diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..9f0fcd6
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,4 @@
+{
+    "editor.fontFamily": "'JetBrains Mono', 'NotoMono NF', 'DejaVuSansMono NF', 'MesloLGS NF', 'Droid Sans Mono', 'monospace', monospace, 'Droid Sans Fallback'",
+    "editor.fontSize": 17
+}
\ No newline at end of file
diff --git a/host_vars/mail.universe.local.yml b/host_vars/mail.universe.local.yml
index f9e0a6e..89c6cde 100644
--- a/host_vars/mail.universe.local.yml
+++ b/host_vars/mail.universe.local.yml
@@ -7,4 +7,5 @@ fetchmail: true
 mpop: true
 npm_cert: "npm-29"
 
-mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
\ No newline at end of file
+mynetworks: '192.168.1.0/24, 127.0.0.0/8, 192.168.122.0/24, 10.20.20.0/28, 172.16.0.0/12, 192.168.3.0/24'
+nginx_proxy_manager_cert_id: npm-1
\ No newline at end of file
diff --git a/roles/backup/files/config/backup_remote.conf b/roles/backup/files/config/backup_remote.conf
new file mode 100644
index 0000000..efa4cea
--- /dev/null
+++ b/roles/backup/files/config/backup_remote.conf
@@ -0,0 +1,3 @@
+mail;/opt/backup/config/mail_includes.txt;/opt/backup/config/mail_excludes.txt
+jitsi;/opt/backup/config/jitsi_includes.txt;/opt/backup/config/jitsi_excludes.txt
+mewitoot;/opt/backup/config/mewitoot_includes.txt;/opt/backup/config/mewitoot_excludes.txt
diff --git a/roles/backup/files/config/jitsi_excludes.txt b/roles/backup/files/config/jitsi_excludes.txt
new file mode 100644
index 0000000..751553b
--- /dev/null
+++ b/roles/backup/files/config/jitsi_excludes.txt
@@ -0,0 +1 @@
+*.bak
diff --git a/roles/backup/files/config/jitsi_includes.txt b/roles/backup/files/config/jitsi_includes.txt
new file mode 100644
index 0000000..72cf29d
--- /dev/null
+++ b/roles/backup/files/config/jitsi_includes.txt
@@ -0,0 +1,6 @@
+/etc
+/home
+/root
+/usr/share/jitsi-meet
+/var/spool/cron
+/var/www
diff --git a/roles/backup/files/config/mail_excludes.txt b/roles/backup/files/config/mail_excludes.txt
new file mode 100644
index 0000000..25be2eb
--- /dev/null
+++ b/roles/backup/files/config/mail_excludes.txt
@@ -0,0 +1 @@
+dotfiles
diff --git a/roles/backup/files/config/mail_includes.txt b/roles/backup/files/config/mail_includes.txt
new file mode 100644
index 0000000..1bfc9f9
--- /dev/null
+++ b/roles/backup/files/config/mail_includes.txt
@@ -0,0 +1,5 @@
+/etc
+/home
+/opt/backup
+/opt/mailcow-dockerized
+/var/lib/docker/volumes
diff --git a/roles/backup/files/config/mewitoot_excludes.txt b/roles/backup/files/config/mewitoot_excludes.txt
new file mode 100644
index 0000000..751553b
--- /dev/null
+++ b/roles/backup/files/config/mewitoot_excludes.txt
@@ -0,0 +1 @@
+*.bak
diff --git a/roles/backup/files/config/mewitoot_includes.txt b/roles/backup/files/config/mewitoot_includes.txt
new file mode 100644
index 0000000..2571ad0
--- /dev/null
+++ b/roles/backup/files/config/mewitoot_includes.txt
@@ -0,0 +1,7 @@
+/etc
+/home
+/root
+/var/backups/postgresql
+/var/cache/bind
+/var/lib/bind
+/var/spool/cron
diff --git a/roles/base/files/private_keys/backup_ed25519 b/roles/base/files/private_keys/backup_ed25519
new file mode 100644
index 0000000..f04053f
--- /dev/null
+++ b/roles/base/files/private_keys/backup_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACC11KG9c+/tJQLzFpNKaYg5wO69qGnLma+b+Xr+zHgLGQAAAKBVvgLPVb4C
+zwAAAAtzc2gtZWQyNTUxOQAAACC11KG9c+/tJQLzFpNKaYg5wO69qGnLma+b+Xr+zHgLGQ
+AAAEDXqxgmtwQkJQM18+vIoUlDdzKdTlavht+6lQtvG9/ap7XUob1z7+0lAvMWk0ppiDnA
+7r2oacuZr5v5ev7MeAsZAAAAHXJvb3RAY29ydXNjYW50LnVuaXZlcnNlLmxvY2Fs
+-----END OPENSSH PRIVATE KEY-----
\ No newline at end of file
diff --git a/roles/base/files/public_keys/backup_ed25519.pub b/roles/base/files/public_keys/backup_ed25519.pub
index bab4c91..565bbc3 100644
--- a/roles/base/files/public_keys/backup_ed25519.pub
+++ b/roles/base/files/public_keys/backup_ed25519.pub
@@ -1 +1,10 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILXUob1z7+0lAvMWk0ppiDnA7r2oacuZr5v5ev7MeAsZ root@coruscant.universe.local
+$ANSIBLE_VAULT;1.1;AES256
+39376634373232333037646564313065326466623661356638343239333039663836363231316162
+3166333131373636666166623863323162643732303931620a643130383065633662343461366437
+32616232356536613435336363356435373437363935333637643764396630656561373235303065
+3732396536616537660a656138666562643739653263316431656533656461653438376262353565
+37656262383766656665383730626532626331316435383131653939373537326236353538376665
+38323765383039343537653236626631616265623332373133333232386338643832303664653730
+62666165383037636264646532386438646538313436333137383833333530373461316664613737
+37333530356139386131393339643838633834636462323364646533636165616433393932383533
+65666439656561646334646633326538363332626233663034636632646531663366
diff --git a/roles/base/files/users/known_hosts b/roles/base/files/users/known_hosts
index f55f7b7..e719c7e 100644
--- a/roles/base/files/users/known_hosts
+++ b/roles/base/files/users/known_hosts
@@ -46,3 +46,5 @@ localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUg4UIbuIC0o9o/w50CjLUUsNzRtx/BmR
 172.16.0.223 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Xoeu7qRbWJjaFSM18RuXfCkZdaCfEBSVpY0gQdPgghO/ofejF8EqwlfZ5gz4HfQQjJ3cLZ+l0hP08sARZDfeYRhLfn8YP+ZjmtWaOHewdyYnR9wcGgtsiV3cmJwItfG524NAhi1PbYE5MzdGGamOeDlhvBmNM/s215EJNheIkGl7SLXkSqEqnPQkX4OSHEI9PsWw/dEsyvMEkl5IMBOukoiHypDvLJr/wMyRRJEC9E794KJt4H/kJwxLUzk7IT6KIBsUf3we7fM6fwLdzfjGFS5t3nMDGiuph/x5xPzR4WipJ8dIDkClu+orSA/7tbOfV8zambchTQKaNmLKSHLj
 172.16.0.223 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIFH5vIt3f7GLHbHFYNluoxswNXeJ4+0wmWyJR41IHjvww+M5zZfbOavxBHAfXV3Zyi85W89qSklvjy0wYDctH8=
 192.168.1.222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3qDNg4d//HlwVMPhQXFBAGNflx3J7JFxEUcav7/qRs
+docker01 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2ePwlU2sJtRqTK6s1GFmzAHbxrTsVw3Gdo8UGqmMJ9
+docker01 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAOkprfhz7eo55wTXSjM3nAjxSCnF7zQZ+IEViE4orduxve6WSB9pERj79kP2Mgt1Z4jk6HP9U9n+l4CkuLN6Bg=
\ No newline at end of file
diff --git a/roles/mailserver/tasks/configure_dovecot.yml b/roles/mailserver/tasks/configure_dovecot.yml
new file mode 100644
index 0000000..03db115
--- /dev/null
+++ b/roles/mailserver/tasks/configure_dovecot.yml
@@ -0,0 +1,5 @@
+- name: mailserver | configure dovecot | create config dir
+  file:
+    path: "/etc/dovecot/conf.d"
+    state: directory
+    recurse: True
\ No newline at end of file
diff --git a/roles/mailserver/tasks/copy_certificates.yml b/roles/mailserver/tasks/copy_certificates.yml
new file mode 100644
index 0000000..5675592
--- /dev/null
+++ b/roles/mailserver/tasks/copy_certificates.yml
@@ -0,0 +1,3 @@
+- name: mailserver | certificates | scp from docker01
+  shell:
+    cmd: "rsync -rlptD docker01:/opt/docker/npm/letsencrypt /etc/"
\ No newline at end of file
diff --git a/roles/mailserver/tasks/main.yml b/roles/mailserver/tasks/main.yml
index 73d85eb..67e40a9 100644
--- a/roles/mailserver/tasks/main.yml
+++ b/roles/mailserver/tasks/main.yml
@@ -3,6 +3,8 @@
   tags: always
 
 - block:
+  - include_tasks: copy_certificates.yml
+
   - block:
     - include_tasks: install_postfix.yml
     - include_tasks: configure_postfix.yml