diff --git a/group_vars/all/borg.yml b/group_vars/all/borg.yml
index c133bc141ca32b3eea80ff88e18410bb606cc33d..abf2aa78cdf5356bcf4fac3d4205472c129c857a 100644
--- a/group_vars/all/borg.yml
+++ b/group_vars/all/borg.yml
@@ -5,9 +5,11 @@ glob_borg:
   to_backup:
     - /etc
     - /var
-  path: /backup/borg
+  paths:
+    - /backup/borg-server
+    - /backup/borg-adh
   remote:
-    - borg@zephir-c.adm.crans.org:/backup/borg/{{ ansible_hostname }}
+    - borg@backup-ft.adm.crans.org:/backup/borg-server/{{ ansible_hostname }}
   retention:
     - ["daily", 4]
     - ["monthly", 6]
@@ -17,4 +19,5 @@ glob_borg:
     - make-parent-dirs
   encryption_passphrase: "{{ vault.borg.encryption_passphrase }}"
   ssh_privkey: "{{ vault.borg.ssh.privkey }}"
-  ssh_options: -4 -p 2223
+  ssh_pubkey: "{{ vault.borg.ssh.pubkey }}"
+  ssh_options: ""
diff --git a/group_vars/all/home_nounou.yml b/group_vars/all/home_nounou.yml
index 4839e1fefffbd72ef0c465a32a1673d31a10f824..d4b16d6d72015a020f78ceb3f48ffe564940660c 100644
--- a/group_vars/all/home_nounou.yml
+++ b/group_vars/all/home_nounou.yml
@@ -1,7 +1,7 @@
 ---
 glob_home_nounou:
   mounts:
-    - ip: 172.16.10.1
+    - ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
       mountpoint: /pool/home
       target: /home_nounou
       name: home_nounou
diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml
index d0560363e929eef5cd5b0c61dd12bf3e34fd828e..a86a9ed8d114c3f463dc08d067c3d7eb114360fc 100644
--- a/group_vars/all/network_interfaces.yml
+++ b/group_vars/all/network_interfaces.yml
@@ -18,21 +18,17 @@ glob_network_interfaces:
     - name: adm
       id: 10
       dns: "{{ query('ldap', 'ip', 'routeur-sam', 'adm') | ipv4 | first }} {{ query('ldap', 'ip', 'routeur-daniel', 'adm') | ipv4 | first }}"
-    - name: infra
-      id: 11
-      dns: "{{ query('ldap', 'ip', 'passerelle', 'infra') | ipv4 | first }}"
     - name: adh
       id: 12
       gateway: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv4 | first }}"
       dns: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv4 | first }}"
       gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'adh') | ipv6 | first }}"
-    - name: adh_nat
+    - name: adh_adm
       id: 13
-      gateway: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv4 | first }}"
-      dns: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv4 | first }}"
-      gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'adh-nat') | ipv6 | first }}"
     - name: renater
       id: 38
       gateway: "{{ query('ldap', 'ip', 'dsi', 'renater') | ipv4 | first }}"
     - name: lp
       id: 56
+    - name: auto
+      id: 0
diff --git a/group_vars/arpproxy.yml b/group_vars/arpproxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..172e07434ee99f023e02a11a4d8b45f81e46e321
--- /dev/null
+++ b/group_vars/arpproxy.yml
@@ -0,0 +1,11 @@
+---
+glob_service_proxy:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/proxy.git
+    version: main
+  name: proxy
+  install_dir: /var/local/services/proxy
+  generated: false
+  cron:
+    frequency: "* * * * *"
+    options: "--alter"
diff --git a/group_vars/aurore/home_nounou.yml b/group_vars/aurore/home_nounou.yml
new file mode 100644
index 0000000000000000000000000000000000000000..462cc0f659bc156fefb77cdae1680934e5e0ea93
--- /dev/null
+++ b/group_vars/aurore/home_nounou.yml
@@ -0,0 +1,10 @@
+---
+loc_home_nounou:
+  mounts:
+    - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}"
+      mountpoint: /home_nounou
+      target: /home_nounou
+      name: home_nounou
+      owner: root
+      group: _user
+      mode: '0750'
diff --git a/group_vars/aurore/ldap.yml b/group_vars/aurore/ldap.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a2160a480c7a40ad8c10019b4452bc4c17d16b58
--- /dev/null
+++ b/group_vars/aurore/ldap.yml
@@ -0,0 +1,4 @@
+---
+loc_ldap:
+  servers:
+    - "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}"
diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml
index e82aa8c5e283e166021e6d761cd496cf15209d2c..48ebdc819615c59d16a726cf6c748d1721cceb2b 100644
--- a/group_vars/slapd.yml
+++ b/group_vars/slapd.yml
@@ -2,6 +2,6 @@
 glob_slapd:
   master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
   regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$"
-  replication_credentials: "{{ vault.sldap.tealc.replication_credentials }}"
+  replication_credentials: "{{ vault.slapd.tealc.replication_credentials }}"
   private_key: "{{ vault.slapd.tealc.private_key }}"
   certificate: "{{ vault.slapd.tealc.certificate }}"
diff --git a/group_vars/viarezo/home_nounou.yml b/group_vars/viarezo/home_nounou.yml
new file mode 100644
index 0000000000000000000000000000000000000000..461b21b2dfd5d049ed5b9ddeb3376237ed05bb17
--- /dev/null
+++ b/group_vars/viarezo/home_nounou.yml
@@ -0,0 +1,10 @@
+---
+loc_home_nounou:
+  mounts:
+    - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}"
+      mountpoint: /home_nounou
+      target: /home_nounou
+      name: home_nounou
+      owner: root
+      group: _user
+      mode: '0750'
diff --git a/group_vars/viarezo/ldap.yml b/group_vars/viarezo/ldap.yml
new file mode 100644
index 0000000000000000000000000000000000000000..148b6ed7b26aa98f885818cbcf6c6717703a5bc2
--- /dev/null
+++ b/group_vars/viarezo/ldap.yml
@@ -0,0 +1,4 @@
+---
+loc_ldap:
+  servers:
+    - "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}"
diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml
index 570a04cb99168e11e4fd0041f89ac2f9f6d0e128..3db203e816b77aad449572dca5cd1facaed8167e 100644
--- a/group_vars/virtu.yml
+++ b/group_vars/virtu.yml
@@ -4,3 +4,23 @@ glob_debian_images:
   rsync_host: 'eclat.adm.crans.org'
   rsync_module: 'mirror'
   include_extra_images: false
+
+glob_service_proxmox_user:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git
+    version: main
+  name: proxmox-user
+  install_dir: /var/local/services/proxmox-user
+  generated: false
+  cron:
+    frequency: "*/2 * * * *"
+    options: ""
+  config:
+    ldap:
+      admin:
+        uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+        userBase: "ou=passwd,dc=crans,dc=org"
+        realm: "pam"
+  dependencies:
+    - python3-jinja2
+    - python3-ldap
diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d3a5f3e9513181b014942e52c92f03141194c54c
--- /dev/null
+++ b/group_vars/virtu_adh.yml
@@ -0,0 +1,25 @@
+glob_service_proxmox_user:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/proxmox-user.git
+    version: main
+  name: proxmox-user
+  install_dir: /var/local/services/proxmox-user
+  generated: false
+  cron:
+    frequency: "*/2 * * * *"
+    options: ""
+  config:
+    ldap:
+      admin:
+        uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+        userBase: "ou=passwd,dc=crans,dc=org"
+        realm: "pam"
+      user:
+        uri: "ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ipv4 | first }}/"
+        userBase: "ou=users,dc=adh,dc=crans,dc=org"
+        realm: "pve"
+        binddn: "{{ vault.ldap_adh_reader.binddn }}"
+        passwd: "{{ vault.ldap_adh_reader.bindpass }}"
+  dependencies:
+    - python3-jinja2
+    - python3-ldap
diff --git a/host_vars/backup-ft.adm.crans.org.yml b/host_vars/backup-ft.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c0cea06dedcee7dd25f84050e8f7ac7ba3a9848e
--- /dev/null
+++ b/host_vars/backup-ft.adm.crans.org.yml
@@ -0,0 +1,20 @@
+---
+interfaces:
+  adm: ens18
+
+loc_home_nounou:
+  mounts:
+    - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}"
+      mountpoint: /home_nounou
+      target: /home_nounou
+      name: home_nounou
+      owner: root
+      group: _user
+      mode: '0750'
+    - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}"
+      mountpoint: /rpool/backup
+      target: /backup
+      name: backup
+      owner: root
+      group: root
+      mode: '0755'
diff --git a/host_vars/backup-thot.adm.crans.org.yml b/host_vars/backup-thot.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..75cd112f42ebd043808ebda9a7954fe103e3cb2b
--- /dev/null
+++ b/host_vars/backup-thot.adm.crans.org.yml
@@ -0,0 +1,20 @@
+---
+interfaces:
+  adm: ens18
+
+loc_home_nounou:
+  mounts:
+    - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}"
+      mountpoint: /home_nounou
+      target: /home_nounou
+      name: home_nounou
+      owner: root
+      group: _user
+      mode: '0750'
+    - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ipv4 | first }}"
+      mountpoint: /rpool/backup
+      target: /backup
+      name: backup
+      owner: root
+      group: root
+      mode: '0755'
diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml
index ef2880881c420fc78e6e1ec9b6f7461950d81387..e945734bb87d266c2e0f5b6a62f4275ed373d0aa 100644
--- a/host_vars/boeing.adm.crans.org.yml
+++ b/host_vars/boeing.adm.crans.org.yml
@@ -8,11 +8,40 @@ loc_wireguard:
     - name: "sputnik"
       listen_port: 51820
       private_key: "{{ vault.wireguard.boeing.privkey }}"
+      table: "off"
       peers:
         - public_key: "{{ vault.wireguard.sputnik.pubkey }}"
           allowed_ips:
             - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}/32"
             - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }}/128"
           endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820"
-      post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"
-      post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"
+        - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}"
+          allowed_ips:
+            - "{{ query('ldap', 'network', 'adm') }}"
+            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
+          persistent_keepalive: 25
+        - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}"
+          allowed_ips:
+            - "{{ query('ldap', 'network', 'adm') }}"
+            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
+          persistent_keepalive: 25
+      post_up:
+        - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1"
+        - "python3 /var/local/services/proxy/proxy.py --alter"
+      pre_down:
+        - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0"
+        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
+
+loc_service_proxy:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+    protocol: "proxy"
+    filter: "adm.crans.org"
+    proxy:
+      default: "ens18"
+      viarezo: "sputnik"
+      aurore: "sputnik"
+      ovh: "sputnik"
diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml
index fe23407af57b21045826ec71b9b4aebff6fca81e..96967505b1a0625e8e933f7e811a4b200dcce880 100644
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@@ -8,3 +8,6 @@ loc_postgres:
   version: 13
   replica: true
   addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/host_vars/ft.adm.crans.org.yml b/host_vars/ft.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..95d02a50fff49cbe8f2c7ca8232a0d1fdab46ea2
--- /dev/null
+++ b/host_vars/ft.adm.crans.org.yml
@@ -0,0 +1,11 @@
+---
+loc_borg:
+  to_backup:
+    - /etc
+    - /home_nounou
+    - /var
+
+loc_slapd:
+  ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}"
+  replica: true
+  replica_rid: 6
diff --git a/host_vars/gulp.adm.crans.org.yml b/host_vars/gulp.adm.crans.org.yml
index 119fa7ab3b1ecd24d2b45c9d8f0cb435cd24e518..4c4ef29dda6b5aa7ee387f6ff20177b412a2d69a 100644
--- a/host_vars/gulp.adm.crans.org.yml
+++ b/host_vars/gulp.adm.crans.org.yml
@@ -1,3 +1,6 @@
 ---
 loc_debian_images:
   include_extra_images: true
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml
index 7a83dd685ebd5ab0a7f92708c77533690ccf8359..ac4ac7e0d7de7e0ac0e482b39c5939ee1cb64c43 100644
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@@ -8,3 +8,6 @@ loc_postgres:
   version: 13
   replica: true
   addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/host_vars/odlyd.adm.crans.org.yml b/host_vars/odlyd.adm.crans.org.yml
index 119fa7ab3b1ecd24d2b45c9d8f0cb435cd24e518..4c4ef29dda6b5aa7ee387f6ff20177b412a2d69a 100644
--- a/host_vars/odlyd.adm.crans.org.yml
+++ b/host_vars/odlyd.adm.crans.org.yml
@@ -1,3 +1,6 @@
 ---
 loc_debian_images:
   include_extra_images: true
+
+loc_service_proxmox_user:
+  cron: null
diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7b5b403f788198774019965099211dba27014b3f
--- /dev/null
+++ b/host_vars/routeur-ft.adm.crans.org.yml
@@ -0,0 +1,37 @@
+---
+interfaces:
+  adm: ens18
+  auto: ens19
+
+loc_wireguard:
+  tunnels:
+    - name: "wg0"
+      listen_port: 51820
+      private_key: "{{ vault.wireguard.routeur_ft.privkey }}"
+      table: "off"
+      peers:
+        - public_key: "{{ vault.wireguard.boeing.pubkey }}"
+          allowed_ips:
+            - "{{ query('ldap', 'network', 'adm') }}"
+            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
+          endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820"
+          persistent_keepalive: 25
+      post_up:
+        - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1"
+        - "ip route add 172.16.10.1 dev wg0 proto proxy"
+        - "python3 /var/local/services/proxy/proxy.py --alter"
+      pre_down:
+        - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0"
+        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
+
+loc_service_proxy:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+    protocol: "proxy"
+    filter: "adm.crans.org"
+    proxy:
+      default: "wg0"
+      viarezo: "ens18"
diff --git a/host_vars/routeur-sam.adm.crans.org/borg.yml b/host_vars/routeur-sam.adm.crans.org/borg.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9bb00abd0c2303effc3c02146f803df592759b47
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org/borg.yml
@@ -0,0 +1,6 @@
+---
+loc_borg:
+  to_backup:
+    - /etc
+    - /home_nounou
+    - /var
diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d5c816101dddfe6601dc9a9a0996a3f48eb17f77
--- /dev/null
+++ b/host_vars/routeur-thot.adm.crans.org.yml
@@ -0,0 +1,37 @@
+---
+interfaces:
+  adm: ens18
+  auto: ens19
+
+loc_wireguard:
+  tunnels:
+    - name: "wg0"
+      listen_port: 51820
+      private_key: "{{ vault.wireguard.routeur_thot.privkey }}"
+      table: "off"
+      peers:
+        - public_key: "{{ vault.wireguard.boeing.pubkey }}"
+          allowed_ips:
+            - "{{ query('ldap', 'network', 'adm') }}"
+            - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
+          endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820"
+          persistent_keepalive: 25
+      post_up:
+        - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1"
+        - "ip route add 172.16.10.1 dev wg0 proto proxy"
+        - "python3 /var/local/services/proxy/proxy.py --alter"
+      pre_down:
+        - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0"
+        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
+
+loc_service_proxy:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+    protocol: "proxy"
+    filter: "adm.crans.org"
+    proxy:
+      default: "wg0"
+      aurore: "ens18"
diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml
index fcc229257f8547cf0ab72cbce716a6e41e04d9c7..ea05b3ac0b1bfe294b92bccbdace68471fc8c979 100644
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@@ -1,4 +1,10 @@
 ---
+loc_borg:
+  to_backup:
+    - /etc
+    - /home_nounou
+    - /var
+
 loc_slapd:
   ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}"
   replica: true
diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml
index f9bd86664101ee188c81183f993e0c23366bf812..356ff00dba140afa196e6613f06be467d74afc9a 100644
--- a/host_vars/sputnik.adm.crans.org.yml
+++ b/host_vars/sputnik.adm.crans.org.yml
@@ -22,7 +22,8 @@ loc_wireguard:
             - "{{ query('ldap', 'network', 'adm') }}"
             - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
           endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820"
-      post_up: "/sbin/ip link set sputnik alias adm"
+      post_up:
+        - "/sbin/ip link set sputnik alias adm"
 
 loc_slapd:
   ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
diff --git a/host_vars/thot.adm.crans.org.yml b/host_vars/thot.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..efe08b404dc219951cb52252fd1def7164a2a29e
--- /dev/null
+++ b/host_vars/thot.adm.crans.org.yml
@@ -0,0 +1,11 @@
+---
+loc_borg:
+  to_backup:
+    - /etc
+    - /home_nounou
+    - /var
+
+loc_slapd:
+  ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ipv4 | first }}"
+  replica: true
+  replica_rid: 5
diff --git a/hosts b/hosts
index 55963056f28caaa3922501f9dd5482b1faecfb69..3f3f03b3b7a21b50346d38a84dd1b4924b6a6af3 100644
--- a/hosts
+++ b/hosts
@@ -3,6 +3,11 @@
 [adh_server]
 zamok.adm.crans.org
 
+[arpproxy]
+boeing.adm.crans.org
+routeur-ft.adm.crans.org
+#routeur-thot.adm.crans.org
+
 [autoconfig]
 hodaur.adm.crans.org
 
@@ -10,6 +15,8 @@ hodaur.adm.crans.org
 cameron.adm.crans.org
 
 [backups]
+backup-ft.adm.crans.org
+#backup-thot.adm.crans.org
 
 [baie]
 cameron.adm.crans.org
@@ -218,11 +225,13 @@ monitoring.adm.crans.org
 helloworld.adm.crans.org
 
 [slapd]
-tealc.adm.crans.org
-sam.adm.crans.org
 daniel.adm.crans.org
+ft.adm.crans.org
 jack.adm.crans.org
+sam.adm.crans.org
 sputnik.adm.crans.org
+tealc.adm.crans.org
+thot.adm.crans.org
 
 [sssd]
 zamok.adm.crans.org
@@ -241,9 +250,14 @@ daniel.adm.crans.org
 jack.adm.crans.org
 sam.adm.crans.org
 
+[virtu_backup]
+ft.adm.crans.org
+thot.adm.crans.org
+
 [virtu:children]
 virtu_adh
 virtu_adm
+virtu_backup
 
 [vsftpd_mirror]
 eclat.adm.crans.org
@@ -255,22 +269,23 @@ sputnik.adm.crans.org
 
 [wireguard]
 boeing.adm.crans.org
+routeur-ft.adm.crans.org
+#routeur-thot.adm.crans.org
 sputnik.adm.crans.org
-vol447.adm.crans.org
 
 [crans_routeurs:children]
 routeurs_vm
 
 [crans_physical]
-ft.adm.crans.org
 thot.adm.crans.org
 zamok.adm.crans.org
-zbee.adm.crans.org
+#zbee.adm.crans.org
 
 [crans_physical:children]
-backups
+aurore_physical
 baie
 virtu
+viarezo_physical
 
 [crans_vm]
 belenios.adm.crans.org
@@ -308,10 +323,31 @@ roundcube.adm.crans.org
 routeur-2754.adm.crans.org
 silice.adm.crans.org
 trinity.adm.crans.org
-vol447.adm.crans.org
 voyager.adm.crans.org
 yson-partou.adm.crans.org
 
+[viarezo_physical]
+ft.adm.crans.org
+
+[viarezo_vm]
+backup-ft.adm.crans.org
+routeur-ft.adm.crans.org
+
+[viarezo:children]
+viarezo_physical
+viarezo_vm
+
+[aurore_physical]
+thot.adm.crans.org
+
+[aurore_vm]
+#backup-thot.adm.crans.org
+#routeur-thot.adm.crans.org
+
+[aurore:children]
+aurore_physical
+aurore_vm
+
 [forget_me]
 ceph-controller-a.adm.crans.org
 ceph-controller-b.adm.crans.org
@@ -321,8 +357,9 @@ ceph-storage-b.adm.crans.org
 tilque.adm.crans.org
 
 [crans_vm:children]
-routeurs_vm
 forget_me
+routeurs_vm
+viarezo_vm
 
 [ovh_physical]
 sputnik.adm.crans.org
diff --git a/plays/arpproxy.yml b/plays/arpproxy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..ddc4fdd27e28b343d62b3e9b7cc217aeec604a29
--- /dev/null
+++ b/plays/arpproxy.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: arpproxy
+  vars:
+    service: "{{ glob_service_proxy | default({}) | combine(loc_service_proxy | default({})) }}"
+  roles:
+    - service
diff --git a/plays/proxmox.yml b/plays/proxmox.yml
index cc44d139e140f58ef4d96faff7e5aad7722b9c84..70d55ed082914a6fb96420731c2073bbbc427a63 100755
--- a/plays/proxmox.yml
+++ b/plays/proxmox.yml
@@ -3,6 +3,8 @@
 - hosts: virtu
   vars:
     debian_images: '{{ glob_debian_images | default({}) | combine(loc_debian_images | default({})) }}'
+    service: "{{ glob_service_proxmox_user | default({}) | combine(loc_service_proxmox_user | default({})) }}"
   roles:
     - proxmox-apt-sources
     - proxmox-debian-images
+    - service
diff --git a/plays/root.yml b/plays/root.yml
index 999bf68f6c818f22574b6306efca4629698d4393..5b92d4fc8f455880bda8762dd5f3c1f21608a386 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -21,7 +21,7 @@
   roles:
     - ldap-client
 
-- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org
+- hosts: server,!ovh_physical,!tealc.adm.crans.org,!sam.adm.crans.org,!routeur-sam.adm.crans.org,!ft.adm.crans.org,!thot.adm.crans.org
   vars:
     nfs_mount: "{{ glob_home_nounou | default({}) | combine(loc_home_nounou | default({})) }}"
   roles:
diff --git a/roles/borgbackup-server/templates/authorized_keys.j2 b/roles/borgbackup-server/templates/authorized_keys.j2
index 3504fcf91e170a9d24f285cfaabe292e61ae49b2..80d0e78528afc1c01f633e323d9b867441fd3472 100644
--- a/roles/borgbackup-server/templates/authorized_keys.j2
+++ b/roles/borgbackup-server/templates/authorized_keys.j2
@@ -1,3 +1,3 @@
 {{ ansible_header | comment }}
 
-command="borg serve --restrict-to-path {{ borg.path }}",restrict {{ vault.borgbackup_ssh_pubkey }}
+command="borg serve{% for path in borg.paths %} --restrict-to-path {{ path }}{% endfor %}",restrict {{ borg.ssh_pubkey }}
diff --git a/roles/borgbackup-server/templates/update-motd.d/05-service.j2 b/roles/borgbackup-server/templates/update-motd.d/05-service.j2
index f27119aa58fb0b3c924ecf85c793a8d92d9f35c0..b2f35c2f377febfc4c0576baf5c54555de11a649 100755
--- a/roles/borgbackup-server/templates/update-motd.d/05-service.j2
+++ b/roles/borgbackup-server/templates/update-motd.d/05-service.j2
@@ -1,3 +1,3 @@
 #!/usr/bin/tail +14
 {{ ansible_header | comment }}
-> Borgbackup (Serveur) a été déployé sur cette machine. Les backups sont situés dans {{ borg.path }}.
+> Borgbackup (Serveur) a été déployé sur cette machine. Les backups sont situés dans {{ borg.paths|join(', ') }}.
diff --git a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2
index a28afab7995d86ce964ad7258f6d661c21bbb5a5..ada7a9f93711a56f230ed1f1595e5783223305c8 100644
--- a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2
+++ b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2
@@ -1,6 +1,11 @@
 {{ ansible_header | comment }}
 
 {% set vlan_name = (item.name | replace('_', '-')) %}
+{% if vlan_name == "auto" %}
+auto {{ interfaces[item.name] }}
+iface {{ interfaces[item.name] }} inet dhcp
+iface {{ interfaces[item.name] }} inet6 auto
+{% else %}
 {% set subnet_network = (query('ldap', 'network', vlan_name) | ipaddr('network')) %}
 {% set subnet_netmask = (query('ldap', 'network', vlan_name) | ipaddr('netmask')) %}
 {% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %}
@@ -63,3 +68,4 @@ iface {{ interfaces[item.name] }} inet6 static
 {% endfor %}
 {% endif %}
 {% endif %}
+{% endif %}
diff --git a/roles/service/tasks/main.yml b/roles/service/tasks/main.yml
index 78c40fa81799c10630704089468f515a57930b23..11525d343fd5a9089aced281cb3f2ae0525c6838 100644
--- a/roles/service/tasks/main.yml
+++ b/roles/service/tasks/main.yml
@@ -55,7 +55,7 @@
   template:
     src: cron.d/service.j2
     dest: "/etc/cron.d/services-{{ service.name }}"
-  when: service.cron is defined
+  when: service.cron is defined and service.cron.frequency is defined
 
 - name: Deploy service configuration
   template:
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index c9f9d293ae7df7f2a11122b725ffeb9b82cd0f3b..905cbfce9e95235778f4dc462ef9502d6c4d4af9 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -5,7 +5,6 @@
     name:
       - wireguard
       - resolvconf
-      - linux-headers-amd64
   register: apt_result
   retries: 3
   until: apt_result is succeeded
diff --git a/roles/wireguard/templates/wireguard/tunnel.conf.j2 b/roles/wireguard/templates/wireguard/tunnel.conf.j2
index e8682637b0642465d732d66dc8d9452286ebac05..17aacb31ffd2cfff41120389b12a7bd701762cd1 100644
--- a/roles/wireguard/templates/wireguard/tunnel.conf.j2
+++ b/roles/wireguard/templates/wireguard/tunnel.conf.j2
@@ -8,18 +8,40 @@ Address = {{ item.addresses | join(", ") }}
 ListenPort = {{ item.listen_port }}
 {% endif %}
 PrivateKey = {{ item.private_key }}
+{% if item.table is defined %}
+Table = {{ item.table }}
+{% endif %}
 
+{% if item.pre_up is defined %}
+{% for command in item.pre_up %}
+PreUp = {{ command }}
+{% endfor %}
+{% endif %}
 {% if item.post_up is defined %}
-PostUp = {{ item.post_up }}
+{% for command in item.post_up %}
+PostUp = {{ command }}
+{% endfor %}
+{% endif %}
+{% if item.pre_down is defined %}
+{% for command in item.pre_down %}
+PreDown = {{ command }}
+{% endfor %}
 {% endif %}
 {% if item.post_down is defined %}
-PostDown = {{ item.post_down }}
+{% for command in item.post_down %}
+PostDown = {{ command }}
+{% endfor %}
 {% endif %}
 
 {% for peer in item.peers %}
 [Peer]
 PublicKey = {{ peer.public_key }}
 AllowedIPs = {{ peer.allowed_ips | join(", ") }}
+{% if peer.endpoint is defined %}
 Endpoint = {{ peer.endpoint }}
+{% endif %}
+{% if peer.persistent_keepalive is defined %}
+PersistentKeepalive = {{ peer.persistent_keepalive }}
+{% endif %}
 
 {% endfor -%}