diff --git a/roles/base/tasks/system_setup/cron.yml b/roles/base/tasks/system_setup/cron.yml
index d47588e..7706ac6 100644
--- a/roles/base/tasks/system_setup/cron.yml
+++ b/roles/base/tasks/system_setup/cron.yml
@@ -13,7 +13,17 @@
     enabled: true
   when: ansible_distribution == "Archlinux"
 
-- name: add cronjob for ansible
+- name: system setup | cron | add cronjob for ansible on reboot
+  become: true
+  become_user: root
+  cron:
+    name: "ansible provision"
+    user: "{{ ansible_user_id }}"
+    job: 'ansible-pull --vault-password-file=~/.vaultpass -U "https://gitea.mewissen.site/rene/ansible-pull.git" -d "/opt/ansible-pull" -C master > /var/log/ansible_pull.log || cat /var/log/ansible_pull.log'
+    state: present
+    special_time: reboot
+
+- name: system setup | cron | add cronjob for ansible
   become: true
   become_user: root
   cron:
@@ -24,7 +34,7 @@
     minute: 0
     hour: 1
 
-- name: correct crontab for reboot | remove
+- name: system setup | cron | correct crontab for reboot | remove
   become: true
   become_user: root
   cron:
@@ -32,7 +42,7 @@
     job: '[[ -f /etc/ssh/ssh_host_* ]] | ssh-keygen -A'
     state: absent
 
-- name: correct crontab for reboot | remove
+- name: system setup | cron | correct crontab for reboot | remove
   become: true
   become_user: root
   cron:
@@ -40,23 +50,23 @@
     job: '[[ -f /etc/ssh/ssh_host_* ]] || ssh-keygen -A'
     state: absent
 
-- name: correct crontab for reboot | remove
+- name: system setup | cron | correct crontab for reboot | add
   become: true
   become_user: root
   cron:
     name: "generate SSH key on reboot, if missing"
     job: "[[ -f /etc/ssh/ssh_host_* ]] || ssh-keygen -A && systemctl restart {{ ssh_service }}"
-    state: absent
+    state: present
     special_time: reboot
 
-- name: correct crontab for reboot | add
+- name: system setup | cron | correct crontab for reboot | remove
   become: true
   become_user: root
   cron:
     name: "generate SSH key on reboot, if missing"
     job: >-
       {% raw %}KEYS=(/etc/ssh/ssh_host_*_key); (( ${#KEYS[@]} )) || ( ssh-keygen -A && systemctl restart {% endraw %}{{ ssh_service }}{% raw %} ){% endraw %}
-    state: present
+    state: absent
     special_time: reboot
 
 - name: base | cron | set shell to bash