diff --git a/playbook.yaml b/playbook.yaml
index 7d2254e..2845d99 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -17,7 +17,7 @@
 
 - hosts: backup
   roles:
-    - { role : backup, tags : [ "backup" ] }
+    - { role : backup-vm, tags : [ "backup" ] }
 
 - hosts: kube1
   roles:
diff --git a/roles/backup-vm/ths_cal_backup.sh b/roles/backup-vm/files/ths_cal_backup.sh
similarity index 100%
rename from roles/backup-vm/ths_cal_backup.sh
rename to roles/backup-vm/files/ths_cal_backup.sh
diff --git a/roles/backup-vm/files/vsyncdir.conf b/roles/backup-vm/files/vsyncdir.conf
new file mode 100644
index 0000000..1a42e0b
--- /dev/null
+++ b/roles/backup-vm/files/vsyncdir.conf
@@ -0,0 +1,19 @@
+[general]
+status_path = "~/.vdirsyncer/status/"
+
+[pair ths_caldav]
+a = "ths_remote_caldav"
+b = "ths_local_caldav"
+collections = ["from a"]
+
+[storage ths_remote_caldav]
+type = "caldav"
+read_only = true
+url = "https://ths.atlantishq.de/remote.php/dav/calendars/backup/ths_shared_by_ths/"
+username = "backup"
+password = "HISTORY_PURGED_SECRET"
+
+[storage ths_local_caldav]
+type = "filesystem"
+path = "~/ths-caldav/"
+fileext = ".ics"
diff --git a/roles/backup-vm/tasks/main.yaml b/roles/backup-vm/tasks/main.yaml
new file mode 100644
index 0000000..fb84150
--- /dev/null
+++ b/roles/backup-vm/tasks/main.yaml
@@ -0,0 +1,32 @@
+- name: Install tools
+  apt:
+    pkg:
+      - zip
+      - vdirsyncer
+
+- name: Copy Backup caldav script
+  copy:
+    src: ths_cal_backup.sh
+    dest: /home/sheppy/ths_cal_backup.sh
+    owner: sheppy
+    group: sheppy
+
+- name: Copy vdirsync config
+  copy:
+    src: vsyncdir.conf
+    dest: /home/sheppy/vsyncdir.conf
+    owner: sheppy
+    group: sheppy
+
+- name: Create backups dir
+  file:
+    path: /home/sheppy/backups/
+    state: directory
+    owner: sheppy
+    group: sheppy
+
+- name: Clone backup tools
+  git:
+    repo: https://github.com/FAUSheppy/backup-tools
+    dest: /home/sheppy/backups/backup-tools/
+    version: master
diff --git a/roles/global-handlers/handlers/main.yml b/roles/global-handlers/handlers/main.yml
index f03703c..dd96e4e 100644
--- a/roles/global-handlers/handlers/main.yml
+++ b/roles/global-handlers/handlers/main.yml
@@ -20,6 +20,21 @@
     name: influxdb
     state: restarted
 
+- name: restart postfix
+  systemd:
+    name: postfix
+    state: restarted
+
+- name: restart dovecot
+  systemd:
+    name: dovecot
+    state: restarted
+
+- name: restart nginx
+  systemd:
+    name: nginx
+    state: restarted
+
 - name: daemon reload
   systemd:
     daemon-reload: yes
diff --git a/roles/mail/files/enabled_senders b/roles/mail/files/enabled_senders
index adc9ba1..22518c4 100644
--- a/roles/mail/files/enabled_senders
+++ b/roles/mail/files/enabled_senders
@@ -1,7 +1,5 @@
 # Sender adress       the               user          may use :)
 HISTORY_PURGED_SECRET                    HISTORY_PURGED_SECRET
-check@atlantishq.de                     check@atlantishq.de,HISTORY_PURGED_SECRET
-test@atlantishq.de                      check@atlantishq.de
 joerg@darknet-fashion.de                joerg@darknet-fashion.de
 HISTORY_PURGED_SECRET               HISTORY_PURGED_SECRET
 @darknet-fashion.de                     joerg
diff --git a/roles/mail/files/nginx.conf b/roles/mail/files/nginx.conf
new file mode 100644
index 0000000..c37e128
--- /dev/null
+++ b/roles/mail/files/nginx.conf
@@ -0,0 +1,63 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+    ssl_certificate         /etc/letsencrypt/live/atlantishq.de/fullchain.pem;
+	ssl_certificate_key     /etc/letsencrypt/live/atlantishq.de/privkey.pem;
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
diff --git a/roles/mail/meta/main.yml b/roles/mail/meta/main.yml
new file mode 100644
index 0000000..c808c92
--- /dev/null
+++ b/roles/mail/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+    - global-handlers
diff --git a/roles/mail/tasks/main.yaml b/roles/mail/tasks/main.yaml
index 9613df5..f142142 100644
--- a/roles/mail/tasks/main.yaml
+++ b/roles/mail/tasks/main.yaml
@@ -2,15 +2,16 @@
   apt:
     pkg:
       - postfix
-      - dovecot
+      - dovecot-core
+      - dovecot-imapd
       - spamassassin
       - nginx
     state: present
 
 - name: Deploy Postfix config
-  file:
-    src: {{ item }}
-    dest: /etc/postfix/{{ item }}
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/postfix/{{ item }}"
   with_items:
     - dynamicmaps.cf
     - enabled_senders
@@ -24,21 +25,21 @@
   notify: restart postfix
 
 - name: Deploy Dovecot config
-  file:
-    src: {{ item }}
-    dest: /etc/dovecot/{{ item }}
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/dovecot/{{ item }}"
   with_items:
     - dovecot.conf
   notify: restart dovecot
 
 - name: Deploy nginx-config
-  file:
+  copy:
     src: nginx.conf
     dest: /etc/nginx/nginx.conf
   notify: restart nginx
 
 - name: Deploy nginx-config (page)
-  file:
+  copy:
     src: nginx_default.conf
     dest: /etc/nginx/sites-available/default
   notify: restart nginx