diff --git a/roles/cloudflared/defaults/main.yaml b/roles/cloudflared/defaults/main.yaml
new file mode 100644
index 0000000..ffcb8ab
--- /dev/null
+++ b/roles/cloudflared/defaults/main.yaml
@@ -0,0 +1,10 @@
+---
+cloudflared_package_name: cloudflared
+cloudflared_package_state: present
+
+cloudflared_service_name: cloudflared.service
+cloudflared_service_enabled: true
+cloudflared_service_state: started
+
+cloudflared_apt_repository_repo: "deb [signed-by=/etc/apt/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared {{ ansible_lsb.codename }} main"
+cloudflared_apt_repository_state: present
\ No newline at end of file
diff --git a/roles/cloudflared/files/cloudflare-main.gpg b/roles/cloudflared/files/cloudflare-main.gpg
new file mode 100644
index 0000000..8ff068c
Binary files /dev/null and b/roles/cloudflared/files/cloudflare-main.gpg differ
diff --git a/roles/cloudflared/tasks/Debian.yaml b/roles/cloudflared/tasks/Debian.yaml
new file mode 100644
index 0000000..61a1fc1
--- /dev/null
+++ b/roles/cloudflared/tasks/Debian.yaml
@@ -0,0 +1,14 @@
+---
+- name: trust cloudflare apt respository key
+  ansible.builtin.copy:
+    src: "cloudflare-main.gpg"
+    dest: "/etc/apt/keyrings/cloudflare-main.gpg"
+    owner: root
+    group: root
+    mode: 0644
+
+- name: configure cloudflare apt repository
+  ansible.builtin.apt_repository:
+    repo: "{{ cloudflared_apt_repository_repo }}"
+    state: "{{ cloudflared_apt_repository_state | default('present') }}"
+    filename: cloudflared
\ No newline at end of file
diff --git a/roles/cloudflared/tasks/install.yaml b/roles/cloudflared/tasks/install.yaml
new file mode 100644
index 0000000..789deb5
--- /dev/null
+++ b/roles/cloudflared/tasks/install.yaml
@@ -0,0 +1,5 @@
+---
+- name: install package
+  ansible.builtin.package:
+    name: "{{ cloudflared_package_name }}"
+    state: "{{ cloudflared_package_state | default('present') }}"
\ No newline at end of file
diff --git a/roles/cloudflared/tasks/main.yaml b/roles/cloudflared/tasks/main.yaml
new file mode 100644
index 0000000..1fdc738
--- /dev/null
+++ b/roles/cloudflared/tasks/main.yaml
@@ -0,0 +1,28 @@
+---
+- name: gather os specific variables
+  ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  ansible.builtin.include_tasks: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- ansible.builtin.include_tasks: install.yaml
+
+# - ansible.builtin.include_tasks: configure.yaml
\ No newline at end of file
diff --git a/roles/cloudflared/vars/default.yaml b/roles/cloudflared/vars/default.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/tailscale/defaults/main.yaml b/roles/tailscale/defaults/main.yaml
new file mode 100644
index 0000000..2545c7d
--- /dev/null
+++ b/roles/tailscale/defaults/main.yaml
@@ -0,0 +1,10 @@
+---
+# tailscale_package_name: tailscale
+# tailscale_package_state: present
+
+# tailscale_service_name: tailscaled
+# tailscale_service_state: started
+# tailscale_service_enabled: true
+
+tailscale_up_args:
+  []
diff --git a/roles/tailscale/tasks/Debian.yaml b/roles/tailscale/tasks/Debian.yaml
new file mode 100644
index 0000000..d7ecd28
--- /dev/null
+++ b/roles/tailscale/tasks/Debian.yaml
@@ -0,0 +1,13 @@
+---
+- name: add tailscale repo
+  block:
+    - name: install apt key
+      ansible.builtin.get_url:
+        url: "https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }}/{{ ansible_distribution_release | lower }}.noarmor.gpg"
+        dest: /etc/apt/trusted.gpg.d/tailscale-archive-keyring.gpg
+
+    - name: install apt repo
+      ansible.builtin.apt_repository:
+        repo: "deb [signed-by=/etc/apt/trusted.gpg.d/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} main"
+        state: present
+        filename: tailscale
diff --git a/roles/tailscale/tasks/configure.yaml b/roles/tailscale/tasks/configure.yaml
new file mode 100644
index 0000000..fd37f21
--- /dev/null
+++ b/roles/tailscale/tasks/configure.yaml
@@ -0,0 +1,11 @@
+---
+- name: manage service
+  ansible.builtin.service:
+    name: "{{ tailscale_service_name | default('tailscaled') }}"
+    state: "{{ tailscale_service_state | default('started') }}"
+    enabled: "{{ tailscale_service_enabled | default(true) }}"
+
+- name: tailscale up
+  ansible.builtin.shell:
+    cmd: "tailscale up {{ tailscale_up_args | join(' ') }} --authkey {{ tailscale_authkey }}"
+  no_log: true
diff --git a/roles/tailscale/tasks/default.yaml b/roles/tailscale/tasks/default.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/tailscale/tasks/install.yaml b/roles/tailscale/tasks/install.yaml
new file mode 100644
index 0000000..8421715
--- /dev/null
+++ b/roles/tailscale/tasks/install.yaml
@@ -0,0 +1,5 @@
+---
+- name: install
+  ansible.builtin.package:
+    name: "{{ tailscale_package_name | default('tailscale') }}"
+    state: "{{ tailscale_package_state | default('present') }}"
diff --git a/roles/tailscale/tasks/main.yaml b/roles/tailscale/tasks/main.yaml
new file mode 100644
index 0000000..0126d31
--- /dev/null
+++ b/roles/tailscale/tasks/main.yaml
@@ -0,0 +1,31 @@
+---
+- name: gather OS specific variables
+  ansible.builtin.include_vars: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: run os specific tasks
+  ansible.builtin.include_tasks: "{{ lookup('ansible.builtin.first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- debug:
+    var: ansible_facts
+
+- include_tasks: install.yaml
+
+- include_tasks: configure.yaml
diff --git a/roles/tailscale/vars/default.yaml b/roles/tailscale/vars/default.yaml
new file mode 100644
index 0000000..e69de29