++ b/roles/openvpn/tasks/versioncheck.yml
@@ -1,41 +1,44 @@
 ---
+# Copyright (c) 2021 L3D <l3d@c3woc.de>
+# this file is released with the MIT license.
+# License: https://github.com/roles-ansible/ansible_role_template/blob/main/LICENSE
 - name: Create directory for versionscheck
   become: true
   ansible.builtin.file:
     path: '/etc/.ansible-version'
     state: directory
-    mode: 0755
+    mode: '0755'
+  when: submodules_versioncheck | bool
 
-- name: check playbook version
+- name: Check playbook version
   become: true
   ansible.builtin.slurp:
     src: "/etc/.ansible-version/{{ playbook_version_path }}"
   register: playbook_version
-  ignore_errors: true
+  when: submodules_versioncheck | bool
   failed_when: false
 
-- name: Print remote role version
+- name: Print remote role version  # noqa: H500
   ansible.builtin.debug:
     msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
+  when: submodules_versioncheck | bool
 
-- name: Print locale role version
+- name: Print locale role version  # noqa: H500
   ansible.builtin.debug:
-    msg: "Local role version: '{{ playbook_version_number|string }}'."
+    msg: "Local role version: '{{ playbook_version_number | string }}'."
+  when: submodules_versioncheck | bool
 
 - name: Check if your version is outdated
   ansible.builtin.fail:
     msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
   when:
-    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
+    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
 
-- name: check if '/etc/ansible-version/' is empty
-  ansible.builtin.find:
-    paths: '/etc/ansible-version/'
-  register: filesFound
-
-- name: write new version to remote disk
+- name: Write new version to remote disk
   become: true
   ansible.builtin.copy:
     content: "{{ playbook_version_number }}"
     dest: "/etc/.ansible-version/{{ playbook_version_path }}"
     mode: '0644'
+  when: submodules_versioncheck | bool
+  tags: skip_ansible_lint_template-instead-of-copy
diff --git a/roles/workstation_packages b/roles/workstation_packages
deleted file mode 160000
index 99bcb12..0000000
--- a/roles/workstation_packages
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 99bcb120fe5020e257c4dddad20f04d215b1eed7
diff --git a/roles/xrandr b/roles/xrandr
deleted file mode 160000
index 445e76e..0000000
--- a/roles/xrandr
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 445e76ea5ced8b265b3ce3a9720cb65c6378136f
diff --git a/site.yml b/site.yml
index a895352..366ef02 100644
--- a/site.yml
+++ b/site.yml
@@ -8,13 +8,11 @@
   hosts: all
   roles:
     - {role: l3d.packages, tags: [packages, apt]}
-    # - {role: workstation_packages, tags: [default, workstation_packages, packages, setup]}
     - {role: l3d.ntp, tags: ntp}
     - {role: l3d.avahi.client, tags: avahi}
     - {role: l3d.avahi.daemon, tags: avahi}
     - {role: l3d.etesync_dav, tags: [etebase, etesync, dav]}
     - {role: gantsign.bat, tags: bat}
-    # - {role: arch-fonts, tags: [font, fonts, arch-fonts]}
     - {role: l3d.gopass, tags: gopass}
     - {role: do1jlr.i3wm, tags: i3wm}
 
@@ -28,11 +26,6 @@
 #     - {role: akku-warning, tags: [akku, akku_warning, akku-warning]}
 #     - {role: pulseaudio, tags: pulseaudio}
 #     - {role: networkmanager, tags: [nm, networkmanager]}
-#     - {role: copy_files}
-#     - {role: do1jlr.i3wm, tags: i3wm}
-#     - {role: xrandr, tags: xrandr}
-#     - {role: install-firefox, tags: firefox}
-#     - {role: nextcloud, tags: nextcloud}
 #     - {role: openvpn, tags: openvpn}
 #     - {role: winehq, tags: [wine, winehq]}
 #     - {role: no-sleep, tags: no_sleep}