Merge branch 'topic/network-interfaces-variables-refactoring'

91 files changed, 688 insertions, 611 deletions

diff --git a/chaos-at-home/host_vars/r3-cccamp19-sw0.yml b/_graveyard_/chaos-at-home/host_vars/r3-cccamp19-sw0.yml
index 9a0e7782..9a0e7782 100644
--- a/chaos-at-home/host_vars/r3-cccamp19-sw0.yml
+++ b/_graveyard_/chaos-at-home/host_vars/r3-cccamp19-sw0.yml
diff --git a/chaos-at-home/r3-cccamp19-gw.yml b/_graveyard_/chaos-at-home/r3-cccamp19-gw.yml
index e92370ac..e92370ac 100644
--- a/chaos-at-home/r3-cccamp19-gw.yml
+++ b/_graveyard_/chaos-at-home/r3-cccamp19-gw.yml
diff --git a/chaos-at-home/r3-cccamp19-sw0.yml b/_graveyard_/chaos-at-home/r3-cccamp19-sw0.yml
index 36ee99f5..36ee99f5 100644
--- a/chaos-at-home/r3-cccamp19-sw0.yml
+++ b/_graveyard_/chaos-at-home/r3-cccamp19-sw0.yml
diff --git a/chaos-at-home/r3-cccamp19_vm.yml b/_graveyard_/chaos-at-home/r3-cccamp19_vm.yml
index fa4ffb77..fa4ffb77 100644
--- a/chaos-at-home/r3-cccamp19_vm.yml
+++ b/_graveyard_/chaos-at-home/r3-cccamp19_vm.yml
diff --git a/chaos-at-home/r3-vex2.yml b/_graveyard_/chaos-at-home/r3-vex2.yml
index 4efac0a8..4efac0a8 100644
--- a/chaos-at-home/r3-vex2.yml
+++ b/_graveyard_/chaos-at-home/r3-vex2.yml
diff --git a/inventory/group_vars/r3-cccamp19/network.yml b/_graveyard_/inventory/group_vars/r3-cccamp19/network.yml
index 82216ea6..82216ea6 100644
--- a/inventory/group_vars/r3-cccamp19/network.yml
+++ b/_graveyard_/inventory/group_vars/r3-cccamp19/network.yml
diff --git a/inventory/host_vars/r3-cccamp19-av.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-av.yml
index 40524574..40524574 100644
--- a/inventory/host_vars/r3-cccamp19-av.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-av.yml
diff --git a/inventory/host_vars/r3-cccamp19-dione.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-dione.yml
index 47195b1f..47195b1f 100644
--- a/inventory/host_vars/r3-cccamp19-dione.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-dione.yml
diff --git a/inventory/host_vars/r3-cccamp19-feedcode.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-feedcode.yml
index 10f78ebc..10f78ebc 100644
--- a/inventory/host_vars/r3-cccamp19-feedcode.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-feedcode.yml
diff --git a/inventory/host_vars/r3-cccamp19-flora.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-flora.yml
index 40524574..40524574 100644
--- a/inventory/host_vars/r3-cccamp19-flora.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-flora.yml
diff --git a/inventory/host_vars/r3-cccamp19-gw.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-gw.yml
index c6150b4d..c6150b4d 100644
--- a/inventory/host_vars/r3-cccamp19-gw.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-gw.yml
diff --git a/inventory/host_vars/r3-cccamp19-helene.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-helene.yml
index 104a5eda..104a5eda 100644
--- a/inventory/host_vars/r3-cccamp19-helene.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-helene.yml
diff --git a/inventory/host_vars/r3-cccamp19-sw0.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-sw0.yml
index 5b01d940..5b01d940 100644
--- a/inventory/host_vars/r3-cccamp19-sw0.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-sw0.yml
diff --git a/inventory/host_vars/r3-cccamp19-verr.yml b/_graveyard_/inventory/host_vars/r3-cccamp19-verr.yml
index f4e70d57..f4e70d57 100644
--- a/inventory/host_vars/r3-cccamp19-verr.yml
+++ b/_graveyard_/inventory/host_vars/r3-cccamp19-verr.yml
diff --git a/_graveyard_/inventory/hosts.ini b/_graveyard_/inventory/hosts.ini
new file mode 100644
index 00000000..f53d6a86
--- /dev/null
+++ b/_graveyard_/inventory/hosts.ini
@@ -0,0 +1,36 @@
+###############################
+# environment: chaos-at-home
+
+[realraum:children]
+r3-cccamp19
+
+[r3-cccamp19:vars]
+host_domain=camp.realraum.at
+
+[r3-cccamp19]
+r3-cccamp19-helene host_name=helene
+r3-cccamp19-dione host_name=dione
+r3-cccamp19-gw
+r3-cccamp19-sw0 ansible_host=192.168.41.200 ansible_port=22
+r3-cccamp19-flora host_name=flora
+r3-cccamp19-verr host_name=verr
+r3-cccamp19-feedcode host_name=feedcode
+r3-cccamp19-av host_name=av
+
+
+###############################
+# host categories
+
+[dellos6]
+r3-cccamp19-sw0
+
+
+[kvmhosts]
+r3-cccamp19-dione
+r3-cccamp19-helene
+
+[kvmguests]
+r3-cccamp19-flora
+r3-cccamp19-verr
+r3-cccamp19-feedcode
+r3-cccamp19-av
diff --git a/chaos-at-home/ch-gnocchi.yml b/chaos-at-home/ch-gnocchi.yml
index c3811c50..fd519bfd 100644
--- a/chaos-at-home/ch-gnocchi.yml
+++ b/chaos-at-home/ch-gnocchi.yml
@@ -15,4 +15,24 @@
   - name: install network interface config
     copy:
       dest: /etc/network/interfaces
-      content: "{{ __interface_configs__ }}"
+      content: |
+        # This file describes the network interfaces available on your system
+        # and how to activate them. For more information, see interfaces(5).
+
+        # The loopback network interface
+        auto lo
+        iface lo inet loopback
+        {% for interface in (__vmhost_bridge_interface_zones__.keys() | sort) %}
+
+
+        auto {{ interface }}
+        iface {{ interface }} inet manual
+        {%   for zone in __vmhost_bridge_interface_zones__[interface] %}
+
+        auto {{ interface }}.{{ network_zones[zone].vlan }}
+        iface {{ interface }}.{{ network_zones[zone].vlan }} inet manual
+        {%   endfor %}
+        {% endfor %}
+
+
+        source /etc/network/interfaces.d/*
diff --git a/chaos-at-home/vm-install.yml b/chaos-at-home/vm-install.yml
index cf19d046..b6a69b67 100644
--- a/chaos-at-home/vm-install.yml
+++ b/chaos-at-home/vm-install.yml
@@ -6,9 +6,10 @@
   - set_fact:
       install_cooked: "{{ install }}"
       network_cooked: "{{ network }}"
+      vm_host_cooked: "{{ vm_host }}"
 
 - name: cook variables for host
-  hosts: "{{ hostvars[install_hostname].install.vm.host }}"
+  hosts: "{{ hostvars[install_hostname].vm_host.name }}"
   gather_facts: no
   tasks:
   - set_fact:
diff --git a/common/vm-install.yml b/common/vm-install.yml
index 4c33bcc4..b0c3815a 100644
--- a/common/vm-install.yml
+++ b/common/vm-install.yml
@@ -11,15 +11,15 @@
 
   - name: check if the host system belongs to the kvmhosts group
     fail:
-      msg: "the host '{{ install_cooked.vm.host }}' does not belong to the group 'kvmhosts'"
+      msg: "the host '{{ vm_host_cooked.name }}' does not belong to the group 'kvmhosts'"
     when:
-      - "'kvmhosts' not in hostvars[install_cooked.vm.host].group_names"
+      - "'kvmhosts' not in hostvars[vm_host_cooked.name].group_names"
 
   # TODO: add some more sanity checks
 
   - name: create temporary host group for vm host
     add_host:
-      name: "{{ install_cooked.vm.host }}"
+      name: "{{ vm_host_cooked.name }}"
       inventory_dir: "{{ inventory_dir }}"
       group: _vmhost_
 
diff --git a/dan/vm-install.yml b/dan/vm-install.yml
index cf19d046..b6a69b67 100644
--- a/dan/vm-install.yml
+++ b/dan/vm-install.yml
@@ -6,9 +6,10 @@
   - set_fact:
       install_cooked: "{{ install }}"
       network_cooked: "{{ network }}"
+      vm_host_cooked: "{{ vm_host }}"
 
 - name: cook variables for host
-  hosts: "{{ hostvars[install_hostname].install.vm.host }}"
+  hosts: "{{ hostvars[install_hostname].vm_host.name }}"
   gather_facts: no
   tasks:
   - set_fact:
diff --git a/inventory/group_vars/all/users.yml b/inventory/group_vars/all/users.yml
index d4ec2b5f..bc63cb24 100644
--- a/inventory/group_vars/all/users.yml
+++ b/inventory/group_vars/all/users.yml
@@ -19,6 +19,10 @@ users:
     ssh:
     - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd1se9DUnMWXjF4a770J4rl6L9zFmNKc7TzN0hsapUS bene@klapprechner
 
+  antares:
+    ssh:
+    - "# TODO: add me"
+
 
 
 ssh_key_map:
diff --git a/inventory/group_vars/vmhost-ch-atlas/main.yml b/inventory/group_vars/vmhost-ch-atlas/main.yml
new file mode 100644
index 00000000..4b7af32f
--- /dev/null
+++ b/inventory/group_vars/vmhost-ch-atlas/main.yml
@@ -0,0 +1,25 @@
+---
+vm_host:
+  name: ch-atlas
+  network:
+    dns:
+    - 89.106.208.7
+    - 89.106.208.12
+    bridges:
+      public:
+        interfaces:
+          - eth0
+        prefix: 89.106.215.16/28
+        gateway: 89.106.215.30
+        prefix6: 2a02:3e0:407::/64
+        gateway6: 2a02:3e0:407::1
+        offsets:
+          ch-keyserver: 3
+          ch-testvm: 4
+          ele-mur: 5
+          r3-vex2: 11
+          ch-atlas: 13
+      k8stest: {}
+      funkfeuer:
+        interfaces:
+          - eth0.502
diff --git a/inventory/group_vars/vmhost-ch-gnocchi/main.yml b/inventory/group_vars/vmhost-ch-gnocchi/main.yml
new file mode 100644
index 00000000..5b36795e
--- /dev/null
+++ b/inventory/group_vars/vmhost-ch-gnocchi/main.yml
@@ -0,0 +1,25 @@
+---
+__vmhost_bridge_interface_zones__:
+  enp1s0:
+    - lan
+    - svc
+  enp2s0:
+    - magenta
+  enp3s0:
+    - mgmt
+    - iot
+
+__vmhost_bridge_interface_zones_yaml__: |
+  {% for interface in (__vmhost_bridge_interface_zones__.keys() | sort) %}
+  {%   for zone in __vmhost_bridge_interface_zones__[interface] %}
+  {{ zone }}:
+    interfaces:
+      - {{ interface }}.{{ network_zones[zone].vlan }}
+  {%   endfor %}
+  {% endfor %}
+
+
+vm_host:
+  name: ch-gnocchi
+  network:
+    bridges: "{{ __vmhost_bridge_interface_zones_yaml__ | from_yaml }}"
diff --git a/inventory/group_vars/vmhost-ch-hroottest/main.yml b/inventory/group_vars/vmhost-ch-hroottest/main.yml
new file mode 100644
index 00000000..84c826b1
--- /dev/null
+++ b/inventory/group_vars/vmhost-ch-hroottest/main.yml
@@ -0,0 +1,25 @@
+---
+vm_host:
+  name: ch-hroottest
+  network:
+    dns:
+    - 213.133.100.100
+    - 213.133.98.98
+    - 213.133.99.99
+    bridges:
+      public:
+        prefix: 192.168.250.0/24
+        offsets:
+          ch-hroottest-vm1: 100
+          ch-hroottest-obsd: 101
+          ch-k8s-m2: 200
+          ch-k8s-w0: 210
+          ch-k8s-w1: 211
+          ch-hroottest: 254
+        nat: yes
+  zfs:
+    default:
+      pool: storage
+      name: vm
+      properties:
+        compression: lz4
diff --git a/inventory/group_vars/vmhost-sk-2019vm/main.yml b/inventory/group_vars/vmhost-sk-2019vm/main.yml
new file mode 100644
index 00000000..93f7948c
--- /dev/null
+++ b/inventory/group_vars/vmhost-sk-2019vm/main.yml
@@ -0,0 +1,39 @@
+---
+vm_host:
+  name: sk-2019vm
+  network:
+    dns:
+    - 213.133.100.100
+    - 213.133.98.98
+    - 213.133.99.99
+    bridges:
+      public:
+        prefix: 192.168.250.0/24
+        offsets:
+          sk-torrent: 136
+#          emc-master: 137
+          lw-master: 137
+          ele-gwhetzner: 138
+          ch-k8s-m0: 139
+          ch-k8s-m1: 140
+          ch-mimas: 142
+          sk-testvm: 253
+          sk-2019vm: 254
+        nat: yes
+        overlay:
+          prefix: 178.63.180.136/29
+          offsets:
+            sk-torrent: 0
+#            emc-master: 1
+            lw-master: 1
+            ele-gwhetzner: 2
+            ch-k8s-m0: 3
+            ch-k8s-m1: 4
+            ch-mimas: 6
+            sk-testvm: 7
+  zfs:
+    default:
+      pool: storage
+      name: vm
+      properties:
+        compression: lz4
diff --git a/inventory/group_vars/vmhost-sk-tomnext/main.yml b/inventory/group_vars/vmhost-sk-tomnext/main.yml
new file mode 100644
index 00000000..eacc58a2
--- /dev/null
+++ b/inventory/group_vars/vmhost-sk-tomnext/main.yml
@@ -0,0 +1,27 @@
+---
+vm_host:
+  name: sk-tomnext
+  network:
+    dns:
+    - 213.133.100.100
+    - 213.133.98.98
+    - 213.133.99.99
+    bridges:
+      public:
+        prefix: 192.168.250.0/24
+        offsets:
+          sk-tomnext-nc: 103
+          sk-tomnext-hp: 104
+          sk-tomnext: 254
+        nat: yes
+        overlay:
+          prefix: 94.130.206.64/26
+          offsets:
+            sk-tomnext-nc: 39
+            sk-tomnext-hp: 40
+  zfs:
+    default:
+      pool: storage
+      name: vm
+      properties:
+        compression: lz4
diff --git a/inventory/host_vars/ch-atlas.yml b/inventory/host_vars/ch-atlas.yml
index ea8ba310..aa2c2e0c 100644
--- a/inventory/host_vars/ch-atlas.yml
+++ b/inventory/host_vars/ch-atlas.yml
@@ -1,23 +1,11 @@
 ---
-vm_host:
-  network:
-    dns:
-    - 89.106.208.7
-    - 89.106.208.12
-    bridges:
-      public:
-        interfaces:
-          - eth0
-        prefix: 89.106.215.29/28
-        gateway: 89.106.215.30
-        prefix6: 2a02:3e0:407::29/64
-        gateway6: 2a02:3e0:407::1
-        offsets:
-          ch-keyserver: 3
-          ch-testvm: 4
-          ele-mur: 5
-          r3-vex2: 11
-      k8stest: {}
-      funkfeuer:
-        interfaces:
-          - eth0.502
+network:
+  nameservers: "{{ vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  interfaces:
+  - name: br-public
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.gateway }}"
+#    address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(vm_host.network.bridges.public.offsets6[inventory_hostname]) | ipaddr('address/prefix') }}"
+    address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(41) | ipaddr('address/prefix') }}"
+    gateway6: "{{ vm_host.network.bridges.public.gateway6 }}"
diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml
index d4ff7afa..6d454f57 100644
--- a/inventory/host_vars/ch-equinox-ws.yml
+++ b/inventory/host_vars/ch-equinox-ws.yml
@@ -9,11 +9,12 @@ install:
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: enp8s0
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: enp8s0
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
 
 
 base_modules_blacklist: "{{ base_modules_blacklist_none }}"
diff --git a/inventory/host_vars/ch-gnocchi.yml b/inventory/host_vars/ch-gnocchi.yml
index a6452c12..c52a1cf4 100644
--- a/inventory/host_vars/ch-gnocchi.yml
+++ b/inventory/host_vars/ch-gnocchi.yml
@@ -9,7 +9,10 @@ install:
     - console=ttyS0,115200n8
 
 network:
-  domain: spreadspace.org
+  domain: "{{ host_domain }}"
+  interfaces:
+  - name: br-mgmt
+    address: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
 
 
 apt_repo_components:
@@ -23,66 +26,3 @@ installer_lvm:
   lv: installer
   size: 10G
   fs: ext4
-
-
-
-__interface_zones__:
-  enp1s0:
-    - lan
-    - svc
-  enp2s0:
-    - magenta
-  enp3s0:
-    - name: mgmt
-      prefix: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) }}"
-    - iot
-
-
-__interface_zones_yaml__: |
-  {% for interface in (__interface_zones__.keys() | sort) %}
-  {%   for zone in __interface_zones__[interface] %}
-  {%     if zone is mapping %}
-  {{ zone.name }}:
-    interfaces:
-      - {{ interface }}.{{ network_zones[zone.name].vlan }}
-    prefix: {{ zone.prefix }}
-  {%     else %}
-  {{ zone }}:
-    interfaces:
-      - {{ interface }}.{{ network_zones[zone].vlan }}
-  {%     endif %}
-  {%   endfor %}
-  {% endfor %}
-
-
-vm_host:
-  network:
-    bridges: "{{ __interface_zones_yaml__ | from_yaml }}"
-
-
-__interface_configs__: |
-  # This file describes the network interfaces available on your system
-  # and how to activate them. For more information, see interfaces(5).
-
-  # The loopback network interface
-  auto lo
-  iface lo inet loopback
-  {% for interface in (__interface_zones__.keys() | sort) %}
-
-
-  auto {{ interface }}
-  iface {{ interface }} inet manual
-  {%   for zone in __interface_zones__[interface] %}
-
-  {%     if zone is mapping %}
-  auto {{ interface }}.{{ network_zones[zone.name].vlan }}
-  iface {{ interface }}.{{ network_zones[zone.name].vlan }} inet manual
-  {%     else %}
-  auto {{ interface }}.{{ network_zones[zone].vlan }}
-  iface {{ interface }}.{{ network_zones[zone].vlan }} inet manual
-  {%     endif %}
-  {%   endfor %}
-  {% endfor %}
-
-
-  source /etc/network/interfaces.d/*
diff --git a/inventory/host_vars/ch-gw-lan.yml b/inventory/host_vars/ch-gw-lan.yml
index 22597138..35f98291 100644
--- a/inventory/host_vars/ch-gw-lan.yml
+++ b/inventory/host_vars/ch-gw-lan.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-gnocchi
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 512
     numcpu: 2
     autostart: True
@@ -12,7 +9,7 @@ install:
     scsi:
       sda:
         type: lvm
-        vg: "{{ hostvars[_vm_host_].host_name }}"
+        vg: "{{ hostvars[vm_host.name].host_name }}"
         lv: "{{ inventory_hostname }}"
         size: 10g
   interfaces:
@@ -26,8 +23,11 @@ network:
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: svc0
-    ip: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.svc.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: svc0
+    address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.svc.gateway }}"
+  interfaces:
+  - *_network_primary_
+  - name: lan0
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
diff --git a/inventory/host_vars/ch-hroottest-obsd.yml b/inventory/host_vars/ch-hroottest-obsd.yml
index 61476370..f7d5cba7 100644
--- a/inventory/host_vars/ch-hroottest-obsd.yml
+++ b/inventory/host_vars/ch-hroottest-obsd.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-hroottest
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 1024
     numcpu: 1
     autostart: True
@@ -19,10 +16,11 @@ install:
     name: vio0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: vio0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
+  primary: &_network_primary_
+    name: vio0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ch-hroottest-vm1.yml b/inventory/host_vars/ch-hroottest-vm1.yml
index 39a2457c..4f9e7e82 100644
--- a/inventory/host_vars/ch-hroottest-vm1.yml
+++ b/inventory/host_vars/ch-hroottest-vm1.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-hroottest
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 4096
     numcpu: 4
     autostart: True
@@ -28,12 +25,13 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ch-hroottest.yml b/inventory/host_vars/ch-hroottest.yml
index 555791ca..f07198b1 100644
--- a/inventory/host_vars/ch-hroottest.yml
+++ b/inventory/host_vars/ch-hroottest.yml
@@ -7,7 +7,12 @@ install:
     layout: sata_raid
     root_lvm_size: 10G
 
-network: {}
+network:
+  nameservers: "{{ vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  interfaces:
+  - name: br-public
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
 
 
 apt_repo_components:
@@ -30,27 +35,3 @@ zfs_sanoid_modules:
     use_template: production
     recursive: yes
     process_children_only: yes
-
-
-vm_host:
-  network:
-    dns:
-    - 213.133.100.100
-    - 213.133.98.98
-    - 213.133.99.99
-    bridges:
-      public:
-        prefix: 192.168.250.254/24
-        offsets:
-          ch-hroottest-vm1: 100
-          ch-hroottest-obsd: 101
-          ch-k8s-m2: 200
-          ch-k8s-w0: 210
-          ch-k8s-w1: 211
-        nat: yes
-  zfs:
-    default:
-      pool: storage
-      name: vm
-      properties:
-        compression: lz4
diff --git a/inventory/host_vars/ch-jump.yml b/inventory/host_vars/ch-jump.yml
index 463503cb..954819ba 100644
--- a/inventory/host_vars/ch-jump.yml
+++ b/inventory/host_vars/ch-jump.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-gnocchi
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 768
     numcpu: 2
     autostart: True
@@ -12,7 +9,7 @@ install:
     scsi:
       sda:
         type: lvm
-        vg: "{{ hostvars[_vm_host_].host_name }}"
+        vg: "{{ hostvars[vm_host.name].host_name }}"
         lv: "{{ inventory_hostname }}"
         size: 10g
   interfaces:
@@ -26,8 +23,11 @@ network:
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: svc0
-    ip: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.svc.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: svc0
+    address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.svc.gateway }}"
+  interfaces:
+  - *_network_primary_
+  - name: mgmt0
+    address: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
diff --git a/inventory/host_vars/ch-k8s-m0.yml b/inventory/host_vars/ch-k8s-m0.yml
index 30239ab3..dc42824f 100644
--- a/inventory/host_vars/ch-k8s-m0.yml
+++ b/inventory/host_vars/ch-k8s-m0.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 4096
     numcpu: 2
     autostart: True
@@ -21,16 +18,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
 
diff --git a/inventory/host_vars/ch-k8s-m1.yml b/inventory/host_vars/ch-k8s-m1.yml
index 30239ab3..dc42824f 100644
--- a/inventory/host_vars/ch-k8s-m1.yml
+++ b/inventory/host_vars/ch-k8s-m1.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 4096
     numcpu: 2
     autostart: True
@@ -21,16 +18,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
 
diff --git a/inventory/host_vars/ch-k8s-m2.yml b/inventory/host_vars/ch-k8s-m2.yml
index a41c97a8..da9fbe18 100644
--- a/inventory/host_vars/ch-k8s-m2.yml
+++ b/inventory/host_vars/ch-k8s-m2.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-hroottest
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 4096
     numcpu: 2
     autostart: True
@@ -21,15 +18,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
+
 
 docker_lvm:
   vg: "{{ host_name }}"
diff --git a/inventory/host_vars/ch-k8s-w0.yml b/inventory/host_vars/ch-k8s-w0.yml
index 5cf6d444..979efc24 100644
--- a/inventory/host_vars/ch-k8s-w0.yml
+++ b/inventory/host_vars/ch-k8s-w0.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-hroottest
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 4096
     numcpu: 4
     autostart: True
@@ -21,15 +18,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
+
 
 docker_lvm:
   vg: "{{ host_name }}"
diff --git a/inventory/host_vars/ch-k8s-w1.yml b/inventory/host_vars/ch-k8s-w1.yml
index 5cf6d444..979efc24 100644
--- a/inventory/host_vars/ch-k8s-w1.yml
+++ b/inventory/host_vars/ch-k8s-w1.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-hroottest
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 4096
     numcpu: 4
     autostart: True
@@ -21,15 +18,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+  interfaces:
+  - *_network_primary_
+
 
 docker_lvm:
   vg: "{{ host_name }}"
diff --git a/inventory/host_vars/ch-keyserver.yml b/inventory/host_vars/ch-keyserver.yml
index 851116a5..60ab034b 100644
--- a/inventory/host_vars/ch-keyserver.yml
+++ b/inventory/host_vars/ch-keyserver.yml
@@ -1,11 +1,8 @@
 ---
 apt_repo_provider: ffgraz
 
-_vm_host_: ch-atlas
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 2048
     numcpu: 2
     autostart: True
@@ -14,22 +11,24 @@ install:
     scsi:
       sda:
         type: lvm
-        vg: "{{ hostvars[_vm_host_].host_name }}"
+        vg: "{{ hostvars[vm_host.name].host_name }}"
         lv: "{{ inventory_hostname }}"
         size: 10g
   interfaces:
   - bridge: br-public
     name: primary0
+    mac: 52:54:00:f9:e6:7f
 
 network:
   nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway }}"
-    prefix6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix6 | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
-    gateway6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway6 }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.gateway }}"
+    address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway6: "{{ vm_host.network.bridges.public.gateway6 }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml
index c0991944..dfec3866 100644
--- a/inventory/host_vars/ch-mimas.yml
+++ b/inventory/host_vars/ch-mimas.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 2048
     numcpu: 4
     autostart: True
@@ -19,15 +16,16 @@ install:
     name: eth0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: eth0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: eth0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
diff --git a/inventory/host_vars/ch-router-obsd.yml b/inventory/host_vars/ch-router-obsd.yml
index 412482de..71137da1 100644
--- a/inventory/host_vars/ch-router-obsd.yml
+++ b/inventory/host_vars/ch-router-obsd.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: ch-gnocchi
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 512
     numcpu: 1
     autostart: True
@@ -12,7 +9,7 @@ install:
     virtio:
       vda:
         type: lvm
-        vg: "{{ hostvars[_vm_host_].host_name }}"
+        vg: "{{ hostvars[vm_host.name].host_name }}"
         lv: "{{ inventory_hostname }}"
         size: 10g
   interfaces:
@@ -22,8 +19,9 @@ install:
 network:
   nameservers: "{{ network_zones.svc.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: vio0
-    ip: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.svc.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: vio0
+    address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.svc.gateway }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ch-testvm.yml b/inventory/host_vars/ch-testvm.yml
index 24455db5..5b5e465e 100644
--- a/inventory/host_vars/ch-testvm.yml
+++ b/inventory/host_vars/ch-testvm.yml
@@ -1,11 +1,8 @@
 ---
 apt_repo_provider: ffgraz
 
-_vm_host_: ch-atlas
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 1024
     numcpu: 1
     autostart: False
@@ -14,7 +11,7 @@ install:
     scsi:
       sda:
         type: lvm
-        vg: "{{ hostvars[_vm_host_].host_name }}"
+        vg: "{{ hostvars[vm_host.name].host_name }}"
         lv: "{{ inventory_hostname }}"
         size: 5g
   interfaces:
@@ -23,14 +20,15 @@ install:
     mac: 52:54:00:42:e6:df
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway }}"
-    prefix6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix6 | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
-    gateway6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway6 }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.gateway }}"
+    address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway6: "{{ vm_host.network.bridges.public.gateway6 }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ele-calypso.yml b/inventory/host_vars/ele-calypso.yml
index 7ffdd701..865bcebb 100644
--- a/inventory/host_vars/ele-calypso.yml
+++ b/inventory/host_vars/ele-calypso.yml
@@ -6,8 +6,9 @@ install: {}
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ele-dione.yml b/inventory/host_vars/ele-dione.yml
index 368ac94a..233fc9e8 100644
--- a/inventory/host_vars/ele-dione.yml
+++ b/inventory/host_vars/ele-dione.yml
@@ -10,11 +10,12 @@ install:
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: spreadspace.org
-  primary:
-    interface: eno1
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
 
 base_packages_extra_host:
   - exfat-fuse
diff --git a/inventory/host_vars/ele-gwhetzner.yml b/inventory/host_vars/ele-gwhetzner.yml
index 2519ab94..d349ddcc 100644
--- a/inventory/host_vars/ele-gwhetzner.yml
+++ b/inventory/host_vars/ele-gwhetzner.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 1024
     numcpu: 1
     autostart: False
@@ -19,16 +16,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
 
@@ -48,7 +46,7 @@ wireguard_gateway_tunnels:
     addresses:
     - 192.168.254.1/30
     ip_snat:
-      interface: "{{ network.primary.interface }}"
+      interface: "{{ network.primary.name }}"
       to: "{{ network.primary.overlay }}"
     port_forwardings:
     - dest: "{{ network.primary.overlay }}"
@@ -67,7 +65,7 @@ wireguard_gateway_tunnels:
     addresses:
     - 192.168.254.5/30
     ip_snat:
-      interface: "{{ network.primary.interface }}"
+      interface: "{{ network.primary.name }}"
       to: "{{ network.primary.overlay }}"
     port_forwardings:
     - dest: "{{ network.primary.overlay }}"
diff --git a/inventory/host_vars/ele-helene.yml b/inventory/host_vars/ele-helene.yml
index b5b74ff2..a28eccf2 100644
--- a/inventory/host_vars/ele-helene.yml
+++ b/inventory/host_vars/ele-helene.yml
@@ -10,11 +10,12 @@ install:
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: spreadspace.org
-  primary:
-    interface: eno1
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
 
 base_packages_extra_host:
   - exfat-fuse
diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml
index bf638639..b61ef79e 100644
--- a/inventory/host_vars/ele-media.yml
+++ b/inventory/host_vars/ele-media.yml
@@ -6,11 +6,12 @@ install:
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
 
 network_setup: elevate-festival
 
diff --git a/inventory/host_vars/ele-mur.yml b/inventory/host_vars/ele-mur.yml
index 88e3b0ed..b7d4d38e 100644
--- a/inventory/host_vars/ele-mur.yml
+++ b/inventory/host_vars/ele-mur.yml
@@ -5,11 +5,8 @@ ssh_users_root:
 
 apt_repo_provider: ffgraz
 
-_vm_host_: ch-atlas
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 1024
     numcpu: 1
     autostart: False
@@ -18,7 +15,7 @@ install:
     scsi:
       sda:
         type: lvm
-        vg: "{{ hostvars[_vm_host_].host_name }}"
+        vg: "{{ hostvars[vm_host.name].host_name }}"
         lv: "{{ inventory_hostname }}"
         size: 5g
   interfaces:
@@ -30,14 +27,15 @@ install:
     mac: 52:54:00:37:fd:8b
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway }}"
-    prefix6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix6 | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
-    gateway6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway6 }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.gateway }}"
+    address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway6: "{{ vm_host.network.bridges.public.gateway6 }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/ele-telesto.yml b/inventory/host_vars/ele-telesto.yml
index 7ac794a5..a8b2b162 100644
--- a/inventory/host_vars/ele-telesto.yml
+++ b/inventory/host_vars/ele-telesto.yml
@@ -8,11 +8,12 @@ install: {}
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
 
 admin_users_host:
   - equinox
diff --git a/inventory/host_vars/ele-thetys.yml b/inventory/host_vars/ele-thetys.yml
index 5748333f..2d6bee1d 100644
--- a/inventory/host_vars/ele-thetys.yml
+++ b/inventory/host_vars/ele-thetys.yml
@@ -9,11 +9,12 @@ install:
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
 
 admin_users_host:
   - equinox
diff --git a/inventory/host_vars/ele-uhrturm.yml b/inventory/host_vars/ele-uhrturm.yml
index ad0056b0..71c312cc 100644
--- a/inventory/host_vars/ele-uhrturm.yml
+++ b/inventory/host_vars/ele-uhrturm.yml
@@ -6,11 +6,12 @@ install:
 network:
   nameservers: "{{ network_zones.lan.dns }}"
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+  primary: &_network_primary_
+    name: eno1
+    address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
     gateway: "{{ network_zones.lan.gateway }}"
+  interfaces:
+  - *_network_primary_
 
 ssh_users_root:
   - equinox
diff --git a/inventory/host_vars/emc-master.yml b/inventory/host_vars/emc-master.yml
index b2050fde..8005b9d9 100644
--- a/inventory/host_vars/emc-master.yml
+++ b/inventory/host_vars/emc-master.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 10240
     numcpu: 6
     autostart: True
@@ -22,16 +19,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
 
diff --git a/inventory/host_vars/lw-dione.yml b/inventory/host_vars/lw-dione.yml
index 19b44ff4..02738ee6 100644
--- a/inventory/host_vars/lw-dione.yml
+++ b/inventory/host_vars/lw-dione.yml
@@ -11,11 +11,12 @@ network:
   nameservers:
     - 9.9.9.9
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: 192.168.32.202
-    mask: 255.255.255.0
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.32.202/24
     gateway: 192.168.32.254
+  interfaces:
+  - *_network_primary_
 
 base_packages_extra_host:
   - exfat-fuse
diff --git a/inventory/host_vars/lw-helene.yml b/inventory/host_vars/lw-helene.yml
index c5a936d5..e7919ac7 100644
--- a/inventory/host_vars/lw-helene.yml
+++ b/inventory/host_vars/lw-helene.yml
@@ -11,11 +11,12 @@ network:
   nameservers:
     - 9.9.9.9
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: 192.168.32.203
-    mask: 255.255.255.0
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.32.203/24
     gateway: 192.168.32.254
+  interfaces:
+  - *_network_primary_
 
 base_packages_extra_host:
   - exfat-fuse
diff --git a/inventory/host_vars/lw-master.yml b/inventory/host_vars/lw-master.yml
index b2050fde..8005b9d9 100644
--- a/inventory/host_vars/lw-master.yml
+++ b/inventory/host_vars/lw-master.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 10240
     numcpu: 6
     autostart: True
@@ -22,16 +19,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
 
diff --git a/inventory/host_vars/lw-telesto.yml b/inventory/host_vars/lw-telesto.yml
index f25ad258..4a10338e 100644
--- a/inventory/host_vars/lw-telesto.yml
+++ b/inventory/host_vars/lw-telesto.yml
@@ -9,11 +9,12 @@ network:
   nameservers:
     - 9.9.9.9
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: 192.168.32.201
-    mask: 255.255.255.0
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.32.201/24
     gateway: 192.168.32.254
+  interfaces:
+  - *_network_primary_
 
 admin_users_host:
   - equinox
diff --git a/inventory/host_vars/lw-thetys.yml b/inventory/host_vars/lw-thetys.yml
index 75aa41f0..17b057b2 100644
--- a/inventory/host_vars/lw-thetys.yml
+++ b/inventory/host_vars/lw-thetys.yml
@@ -7,13 +7,15 @@ install:
     - "consoleblank=0"
 
 network:
-  nameservers: "9.9.9.9"
+  nameservers:
+    - 9.9.9.9
   domain: "{{ host_domain }}"
-  primary:
-    interface: eno1
-    ip: "192.168.28.202"
-    mask: "255.255.255.0"
-    gateway: "192.168.28.254"
+  primary: &_network_primary_
+    name: eno1
+    address: 192.168.28.202/24
+    gateway: 192.168.28.254
+  interfaces:
+  - *_network_primary_
 
 admin_users_host:
   - equinox
diff --git a/inventory/host_vars/r3-vex2.yml b/inventory/host_vars/r3-vex2.yml
index d43862e9..d5471743 100644
--- a/inventory/host_vars/r3-vex2.yml
+++ b/inventory/host_vars/r3-vex2.yml
@@ -1,11 +1,8 @@
 ---
 apt_repo_provider: ffgraz
 
-_vm_host_: ch-atlas
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 2048
     numcpu: 2
     autostart: True
@@ -14,22 +11,24 @@ install:
     scsi:
       sda:
         type: lvm
-        vg: "{{ hostvars[_vm_host_].host_name }}"
+        vg: "{{ hostvars[vm_host.name].host_name }}"
         lv: "{{ inventory_hostname }}"
         size: 15g
   interfaces:
   - bridge: br-public
     name: primary0
+    mac: 52:54:00:f9:e6:6f
 
 network:
   nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway }}"
-    prefix6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix6 | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
-    gateway6: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.gateway6 }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.gateway }}"
+    address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway6: "{{ vm_host.network.bridges.public.gateway6 }}"
+  interfaces:
+  - *_network_primary_
diff --git a/inventory/host_vars/sk-2019vm.yml b/inventory/host_vars/sk-2019vm.yml
index de162712..0c990b74 100644
--- a/inventory/host_vars/sk-2019vm.yml
+++ b/inventory/host_vars/sk-2019vm.yml
@@ -7,7 +7,12 @@ install:
     layout: nvme_raid
     root_lvm_size: 10G
 
-network: {}
+network:
+  nameservers: "{{ vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  interfaces:
+  - name: br-public
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
 
 base_intel_nic_stability_fix: true
 ssh_users_root:
@@ -46,41 +51,3 @@ zfs_sanoid_modules:
   storage/vm/sk-testvm:
     use_template: ignore
     recursive: yes
-
-
-vm_host:
-  network:
-    dns:
-    - 213.133.100.100
-    - 213.133.98.98
-    - 213.133.99.99
-    bridges:
-      public:
-        prefix: 192.168.250.254/24
-        offsets:
-          sk-torrent: 136
-#          emc-master: 137
-          lw-master: 137
-          ele-gwhetzner: 138
-          ch-k8s-m0: 139
-          ch-k8s-m1: 140
-          ch-mimas: 142
-          sk-testvm: 253
-        nat: yes
-        overlay:
-          prefix: 178.63.180.136/29
-          offsets:
-            sk-torrent: 0
-#            emc-master: 1
-            lw-master: 1
-            ele-gwhetzner: 2
-            ch-k8s-m0: 3
-            ch-k8s-m1: 4
-            ch-mimas: 6
-            sk-testvm: 7
-  zfs:
-    default:
-      pool: storage
-      name: vm
-      properties:
-        compression: lz4
diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml
index 4074b049..8e285363 100644
--- a/inventory/host_vars/sk-testvm.yml
+++ b/inventory/host_vars/sk-testvm.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 1024
     numcpu: 1
     autostart: False
@@ -19,16 +16,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
 
diff --git a/inventory/host_vars/sk-tomnext-hp.yml b/inventory/host_vars/sk-tomnext-hp.yml
index 667cb76d..2db59ed3 100644
--- a/inventory/host_vars/sk-tomnext-hp.yml
+++ b/inventory/host_vars/sk-tomnext-hp.yml
@@ -1,9 +1,11 @@
 ---
-_vm_host_: sk-tomnext
+ssh_users_root:
+  - equinox
+  - dan
+  - antares
 
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 8192
     numcpu: 4
     autostart: True
@@ -13,7 +15,7 @@ install:
       sda:
         type: zfs
         name: root
-        size: 20g
+        size: 25g
   interfaces:
   - bridge: br-public
     name: primary0
@@ -21,15 +23,16 @@ install:
 vm_guest_autologin_on_serial: no
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml
index 48742dd4..6473b6e1 100644
--- a/inventory/host_vars/sk-tomnext-nc.yml
+++ b/inventory/host_vars/sk-tomnext-nc.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-tomnext
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 16384
     numcpu: 8
     autostart: True
@@ -25,16 +22,17 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 external_ip: "{{ network.primary.overlay }}"
 
diff --git a/inventory/host_vars/sk-tomnext.yml b/inventory/host_vars/sk-tomnext.yml
index 555d2f0a..eca2de34 100644
--- a/inventory/host_vars/sk-tomnext.yml
+++ b/inventory/host_vars/sk-tomnext.yml
@@ -7,7 +7,12 @@ install:
     layout: nvme_raid
     root_lvm_size: 10G
 
-network: {}
+network:
+  nameservers: "{{ vm_host.network.dns }}"
+  domain: "{{ host_domain }}"
+  interfaces:
+  - name: br-public
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
 
 base_intel_nic_stability_fix: true
 ssh_users_root:
@@ -46,29 +51,3 @@ zfs_sanoid_modules:
   storage/vm/sk-tomnext-nc:
     use_template: ignore
     recursive: yes
-
-
-vm_host:
-  network:
-    dns:
-    - 213.133.100.100
-    - 213.133.98.98
-    - 213.133.99.99
-    bridges:
-      public:
-        prefix: 192.168.250.254/24
-        offsets:
-          sk-tomnext-nc: 103
-          sk-tomnext-hp: 104
-        nat: yes
-        overlay:
-          prefix: 94.130.206.64/26
-          offsets:
-            sk-tomnext-nc: 39
-            sk-tomnext-hp: 40
-  zfs:
-    default:
-      pool: storage
-      name: vm
-      properties:
-        compression: lz4
diff --git a/inventory/host_vars/sk-torrent.yml b/inventory/host_vars/sk-torrent.yml
index b5bbb8a2..96ddfc4f 100644
--- a/inventory/host_vars/sk-torrent.yml
+++ b/inventory/host_vars/sk-torrent.yml
@@ -1,9 +1,6 @@
 ---
-_vm_host_: sk-2019vm
-
 install:
   vm:
-    host: "{{ _vm_host_ }}"
     mem: 4096
     numcpu: 4
     autostart: True
@@ -23,15 +20,16 @@ install:
     name: primary0
 
 network:
-  nameservers: "{{ hostvars[_vm_host_].vm_host.network.dns }}"
+  nameservers: "{{ vm_host.network.dns }}"
   domain: "{{ host_domain }}"
   systemd_link:
     interfaces: "{{ install.interfaces }}"
-  primary:
-    interface: primary0
-    ip: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
-    mask: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
-    gateway: "{{ hostvars[_vm_host_].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
-    overlay: "{{ (hostvars[_vm_host_].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[_vm_host_].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  primary: &_network_primary_
+    name: primary0
+    address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+    gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}"
+    overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"
+  interfaces:
+  - *_network_primary_
 
 transmission_rpc_password: "{{ vault_transmission_rpc_password }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 9add78d3..b7b8f5af 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -70,22 +70,6 @@ ansible_port=22000
 [realraum]
 r3-vex2 host_name=vex2
 
-[realraum:children]
-r3-cccamp19
-
-[r3-cccamp19:vars]
-host_domain=camp.realraum.at
-
-[r3-cccamp19]
-r3-cccamp19-helene host_name=helene
-r3-cccamp19-dione host_name=dione
-r3-cccamp19-gw
-r3-cccamp19-sw0 ansible_host=192.168.41.200 ansible_port=22
-r3-cccamp19-flora host_name=flora
-r3-cccamp19-verr host_name=verr
-r3-cccamp19-feedcode host_name=feedcode
-r3-cccamp19-av host_name=av
-
 
 ###############################
 # environment: spreadspace
@@ -225,9 +209,7 @@ emc-0[1:3]
 ###############################
 # host categories
 
-[dellos6]
-r3-cccamp19-sw0
-
+## OS
 [dellos6:children]
 chaos-at-home-switches
 
@@ -237,41 +219,75 @@ ch-router-obsd
 ch-hroottest-obsd
 
 
-[kvmhosts]
-ch-atlas
+## virtualization
+[vmhost-ch-gnocchi-guests]
+ch-router
+ch-router-obsd
+ch-jump
+ch-gw-lan
+[vmhost-ch-gnocchi]
 ch-gnocchi
-r3-cccamp19-dione
-r3-cccamp19-helene
-sk-2019vm
-sk-tomnext
-ch-hroottest
+[vmhost-ch-gnocchi:children]
+vmhost-ch-gnocchi-guests
 
-[kvmguests]
-emc-master
-lw-master
-ch-keyserver
+[vmhost-ch-atlas-guests]
 ch-testvm
-ch-gw-lan
-ch-jump
-ch-router
-ch-router-obsd
+ele-mur
 r3-vex2
-r3-cccamp19-flora
-r3-cccamp19-verr
-r3-cccamp19-feedcode
-r3-cccamp19-av
+ch-keyserver
+[vmhost-ch-atlas]
+ch-atlas
+[vmhost-ch-atlas:children]
+vmhost-ch-atlas-guests
+
+[vmhost-ch-hroottest-guests]
+ch-hroottest-vm1
+ch-hroottest-obsd
+ch-k8s-m2
+ch-k8s-w[0:1]
+[vmhost-ch-hroottest]
+ch-hroottest
+[vmhost-ch-hroottest:children]
+vmhost-ch-hroottest-guests
+
+[vmhost-sk-2019vm-guests]
 sk-testvm
 sk-torrent
 ch-mimas
 ele-gwhetzner
-ele-mur
+ch-k8s-m[0:1]
+emc-master
+lw-master
+[vmhost-sk-2019vm]
+sk-2019vm
+[vmhost-sk-2019vm:children]
+vmhost-sk-2019vm-guests
+
+[vmhost-sk-tomnext-guests]
 sk-tomnext-nc
 sk-tomnext-hp
-ch-hroottest-vm1
-ch-hroottest-obsd
-ch-k8s-m[0:2]
-ch-k8s-w[0:1]
+[vmhost-sk-tomnext]
+sk-tomnext
+[vmhost-sk-tomnext:children]
+vmhost-sk-tomnext-guests
 
+
+[kvmhosts]
+ch-gnocchi
+ch-atlas
+ch-hroottest
+sk-2019vm
+sk-tomnext
+
+[kvmguests:children]
+vmhost-ch-gnocchi-guests
+vmhost-ch-atlas-guests
+vmhost-ch-hroottest-guests
+vmhost-sk-2019vm-guests
+vmhost-sk-tomnext-guests
+
+
+## hoster
 [hroot]
 sk-2019
 sk-cloudia
@@ -310,7 +326,7 @@ hcloud
 scaleway-kernel
 
 
-
+## misc
 [accesspoints:children]
 ele-ap
 chaos-at-home-ap
@@ -322,8 +338,6 @@ ele-dolmetsch-ctl
 ele-dolmetsch-raspi
 
 
-
-### Elevate Festival
 [elevate-festival:children]
 elevate
 k8s-emc
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
index fbd1ad4f..c9d6cb88 100644
--- a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
+++ b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
@@ -15,9 +15,9 @@ MANGLE="$IPTABLES -t mangle"
 FILTER6="$IP6TABLES -t filter"
 MANGLE6="$IP6TABLES -t mangle"
 
-LAN_IF="{{ network.primary.interface }}"
-LAN_IPADDR="{{ network.primary.ip }}"
-LAN_NETMASK="{{ network.primary.mask }}"
+LAN_IF="{{ network.primary.name }}"
+LAN_IPADDR="{{ network.primary.address | ipaddr('address') }}"
+LAN_NETMASK="{{ network.primary.address | ipaddr('netmask') }}"
 
 EXT_IF="wg-gwhetzner"
 EXT_IPADDR="192.168.254.2"
diff --git a/roles/elevate/media/templates/firewall/elevate-office.sh.j2 b/roles/elevate/media/templates/firewall/elevate-office.sh.j2
index b2f7f416..93805cdf 100644
--- a/roles/elevate/media/templates/firewall/elevate-office.sh.j2
+++ b/roles/elevate/media/templates/firewall/elevate-office.sh.j2
@@ -15,7 +15,7 @@ MANGLE="$IPTABLES -t mangle"
 FILTER6="$IP6TABLES -t filter"
 MANGLE6="$IP6TABLES -t mangle"
 
-LAN_IF="{{ network.primary.interface }}"
+LAN_IF="{{ network.primary.name }}"
 LAN_IPADDR="192.168.0.250"
 LAN_NETMASK="255.255.255.0"
 
diff --git a/roles/elevate/media/templates/firewall/lan-only.sh.j2 b/roles/elevate/media/templates/firewall/lan-only.sh.j2
index 4431ade0..85f0cde4 100644
--- a/roles/elevate/media/templates/firewall/lan-only.sh.j2
+++ b/roles/elevate/media/templates/firewall/lan-only.sh.j2
@@ -15,9 +15,9 @@ MANGLE="$IPTABLES -t mangle"
 FILTER6="$IP6TABLES -t filter"
 MANGLE6="$IP6TABLES -t mangle"
 
-LAN_IF="{{ network.primary.interface }}"
-LAN_IPADDR="{{ network.primary.ip }}"
-LAN_NETMASK="{{ network.primary.mask }}"
+LAN_IF="{{ network.primary.name }}"
+LAN_IPADDR="{{ network.primary.address | ipaddr('address') }}"
+LAN_NETMASK="{{ network.primary.address | ipaddr('netmask') }}"
 
 
 #########################
diff --git a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
index c65e42ed..fb2d45a9 100644
--- a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
+++ b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
@@ -15,11 +15,11 @@ MANGLE="$IPTABLES -t mangle"
 FILTER6="$IP6TABLES -t filter"
 MANGLE6="$IP6TABLES -t mangle"
 
-LAN_IF="{{ network.primary.interface }}"
-LAN_IPADDR="{{ network.primary.ip }}"
-LAN_NETMASK="{{ network.primary.mask }}"
+LAN_IF="{{ network.primary.name }}"
+LAN_IPADDR="{{ network.primary.address | ipaddr('address') }}"
+LAN_NETMASK="{{ network.primary.address | ipaddr('netmask') }}"
 
-EXT_IF="{{ network.primary.interface }}.{{ network_zones.ccinet.vlan }}"
+EXT_IF="{{ network.primary.name }}.{{ network_zones.ccinet.vlan }}"
 EXT_IPADDR="89.106.211.61"
 
 EXT_SERVICES_TCP="80 443 {{ ansible_port }}"
diff --git a/roles/elevate/media/templates/firewall/r3.sh.j2 b/roles/elevate/media/templates/firewall/r3.sh.j2
index 83a6297f..a8425825 100644
--- a/roles/elevate/media/templates/firewall/r3.sh.j2
+++ b/roles/elevate/media/templates/firewall/r3.sh.j2
@@ -15,7 +15,7 @@ MANGLE="$IPTABLES -t mangle"
 FILTER6="$IP6TABLES -t filter"
 MANGLE6="$IP6TABLES -t mangle"
 
-EXT_IF="{{ network.primary.interface }}"
+EXT_IF="{{ network.primary.name }}"
 EXT_IPADDR="89.106.211.61"
 
 EXT_SERVICES_TCP="80 443 {{ ansible_port }}"
diff --git a/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2 b/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2
index 3bd97cb6..9ca54c55 100644
--- a/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2
+++ b/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2
@@ -2,8 +2,8 @@ network:
   version: 2
   renderer: networkd
   ethernets:
-    {{ network.primary.interface }}:
-      addresses: [ {{ (network.primary.ip + '/' + network.primary.mask) | ipaddr('address/prefix') }} ]
+    {{ network.primary.name }}:
+      addresses: [ {{ network.primary.address }} ]
       gateway4: {{ network.primary.gateway }}
       accept-ra: false
       nameservers:
diff --git a/roles/elevate/media/templates/netplan/elevate-office.yaml.j2 b/roles/elevate/media/templates/netplan/elevate-office.yaml.j2
index acc944fd..1dcecf7a 100644
--- a/roles/elevate/media/templates/netplan/elevate-office.yaml.j2
+++ b/roles/elevate/media/templates/netplan/elevate-office.yaml.j2
@@ -2,7 +2,7 @@ network:
   version: 2
   renderer: networkd
   ethernets:
-    {{ network.primary.interface }}:
+    {{ network.primary.name }}:
       addresses: [ 192.168.0.250/24 ]
       gateway4: 192.168.0.1
       accept-ra: false
diff --git a/roles/elevate/media/templates/netplan/lan-only.yaml.j2 b/roles/elevate/media/templates/netplan/lan-only.yaml.j2
index 3bd97cb6..9ca54c55 100644
--- a/roles/elevate/media/templates/netplan/lan-only.yaml.j2
+++ b/roles/elevate/media/templates/netplan/lan-only.yaml.j2
@@ -2,8 +2,8 @@ network:
   version: 2
   renderer: networkd
   ethernets:
-    {{ network.primary.interface }}:
-      addresses: [ {{ (network.primary.ip + '/' + network.primary.mask) | ipaddr('address/prefix') }} ]
+    {{ network.primary.name }}:
+      addresses: [ {{ network.primary.address }} ]
       gateway4: {{ network.primary.gateway }}
       accept-ra: false
       nameservers:
diff --git a/roles/elevate/media/templates/netplan/r3-with-lan.yaml.j2 b/roles/elevate/media/templates/netplan/r3-with-lan.yaml.j2
index 275ef953..3dbfeba6 100644
--- a/roles/elevate/media/templates/netplan/r3-with-lan.yaml.j2
+++ b/roles/elevate/media/templates/netplan/r3-with-lan.yaml.j2
@@ -2,13 +2,13 @@ network:
   version: 2
   renderer: networkd
   ethernets:
-    {{ network.primary.interface }}:
-      addresses: [ {{ (network.primary.ip + '/' + network.primary.mask) | ipaddr('address/prefix') }} ]
+    {{ network.primary.name }}:
+      addresses: [ {{ network.primary.address }} ]
       accept-ra: false
   vlans:
-    {{ network.primary.interface }}.{{ network_zones.ccinet.vlan }}:
+    {{ network.primary.name }}.{{ network_zones.ccinet.vlan }}:
       id: {{ network_zones.ccinet.vlan }}
-      link: {{ network.primary.interface }}
+      link: {{ network.primary.name }}
       addresses: [ 89.106.211.61/27 ]
       gateway4: 89.106.211.33
       accept-ra: false
diff --git a/roles/elevate/media/templates/netplan/r3.yaml.j2 b/roles/elevate/media/templates/netplan/r3.yaml.j2
index 2429a4b7..91654c09 100644
--- a/roles/elevate/media/templates/netplan/r3.yaml.j2
+++ b/roles/elevate/media/templates/netplan/r3.yaml.j2
@@ -2,7 +2,7 @@ network:
   version: 2
   renderer: networkd
   ethernets:
-    {{ network.primary.interface }}:
+    {{ network.primary.name }}:
       addresses: [ 89.106.211.61/27 ]
       gateway4: 89.106.211.33
       accept-ra: false
diff --git a/roles/installer/debian/preseed/tasks/main.yml b/roles/installer/debian/preseed/tasks/main.yml
index aa71335e..46d6a1d9 100644
--- a/roles/installer/debian/preseed/tasks/main.yml
+++ b/roles/installer/debian/preseed/tasks/main.yml
@@ -29,6 +29,9 @@
     copy:
       dest: "{{ preseed_tmpdir }}/etc/systemd/network/90-namepolicy.link"
       content: |
+        [Match]
+        OriginalName=*
+
         [Link]
         NamePolicy={{ preseed_force_net_ifnames_policy }}
 
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-buster-with-raid.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-buster-with-raid.cfg.j2
index 739d00ed..0f669006 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-buster-with-raid.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-buster-with-raid.cfg.j2
@@ -9,15 +9,15 @@ d-i keyboard-configuration/xkb-keymap select us
 
 d-i hw-detect/load_firmware boolean false
 
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2
index de69c10c..770eb146 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-buster.cfg.j2
@@ -9,15 +9,15 @@ d-i keyboard-configuration/xkb-keymap select us
 
 d-i hw-detect/load_firmware boolean false
 
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
@@ -135,7 +135,10 @@ d-i preseed/late_command string \
     in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \
 {% if preseed_force_net_ifnames_policy is defined %}
     mkdir -p /target/etc/systemd/network; \
-    in-target bash -c "echo '[Link]' > /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \
     in-target bash -c "echo 'NamePolicy={{ preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \
     in-target bash -c "update-initramfs -u"; \
 {% endif %}
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2
index 35bb28b4..cf20410a 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-jessie.cfg.j2
@@ -9,15 +9,15 @@ d-i keyboard-configuration/xkb-keymap select us
 
 d-i hw-detect/load_firmware boolean false
 
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2
index fb6ebfde..3528d682 100644
--- a/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_debian-stretch.cfg.j2
@@ -9,15 +9,15 @@ d-i keyboard-configuration/xkb-keymap select us
 
 d-i hw-detect/load_firmware boolean false
 
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2
index 85a77f38..1b5245a1 100644
--- a/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-bionic.cfg.j2
@@ -16,15 +16,15 @@ d-i hw-detect/load_firmware boolean false
 {% if preseed_no_netplan %}
 d-i netcfg/do_not_use_netplan boolean true
 {% endif %}
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2
index 093bfdc5..ca018fd2 100644
--- a/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-focal.cfg.j2
@@ -16,15 +16,15 @@ d-i hw-detect/load_firmware boolean false
 {% if preseed_no_netplan %}
 d-i netcfg/do_not_use_netplan boolean true
 {% endif %}
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
@@ -152,7 +152,10 @@ d-i preseed/late_command string \
     in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \
 {% if preseed_force_net_ifnames_policy is defined %}
     mkdir -p /target/etc/systemd/network; \
-    in-target bash -c "echo '[Link]' > /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \
     in-target bash -c "echo 'NamePolicy={{ preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \
     in-target bash -c "update-initramfs -u"; \
 {% endif %}
diff --git a/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2
index bb510710..cdb5f966 100644
--- a/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_ubuntu-xenial.cfg.j2
@@ -13,15 +13,15 @@ d-i keyboard-configuration/layoutcode string us
 
 d-i hw-detect/load_firmware boolean false
 
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
diff --git a/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2
index bf4395a6..155801a4 100644
--- a/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2
+++ b/roles/installer/debian/preseed/templates/preseed_xubuntu-focal-desktop.cfg.j2
@@ -19,15 +19,15 @@ d-i hw-detect/load_firmware boolean false
 {% if preseed_no_netplan %}
 d-i netcfg/do_not_use_netplan boolean true
 {% endif %}
-d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+d-i netcfg/choose_interface select {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 d-i netcfg/disable_dhcp boolean false
 d-i netcfg/disable_autoconfig boolean false
 {% else %}
 d-i netcfg/disable_dhcp boolean true
 d-i netcfg/disable_autoconfig boolean true
-d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.ip }}
-d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.mask }}
+d-i netcfg/get_ipaddress string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+d-i netcfg/get_netmask string {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 d-i netcfg/get_gateway string {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 d-i netcfg/get_nameservers string {{ hostvars[install_hostname].network_cooked.nameservers | join(' ') }}
 d-i netcfg/confirm_static boolean true
diff --git a/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2 b/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2
index 4220be38..1e0c8c0c 100644
--- a/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2
+++ b/roles/installer/openbsd/autoinstall/templates/auto_install.conf.j2
@@ -1,11 +1,11 @@
 System hostname = {{ hostvars[install_hostname].host_name }}
 
-Which network interface do you wish to configure = {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.interface) }}
+Which network interface do you wish to configure = {{ install_interface | default(hostvars[install_hostname].network_cooked.primary.name) }}
 {% if 'install_dhcp' in hostvars[install_hostname] and hostvars[install_hostname].install_dhcp %}
 IPv4 address = dhcp
 {% else %}
-IPv4 address = {{ hostvars[install_hostname].network_cooked.primary.ip }}
-Netmask = {{ hostvars[install_hostname].network_cooked.primary.mask }}
+IPv4 address = {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('address') }}
+Netmask = {{ hostvars[install_hostname].network_cooked.primary.address | ipaddr('netmask') }}
 Default IPv4 route = {{ hostvars[install_hostname].network_cooked.primary.gateway }}
 {% endif %}
 DNS domain name = {{ hostvars[install_hostname].network_cooked.domain }}
diff --git a/roles/vm/guest/tasks/main.yml b/roles/vm/guest/tasks/main.yml
index 72ea3272..e68f04df 100644
--- a/roles/vm/guest/tasks/main.yml
+++ b/roles/vm/guest/tasks/main.yml
@@ -39,4 +39,4 @@
       content: |
         [Service]
         ExecStart=
-        ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ install_cooked.vm.host }} %I $TERM
+        ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host_cooked.name }} %I $TERM
diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml
index 0688ec42..802ffd8b 100644
--- a/roles/vm/host/tasks/network.yml
+++ b/roles/vm/host/tasks/network.yml
@@ -9,19 +9,22 @@
       copy:
         dest: "/etc/network/interfaces.d/br-{{ item.key }}"
         content: |
-          auto br-{{ item.key }}
-          {% if 'prefix' in item.value %}
-          iface br-{{ item.key }} inet static
-            address {{ item.value.prefix | ipaddr('address') }}
-            netmask {{ item.value.prefix | ipaddr('netmask') }}
-          {%   if 'gateway' in item.value %}
-            gateway {{ item.value.gateway }}
+          {% set bridge_name = 'br-'+item.key %}
+          {% set bridge = item.value %}
+          {% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %}
+          auto {{ bridge_name }}
+          {% if 'address' in interface %}
+          iface {{ bridge_name }} inet static
+            address {{ interface.address | ipaddr('address') }}
+            netmask {{ interface.address | ipaddr('netmask') }}
+          {%   if 'gateway' in interface %}
+            gateway {{ interface.gateway }}
           {%   endif %}
           {% else %}
-          iface br-{{ item.key }} inet manual
+          iface {{ bridge_name }} inet manual
           {% endif %}
-          {% if 'interfaces' in item.value and (item.value.interfaces | length) > 0 %}
-            bridge_ports {{ item.value.interfaces | join(' ') }}
+          {% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %}
+            bridge_ports {{ bridge.interfaces | join(' ') }}
           {% else %}
             bridge_ports none
           {% endif %}
@@ -34,29 +37,29 @@
             up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0
             up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
             up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
-          {% if 'prefix' in item.value %}
-          {%   if 'nat' in item.value and item.value.nat %}
+          {% if 'address' in interface and 'prefix' in bridge %}
+          {%   if 'nat' in bridge and bridge.nat %}
             up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding
             up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding
-            up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ item.value.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
+            up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }}
           {%   endif %}
-          {%   if 'overlay' in item.value %}
-          {%     for dest, offset in (item.value.overlay.offsets | dictsort(by='value')) %}
-            up /bin/ip route add {{ (item.value.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (item.value.prefix | ipaddr(item.value.offsets[dest])).split('/')[0] }}  # {{ dest }}
+          {%   if 'overlay' in bridge %}
+          {%     for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %}
+            up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }}  # {{ dest }}
           {%     endfor %}
-            up /bin/ip route add unreachable {{ item.value.overlay.prefix }}
-            down /sbin/ip route del {{ item.value.overlay.prefix }}
+            up /bin/ip route add unreachable {{ bridge.overlay.prefix }}
+            down /sbin/ip route del {{ bridge.overlay.prefix }}
           {%   endif %}
-          {%   if 'nat' in item.value and item.value.nat %}
-            down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ item.value.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
+          {%   if 'nat' in bridge and bridge.nat %}
+            down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }}
           {%   endif %}
           {% endif %}
-          {% if 'prefix6' in item.value %}
+          {% if 'address6' in interface %}
 
-          iface br-{{ item.key }} inet6 static
-            address {{ item.value.prefix6 }}
-          {%   if 'gateway6' in item.value %}
-            gateway {{ item.value.gateway6 }}
+          iface {{ bridge_name }} inet6 static
+            address {{ interface.address6 }}
+          {%   if 'gateway6' in interface %}
+            gateway {{ interface.gateway6 }}
           {%   endif %}
           {% endif %}
       register: vmhost_bridge_config
diff --git a/roles/vm/network/tasks/main.yml b/roles/vm/network/tasks/main.yml
index b17aba8b..27a7682a 100644
--- a/roles/vm/network/tasks/main.yml
+++ b/roles/vm/network/tasks/main.yml
@@ -1,24 +1,25 @@
 ---
-- block:
-    - name: remove legacy systemd.link units
-      loop:
-        - 50-virtio-kernel-names.link
-        - 99-default.link
-      file:
-        name: "/etc/systemd/network/{{ item }}"
-        state: absent
+- name: configure systemd link units
+  when: network_cooked.systemd_link is defined
+  block:
+  - name: remove legacy systemd.link units
+    loop:
+      - 50-virtio-kernel-names.link
+      - 99-default.link
+    file:
+      name: "/etc/systemd/network/{{ item }}"
+      state: absent
 
-    - name: install systemd network link units
-      loop: "{{ network.systemd_link.interfaces }}"
-      loop_control:
-        label: "{{ item.name }}"
-        index_var: interface_index
-      template:
-        src: systemd.link.j2
-        dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link"
-      notify: rebuild initramfs
+  - name: install systemd network link units
+    loop: "{{ network_cooked.systemd_link.interfaces }}"
+    loop_control:
+      label: "{{ item.name }}"
+      index_var: interface_index
+    template:
+      src: systemd.link.j2
+      dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link"
+    notify: rebuild initramfs
 
-  when: network.systemd_link is defined
 
 - name: install basic interface config
   template:
diff --git a/roles/vm/network/templates/interfaces.j2 b/roles/vm/network/templates/interfaces.j2
index db0e322f..d257a98a 100644
--- a/roles/vm/network/templates/interfaces.j2
+++ b/roles/vm/network/templates/interfaces.j2
@@ -6,25 +6,33 @@ source /etc/network/interfaces.d/*
 # The loopback network interface
 auto lo
 iface lo inet loopback
+{% for interface in network_cooked.interfaces %}
 
-# The primary network interface
-auto {{ network.primary.interface }}
-iface {{ network.primary.interface }} inet static
+
+auto {{ interface.name }}
+iface {{ interface.name }} inet static
   pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
   pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
-  address {{ network.primary.ip }}
-  netmask {{ network.primary.mask }}
-{% if 'overlay' in network.primary %}
-  up /bin/ip addr add dev $IFACE {{ network.primary.overlay }}/32
-  up /bin/ip route add default via {{ network.primary.gateway }} src {{ network.primary.overlay }}
-  down /bin/ip route del default via {{ network.primary.gateway }} src {{ network.primary.overlay }}
-  down /bin/ip addr del dev $IFACE {{ network.primary.overlay }}/32
-{% else %}
-  gateway {{ network.primary.gateway }}
-{% endif %}
-{% if 'prefix6' in network.primary %}
+  address {{ interface.address | ipaddr('address') }}
+  netmask {{ interface.address | ipaddr('netmask') }}
+{%   if 'overlay' in interface %}
+  up /bin/ip addr add dev $IFACE {{ interface.overlay }}/32
+{%     if 'gateway' in interface %}
+  up /bin/ip route add default via {{ interface.gateway }} src {{ interface.overlay }}
+  down /bin/ip route del default via {{ interface.gateway }} src {{ interface.overlay }}
+{%     endif %}
+  down /bin/ip addr del dev $IFACE {{ interface.overlay }}/32
+{%   else %}
+{%     if 'gateway' in interface %}
+  gateway {{ interface.gateway }}
+{%     endif %}
+{%   endif %}
+{%   if 'address6' in interface %}
 
-iface {{ network.primary.interface }} inet6 static
-  address {{ network.primary.prefix6 }}
-  gateway {{ network.primary.gateway6 }}
-{% endif %}
+iface {{ interface.name }} inet6 static
+  address {{ interface.address6 }}
+{%     if 'gateway6' in interface %}
+  gateway {{ interface.gateway6 }}
+{%     endif %}
+{%   endif %}
+{% endfor %}
diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/network/templates/resolv.conf.j2
index a32ec181..f62b6ed7 100644
--- a/roles/vm/network/templates/resolv.conf.j2
+++ b/roles/vm/network/templates/resolv.conf.j2
@@ -1,4 +1,4 @@
-{% for nsrv in network.nameservers %}
+{% for nsrv in network_cooked.nameservers %}
 nameserver {{ nsrv }}
 {% endfor %}
 search {{ network.domain }}
diff --git a/spreadspace/vm-install.yml b/spreadspace/vm-install.yml
index cf19d046..b6a69b67 100644
--- a/spreadspace/vm-install.yml
+++ b/spreadspace/vm-install.yml
@@ -6,9 +6,10 @@
   - set_fact:
       install_cooked: "{{ install }}"
       network_cooked: "{{ network }}"
+      vm_host_cooked: "{{ vm_host }}"
 
 - name: cook variables for host
-  hosts: "{{ hostvars[install_hostname].install.vm.host }}"
+  hosts: "{{ hostvars[install_hostname].vm_host.name }}"
   gather_facts: no
   tasks:
   - set_fact: