diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 22cdaa7..000c0ff 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -1,6 +1,5 @@
ansible_python_interpreter: /usr/bin/python3
basics_autoupdate_mail: backend@hamburg.freifunk.net
-basics_autoupdate_reboot_time: "04:00"
nginx_error_log: "/dev/null error"
diff --git a/inventory/host_vars/cloud.yml b/inventory/host_vars/cloud.yml
deleted file mode 100644
index 15252b4..0000000
--- a/inventory/host_vars/cloud.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-nginx_ciphers: "ECDH+aRSA+CHACHA20:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384"
-nginx_resolver: "[2a03:2267:2::10] [2a03:2267:2::20] [2a03:2267:2::30]"
-openssl_ciphersuites: "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"
diff --git a/inventory/host_vars/srv02.yml b/inventory/host_vars/srv02.yml
index 0e09f60..75aa1db 100644
--- a/inventory/host_vars/srv02.yml
+++ b/inventory/host_vars/srv02.yml
@@ -3,9 +3,6 @@ basics_autoupdate_origins:
- o=Prosody,n=${distro_codename}
- o=TorProject,n=${distro_codename}
-hopglass_frontend_tls_crt: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/fullchain.pem
-hopglass_frontend_tls_key: /etc/letsencrypt/live/hopglass.hamburg.freifunk.net/privkey.pem
-
media_tls_crt: /etc/letsencrypt/live/media.hamburg.freifunk.net/fullchain.pem
media_tls_key: /etc/letsencrypt/live/media.hamburg.freifunk.net/privkey.pem
diff --git a/roles/hopglass-frontend/defaults/main.yml b/roles/hopglass-frontend/defaults/main.yml
deleted file mode 100644
index 775bd1c..0000000
--- a/roles/hopglass-frontend/defaults/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-hopglass_frontend_path: /opt/hopglass-frontend
-nodejs_version: node_8.x
diff --git a/roles/hopglass-frontend/meta/main.yml b/roles/hopglass-frontend/meta/main.yml
deleted file mode 100644
index 8b662c9..0000000
--- a/roles/hopglass-frontend/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-dependencies:
- - role: nginx
diff --git a/roles/hopglass-frontend/tasks/install-hopglass.yml b/roles/hopglass-frontend/tasks/install-hopglass.yml
deleted file mode 100644
index 0792d6b..0000000
--- a/roles/hopglass-frontend/tasks/install-hopglass.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-- name: clone hopglass
- git:
- repo: "https://github.com/hopglass/hopglass"
- dest: "{{ hopglass_frontend_path }}"
- accept_hostkey: yes
- update: no
-
-- name: create build directory
- file:
- path: "{{ hopglass_frontend_path }}/build"
- state: directory
-
-- name: template config.json
- template:
- src: hopglass-config.j2
- dest: "{{ hopglass_frontend_path }}/build/config.json"
-
-- name: template nginx site
- template:
- src: nginx-site.j2
- dest: /etc/nginx/sites-available/hopglass
- notify: reload nginx
-
-- name: enable site
- file:
- src: ../sites-available/hopglass
- dest: /etc/nginx/sites-enabled/hopglass
- state: link
- notify: reload nginx
-
-- name: template make-hopglass-frontend
- template:
- src: make-hopglass-frontend.j2
- dest: /usr/local/bin/make-hopglass-frontend
- mode: 0755
- register: make
-
-- name: show usage information
- debug:
- msg: ">>> Because Node.js is terrible, please run make-hopglass-frontend manually. <<<"
- when: make.changed
diff --git a/roles/hopglass-frontend/tasks/install-nodejs.yml b/roles/hopglass-frontend/tasks/install-nodejs.yml
deleted file mode 100644
index f608748..0000000
--- a/roles/hopglass-frontend/tasks/install-nodejs.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- name: check for npm
- find:
- paths: [/bin, /usr/bin, /usr/local/bin]
- patterns: npm
- file_type: any
- register: npm
-
-- name: install APT HTTPS transport
- apt:
- name: apt-transport-https
- cache_valid_time: 86400
- when: npm.matched == 0
-
-- name: add NodeSource signing key
- apt_key:
- url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
- id: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280
- when: npm.matched == 0
-
-- name: add NodeSource repository
- apt_repository:
- repo: "deb https://deb.nodesource.com/{{ nodejs_version }} {{ ansible_lsb.codename }} main"
- filename: nodesource
- when: npm.matched == 0
-
-- name: install Node.js
- apt:
- name:
- - build-essential
- - nodejs
- cache_valid_time: 86400
- when: npm.matched == 0
diff --git a/roles/hopglass-frontend/tasks/main.yml b/roles/hopglass-frontend/tasks/main.yml
deleted file mode 100644
index 52c23cb..0000000
--- a/roles/hopglass-frontend/tasks/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- include: install-nodejs.yml
- tags: nodejs
-- include: install-hopglass.yml
- tags: hopglass-frontend
diff --git a/roles/hopglass-frontend/templates/hopglass-config.j2 b/roles/hopglass-frontend/templates/hopglass-config.j2
deleted file mode 100644
index 99c43b8..0000000
--- a/roles/hopglass-frontend/templates/hopglass-config.j2
+++ /dev/null
@@ -1,63 +0,0 @@
-{
- "dataPath": "https://hopglass-backend.hamburg.freifunk.net/",
- "siteName": "Freifunk Hamburg",
- "mapSigmaScale": 1.1,
- "showContact": false,
- "maxAge": 2,
- "mapLayers": [
- {
- "name": "OpenStreetMap",
- "url": "https://{s}.tile.openstreetmap.de/tiles/osmde/{z}/{x}/{y}.png",
- "config": {
- "maxZoom": 18,
- "attribution": "© OpenStreetMap"
- }
- },
- {
- "name": "Satellitenbild",
- "url": "https://server.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer/tile/{z}/{y}/{x}",
- "config": {
- "attribution": "Tiles © Esri — Source: Esri, i-cubed, USDA, USGS, AEX, GeoEye, Getmapping, Aerogrid, IGN, IGP, UPR-EGP, and the GIS User Community"
- }
- },
- {
- "name": "Stamen (TonerLite)",
- "url": "https://stamen-tiles-{s}.a.ssl.fastly.net/toner-lite/{z}/{x}/{y}.png",
- "config": {
- "maxZoom": 20,
- "attribution": "Map tiles by Stamen Design, CC BY 3.0 — Map data © OpenStreetMap"
- }
- }
- ],
- "nodeInfos": [
- {
- "name": "Clientstatistik",
- "href": "https://statistik.hamburg.freifunk.net/dashboard/db/freifunk-knoteninfo-knoten-id?var-region=ffhh&var-knoten={NODE_ID}",
- "thumbnail": "https://statistik.hamburg.freifunk.net/render/dashboard-solo/db/freifunk-knoteninfo-knoten-id?panelId=1&var-region=ffhh&var-knoten={NODE_ID}&theme=light&width=530&height=332&from=now-3d",
- "caption": "Verbundene Clients in den letzten 3 Tage an Knoten {NODE_ID}"
- }
- ],
- "globalInfos": [
- {
- "name": "Clientstatistik (gesamt)",
- "href": "https://statistik.hamburg.freifunk.net/dashboard/db/freifunk-ubersicht?var-region=ffhh",
- "thumbnail": "https://statistik.hamburg.freifunk.net/render/dashboard-solo/db/freifunk-ubersicht?panelId=1&var-region=ffhh&theme=light&width=530&height=332&from=now-3d",
- "caption": "Verbundene Clients in den letzten 3 Tagen"
- }
- ],
- "linkInfos": [],
- "siteNames": [
- { "site": "ffhh", "name": "Hamburg" },
- { "site": "ffhh-nowe", "name": "Hamburg-NordWest" },
- { "site": "ffhh-ost", "name": "Hamburg-Ost" },
- { "site": "ffhh-sued", "name": "Hamburg-Sued" },
- { "site": "ffhh-west", "name": "Hamburg-West" }
- ],
- "domainNames": [
- { "domain": "ffhh_nowe", "name": "Hamburg-NordWest" },
- { "domain": "ffhh_ost", "name": "Hamburg-Ost" },
- { "domain": "ffhh_sued", "name": "Hamburg-Sued" },
- { "domain": "ffhh_west", "name": "Hamburg-West" }
- ],
- "hwImg": []
-}
diff --git a/roles/hopglass-frontend/templates/make-hopglass-frontend.j2 b/roles/hopglass-frontend/templates/make-hopglass-frontend.j2
deleted file mode 100644
index 259e8f7..0000000
--- a/roles/hopglass-frontend/templates/make-hopglass-frontend.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-cd {{ hopglass_frontend_path }}
-npm install
-npm install grunt-cli
-node_modules/.bin/grunt
diff --git a/roles/hopglass-frontend/templates/nginx-site.j2 b/roles/hopglass-frontend/templates/nginx-site.j2
deleted file mode 100644
index 4cdff97..0000000
--- a/roles/hopglass-frontend/templates/nginx-site.j2
+++ /dev/null
@@ -1,40 +0,0 @@
-{% if hopglass_frontend_tls_crt is defined %}
-server {
- server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;
- listen 443 ssl;
- listen [::]:443 ssl;
- ssl_certificate {{ hopglass_frontend_tls_crt }};
- ssl_certificate_key {{ hopglass_frontend_tls_key }};
-
- include snippets/header-hsts.conf;
- include snippets/no-unsafe-files.conf;
-
- add_header Referrer-Policy same-origin;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- proxy_hide_header Referrer-Policy;
- proxy_hide_header X-Content-Type-Options;
- proxy_hide_header X-XSS-Protection;
-
- root {{ hopglass_frontend_path }}/build;
-}
-
-{% endif %}
-server {
- server_name map.hamburg.freifunk.net hopglass.hamburg.freifunk.net;
- listen 80;
- listen [::]:80;
-
-{% if hopglass_frontend_tls_crt is defined %}
- location / {
- return 302 https://$host$request_uri;
- }
-{% else %}
- include snippets/header-security.conf;
- include snippets/no-unsafe-files.conf;
-
- root {{ hopglass_frontend_path }}/build;
-{% endif %}
-
- include snippets/location-acme.conf;
-}
diff --git a/roles/ntp-server/handlers/main.yml b/roles/ntp-server/handlers/main.yml
deleted file mode 100644
index d879ff1..0000000
--- a/roles/ntp-server/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: restart ntpd
- service:
- name: ntp
- state: restarted
diff --git a/roles/ntp-server/tasks/main.yml b/roles/ntp-server/tasks/main.yml
deleted file mode 100644
index 9b3c42d..0000000
--- a/roles/ntp-server/tasks/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: install ntpd
- apt:
- name: ntp
- state: present
- tags: ntp
-
-- name: template ntp.conf
- template:
- src: ntp.conf.j2
- dest: /etc/ntp.conf
- backup: yes
- notify: restart ntpd
- tags: ntp
-
-- name: start and enable ntpd
- service:
- name: ntp
- state: started
- enabled: yes
- tags: ntp
diff --git a/roles/ntp-server/templates/ntp.conf.j2 b/roles/ntp-server/templates/ntp.conf.j2
deleted file mode 100644
index f4c065d..0000000
--- a/roles/ntp-server/templates/ntp.conf.j2
+++ /dev/null
@@ -1,36 +0,0 @@
-# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
-
-driftfile /var/lib/ntp/ntp.drift
-
-logfile /var/log/ntpstats/ntp.log
-
-statistics loopstats peerstats clockstats
-filegen loopstats file loopstats type day enable
-filegen peerstats file peerstats type day enable
-filegen clockstats file clockstats type day enable
-
-server 127.127.1.0
-fudge 127.127.1.0 stratum 10
-
-server ptbtime1.ptb.de
-server ptbtime2.ptb.de
-server ptbtime3.ptb.de
-
-# Restrict all incoming connection
-restrict -4 default ignore
-restrict -6 default ignore
-
-restrict 192.53.103.108 nomodify notrap nopeer noquery
-restrict 192.53.103.104 nomodify notrap nopeer noquery
-restrict 192.53.103.103 nomodify notrap nopeer noquery
-
-# Local users may interrogate the ntp server more closely.
-restrict 127.0.0.1
-restrict -6 ::1
-
-# Disable the monlist request as this is associated with ntp
-# amplification attacks
-disable monitor
-restrict {{ prefix4.split("/")[0] }} mask {{ prefix4 | ipaddr('netmask') }} nomodify notrap nopeer
-restrict {{ prefix6.split("/")[0] }} mask {{ prefix6 | ipaddr('netmask') }} nomodify notrap nopeer
-
diff --git a/services.yml b/services.yml
index e36bea5..b07f93b 100644
--- a/services.yml
+++ b/services.yml
@@ -1,12 +1,4 @@
---
-- hosts: hopglass-frontend
- roles:
- - hopglass-frontend
-
-- hosts: services
- roles:
- - ntp-server
-
- hosts: media
roles:
- website/media