diff --git a/ansible/atlas.yml b/ansible/atlas.yml
index bb07522..e5f6ca3 100644
--- a/ansible/atlas.yml
+++ b/ansible/atlas.yml
@@ -8,24 +8,6 @@
         cmd: ifup -a
 
   pre_tasks:
-    - name: Start libvirtd
-      systemd:
-        name: libvirtd
-        enabled: true
-        state: started
-
-    - name: Add root to libvirt group
-      user:
-        name: root
-        groups: libvirt
-        append: yes
-
-    - name: Disable apparmor
-      systemd:
-        name: apparmor
-        enabled: false
-        state: stopped
-
     - name: Copy interfaces configuration
       copy:
         src: dmz.conf
@@ -39,8 +21,10 @@
         mode: og=rwx
 
   roles:
-    - {role: setup-apt, tags: setup-apt}
+    - {role: setup_apt, tags: setup_apt}
+    - {role: libvirt, tags: libvirt}
     - {role: postgresql, tags: postgresql}
-    - {role: githubixx.ansible_role_wireguard, tags: wireguard}
+    - {role: wireguard, tags: wireguard}
     - {role: ssh_ca, tags: ssh_ca}
-    - {role: backupng, tags: backupng}
+    - {role: ssh, tags: ssh}
+    - {role: borg, tags: borg}
diff --git a/ansible/inventory/host_vars/atlas/apt.yml b/ansible/inventory/host_vars/atlas/apt.yml
new file mode 100644
index 0000000..5e3f17b
--- /dev/null
+++ b/ansible/inventory/host_vars/atlas/apt.yml
@@ -0,0 +1,7 @@
+apt_install_packages:
+  - qemu-kvm
+  - libvirt-daemon-system
+  - postgresql
+  - python3-psycopg2
+  - sudo
+  - bridge-utils
diff --git a/ansible/inventory/host_vars/atlas.yml b/ansible/inventory/host_vars/atlas/ssh_ca.yml
similarity index 88%
rename from ansible/inventory/host_vars/atlas.yml
rename to ansible/inventory/host_vars/atlas/ssh_ca.yml
index 0c87aed..9408596 100644
--- a/ansible/inventory/host_vars/atlas.yml
+++ b/ansible/inventory/host_vars/atlas/ssh_ca.yml
@@ -1,34 +1,3 @@
-backup_share_user: "backup-share"
-backup_control_user: "backup-control"
-user_ca: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGKOClnK6/Hj8INjEgULY/lD2FM/nbiJHqaSXtEw4+Fj User Certificate Authority for DMZ"
-storage_pools: [iso, disk, init]
-wireguard_addresses:
-  - "10.42.0.1/32"
-wireguard_endpoint: "atlas.hyp"
-wireguard_private_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          65666463346536363662353234666662376330396365656361636530663032366436653336383134
-          6463636362636530316434626561623866306165313638330a633761626361393963303933313738
-          30336535333761393663396534373363333465306232343238666538383039636138393661373839
-          3935626664326237310a386337306364663463663764376631336431363062656137376635366361
-          35393135626261626565333261316363633838353833666163666132363462636431626234383864
-          3039633631356339663234656233343635653236356235623532
-wireguard_unmanaged_peers:
-  pim:
-    public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08="
-    allowed_ips: "10.42.0.2/32"
-  niels:
-    public_key: "WJO/DQUJyDp4rFW291F2Ai51lotU2IC+OATu+5P3Jio="
-    allowed_ips: "10.42.0.3/32"
-
-apt_install_packages:
-  - qemu-kvm
-  - libvirt-daemon-system
-  - postgresql
-  - python3-psycopg2
-  - sudo
-  - bridge-utils
-
 ssh_ca_dir: /root/ssh_ca
 ssh_ca_key_pairs:
   - name: dmz_user
diff --git a/ansible/inventory/host_vars/atlas/wireguard.yml b/ansible/inventory/host_vars/atlas/wireguard.yml
new file mode 100644
index 0000000..5d1dd9a
--- /dev/null
+++ b/ansible/inventory/host_vars/atlas/wireguard.yml
@@ -0,0 +1,18 @@
+wireguard_addresses:
+  - "10.42.0.1/32"
+wireguard_endpoint: "atlas.hyp"
+wireguard_private_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          65666463346536363662353234666662376330396365656361636530663032366436653336383134
+          6463636362636530316434626561623866306165313638330a633761626361393963303933313738
+          30336535333761393663396534373363333465306232343238666538383039636138393661373839
+          3935626664326237310a386337306364663463663764376631336431363062656137376635366361
+          35393135626261626565333261316363633838353833666163666132363462636431626234383864
+          3039633631356339663234656233343635653236356235623532
+wireguard_unmanaged_peers:
+  pim:
+    public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08="
+    allowed_ips: "10.42.0.2/32"
+  niels:
+    public_key: "WJO/DQUJyDp4rFW291F2Ai51lotU2IC+OATu+5P3Jio="
+    allowed_ips: "10.42.0.3/32"
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index b9016d8..a9efdbe 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -1,6 +1,8 @@
-- name: setup-apt
+- name: setup_apt
   src: https://github.com/sunscrapers/ansible-role-apt.git
   scm: git
 - name: ssh_ca
   src: https://git.pim.kunis.nl/pim/ansible-role-ssh-ca
   scm: git
+- name: wireguard
+  src: githubixx.ansible_role_wireguard
diff --git a/ansible/roles/backupng/files/backup.service b/ansible/roles/borg/files/backup.service
similarity index 100%
rename from ansible/roles/backupng/files/backup.service
rename to ansible/roles/borg/files/backup.service
diff --git a/ansible/roles/backupng/files/backup.timer b/ansible/roles/borg/files/backup.timer
similarity index 100%
rename from ansible/roles/backupng/files/backup.timer
rename to ansible/roles/borg/files/backup.timer
diff --git a/ansible/roles/backupng/files/backup.yml b/ansible/roles/borg/files/backup.yml
similarity index 100%
rename from ansible/roles/backupng/files/backup.yml
rename to ansible/roles/borg/files/backup.yml
diff --git a/ansible/roles/backupng/files/start_vms.sh b/ansible/roles/borg/files/start_vms.sh
similarity index 100%
rename from ansible/roles/backupng/files/start_vms.sh
rename to ansible/roles/borg/files/start_vms.sh
diff --git a/ansible/roles/backupng/files/stop_vms.sh b/ansible/roles/borg/files/stop_vms.sh
similarity index 100%
rename from ansible/roles/backupng/files/stop_vms.sh
rename to ansible/roles/borg/files/stop_vms.sh
diff --git a/ansible/roles/backupng/handlers/main.yml b/ansible/roles/borg/handlers/main.yml
similarity index 100%
rename from ansible/roles/backupng/handlers/main.yml
rename to ansible/roles/borg/handlers/main.yml
diff --git a/ansible/roles/borg/tasks/main.yml b/ansible/roles/borg/tasks/main.yml
new file mode 100644
index 0000000..dc5686e
--- /dev/null
+++ b/ansible/roles/borg/tasks/main.yml
@@ -0,0 +1,40 @@
+- name: Install Borg
+  apt:
+    pkg:
+      - borgbackup
+      - borgmatic
+
+- name: Copy Borgmatic script
+  template:
+    src: "{{ role_path }}/files/backup.yml"
+    dest: /root/backup.yml
+
+- name: Copy start_vms.sh
+  copy:
+    src: "{{ role_path }}/files/start_vms.sh"
+    dest: /root/start_vms.sh
+    mode: preserve
+
+- name: Copy stop_vms.sh
+  copy:
+    src: "{{ role_path }}/files/stop_vms.sh"
+    dest: /root/stop_vms.sh
+    mode: preserve
+
+- name: Copy systemd backup unit
+  copy:
+    src: "{{ role_path }}/files/backup.service"
+    dest: /etc/systemd/system/backup.service
+  notify: systemd daemon reload
+
+- name: Copy systemd backup timer
+  copy:
+    src: "{{ role_path }}/files/backup.timer"
+    dest: /etc/systemd/system/backup.timer
+  notify: systemd daemon reload
+
+- name: Enable backup timer
+  systemd:
+    name: backup.timer
+    enabled: true
+    state: started
diff --git a/ansible/roles/libvirt/tasks/main.yml b/ansible/roles/libvirt/tasks/main.yml
new file mode 100644
index 0000000..59e1e5a
--- /dev/null
+++ b/ansible/roles/libvirt/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: Start libvirtd
+  systemd:
+    name: libvirtd
+    enabled: true
+    state: started
+
+- name: Add root to libvirt group
+  user:
+    name: root
+    groups: libvirt
+    append: yes
+
+- name: Disable apparmor
+  systemd:
+    name: apparmor
+    enabled: false
+    state: stopped
diff --git a/ansible/roles/backupng/files/ssh_user_certificate.conf b/ansible/roles/ssh/files/ssh_user_certificate.conf
similarity index 100%
rename from ansible/roles/backupng/files/ssh_user_certificate.conf
rename to ansible/roles/ssh/files/ssh_user_certificate.conf
diff --git a/ansible/roles/backupng/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml
similarity index 73%
rename from ansible/roles/backupng/tasks/main.yml
rename to ansible/roles/ssh/tasks/main.yml
index f27cc9e..6e13701 100644
--- a/ansible/roles/backupng/tasks/main.yml
+++ b/ansible/roles/ssh/tasks/main.yml
@@ -29,47 +29,6 @@
     src: "{{ role_path }}/files/ssh_user_certificate.conf"
     dest: /etc/ssh/ssh_config.d/user_certificate.conf
 
-- name: Install Borg
-  apt:
-    pkg:
-      - borgbackup
-      - borgmatic
-
-- name: Copy Borgmatic script
-  template:
-    src: "{{ role_path }}/files/backup.yml"
-    dest: /root/backup.yml
-
-- name: Copy start_vms.sh
-  copy:
-    src: "{{ role_path }}/files/start_vms.sh"
-    dest: /root/start_vms.sh
-    mode: preserve
-
-- name: Copy stop_vms.sh
-  copy:
-    src: "{{ role_path }}/files/stop_vms.sh"
-    dest: /root/stop_vms.sh
-    mode: preserve
-
-- name: Copy systemd backup unit
-  copy:
-    src: "{{ role_path }}/files/backup.service"
-    dest: /etc/systemd/system/backup.service
-  notify: systemd daemon reload
-
-- name: Copy systemd backup timer
-  copy:
-    src: "{{ role_path }}/files/backup.timer"
-    dest: /etc/systemd/system/backup.timer
-  notify: systemd daemon reload
-
-- name: Enable backup timer
-  systemd:
-    name: backup.timer
-    enabled: true
-    state: started
-
 - name: Add SSH host CA known host
   known_hosts:
     key: '@cert-authority *.dmz ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x Host Certficate Authority for DMZ'