diff --git a/70debconf b/70debconf
new file mode 100644
index 0000000000000000000000000000000000000000..0c8b4ca4aba5e0e1f10fbe8de314bace8bc72203
--- /dev/null
+++ b/70debconf
@@ -0,0 +1,3 @@
+// Pre-configure all packages with debconf before they are installed.
+// If you don't like it, comment it out.
+DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";};
diff --git a/clean_servers.yml b/clean_servers.yml
index b866699a5df5d487cd9ebda4135e97fa53c019d1..bc639712f215fe244fbf26bc494eb3cb5421a4c0 100755
--- a/clean_servers.yml
+++ b/clean_servers.yml
@@ -3,7 +3,7 @@
 # This is a special playbook to clean old stuff from BCFG2
 # it will disapear when BCFG2 will disapear
 # `apt-mark showmanual` is a good start
-- hosts: server,test_vm
+- hosts: server
   tasks:
     - name: Clean up unused packages
       apt:
@@ -67,7 +67,6 @@
         state: absent
       loop:
         - /etc/apt/apt.conf.d/01aptitude
-        - /etc/apt/apt.conf.d/70debconf
         - /etc/apt-dater-host.conf
         - /etc/bcfg2.conf
         - /etc/bcfg2.conf.ucf-dist
@@ -93,19 +92,31 @@
         - /etc/default/bcfg2.ucf-dist
         - /etc/icinga2
         - /etc/init.d/bcfg2
-        - /etc/ldap/ldap.conf
         - /etc/letsencrypt/conf.d/localhost.ini
         - /etc/monit
         - /etc/munin
         - /etc/nagios
         - /etc/nagios-plugins
-        - /etc/nginx/sites-available/status
-        - /etc/nginx/sites-enabled/status
+        #- /etc/nginx/sites-available/status
+        #- /etc/nginx/sites-enabled/status
         - /etc/nss-ldapd.conf
         - /etc/nut
         - /etc/pnp4nagios
         - /etc/sudoers.d/apt-dater-host
         - /var/local/aptdater
+
+    - name: Copy Debian ldap.conf
+      template:
+        src: ldap.conf
+        dest: /etc/ldap/ldap.conf
+        mode: 0644
+
+    - name: Copy Debian 70debconf
+      template:
+        src: 70debconf
+        dest: /etc/apt/apt.conf.d/70debconf
+        mode: 0644
+
 #    - name: Upgrade
 #      apt:
 #        upgrade: dist
diff --git a/ldap.conf b/ldap.conf
new file mode 100644
index 0000000000000000000000000000000000000000..42d42b0dba9accf42b22f6a6d0abcdb539a63029
--- /dev/null
+++ b/ldap.conf
@@ -0,0 +1,17 @@
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE	dc=example,dc=com
+#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never
+
+# TLS certificates (needed for GnuTLS)
+TLS_CACERT	/etc/ssl/certs/ca-certificates.crt
+