diff --git a/common/prometheus-node/tasks/main.yml b/common/prometheus-node/tasks/main.yml
index 8165ba04f485a2210b27d9c0707579380915ca6a..e0c1a9bf9c9f236e7a02c2ce32750a50d00eac35 100644
--- a/common/prometheus-node/tasks/main.yml
+++ b/common/prometheus-node/tasks/main.yml
@@ -1,18 +1,15 @@
 ---
-# Pakete installieren
-- name: pakete installieren
+
+
+- name: stop prometheus-node-exporter
+  service: name=prometheus-node-exporter state=stopped
+
+# Pakete deinstallieren
+- name: pakete deinstallieren
   apt:
     pkg: "{{ item }}"
-    update_cache: yes
-    state: installed
+    update_cache: no
+    state: absent
   with_items:
     - prometheus-node-exporter
 
-- name: reload systemd and enable service
-  systemd:
-    name: prometheus-node-exporter
-    enabled: yes
-    daemon_reload: yes
-
-- name: restart prometheus-node-exporter
-  service: name=prometheus-node-exporter state=restarted
diff --git a/common/telegraf/handlers/main.yml b/common/telegraf/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..de46abe05cfa47354938900ed619af78ef43b159
--- /dev/null
+++ b/common/telegraf/handlers/main.yml
@@ -0,0 +1,3 @@
+
+- name: restart telegraf
+  service: name=telegraf state=restarted
diff --git a/common/telegraf/tasks/main.yml b/common/telegraf/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6f8c0fc217022136ab6efaf30b2822a31bd5c590
--- /dev/null
+++ b/common/telegraf/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+# Pakete installieren
+- name: pakete installieren
+  apt:
+    pkg: "{{ item }}"
+    update_cache: yes
+    state: installed
+  with_items:
+    - telegraf
+
+- name: pakete installieren (host_type = physical)
+  apt:
+    pkg: "{{ item }}"
+    update_cache: yes
+    state: installed
+  with_items:
+    - hddtemp
+    - lm-sensors
+    - smartmontools
+  when: host_type == 'physical'
+
+
+- name: create main config 
+  template: src={{ item }} dest=/etc/telegraf/{{ item }}
+  with_items: 
+    - telegraf.conf
+  notify: restart telegraf
+
+
+- name: reload systemd and enable service
+  command: systemctl enable telegraf
+  notify: restart telegraf
+
+  
+- name: delete config file 1
+  file: 
+    path: "/etc/telegraf/telegraf.d/outputs-influxdb.conf"
+    state: absent
diff --git a/common/telegraf/templates/telegraf.conf b/common/telegraf/templates/telegraf.conf
new file mode 100644
index 0000000000000000000000000000000000000000..7bb562b51d24493b5c5db0172eaf4416cf0ab61e
--- /dev/null
+++ b/common/telegraf/templates/telegraf.conf
@@ -0,0 +1,317 @@
+
+# Global tags can be specified here in key="value" format.
+[global_tags]
+  # dc = "us-east-1" # will tag all metrics with dc=us-east-1
+  # rack = "1a"
+  ## Environment variables can be used as tags, and throughout the config file
+  # user = "$USER"
+  server = "true"
+  host_type = "{{host_type}}"
+  
+
+# Configuration for telegraf agent
+[agent]
+  
+  ## Default data collection interval for all inputs
+  interval = "5s"
+
+  ## Rounds collection interval to 'interval'
+  ## ie, if interval="10s" then always collect on :00, :10, :20, etc.
+  round_interval = true
+
+  ## Telegraf will send metrics to outputs in batches of at most
+  ## metric_batch_size metrics.
+  ## This controls the size of writes that Telegraf sends to output plugins.
+  metric_batch_size = 1000
+
+  ## For failed writes, telegraf will cache metric_buffer_limit metrics for each
+  ## output, and will flush this buffer on a successful write. Oldest metrics
+  ## are dropped first when this buffer fills.
+  ## This buffer only fills when writes fail to output plugin(s).
+  metric_buffer_limit = 10000
+
+  ## Collection jitter is used to jitter the collection by a random amount.
+  ## Each plugin will sleep for a random time within jitter before collecting.
+  ## This can be used to avoid many plugins querying things like sysfs at the
+  ## same time, which can have a measurable effect on the system.
+  collection_jitter = "0s"
+
+  ## Default flushing interval for all outputs. You shouldn't set this below
+  ## interval. Maximum flush_interval will be flush_interval + flush_jitter
+  flush_interval = "10s"
+
+  ## Jitter the flush interval by a random amount. This is primarily to avoid
+  ## large write spikes for users running a large number of telegraf instances.
+  ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s
+  flush_jitter = "0s"
+
+  ## By default or when set to "0s", precision will be set to the same
+  ## timestamp order as the collection interval, with the maximum being 1s.
+  ##   ie, when interval = "10s", precision will be "1s"
+  ##       when interval = "250ms", precision will be "1ms"
+  ## Precision will NOT be used for service inputs. It is up to each individual
+  ## service input to set the timestamp at the appropriate precision.
+  ## Valid time units are "ns", "us" (or "µs"), "ms", "s".
+  precision = ""
+
+  ## Logging configuration:
+  ## Run telegraf with debug log messages.
+  debug = false
+
+  ## Run telegraf in quiet mode (error log messages only).
+  quiet = false
+
+  ## Specify the log file name. The empty string means to log to stderr.
+  logfile = ""
+
+  ## Override default hostname, if empty use os.Hostname()
+  hostname = "{{ inventory_hostname }}"
+
+  ## If set to true, do no set the "host" tag in the telegraf agent.
+  omit_hostname = false
+  
+
+###############################################################################
+#                            OUTPUT PLUGINS                                   #
+###############################################################################
+
+
+# Configuration for sending metrics to InfluxDB
+[[outputs.influxdb]]
+  ## The full HTTP or UDP URL for your InfluxDB instance.
+  ##
+  urls = ["{{influxdb_sysmon.url}}"]
+
+  ## The target database for metrics; will be created as needed.
+  database = "{{influxdb_sysmon.db}}"
+
+  ## If true, no CREATE DATABASE queries will be sent.  Set to true when using
+  ## Telegraf with a user without permissions to create databases or when the
+  ## database already exists.
+  skip_database_creation = true
+
+  ## Name of existing retention policy to write to.  Empty string writes to
+  ## the default retention policy.
+  # retention_policy = ""
+
+  ## Write consistency (clusters only), can be: "any", "one", "quorum", "all"
+  # write_consistency = "any"
+
+  ## Timeout for HTTP messages.
+  # timeout = "5s"
+
+  ## HTTP Basic Auth
+  username = "{{influxdb_sysmon.user}}"
+  password = "{{influxdb_sysmon.password}}"
+
+  ## HTTP User-Agent
+  # user_agent = "telegraf"
+
+  ## UDP payload size is the maximum packet size to send.
+  # udp_payload = 512
+
+  ## Optional SSL Config
+  # ssl_ca = "/etc/telegraf/ca.pem"
+  # ssl_cert = "/etc/telegraf/cert.pem"
+  # ssl_key = "/etc/telegraf/key.pem"
+  ## Use SSL but skip chain & host verification
+  # insecure_skip_verify = false
+
+  ## HTTP Proxy override, if unset values the standard proxy environment
+  ## variables are consulted to determine which proxy, if any, should be used.
+  # http_proxy = "http://corporate.proxy:3128"
+
+  ## Additional HTTP headers
+  # http_headers = {"X-Special-Header" = "Special-Value"}
+
+  ## HTTP Content-Encoding for write request body, can be set to "gzip" to
+  ## compress body or "identity" to apply no encoding.
+  # content_encoding = "identity"
+
+  ## When true, Telegraf will output unsigned integers as unsigned values,
+  ## i.e.: "42u".  You will need a version of InfluxDB supporting unsigned
+  ## integer values.  Enabling this option will result in field type errors if
+  ## existing data has been written.
+  # influx_uint_support = false
+
+
+
+###############################################################################
+#                            INPUT PLUGINS                                    #
+###############################################################################
+
+
+# Read metrics about system load & uptime
+[[inputs.system]]
+  # no configuration
+
+
+[[inputs.interrupts]]
+  # no configuration
+
+
+[[inputs.linux_sysctl_fs]]
+  # no configuration
+
+
+# Get kernel statistics from /proc/stat
+[[inputs.kernel]]
+  # no configuration  
+
+
+# Read metrics about memory usage
+[[inputs.mem]]
+  # no configuration
+
+
+# Read metrics about swap memory usage
+[[inputs.swap]]
+  # no configuration
+
+
+# Get the number of processes and group them by status
+[[inputs.processes]]
+  # no configuration
+
+
+# Read metrics about cpu usage
+[[inputs.cpu]]
+  ## Whether to report per-cpu stats or not
+  percpu = true
+  ## Whether to report total system cpu stats or not
+  totalcpu = true
+  ## If true, collect raw CPU time metrics.
+  collect_cpu_time = false
+  ## If true, compute and report the sum of all non-idle CPU states.
+  report_active = false
+
+
+# Read metrics about disk usage by mount point
+[[inputs.disk]]
+  ## By default stats will be gathered for all mount points.
+  ## Set mount_points will restrict the stats to only the specified mount points.
+  mount_points = ["/", "/srv"]
+
+  ## Ignore mount points by filesystem type.
+  ignore_fs = ["tmpfs", "devtmpfs", "devfs", "sysfs", "overlay" ]
+
+
+# Read metrics about disk IO by device
+[[inputs.diskio]]
+  ## By default, telegraf will gather stats for all devices including
+  ## disk partitions.
+  ## Setting devices will restrict the stats to the specified devices.
+  # devices = ["sda", "sdb"]
+  ## Uncomment the following line if you need disk serial numbers.
+  # skip_serial_number = false
+  #
+  ## On systems which support it, device metadata can be added in the form of
+  ## tags.
+  ## Currently only Linux is supported via udev properties. You can view
+  ## available properties for a device by running:
+  ## 'udevadm info -q property -n /dev/sda'
+  # device_tags = ["ID_FS_TYPE", "ID_FS_USAGE"]
+  #
+  ## Using the same metadata source as device_tags, you can also customize the
+  ## name of the device via templates.
+  ## The 'name_templates' parameter is a list of templates to try and apply to
+  ## the device. The template may contain variables in the form of '$PROPERTY' or
+  ## '${PROPERTY}'. The first template which does not contain any variables not
+  ## present for the device is used as the device name tag.
+  ## The typical use case is for LVM volumes, to get the VG/LV name instead of
+  ## the near-meaningless DM-0 name.
+  # name_templates = ["$ID_FS_LABEL","$DM_VG_NAME/$DM_LV_NAME"]
+
+
+# Read metrics about network interface usage
+[[inputs.net]]
+  ## By default, telegraf gathers stats from any up interface (excluding loopback)
+  ## Setting interfaces will tell it to gather these explicit interfaces,
+  ## regardless of status.
+  ##
+  interfaces = ["eth*", "en*"]
+  ##
+  ## On linux systems telegraf also collects protocol stats.
+  ## Setting ignore_protocol_stats to true will skip reporting of protocol metrics.
+  ##
+  # ignore_protocol_stats = false
+  ##
+
+# Read metrics about network usage
+[[inputs.netstat]]
+  # no configuration
+
+ # Collects conntrack stats from the configured directories and files.
+ [[inputs.conntrack]]
+   ## The following defaults would work with multiple versions of conntrack.
+   ## Note the nf_ and ip_ filename prefixes are mutually exclusive across
+   ## kernel versions, as are the directory locations.
+
+   ## Superset of filenames to look for within the conntrack dirs.
+   ## Missing files will be ignored.
+   files = ["ip_conntrack_count","ip_conntrack_max",
+            "nf_conntrack_count","nf_conntrack_max"]
+
+   ## Directories to search within for the conntrack files above.
+   ## Missing directrories will be ignored.
+   dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]
+   
+
+{% if host_type == 'physical' %}
+
+# Monitor disks' temperatures using hddtemp
+[[inputs.hddtemp]]
+  ## By default, telegraf gathers temps data from all disks detected by the
+  ## hddtemp.
+  ##
+  ## Only collect temps from the selected disks.
+  ##
+  ## A * as the device name will return the temperature values of all disks.
+  ##
+  # address = "127.0.0.1:7634"
+  # devices = ["sda", "*"]
+
+
+# Monitor sensors, requires lm-sensors package
+[[inputs.sensors]]
+  ## Remove numbers from field names.
+  ## If true, a field name like 'temp1_input' will be changed to 'temp_input'.
+  # remove_numbers = true
+
+
+# Read metrics from storage devices supporting S.M.A.R.T.
+[[inputs.smart]]
+  ## Optionally specify the path to the smartctl executable
+  # path = "/usr/bin/smartctl"
+  #
+  ## On most platforms smartctl requires root access.
+  ## Setting 'use_sudo' to true will make use of sudo to run smartctl.
+  ## Sudo must be configured to to allow the telegraf user to run smartctl
+  ## with out password.
+  # use_sudo = false
+  #
+  ## Skip checking disks in this power mode. Defaults to
+  ## "standby" to not wake up disks that have stoped rotating.
+  ## See --nocheck in the man pages for smartctl.
+  ## smartctl version 5.41 and 5.42 have faulty detection of
+  ## power mode and might require changing this value to
+  ## "never" depending on your disks.
+  # nocheck = "standby"
+  #
+  ## Gather detailed metrics for each SMART Attribute.
+  ## Defaults to "false"
+  ##
+  # attributes = false
+  #
+  ## Optionally specify devices to exclude from reporting.
+  # excludes = [ "/dev/pass6" ]
+  #
+  ## Optionally specify devices and device type, if unset
+  ## a scan (smartctl --scan) for S.M.A.R.T. devices will
+  ## done and all found will be included except for the
+  ## excluded in excludes.
+  # devices = [ "/dev/ada0 -d atacam" ]
+
+
+{% else %}
+{% endif %}
\ No newline at end of file
diff --git a/group_vars/all b/group_vars/all
index 6321239bcc5c5bc6d9b9aa9cc192744a848fd2a3..4e260e204764c8bc3f3afa6e4100551e7d26424d 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -6,5 +6,13 @@ ldap_ip_ext: 10.0.20.2
 # int ist noch ungenutzt / später replikation in der Zone
 ldap_ip_int: 10.0.20.2
 
-ldap_base_dn: DC=warpzone,DC=ms
-ldap_readonly_bind_dn: CN=readonly,DC=warpzone,DC=ms
\ No newline at end of file
+ldap_base_dn: dc=warpzone,dc=ms
+ldap_readonly_bind_dn: cn=readonly,dc=warpzone,dc=ms
+
+# Zentrale InfluxDb für Systemmonitoring  
+influxdb_sysmon:
+  url: "http://192.168.0.201:18086"
+  db: "influx"
+  user: "influx" 
+  password: "influx" 
+
diff --git a/host_vars/vorstandspi b/host_vars/vorstandspi
index ccc3116fa232344ff2b850650bdb0f8e8619b034..e998a6d9d1a362e0d5f4f795876787c7928ed170 100644
--- a/host_vars/vorstandspi
+++ b/host_vars/vorstandspi
@@ -10,6 +10,10 @@ debian_sources:
 
 debian_keys:
 
+# Art des Hosts: physical, vm, docker 
+host_type: "physical"
+
+
 administratorenteam:
   - "ole"
   - "larsm"
diff --git a/host_vars/warphab b/host_vars/warphab
index b14fd6421548aaa992f6bbf4bc43d4396fc157b9..4368b1f6f6217c9b18014cd678a45d72c00fea34 100644
--- a/host_vars/warphab
+++ b/host_vars/warphab
@@ -14,6 +14,9 @@ debian_keys:
   - "https://homegear.eu/packages/Release.key"
   - "https://bintray.com/user/downloadSubjectPublicKey?username=openhab"
 
+# Art des Hosts: physical, vm, docker 
+host_type: "physical"
+
 administratorenteam:
   - "user51"
   - "void"
diff --git a/host_vars/warpsrvext b/host_vars/warpsrvext
index 3691f9540aa5cc88542dbc437e5c6c15332acdde..8cad5795da49183a3abbada8f2d60472c1cfef51 100644
--- a/host_vars/warpsrvext
+++ b/host_vars/warpsrvext
@@ -12,6 +12,9 @@ debian_sources:
 
 debian_keys:
 
+# Art des Hosts: physical, vm, docker 
+host_type: "physical"
+
 administratorenteam:
   - "void"
   - "sandhome"
diff --git a/host_vars/warpsrvint b/host_vars/warpsrvint
index 741dfea354ad4da9daf38e2670413c31a61170ac..2e8146eba7eb50522de961e540f36fd053d2cef8 100644
--- a/host_vars/warpsrvint
+++ b/host_vars/warpsrvint
@@ -11,10 +11,17 @@ debian_sources:
   - "deb http://debian.uni-duisburg-essen.de/debian/ jessie-updates main contrib non-free"
   - "deb http://ftp.debian.org/debian jessie-backports main"
   - "deb https://apt.dockerproject.org/repo debian-jessie main"
-  - "deb [arch=amd64] https://download.docker.com/linux/debian jessie stable"
+  - "deb https://download.docker.com/linux/debian jessie stable"
+  - "deb https://repos.influxdata.com/debian stretch stable"
 
 debian_keys:
   - "https://download.docker.com/linux/debian/gpg"
+  - "https://repos.influxdata.com/influxdb.key"
+
+
+# Art des Hosts: physical, vm, docker 
+host_type: "physical"
+
 
 webserver_domains: 
   - "infra"
diff --git a/host_vars/webserver b/host_vars/webserver
index 706af93e1418634333552f30ef614d820775a250..8259eadb9332f26d8e28c9ddda8c1aad1f2c9196 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -10,10 +10,16 @@ debian_sources:
   - "deb http://security.debian.org/ stretch/updates main contrib non-free"
   - "deb http://ftp.de.debian.org/debian/ stretch-updates main"
   - "deb http://ftp.halifax.rwth-aachen.de/debian/ stretch-updates main contrib non-free"
-  - "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable"
+  - "deb https://download.docker.com/linux/debian stretch stable"
+  - "deb https://repos.influxdata.com/debian stretch stable"
 
 debian_keys:
   - "https://download.docker.com/linux/debian/gpg"
+  - "https://repos.influxdata.com/influxdb.key"
+
+
+# Art des Hosts: physical, vm, docker 
+host_type: "vm"
 
 
 letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221
@@ -21,6 +27,8 @@ letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df
 letsencrypt_mail: verwaltung@warpzone.ms
 
 webserver_domains: 
+  - "auth"
+  - "alerta"
   - "gitlab"
   - "infra"
   - "infra-test"
@@ -32,6 +40,7 @@ webserver_domains:
   - "proxy.jabber-test"
   - "ldap"
   - "mattermost"
+  - "md"
   - "pad"
   - "wiki"
   - "www"
diff --git a/warpsrvint/docker_influx/tasks/main.yml b/warpsrvint/docker_influx/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..204f09e9082e115df82d6a4037a9352642d77e07
--- /dev/null
+++ b/warpsrvint/docker_influx/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+
+- include: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/influx/influx_admin_pw,  length: 24 }
+ 
+
+- name: create folder struct for influx
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - /srv/influx/
+    - /srv/influx/sysmon/
+
+
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/influx/{{ item }}"
+  with_items:
+    - docker-compose.yml
+
+
+- name: Script-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/influx/{{ item }}"
+    mode: "o+rwx"
+  with_items:
+    - influx_sysmon.sh
+
+
+- name: start influx docker
+  docker_service:
+    project_src: /srv/influx/
+    state: present
diff --git a/warpsrvint/docker_influx/templates/docker-compose.yml b/warpsrvint/docker_influx/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ae6ed6f5c4f5c39f89cece696471bbc6dce0941a
--- /dev/null
+++ b/warpsrvint/docker_influx/templates/docker-compose.yml
@@ -0,0 +1,22 @@
+version: "3"
+
+services:
+
+  sysmon:
+
+    image: influxdb:1.5.3
+    restart: always
+    ports:
+      - 0.0.0.0:18086:8086
+    volumes:
+      - /srv/influx/sysmon/:/var/lib/influxdb
+    environment:
+      INFLUXDB_DB: "{{influxdb_sysmon.db}}"
+      INFLUXDB_ADMIN_USER: "admin"
+      INFLUXDB_ADMIN_PASSWORD: "{{ influx_admin_pw }}"
+      INFLUXDB_USER: "{{influxdb_sysmon.user}}"
+      INFLUXDB_USER_PASSWORD: "{{influxdb_sysmon.password}}"
+      INFLUXDB_HTTP_AUTH_ENABLED: "true"
+
+ 
+
diff --git a/warpsrvint/docker_influx/templates/influx_sysmon.sh b/warpsrvint/docker_influx/templates/influx_sysmon.sh
new file mode 100644
index 0000000000000000000000000000000000000000..767ceb2e8e11f7bba2f027e68111c694a52bd4ef
--- /dev/null
+++ b/warpsrvint/docker_influx/templates/influx_sysmon.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# Influx Admin Konsole 
+# Usage: ./influx_sysmon.sh 
+
+docker-compose exec sysmon influx -database "{{influxdb_sysmon.db}}" -password "{{ influx_admin_pw }}" -username "admin"
diff --git a/warpsrvint/docker_influxdb/tasks/main.yml b/warpsrvint/docker_influxdb/tasks/main.yml
deleted file mode 100644
index 6c3054a825adaf92ea0b125958e7e75dbdf89531..0000000000000000000000000000000000000000
--- a/warpsrvint/docker_influxdb/tasks/main.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: create folder struct for influxdb
-  file: 
-    path: "{{ item }}"
-    state: "directory"
-  with_items:
-    - "/srv/influxdb/"
-    - "/srv/influxdb/data/"   
-
-- name: Docker Compose Konfig-Datei erstellen
-  template:
-    src: "docker-compose.yml"
-    dest: "/srv/influxdb/docker-compose.yml"
-
-- name: start influxdb docker
-  docker_service:
-    project_src: /srv/influxdb/
-    state: present
diff --git a/warpsrvint/docker_influxdb/templates/docker-compose.yml b/warpsrvint/docker_influxdb/templates/docker-compose.yml
deleted file mode 100644
index 2a6d208a01ef91f0c079ed1b7cf6c371aecd52ef..0000000000000000000000000000000000000000
--- a/warpsrvint/docker_influxdb/templates/docker-compose.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-version: "3"
-
-services:
-
-  db:
-
-    image: influxdb:1.5.1
-    restart: always
-    ports:
-      - 8086:8086
-      - 2003:2003
-    volumes:
-      - /srv/influxdb/data/:/var/lib/influxdb
-    environment:
-      INFLUXDB_GRAPHITE_ENABLED: "true"
-
diff --git a/warpsrvint/docker_kapacitor/handlers/main.yaml b/warpsrvint/docker_kapacitor/handlers/main.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..04e217e8ec0446626eb8fcfb9a10df04c927263a
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/handlers/main.yaml
@@ -0,0 +1,7 @@
+---
+
+- name: restart kapacitor docker
+  docker_service:
+    project_src: /srv/kapacitor/
+    state: present
+    restarted: yes
diff --git a/warpsrvint/docker_kapacitor/tasks/main.yaml b/warpsrvint/docker_kapacitor/tasks/main.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d888c731d3eae5b9eea23955c8d7b69d0c3a1e78
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/tasks/main.yaml
@@ -0,0 +1,58 @@
+---
+- include: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/influx/influx_admin_pw,  length: 24 }
+   - { path: /srv/kapacitor/alerta_token,  length: -1 }
+
+- name: create folder struct for kapacitor
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - /srv/kapacitor/
+    - /srv/kapacitor/data/
+    - /srv/kapacitor/load/
+    - /srv/kapacitor/load/tasks/
+    - /srv/kapacitor/load/templates/
+    - /srv/kapacitor/load/handlers/
+
+
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/kapacitor/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - kapacitor.conf
+  notify: restart kapacitor docker
+
+- name: Script-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/kapacitor/{{ item }}"
+    mode: "o+rwx"
+  with_items:
+    - kapacitor_listtasks.sh
+    - kapacitor_show.sh
+    - kapacitor_watch.sh
+
+- name: Kapacitor-Tasks erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/kapacitor/load/tasks/{{ item }}"
+  with_items:
+    - task_cpu_high.tick
+    - task_disk_low.tick
+    - task_load1_high.tick
+    - task_load5_high.tick
+    - task_load15_high.tick
+    - task_mem_used.tick
+    - task_notraffic_globe.tick
+    - task_notraffic_telekom.tick
+  notify: restart kapacitor docker 
+
+
+- name: start kapacitor docker
+  docker_service:
+    project_src: /srv/kapacitor/
+    state: present
diff --git a/warpsrvint/docker_kapacitor/templates/docker-compose.yml b/warpsrvint/docker_kapacitor/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1266c2c501a5852791f4383c9db5e6371c07e248
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/docker-compose.yml
@@ -0,0 +1,14 @@
+version: "3"
+
+services:
+
+  app:
+
+    image: kapacitor:1.5
+    restart: always
+    ports:
+      - 0.0.0.0:9092:9092
+    volumes:
+      - /srv/kapacitor/kapacitor.conf:/etc/kapacitor/kapacitor.conf:ro
+      - /srv/kapacitor/data/:/var/lib/kapacitor/
+      - /srv/kapacitor/load/:/etc/kapacitor/load
diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor.conf b/warpsrvint/docker_kapacitor/templates/kapacitor.conf
new file mode 100644
index 0000000000000000000000000000000000000000..65e62af556a824f9edd02363743874704024d307
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/kapacitor.conf
@@ -0,0 +1,232 @@
+
+# The hostname of this node.
+# Must be resolvable by any configured InfluxDB hosts.
+hostname = "10.5.0.111"
+
+# Directory for storing a small amount of metadata about the server.
+data_dir = "/var/lib/kapacitor"
+
+# Do not apply configuration overrides during startup.
+# Useful if the configuration overrides cause Kapacitor to fail startup.
+# This option is intended as a safe guard and should not be needed in practice.
+skip-config-overrides = true
+
+# Default retention-policy, if a write is made to Kapacitor and
+# it does not have a retention policy associated with it,
+# then the retention policy will be set to this value
+default-retention-policy = ""
+
+
+[http]
+  # HTTP API Server for Kapacitor
+  # This server is always on,
+  # it serves both as a write endpoint
+  # and as the API endpoint for all other
+  # Kapacitor calls.
+  bind-address = ":9092"
+  log-enabled = true
+  write-tracing = false
+  pprof-enabled = false
+  https-enabled = false
+
+
+[config-override]
+  # Enable/Disable the service for overridding configuration via the HTTP API.
+  enabled = true
+
+
+[logging]
+    # Destination for logs
+    # Can be a path to a file or 'STDOUT', 'STDERR'.
+    file = "STDOUT"
+    # Logging level can be one of:
+    # DEBUG, INFO, ERROR
+    # HTTP logging can be disabled in the [http] config section.
+    level = "INFO"
+
+
+[load]
+  # Enable/Disable the service for loading tasks/templates/handlers
+  # from a directory
+  enabled = true
+  # Directory where task/template/handler files are set
+  dir = "/etc/kapacitor/load"
+
+
+[replay]
+  # Where to store replay files, aka recordings.
+  dir = "/var/lib/kapacitor/replay"
+
+
+[task]
+  # Where to store the tasks database
+  # DEPRECATED: This option is not needed for new installations.
+  # It is only used to determine the location of the task.db file
+  # for migrating to the new `storage` service.
+  dir = "/var/lib/kapacitor/tasks"
+  # How often to snapshot running task state.
+  snapshot-interval = "60s"
+
+
+[storage]
+  # Where to store the Kapacitor boltdb database
+  boltdb = "/var/lib/kapacitor/kapacitor.db"
+
+
+[deadman]
+  # Configure a deadman's switch
+  # Globally configure deadman's switches on all tasks.
+  # NOTE: for this to be of use you must also globally configure at least one alerting method.
+  global = false
+  # Threshold, if globally configured the alert will be triggered if the throughput in points/interval is <= threshold.
+  threshold = 5.0
+  # Interval, if globally configured the frequency at which to check the throughput.
+  interval = "10s"
+  {% raw %}
+  # Id -- the alert Id, NODE_NAME will be replaced with the name of the node being monitored.
+  id = "node 'NODE_NAME' in task '{{ .TaskName }}'"
+  # The message of the alert. INTERVAL will be replaced by the interval.
+  message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"collected\" | printf \"%0.3f\" }} points/INTERVAL."
+  {% endraw %}
+
+# Multiple InfluxDB configurations can be defined.
+# Exactly one must be marked as the default.
+# Each one will be given a name and can be referenced in batch queries and InfluxDBOut nodes.
+[[influxdb]]
+  # Connect to an InfluxDB cluster
+  # Kapacitor can subscribe, query and write to this cluster.
+  # Using InfluxDB is not required and can be disabled.
+  enabled = true
+  default = true
+  name = "sysmon"
+  urls = [ "{{ influxdb_sysmon.url }}" ]
+  username = "admin"
+  password = "{{ influx_admin_pw }}"
+  timeout = 0
+
+  # Do not verify the TLS/SSL certificate.
+  # This is insecure.
+  insecure-skip-verify = false
+
+  # Maximum time to try and connect to InfluxDB during startup
+  startup-timeout = "5m"
+
+  # Turn off all subscriptions
+  disable-subscriptions = false
+
+  # Subscription mode is either "cluster" or "server"
+  subscription-mode = "server"
+
+  # Which protocol to use for subscriptions
+  # one of 'udp', 'http', or 'https'.
+  subscription-protocol = "http"
+
+  # Subscriptions resync time interval
+  # Useful if you want to subscribe to new created databases
+  # without restart Kapacitord
+  subscriptions-sync-interval = "1m0s"
+
+  # Override the global hostname option for this InfluxDB cluster.
+  # Useful if the InfluxDB cluster is in a separate network and
+  # needs special config to connect back to this Kapacitor instance.
+  # Defaults to `hostname` if empty.
+  kapacitor-hostname = ""
+
+  # Override the global http port option for this InfluxDB cluster.
+  # Useful if the InfluxDB cluster is in a separate network and
+  # needs special config to connect back to this Kapacitor instance.
+  # Defaults to the port from `[http] bind-address` if 0.
+  http-port = 0
+
+  # Host part of a bind address for UDP listeners.
+  # For example if a UDP listener is using port 1234
+  # and `udp-bind = "hostname_or_ip"`,
+  # then the UDP port will be bound to `hostname_or_ip:1234`
+  # The default empty value will bind to all addresses.
+  udp-bind = ""
+  # Subscriptions use the UDP network protocl.
+  # The following options of for the created UDP listeners for each subscription.
+  # Number of packets to buffer when reading packets off the socket.
+  udp-buffer = 1000
+  # The size in bytes of the OS read buffer for the UDP socket.
+  # A value of 0 indicates use the OS default.
+  udp-read-buffer = 0
+
+  [influxdb.subscriptions]
+    # Set of databases and retention policies to subscribe to.
+    # If empty will subscribe to all, minus the list in
+    # influxdb.excluded-subscriptions
+    #
+    # Format
+    # db_name = <list of retention policies>
+    #
+    # Example:
+    # my_database = [ "default", "longterm" ]
+  [influxdb.excluded-subscriptions]
+    # Set of databases and retention policies to exclude from the subscriptions.
+    # If influxdb.subscriptions is empty it will subscribe to all
+    # except databases listed here.
+    #
+    # Format
+    # db_name = <list of retention policies>
+    #
+    # Example:
+    # my_database = [ "default", "longterm" ]
+
+
+[alerta]
+  # Configure Alerta.
+  enabled = true
+  # The Alerta URL.
+  url = "https://alerta.warpzone.ms/api"
+  # Default authentication token.
+  token = "{{ alerta_token }}"
+  # Default token prefix
+  # If you are on older versions of alerta you may need to change this to "Key"
+  token-prefix = "Key"
+  # Default environment.
+  environment = "warpzone"
+  # Default origin.
+  origin = "Kapacitor"
+
+
+[udf]
+# Configuration for UDFs (User Defined Functions)
+[udf.functions]
+    # Example go UDF.
+    # First compile example:
+    #   go build -o avg_udf ./udf/agent/examples/moving_avg.go
+    #
+    # Use in TICKscript like:
+    #   stream.goavg()
+    #           .field('value')
+    #           .size(10)
+    #           .as('m_average')
+    #
+    # uncomment to enable
+    #[udf.functions.goavg]
+    #   prog = "./avg_udf"
+    #   args = []
+    #   timeout = "10s"
+
+    # Example python UDF.
+    # Use in TICKscript like:
+    #   stream.pyavg()
+    #           .field('value')
+    #           .size(10)
+    #           .as('m_average')
+    #
+    # uncomment to enable
+    #[udf.functions.pyavg]
+    #   prog = "/usr/bin/python2"
+    #   args = ["-u", "./udf/agent/examples/moving_avg.py"]
+    #   timeout = "10s"
+    #   [udf.functions.pyavg.env]
+    #       PYTHONPATH = "./udf/agent/py"
+
+    # Example UDF over a socket
+    #[udf.functions.myCustomUDF]
+    #   socket = "/path/to/socket"
+    #   timeout = "10s"
+
+
diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor_listtasks.sh b/warpsrvint/docker_kapacitor/templates/kapacitor_listtasks.sh
new file mode 100644
index 0000000000000000000000000000000000000000..1a279f21bb703245d4356e34cefc0109466b0b22
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/kapacitor_listtasks.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# Show Kapacitor Tasks
+# Usage: ./kapacitor_listtasks.sh 
+
+docker-compose exec app kapacitor list tasks
diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor_show.sh b/warpsrvint/docker_kapacitor/templates/kapacitor_show.sh
new file mode 100644
index 0000000000000000000000000000000000000000..152f907a318e786540fc3d5c0059a494e1d917a5
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/kapacitor_show.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# Show Kapacitor Task
+# Usage: ./kapacitor_show.sh <task> 
+
+docker-compose exec app kapacitor show $1
diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor_watch.sh b/warpsrvint/docker_kapacitor/templates/kapacitor_watch.sh
new file mode 100644
index 0000000000000000000000000000000000000000..f1dece53b88916da87965cebbace97f7afa948fd
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/kapacitor_watch.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+# Show Kapacitor Task Logs
+# Usage: ./kapacitor_watch.sh <task> 
+
+docker-compose exec app kapacitor show $1
+
+docker-compose exec app kapacitor reload $1
+docker-compose exec app kapacitor watch $1
diff --git a/warpsrvint/docker_kapacitor/templates/task_cpu_high.tick b/warpsrvint/docker_kapacitor/templates/task_cpu_high.tick
new file mode 100644
index 0000000000000000000000000000000000000000..7c56e993f211bd290d2c7a512ff4bb5747aedfae
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_cpu_high.tick
@@ -0,0 +1,24 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+
+var data =batch 
+   |query(''' SELECT mean("usage_user") + mean("usage_system") + mean("usage_iowait") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."cpu" ''')
+    .period(5m)
+    .every(30s)
+    .fill('linear')
+    .groupBy('host')
+
+{% raw %}
+
+data
+  |alert()
+    .id('{{ index .Tags "host"}}/cpu_high')
+    .message('{{ .ID }}:{{ index .Fields "value" }}')
+    .info(lambda: "value" > 60 )
+    .warn(lambda: "value" > 80 )
+    .crit(lambda: "value" > 90 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/docker_kapacitor/templates/task_disk_low.tick b/warpsrvint/docker_kapacitor/templates/task_disk_low.tick
new file mode 100644
index 0000000000000000000000000000000000000000..38b46e17e93936812e213512a95ad1bcf50e3eec
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_disk_low.tick
@@ -0,0 +1,24 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+
+var data =batch 
+   |query(''' SELECT (mean("total") - mean("free")) / mean("total") * 100 AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."disk" WHERE path = "/"' or path = "/srv" ''')
+    .period(5m)
+    .every(30s)
+    .fill('linear')
+    .groupBy('host','path')
+
+{% raw %}
+
+data
+  |alert()
+    .id('{{ index .Tags "host"}}::{{ index .Tags "path" }}::disk_low')
+    .message('{{ .ID }}::{{ index .Fields "value" }}')
+    .info(lambda: "value" > 80 )
+    .warn(lambda: "value" > 95 )
+    .crit(lambda: "value" > 98 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/docker_kapacitor/templates/task_load15_high.tick b/warpsrvint/docker_kapacitor/templates/task_load15_high.tick
new file mode 100644
index 0000000000000000000000000000000000000000..f35252169a1905c4e82c32937771f5ddf590fbbb
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_load15_high.tick
@@ -0,0 +1,24 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+
+var data =batch 
+   |query(''' SELECT mean(load15) AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."system" ''')
+    .period(5m)
+    .every(30s)
+    .fill('linear')
+    .groupBy('host')
+
+{% raw %}
+
+data
+  |alert()
+    .id('{{ index .Tags "host"}}/load15_high')
+    .message('{{ .ID }}:{{ index .Fields "value" }}')
+    .info(lambda: "value" > 4 )
+    .warn(lambda: "value" > 8 )
+    .crit(lambda: "value" > 16 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/docker_kapacitor/templates/task_load1_high.tick b/warpsrvint/docker_kapacitor/templates/task_load1_high.tick
new file mode 100644
index 0000000000000000000000000000000000000000..ebd775b7b1520f03889370eb5a65654fd76346b9
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_load1_high.tick
@@ -0,0 +1,24 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+
+var data =batch 
+   |query(''' SELECT mean(load1) AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."system" ''')
+    .period(5m)
+    .every(30s)
+    .fill('linear')
+    .groupBy('host')
+
+{% raw %}
+
+data
+  |alert()
+    .id('{{ index .Tags "host"}}/load1_high')
+    .message('{{ .ID }}:{{ index .Fields "value" }}')
+    .info(lambda: "value" > 6 )
+    .warn(lambda: "value" > 12 )
+    .crit(lambda: "value" > 24 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/docker_kapacitor/templates/task_load5_high.tick b/warpsrvint/docker_kapacitor/templates/task_load5_high.tick
new file mode 100644
index 0000000000000000000000000000000000000000..f44c8d3e16721db781f24c1c9bb7fff38928a8c0
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_load5_high.tick
@@ -0,0 +1,24 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+
+var data =batch 
+   |query(''' SELECT mean(load5) AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."system" ''')
+    .period(5m)
+    .every(30s)
+    .fill('linear')
+    .groupBy('host')
+
+{% raw %}
+
+data
+  |alert()
+    .id('{{ index .Tags "host"}}/load5_high')
+    .message('{{ .ID }}:{{ index .Fields "value" }}')
+    .info(lambda: "value" > 5 )
+    .warn(lambda: "value" > 10 )
+    .crit(lambda: "value" > 20 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/docker_kapacitor/templates/task_mem_used.tick b/warpsrvint/docker_kapacitor/templates/task_mem_used.tick
new file mode 100644
index 0000000000000000000000000000000000000000..4b443a4d89b3bfdad63ddc4f3e7a0a3e3517fee3
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_mem_used.tick
@@ -0,0 +1,24 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+
+var data =batch 
+   |query(''' SELECT mean("used_percent") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."mem" ''')
+    .period(5m)
+    .every(30s)
+    .fill('linear')
+    .groupBy('host')
+
+{% raw %}
+
+data
+  |alert()
+    .id('{{ index .Tags "host"}}/mem_used')
+    .message('{{ .ID }}:{{ index .Fields "value" }}')
+    .info(lambda: "value" > 85 )
+    .warn(lambda: "value" > 90 )
+    .crit(lambda: "value" > 95 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/docker_kapacitor/templates/task_notraffic_globe.tick b/warpsrvint/docker_kapacitor/templates/task_notraffic_globe.tick
new file mode 100644
index 0000000000000000000000000000000000000000..805cf32aed73503ca2d12a9aa2ecadbe7d88cf33
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_notraffic_globe.tick
@@ -0,0 +1,18 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+var data =batch 
+   |query(''' SELECT sum("packets_recv") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."net" WHERE ("interface" = 'igb1') ''')
+    .period(5m)
+    .every(30s)
+
+{% raw %}
+
+data
+  |alert()
+    .id('No Traffic for 5m on Globe')
+    .crit(lambda: "value" > 9 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/docker_kapacitor/templates/task_notraffic_telekom.tick b/warpsrvint/docker_kapacitor/templates/task_notraffic_telekom.tick
new file mode 100644
index 0000000000000000000000000000000000000000..b8f21cb47f117cc102a822c2402ecd2eba346bb0
--- /dev/null
+++ b/warpsrvint/docker_kapacitor/templates/task_notraffic_telekom.tick
@@ -0,0 +1,18 @@
+
+
+dbrp "{{ influxdb_sysmon.db }}"."autogen"
+
+var data =batch 
+   |query(''' SELECT sum("packets_recv") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."net" WHERE ("interface" = 'igb0') ''')
+    .period(5m)
+    .every(30s)
+
+{% raw %}
+
+data
+  |alert()
+    .id('No Traffic for 5m on Telekom')
+    .crit(lambda: "value" > 9 )
+    .alerta()
+
+{% endraw %}
diff --git a/warpsrvint/main.yml b/warpsrvint/main.yml
index c9c79a23c1be3d4bc4c51c9f6d6cfdc710270b27..796cbd87d63755b4a51789810a9b829333742e4e 100644
--- a/warpsrvint/main.yml
+++ b/warpsrvint/main.yml
@@ -5,12 +5,13 @@
   roles:
     - { role: ../common/borgbackup, tags: borgbackup }
     - { role: ../common/borgserver, tags: borgserver }
-    - { role: ../common/prometheus-node, tags: prometheus-node }
     - { role: ../common/docker, tags: docker }
+    - { role: ../common/telegraf, tags: telegraf }
     - { role: nginx, tags: nginx }
     - { role: docker_grafana, tags: grafana }
-    - { role: docker_influxdb, tags: influxdb }
+    - { role: docker_influx, tags: influx }
     - { role: docker_iobroker, tags: iobroker }
+    - { role: docker_kapacitor, tags: kapacitor }
     - { role: docker_librenms, tags: librenms }
     - { role: docker_l4z0r, tags: l4z0r }
 #    - { role: docker_ldap, tags: ldap }
diff --git a/webserver/docker_alerta/handlers/main.yml b/webserver/docker_alerta/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..57d4fb785e9c699dbaa9faf5697c8cea5d410b81
--- /dev/null
+++ b/webserver/docker_alerta/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart alerta docker
+  docker_service:
+    project_src: /srv/alerta/
+    state: present
+    restarted: yes
diff --git a/webserver/docker_alerta/tasks/main.yml b/webserver/docker_alerta/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2dda680d86e10d8975ed41b08efabaf43ac1f3fa
--- /dev/null
+++ b/webserver/docker_alerta/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+
+- include: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/alerta/alerta_secret_key,  length: 24 }
+   - { path: /srv/alerta/alerta_oauth_client_secret,  length: -1 }
+   - { path: /srv/alerta/alerta_token,  length: -1 }
+   - { path: /srv/alerta/telegram_token,  length: -1 }
+   - { path: /srv/alerta/telegram_chatid,  length: -1 }
+ 
+
+- name: create folder struct for alerta
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - /srv/alerta/
+    - /srv/alerta/db/
+
+
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/alerta/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - alertad.conf
+    - config.js
+    - telegram.txt
+  notify: restart alerta docker
+
+
+- name: Script-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/alerta/{{ item }}"
+    mode: "o+rwx"
+  with_items:
+    - testalert.sh
+
+
+- name: start alerta docker
+  docker_service:
+    project_src: /srv/alerta/
+    state: present
diff --git a/webserver/docker_alerta/templates/alertad.conf b/webserver/docker_alerta/templates/alertad.conf
new file mode 100644
index 0000000000000000000000000000000000000000..f07264071d5df9c9a890948a37fd2b65176a7a9c
--- /dev/null
+++ b/webserver/docker_alerta/templates/alertad.conf
@@ -0,0 +1,25 @@
+
+DEBUG = False
+PLUGINS = [ 'blackout','normalise','reject','telegram' ]
+
+SENDER_API_ALLOW = 'ON'
+BLACKOUT_DURATION = 43200  
+ALLOWED_ENVIRONMENTS = [ 'warpzone' ]
+
+KEYCLOAK_URL = 'https://auth.warpzone.ms'
+KEYCLOAK_REALM = 'master'
+OAUTH2_CLIENT_ID = 'alerta-ui'
+OAUTH2_CLIENT_SECRET = '{{ alerta_oauth_client_secret }}'
+ALLOWED_KEYCLOAK_ROLES  = [ '*' ]
+
+SECRET_KEY = '{{ alerta_secret_key }}'
+DATABASE_URL = 'postgres://alerta:alerta@db:5432/alerta'
+      
+AUTH_REQUIRED = True
+ADMIN_USERS = [ '' ]
+
+CUSTOMER_VIEWS = False
+
+TELEGRAM_TOKEN = '{{ telegram_token }}'
+TELEGRAM_CHAT_ID = '{{ telegram_chatid }}'
+TELEGRAM_TEMPLATE = "/app/telegram.txt"
diff --git a/webserver/docker_alerta/templates/config.js b/webserver/docker_alerta/templates/config.js
new file mode 100644
index 0000000000000000000000000000000000000000..6882bfc8b89298220e7aa35dd3f9aa41c88ca16d
--- /dev/null
+++ b/webserver/docker_alerta/templates/config.js
@@ -0,0 +1,18 @@
+'use strict';
+
+angular.module('config', [])
+  .constant('config', {
+    'endpoint'    : "https://"+window.location.hostname+"/api",
+    'provider'    : "keycloak", // google, github, gitlab, saml2 or basic
+    'client_id'   : "alerta-ui",
+    'keycloak_url': "https://auth.warpzone.ms",
+    'keycloak_realm': "master",
+
+    'dates': {
+      'shortTime' : 'HH:MM',
+      'mediumDate': 'd.MM.yyyy',
+      'longDate'  : 'EEEE, MMMM d, yyyy HH:MM ss.sss (Z)'  // Tuesday, April 26, 2016 13:39:43.987 (+0100)
+    },
+
+    'refresh_interval': 30000 // Auto-refresh interval set to 30 seconds
+});
diff --git a/webserver/docker_alerta/templates/docker-compose.yml b/webserver/docker_alerta/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3485d59256bf6ef91ed4f607425b4be098dc32ad
--- /dev/null
+++ b/webserver/docker_alerta/templates/docker-compose.yml
@@ -0,0 +1,32 @@
+
+
+version: "3"
+
+services:
+  
+  app:
+
+    image: alerta/alerta-web:5.2.4
+    restart: always
+    ports:
+      - 0.0.0.0:42008:8080
+    volumes:
+      - /srv/alerta/alertad.conf:/app/alertad.conf
+      - /srv/alerta/telegram.txt:/app/telegram.txt
+      - /srv/alerta/config.js:/web/config.js
+    depends_on:
+      - db
+    environment:
+      INSTALL_PLUGINS: "normalise,telegram"
+
+
+  db:
+
+    image: postgres
+    restart: always
+    volumes:
+      - /srv/alerta/db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: alerta
+      POSTGRES_USER: alerta
+      POSTGRES_PASSWORD: alerta 
diff --git a/webserver/docker_alerta/templates/telegram.txt b/webserver/docker_alerta/templates/telegram.txt
new file mode 100644
index 0000000000000000000000000000000000000000..f5fdb991da1fef5fc3549e4b72f3272222d5e4cc
--- /dev/null
+++ b/webserver/docker_alerta/templates/telegram.txt
@@ -0,0 +1,9 @@
+{% raw %}
+{% if customer %}Customer: `{{customer}}` {% endif %}
+*[{{ status.capitalize() }}] {{ environment }} {{ severity.capitalize() }}*
+{{ event | replace("_","\_") }} {{ resource.capitalize() }}
+```
+{{ text }}
+```
+https://alerta.warpzone.ms/#/alert/{{ id }}
+{% endraw %}
\ No newline at end of file
diff --git a/webserver/docker_alerta/templates/testalert.sh b/webserver/docker_alerta/templates/testalert.sh
new file mode 100644
index 0000000000000000000000000000000000000000..5f13c221b3b0a9f4336f0a2936f6eb2fdabff7a8
--- /dev/null
+++ b/webserver/docker_alerta/templates/testalert.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+curl -XPOST https://alerta.warpzone.ms/api/alert \
+-H 'Authorization: Key {{alerta_token}}' \
+-H 'Content-type: application/json' \
+-d '{
+      "attributes": {
+        "region": "EU"
+      },
+      "correlate": [
+        "HttpServerError",
+        "HttpServerOK"
+      ],
+      "environment": "warpzone",
+      "event": "HttpServerError",
+      "group": "Web",
+      "origin": "curl",
+      "resource": "web01",
+      "service": [
+        "example.com"
+      ],
+      "severity": "major",
+      "tags": [
+        "dc1"
+      ],
+      "text": "Site is down.",
+      "type": "exceptionAlert",
+      "value": "Bad Gateway (501)"
+    }'
diff --git a/webserver/docker_gitlab/templates/gitlab.rb b/webserver/docker_gitlab/templates/gitlab.rb
index e8981e0795e83bfa488173c97f0326cfddeb9ac0..1a2781bcdf7e0f325b9966d2aea67756a2771a18 100644
--- a/webserver/docker_gitlab/templates/gitlab.rb
+++ b/webserver/docker_gitlab/templates/gitlab.rb
@@ -96,9 +96,9 @@ ldap_servers_template = <<-'EOS'
     port: 389
     uid: 'uid'
     method: 'plain'
-    bind_dn: 'cn=readonly,dc=warpzone,dc=ms'
+    bind_dn: '{{ ldap_readonly_bind_dn }}'
     password: '{{ ldap_readonly_pass }}'
-    base: 'dc=warpzone,dc=ms'
+    base: '{{ ldap_base_dn }}'
     user_filter: '(&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))'
     attributes:
       username: ['uid', 'cn']
diff --git a/webserver/docker_hackmd/tasks/main.yml b/webserver/docker_hackmd/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f24578eb5b3e8cde1e5cc3d69c9e1072a7b8771f
--- /dev/null
+++ b/webserver/docker_hackmd/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+
+- include: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/hackmd/mysql_root_pass,  length: 24 }
+   - { path: /srv/hackmd/mysql_user_pass,  length: 12 }
+   - { path: /srv/hackmd/hackmd_session_secret,  length: 32 }
+   - { path: /srv/ldap/secret/ldap_readonly_pass,  length: -1 }
+ 
+
+- name: create folder struct for hackmd
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - /srv/hackmd/
+    - /srv/hackmd/db/
+
+
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/hackmd/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - mysql-utf8.cnf
+
+
+- name: start hackmd docker
+  docker_service:
+    project_src: /srv/hackmd/
+    state: present
diff --git a/webserver/docker_hackmd/templates/docker-compose.yml b/webserver/docker_hackmd/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..60023d58f3f36494fb93ce944a3f6a8e5322dc30
--- /dev/null
+++ b/webserver/docker_hackmd/templates/docker-compose.yml
@@ -0,0 +1,43 @@
+
+version: "3"
+
+services:
+
+  app:
+
+    image: hackmdio/hackmd:1.2.0
+    restart: always
+    depends_on:
+      - db
+    ports:
+      - 127.0.0.1:42007:3000
+    environment:
+      HMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
+      CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
+      CMD_ALLOW_ANONYMOUS: "true"
+      CMD_ALLOW_ANONYMOUS_EDITS: "true"
+      CMD_DEFAULT_PERMISSION: "freely"
+      CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
+      CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}"
+      CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
+      CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}"
+      CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
+      CMD_LDAP_SEARCHATTRIBUTES: "uid"
+      CMD_LDAP_USERIDFIELD: "uid"
+      CMD_LDAP_USERNAMEFIELD: "uid"
+      CMD_EMAIL: "false"
+
+
+  db: 
+
+    image: mariadb:10
+    volumes:
+      - /srv/hackmd/db:/var/lib/mysql
+      - /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf
+    environment:
+      MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
+      MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+      MYSQL_DATABASE: "hackmd"
+      MYSQL_USER: "hackmd"
+
+  
\ No newline at end of file
diff --git a/webserver/docker_hackmd/templates/mysql-utf8.cnf b/webserver/docker_hackmd/templates/mysql-utf8.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..367210a9c7b5d70ae9f27b5946bb448eb0b111b9
--- /dev/null
+++ b/webserver/docker_hackmd/templates/mysql-utf8.cnf
@@ -0,0 +1,11 @@
+[client]
+default-character-set=utf8
+
+[mysql]
+default-character-set=utf8
+
+
+[mysqld]
+collation-server = utf8_unicode_ci
+init-connect='SET NAMES utf8'
+character-set-server = utf8
diff --git a/webserver/docker_keycloak/tasks/main.yml b/webserver/docker_keycloak/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7d3b2ed06fff9118649541202e62f323e75c5457
--- /dev/null
+++ b/webserver/docker_keycloak/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- include: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/keycloak/keycloak_admin_pass,  length: 24 }
+   - { path: /srv/keycloak/postgres_user_pass,  length: 12 }
+ 
+
+- name: create folder struct for keycloak
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - /srv/keycloak/
+    - /srv/keycloak/db/
+
+
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "/srv/keycloak/{{ item }}"
+  with_items:
+    - docker-compose.yml
+  notify: restart keycloak docker
+
+- name: start keycloak docker
+  docker_service:
+    project_src: /srv/keycloak/
+    state: present
diff --git a/webserver/docker_keycloak/templates/docker-compose.yml b/webserver/docker_keycloak/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6eb7c32f461ba1e2c3abc3bdcd74f5dc07b77421
--- /dev/null
+++ b/webserver/docker_keycloak/templates/docker-compose.yml
@@ -0,0 +1,35 @@
+
+
+version: "3"
+
+services:
+  
+
+  app:
+
+    image: jboss/keycloak:4.0.0.Final
+    restart: always
+    ports:
+      - 127.0.0.1:42009:8080 
+    depends_on:
+      - db
+    environment:
+      KEYCLOAK_USER: "admin"
+      KEYCLOAK_PASSWORD: "{{ keycloak_admin_pass }}"
+      DB_VENDOR: "POSTGRES"
+      DB_ADDR: "db"
+      DB_DATABASE: "keycloak"
+      DB_USER: "keycloak"
+      DB_PASSWORD: "{{ postgres_user_pass }}"
+      PROXY_ADDRESS_FORWARDING: "true"
+
+  db:
+
+    image: postgres
+    restart: always
+    volumes:
+      - /srv/keycloak/db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: "{{ postgres_user_pass }}" 
diff --git a/webserver/main.yml b/webserver/main.yml
index fdc9588d52976d1927af8ddc1fbc2f793c1e45a3..e13d1638e0465e1f537ab3bb39616b24703b454c 100644
--- a/webserver/main.yml
+++ b/webserver/main.yml
@@ -5,14 +5,18 @@
   roles:
     - { role: ../common/borgbackup, tags: borgbackup }
     - { role: ../common/docker, tags: docker }
+    - { role: ../common/telegraf, tags: telegraf }
     - { role: nginx, tags: nginx }
     - { role: openvpn, tags: openvpn }
+    - { role: docker_alerta, tags: alerta }
     - { role: docker_dokuwiki, tags: dokuwiki }
     - { role: docker_etherpad, tags: etherpad }
     - { role: docker_gitlab, tags: gitlab }
+    - { role: docker_hackmd, tags: hackmd }
     - { role: docker_jabber, tags: jabber }
     - { role: docker_jabber_test, tags: jabber_test }
     - { role: docker_ldap, tags: ldap }
+    - { role: docker_keycloak, tags: keycloak }
     - { role: docker_matterbridge, tags: matterbridge }
     - { role: docker_warpinfra, tags: warpinfra }
     - { role: docker_warpinfratest, tags: warpinfratest }
diff --git a/webserver/nginx/includes/alerta b/webserver/nginx/includes/alerta
new file mode 100644
index 0000000000000000000000000000000000000000..faba043e1540bea75ee389ee4ae2d93dbba81f48
--- /dev/null
+++ b/webserver/nginx/includes/alerta
@@ -0,0 +1,12 @@
+
+	location /  {
+
+        	proxy_set_header        Host $host;
+        	proxy_set_header        X-Real-IP $remote_addr;
+	        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        	proxy_set_header        X-Forwarded-Proto $scheme;
+
+	        proxy_pass      http://127.0.0.1:42008/;
+        	proxy_redirect  off;
+
+    }
diff --git a/webserver/nginx/includes/auth b/webserver/nginx/includes/auth
new file mode 100644
index 0000000000000000000000000000000000000000..74801f2f86b402969a6940e047cf633327e25a66
--- /dev/null
+++ b/webserver/nginx/includes/auth
@@ -0,0 +1,12 @@
+
+	location /  {
+
+        	proxy_set_header        Host $host;
+        	proxy_set_header        X-Real-IP $remote_addr;
+	        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        	proxy_set_header        X-Forwarded-Proto $scheme;
+
+	        proxy_pass      http://127.0.0.1:42009/;
+        	proxy_redirect  off;
+
+    }
diff --git a/webserver/nginx/includes/md b/webserver/nginx/includes/md
new file mode 100644
index 0000000000000000000000000000000000000000..72cb0aa1572473a5a643b741b3716c2239c94320
--- /dev/null
+++ b/webserver/nginx/includes/md
@@ -0,0 +1,12 @@
+
+	location /  {
+
+        	proxy_set_header        Host $host;
+        	proxy_set_header        X-Real-IP $remote_addr;
+	        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+        	proxy_set_header        X-Forwarded-Proto $scheme;
+
+	        proxy_pass      http://127.0.0.1:42007/;
+        	proxy_redirect  off;
+
+    }