diff --git a/host_vars/cl-nd.oopen.de.yml b/host_vars/cl-nd.oopen.de.yml
new file mode 100644
index 0000000..f2c263a
--- /dev/null
+++ b/host_vars/cl-nd.oopen.de.yml
@@ -0,0 +1,235 @@
+---
+
+# ---
+# vars used by roles/ansible_dependencies
+# ---
+
+
+# ---
+# vars used by roles/ansible_user
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/basic.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+sshd_permit_root_login: !!str "prohibit-password"
+
+# ---
+# vars used by apt.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/systemd-resolved.yml
+# ---
+
+systemd_resolved: true
+
+# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
+#   Primäre DNS-Adresse: 38.132.106.139
+#   Sekundäre DNS-Adresse: 194.187.251.67
+#
+# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
+#   primäre DNS-Adresse
+#      IPv4: 1.1.1.1
+#      IPv6: 2606:4700:4700::1111
+#   sekundäre DNS-Adresse
+#      IPv4: 1.0.0.1
+#      IPv6: 2606:4700:4700::1001 
+# 
+# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
+#   primäre DNS-Adresse
+#      IPv4: 8.8.8.8
+#      IPv6: 2001:4860:4860::8888
+#   sekundäre DNS-Adresse
+#      IPv4: 8.8.4.4
+#      IPv6: 2001:4860:4860::8844
+#
+# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
+#   primäre DNS-Adresse
+#      IPv4: 9.9.9.9  
+#      IPv6: 2620:fe::fe 
+#   sekundäre DNS-Adresse
+#      IPv4: 149.112.112.112
+#      IPv6: 2620:fe::9
+#
+# OpenNIC - https://www.opennic.org/
+#      IPv4: 195.10.195.195 - ns31.de 
+#      IPv4: 94.16.114.254  - ns28.de 
+#      IPv4: 51.254.162.59  - ns9.de   
+#      IPv4: 194.36.144.87  - ns29.de
+#      IPv6: 2a00:f826:8:2::195 - ns31.de
+# 
+# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) 
+#    IPv4: 5.1.66.255
+#    IPv6: 2001:678:e68:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    IPv4: 185.150.99.255
+#    IPv6: 2001:678:ed0:f000::
+#    Servername für DNS-over-TLS: dot.ffmuc.net
+#    für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
+resolved_nameserver:
+  - 185.12.64.2
+  - 185.12.64.1
+  - 2a01:4ff:ff00::add:2
+  - 2a01:4ff:ff00::add:1
+
+# search domains
+#
+# If there are more than one search domains, then specify them here in the order in which 
+# the resolver should also search them
+#
+#resolved_domains: []
+resolved_domains:
+  - ~.
+  - oopen.de
+
+resolved_dnssec: false
+
+# dns.as250.net: 194.150.168.168
+#
+resolved_fallback_nameserver:
+   - 194.150.168.168
+
+
+# ---
+# vars used by roles/common/tasks/cron.yml
+# ---
+
+cron_env_entries:
+  - name: PATH
+    job: /root/bin/admin-stuff:/root/bin:/usr/local/apache2/bin:/usr/local/php/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+  - name: SHELL
+    job: /bin/bash
+    insertafter: PATH
+
+
+cron_user_special_time_entries:
+
+  - name: "Restart DNS Cache service 'systemd-resolved'"
+    special_time: reboot
+    job: "sleep 5 ; /bin/systemctl restart systemd-resolved"
+    insertafter: PATH
+
+
+cron_user_entries:
+
+  - name: "Check if webservices sre running. Restart if necessary"
+    minute: '*/5'
+    hour: '*'
+    job: /root/bin/monitoring/check_webservice_load.sh
+
+  - name: "Check if SSH service is running. Restart service if needed."
+    minute: '*/5'
+    hour: '*'
+    job: /root/bin/monitoring/check_ssh.sh
+
+  - name: "Check if Postfix Mailservice is up and running?"
+    minute: '*/15'
+    hour: '*'
+    job: /root/bin/monitoring/check_postfix.sh
+
+  - name: "Check Postfix E-Mail LOG file for 'fatal' errors.."
+    minute: '*/5'
+    hour: '*'
+    job: /root/bin/postfix/check-postfix-fatal-errors.sh
+
+  - name: "Optimize mysql tables"
+    minute: '53'
+    hour: '04'
+    job: /root/bin/mysql/optimize_mysql_tables.sh
+
+  - name: "Flush query cache for mysql tables"
+    minute: '27'
+    hour: '04'
+    job: /root/bin/mysql/flush_query_cache.sh
+
+  - name: "Flush Host cache"
+    minute: '17'
+    hour: '05'
+    job: /root/bin/mysql/flush_host_cache.sh
+
+  - name: "Run occ file:scan for each cloud account"
+    minute: '02'
+    hour: '23'
+    job: /root/bin/nextcloud/occ_maintenance.sh -s cloud.nd.digital
+
+  - name: "Background job for nextcloud instance 'cloud-irights.oopen.de"
+    minute: '*/15'
+    hour: '*'
+    job: sudo -u "www-data" /usr/local/php/bin/php  -f /var/www/cloud.nd.digital/htdocs/cron.php
+
+  - name: "Check if certificates for coolwsd service are up to date"
+    minute: '17'
+    hour: '05'
+    job: /root/bin/nextcloud/check_cert_coolwsd.sh
+
+  - name: "Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script)"
+    minute: '23'
+    hour: '05'
+    job: /var/lib/dehydrated/cron/dehydrated_cron.sh
+
+  - name: "Check whether all certificates are included in the VHOST configurations"
+    minute: '33'
+    hour: '05'
+    job: /var/lib/dehydrated/tools/update_ssl_directives.sh
+
+
+# ---
+# vars used by roles/common/tasks/users.yml
+# ---
+
+sudo_users:
+  - chris
+  - sysadm
+  - localadmin
+
+
+# ---
+# vars used by roles/common/tasks/users-systemfiles.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/webadmin-user.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/sudoers.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+sudoers_file_user_privileges:
+  - name: back
+    entry: 'ALL=(www-data) NOPASSWD: /usr/local/php/bin/php'
+
+
+# ---
+# vars used by roles/common/tasks/caching-nameserver.yml
+# ---
+
+
+# ---
+# vars used by roles/common/tasks/git.yml
+# ---
+#
+# see: roles/common/tasks/vars
+
+
+# ==============================
+
+
+# ---
+# vars used by scripts/reset_root_passwd.yml
+# ---
+