diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml
index 689a69f..109832e 100644
--- a/ansible/deploy_home.yml
+++ b/ansible/deploy_home.yml
@@ -11,3 +11,7 @@
   - role: drone
   - role: nfs
     tags: nfs
+  - role: motion
+    tags: motion
+  - role: partkeepr
+    tags: partkeepr
\ No newline at end of file
diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml
index d9a1cda..42e8843 100644
--- a/ansible/roles/common/defaults/main.yml
+++ b/ansible/roles/common/defaults/main.yml
@@ -20,3 +20,4 @@ services:
   - fail2ban
   - iptables
   - nginx
+  - systemd-timesyncd
diff --git a/ansible/roles/http/defaults/main.yml b/ansible/roles/http/defaults/main.yml
index 2c3d23c..a9e488f 100644
--- a/ansible/roles/http/defaults/main.yml
+++ b/ansible/roles/http/defaults/main.yml
@@ -7,6 +7,7 @@ deps: [
 
 ci_server_name: ci.bdebyl.net
 home_server_name: home.bdebyl.net
+parts_server_name: parts.bdebyl.net
 install_path: /usr/share
 
 nginx_path: /etc/nginx
diff --git a/ansible/roles/http/tasks/http.yml b/ansible/roles/http/tasks/http.yml
index a357025..73a6f9f 100644
--- a/ansible/roles/http/tasks/http.yml
+++ b/ansible/roles/http/tasks/http.yml
@@ -37,6 +37,7 @@
   loop:
     - "{{ ci_server_name }}.http.conf"
     - "{{ home_server_name }}.conf"
+    - "{{ parts_server_name }}.conf"
   notify: restart_nginx
   tags: http
 
@@ -48,5 +49,6 @@
     state: link
   loop:
     - "{{ ci_server_name }}.http.conf"
+    - "{{ parts_server_name }}.conf"
   notify: restart_nginx
   tags: http
diff --git a/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2 b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2
index f7fd258..5c61136 100644
--- a/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2
+++ b/ansible/roles/http/templates/nginx/sites/home.bdebyl.net.conf.j2
@@ -1,6 +1,6 @@
 geo $whitelisted {
   default 0;
-  192.168.1.1/24 1;
+  192.168.1.0/24 1;
 }
 
 server {
diff --git a/ansible/roles/http/templates/nginx/sites/parts.bdebyl.net.conf.j2 b/ansible/roles/http/templates/nginx/sites/parts.bdebyl.net.conf.j2
new file mode 100644
index 0000000..dfd4b67
--- /dev/null
+++ b/ansible/roles/http/templates/nginx/sites/parts.bdebyl.net.conf.j2
@@ -0,0 +1,22 @@
+geo $whitelisted {
+  default 0;
+  192.168.1.0/24 1;
+}
+
+upstream partkeepr {
+  server localhost:8081;
+}
+
+server {
+  listen 80;
+  server_name {{ parts_server_name }};
+
+  if ($whitelisted = 0) {
+    return 302 $scheme://bdebyl.net$request_uri;
+  }
+
+  location / {
+    proxy_pass http://partkeepr;
+    proxy_connect_timeout 1s;
+  }
+}
diff --git a/ansible/roles/motion/defaults/main.yml b/ansible/roles/motion/defaults/main.yml
new file mode 100644
index 0000000..df8a412
--- /dev/null
+++ b/ansible/roles/motion/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+deps: [
+  motion
+]
+
+motion_target_dir: "{{ nfs_root }}/motion"
diff --git a/ansible/roles/motion/handlers/main.yml b/ansible/roles/motion/handlers/main.yml
new file mode 100644
index 0000000..6c9fc00
--- /dev/null
+++ b/ansible/roles/motion/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: restart_motion
+  become: true
+  service:
+    name: motion
+    state: restarted
diff --git a/ansible/roles/motion/meta/main.yml b/ansible/roles/motion/meta/main.yml
new file mode 100644
index 0000000..d8bd180
--- /dev/null
+++ b/ansible/roles/motion/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: nfs
diff --git a/ansible/roles/motion/tasks/deps.yml b/ansible/roles/motion/tasks/deps.yml
new file mode 100644
index 0000000..3eab821
--- /dev/null
+++ b/ansible/roles/motion/tasks/deps.yml
@@ -0,0 +1,7 @@
+---
+- name: install motion
+  become: true
+  pacman:
+    name: "{{ deps }}"
+    state: present
+  tags: deps
diff --git a/ansible/roles/motion/tasks/main.yml b/ansible/roles/motion/tasks/main.yml
new file mode 100644
index 0000000..be6c254
--- /dev/null
+++ b/ansible/roles/motion/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- import_tasks: deps.yml
+- import_tasks: motion.yml
diff --git a/ansible/roles/motion/tasks/motion.yml b/ansible/roles/motion/tasks/motion.yml
new file mode 100644
index 0000000..4be23e5
--- /dev/null
+++ b/ansible/roles/motion/tasks/motion.yml
@@ -0,0 +1,51 @@
+---
+- name: give motion user nfs permissions
+  become: true
+  user:
+    name: motion
+    groups: "{{ nfs_group }}"
+    append: true
+  notify:
+    - restart_motion
+
+- name: create motion directory
+  become: true
+  file:
+    path: "{{ motion_target_dir }}"
+    state: directory
+    owner: "{{ nfs_user }}"
+    group: "{{ nfs_group }}"
+    mode: 0777
+
+- name: template motion config
+  become: true
+  template:
+    src: templates/motion.conf.j2
+    dest: /etc/motion/motion.conf
+    mode: 0644
+    backup: true
+  notify:
+    - restart_motion
+
+- name: create motion systemd override directory
+  become: true
+  file:
+    path: /etc/systemd/system/motion.service.d/
+    state: directory
+    mode: 0644
+
+- name: template motion systemd override
+  become: true
+  template:
+    src: templates/motion.service.override.j2
+    dest: /etc/systemd/system/motion.service.d/override.conf
+    mode: 0644
+  notify:
+    - restart_motion
+
+- name: enable (now) motion.service
+  become: true
+  service:
+    name: motion.service
+    state: stopped
+    enabled: false
diff --git a/ansible/roles/motion/templates/motion.conf.j2 b/ansible/roles/motion/templates/motion.conf.j2
new file mode 100644
index 0000000..1249a58
--- /dev/null
+++ b/ansible/roles/motion/templates/motion.conf.j2
@@ -0,0 +1,171 @@
+# Rename this distribution example file to motion.conf
+#
+# This config file was generated by motion 4.3.2
+# Documentation:  /usr/share/doc/motion/motion_guide.html
+#
+# This file contains only the basic configuration options to get a
+# system working.  There are many more options available.  Please
+# consult the documentation for the complete list of all options.
+#
+
+############################################################
+# System control configuration parameters
+############################################################
+
+# Start in daemon (background) mode and release terminal.
+daemon on
+
+# Start in Setup-Mode, daemon disabled.
+setup_mode off
+
+# File to store the process ID.
+; pid_file value
+
+# File to write logs messages into.  If not defined stderr and syslog is used.
+; log_file value
+
+# Level of log messages [1..9] (EMG, ALR, CRT, ERR, WRN, NTC, INF, DBG, ALL).
+log_level 6
+
+# Target directory for pictures, snapshots and movies
+target_dir {{ motion_target_dir }}
+
+# Video device (e.g. /dev/video0) to be used for capturing.
+; videodevice /dev/video0
+
+# Parameters to control video device.  See motion_guide.html
+; vid_control_params value
+
+# The full URL of the network camera stream.
+netcam_url rtsp://{{ motion_hostname }}:{{ motion_port }}/h264?username={{ motion_user }}&password={{ motion_pass }}
+
+# Name of mmal camera (e.g. vc.ril.camera for pi camera).
+; mmalcam_name value
+
+# Camera control parameters (see raspivid/raspistill tool documentation)
+; mmalcam_control_params value
+
+############################################################
+# Image Processing configuration parameters
+############################################################
+
+# Image width in pixels.
+width 3840
+
+# Image height in pixels.
+height 2160
+
+# Maximum number of frames to be captured per second.
+framerate 20
+
+# Text to be overlayed in the lower left corner of images
+text_left NatureCam
+
+# Text to be overlayed in the lower right corner of images.
+text_right %Y-%m-%d\n%T-%q
+
+############################################################
+# Motion detection configuration parameters
+############################################################
+
+# Always save pictures and movies even if there was no motion.
+emulate_motion off
+
+# Threshold for number of changed pixels that triggers motion.
+threshold 165900
+
+# Noise threshold for the motion detection.
+; noise_level 32
+
+# Despeckle the image using (E/e)rode or (D/d)ilate or (l)abel.
+despeckle_filter EedDl
+
+# Number of images that must contain motion to trigger an event.
+minimum_motion_frames 1
+
+# Gap in seconds of no motion detected that triggers the end of an event.
+event_gap 60
+
+# The number of pre-captured (buffered) pictures from before motion.
+pre_capture 80
+
+# Number of frames to capture after motion is no longer detected.
+post_capture 300
+
+############################################################
+# Script execution configuration parameters
+############################################################
+
+# Command to be executed when an event starts.
+; on_event_start value
+
+# Command to be executed when an event ends.
+; on_event_end value
+
+# Command to be executed when a movie file is closed.
+; on_movie_end value
+
+############################################################
+# Picture output configuration parameters
+############################################################
+
+# Output pictures when motion is detected
+picture_output off
+
+# File name(without extension) for pictures relative to target directory
+picture_filename %Y%m%d%H%M%S-%q
+
+############################################################
+# Movie output configuration parameters
+############################################################
+
+# Create movies of motion events.
+movie_output on
+
+# Maximum length of movie in seconds.
+movie_max_time 30
+
+# The encoding quality of the movie. (0=use bitrate. 1=worst quality, 100=best)
+movie_quality 45
+
+# Container/Codec to used for the movie. See motion_guide.html
+movie_codec mp4
+
+# File name(without extension) for movies relative to target directory
+movie_filename %Y%m%d-%H_%M_%S
+
+############################################################
+# Webcontrol configuration parameters
+############################################################
+
+# Port number used for the webcontrol.
+webcontrol_port 8080
+
+# Restrict webcontrol connections to the localhost.
+webcontrol_localhost on
+
+# Type of configuration options to allow via the webcontrol.
+webcontrol_parms 0
+
+############################################################
+# Live stream configuration parameters
+############################################################
+
+# The port number for the live stream.
+stream_port 8081
+
+# Restrict stream connections to the localhost.
+stream_localhost on
+
+##############################################################
+# Camera config files - One for each camera.
+##############################################################
+; camera /usr/etc/motion/camera1.conf
+; camera /usr/etc/motion/camera2.conf
+; camera /usr/etc/motion/camera3.conf
+; camera /usr/etc/motion/camera4.conf
+
+##############################################################
+# Directory to read '.conf' files for cameras.
+##############################################################
+; camera_dir /usr/etc/motion/conf.d
diff --git a/ansible/roles/motion/templates/motion.service.override.j2 b/ansible/roles/motion/templates/motion.service.override.j2
new file mode 100644
index 0000000..78422bb
--- /dev/null
+++ b/ansible/roles/motion/templates/motion.service.override.j2
@@ -0,0 +1,2 @@
+[Service]
+User={{ nfs_user }}
diff --git a/ansible/roles/partkeepr/meta/main.yml b/ansible/roles/partkeepr/meta/main.yml
new file mode 100644
index 0000000..3f81c4b
--- /dev/null
+++ b/ansible/roles/partkeepr/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: http
diff --git a/ansible/roles/partkeepr/tasks/main.yml b/ansible/roles/partkeepr/tasks/main.yml
new file mode 100644
index 0000000..780b2d2
--- /dev/null
+++ b/ansible/roles/partkeepr/tasks/main.yml
@@ -0,0 +1,82 @@
+---
+- name: create required partkeepr volumes
+  docker_volume:
+    name: "{{ item }}"
+  with_items:
+  - partkeepr-web-vol
+  - partkeepr-conf-vol
+  - partkeepr-data-vol
+  - partkeepr-db-vol
+
+- name: create partkeepr network
+  docker_network:
+    name: "partkeepr"
+
+- name: create partkeepr-db container
+  diff: false
+  docker_container:
+    name: partkeepr-db
+    image: mariadb:10.0
+    recreate: false
+    restart: true
+    restart_policy: on-failure
+    restart_retries: 3
+    networks:
+      - name: "partkeepr"
+    env:
+      MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+      MYSQL_DATABASE: partkeepr
+      MYSQL_USER: partkeepr
+      MYSQL_PASSWORD: partkeepr
+    volumes:
+      - partkeepr-db-vol:/var/lib/mysql
+
+- name: create partkeepr container
+  diff: false
+  docker_container:
+    name: partkeepr
+    image: mhubig/partkeepr:latest
+    recreate: false
+    restart: true
+    restart_policy: on-failure
+    restart_retries: 3
+    networks:
+      - name: "partkeepr"
+    volumes:
+      - partkeepr-db-conf-vol:/var/www/html/app/config
+      - partkeepr-db-data-vol:/var/www/html/data
+      - partkeepr-db-web-vol:/var/www/html/web
+
+- name: create partkeepr-cron container
+  diff: false
+  docker_container:
+    name: partkeepr-cron
+    image: mhubig/partkeepr:latest
+    entrypoint: []
+    command: bash -c "crontab /etc/cron.d/partkeepr && cron -f"
+    recreate: false
+    restart: true
+    restart_policy: on-failure
+    restart_retries: 3
+    volumes:
+      - partkeepr-db-conf-vol:/var/www/html/app/config:ro
+      - partkeepr-db-data-vol:/var/www/html/data
+      - partkeepr-db-web-vol:/var/www/html/web
+
+- name: create partkeepr container
+  diff: false
+  docker_container:
+    name: partkeepr
+    image: mhubig/partkeepr:latest
+    recreate: false
+    restart: true
+    restart_policy: on-failure
+    restart_retries: 3
+    networks:
+      - name: "partkeepr"
+    ports:
+      - "8081:80"
+    volumes:
+      - partkeepr-db-conf-vol:/var/www/html/app/config
+      - partkeepr-db-data-vol:/var/www/html/data
+      - partkeepr-db-web-vol:/var/www/html/web
diff --git a/ansible/roles/pihole/defaults/main.yml b/ansible/roles/pihole/defaults/main.yml
new file mode 100644
index 0000000..26a6ab1
--- /dev/null
+++ b/ansible/roles/pihole/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+deps: [
+  php-sqlite,
+  php-fpm
+]
diff --git a/ansible/roles/pihole/meta/main.yml b/ansible/roles/pihole/meta/main.yml
new file mode 100644
index 0000000..3f81c4b
--- /dev/null
+++ b/ansible/roles/pihole/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: http
diff --git a/ansible/roles/pihole/tasks/deps.yml b/ansible/roles/pihole/tasks/deps.yml
new file mode 100644
index 0000000..323b55c
--- /dev/null
+++ b/ansible/roles/pihole/tasks/deps.yml
@@ -0,0 +1,11 @@
+---
+- name: install pi-hole-server
+  command: yay -S --noconfirm pi-hole-server
+  args:
+    creates: /bin/pihole
+
+- name: install pi-hole-server dependencies
+  become: true
+  pacman:
+    name: "{{ deps }}"
+    state: present
diff --git a/ansible/roles/pihole/tasks/main.yml b/ansible/roles/pihole/tasks/main.yml
new file mode 100644
index 0000000..736d254
--- /dev/null
+++ b/ansible/roles/pihole/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- import_tasks: deps.yml
+- import_tasks: php.yml
diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml
index 6993c23..511ae70 100644
Binary files a/ansible/vars/vault.yml and b/ansible/vars/vault.yml differ