diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..3aad27c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+backup/
+scaleway/
\ No newline at end of file
diff --git a/backup.yml b/backup.yml
new file mode 100644
index 0000000..b6efbcc
--- /dev/null
+++ b/backup.yml
@@ -0,0 +1,50 @@
+- hosts: controller
+  # vars:
+  # become: true
+  gather_facts: true
+  vars:
+    user: staffadmin
+    token: 86839ba0ace61ed3b28ead9d76e89701b22aa90f
+  tasks:
+
+    - name: Example clone of a single branch
+      ansible.builtin.git:
+        repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
+        dest: "{{ playbook_dir }}/backup"
+        single_branch: yes
+        # version: masterls
+      delegate_to: localhost
+
+    - name: Specifying a path directly
+      ansible.builtin.fetch:
+        src: "{{ item }}"
+        dest: "{{ playbook_dir }}/backup/"
+      loop:
+      #! Docker-compose
+        - /opt/dockerapps/docker-compose.yml
+      #! Dex & traefik-forward
+        - /opt/dockerapps/appdata/dex/config.yml
+        - /opt/dockerapps/appdata/dex/traefik-auth-conf.env
+      #! Gitea & Runner
+        - /opt/dockerapps/appdata/gitea/gitea/gitea/conf/app.ini
+        - /opt/dockerapps/appdata/gitea/runner/config.yaml
+      #! Notification
+        - /opt/dockerapps/appdata/alertmanager/config/alertmanager.yml
+      #! Homepage
+        - /opt/dockerapps/appdata/homepage/homepage/bookmarks.yaml
+        - /opt/dockerapps/appdata/homepage/homepage/services.yaml
+        - /opt/dockerapps/appdata/homepage/homepage/settings.yaml
+      #! Semaphore
+        - /opt/dockerapps/appdata/semaphore/config/config.json
+
+    - name: Specifying a path directly
+      ansible.builtin.shell: |
+        git config user.email "stephane.gratiasquiquandon@gmail.com"
+        git config user.name "staffadmin"
+        git add .
+        git commit -m "Push Backup with access token"
+        git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/backup.git
+      args:
+        chdir: "{{ playbook_dir }}/backup/"
+      run_once: true
+      delegate_to: localhost 
diff --git a/hardening.yml b/hardening.yml
index 38d2980..b60497d 100644
--- a/hardening.yml
+++ b/hardening.yml
@@ -1,4 +1,4 @@
-- hosts: monitoring
+- hosts: test
   # vars:
   become: true
   gather_facts: true
@@ -82,19 +82,23 @@
 #||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available
 
   # roles:
-    # - robertdebock.update
-    # - devsec.hardening.os_hardening
-    # - devsec.hardening.ssh_hardening
-    # - maxlareo.rkhunter
-    # - maxlareo.chkrootkit
-    # - robertdebock.auditd
-    # - geerlingguy.firewall
-    # - grog.management-user
-    # - GROG.user
-    # - GROG.authorized-key
-    # - GROG.sudo
-    # - ansible_unattended_upgrades
-    # - buluma.lynis
+  #   - robertdebock.update
+  #   - devsec.hardening.os_hardening
+  #   - devsec.hardening.ssh_hardening
+  #   - maxlareo.rkhunter
+  #   - maxlareo.chkrootkit
+  #   - robertdebock.auditd
+  #   - geerlingguy.firewall
+  #   - grog.management-user
+  #   - GROG.user
+  #   - GROG.authorized-key
+  #   - GROG.sudo
+  #   - ansible_unattended_upgrades
+  #   - buluma.lynis
+  
+  # roles:
+  #   - role: netways.elasticstack.elasticsearch
+  #     tags: test2
   tasks:
 
     - name: Retrieve private IP address netbird
@@ -121,13 +125,50 @@
     #     msg: "{{ group_names }}"
     #   when: group_names is search("monitoring") 
 
-    - ansible.builtin.import_role: 
-        name: prometheus.prometheus.node_exporter
+    # - ansible.builtin.import_role: 
+    #     name: prometheus.prometheus.node_exporter
+
+    # - ansible.builtin.import_role: 
+    #     name: prometheus.prometheus.prometheus
+    #   when: group_names is search("monitoring") 
+
+    # - ansible.builtin.import_role: 
+    #     name: ansible-role-labocbz-install-grafana
+    #   when: group_names is search("monitoring") 
 
     - ansible.builtin.import_role: 
-        name: prometheus.prometheus.prometheus
-      when: group_names is search("monitoring") 
+        name: netways.elasticstack.repos
+      tags: repo
 
+
+# to reset password
+#/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic
+
+# xpack.security.http.ssl.verification_mode: none 
+
+# Add token for new node ?  
+# /usr/share/elasticsearch/elasticsearch-create-enrollment-token -s kibana
+# /usr/share/kibana/bin/kibana-encryption-keys generate --force
+# /usr/share/elasticsearch/bin# ./elasticsearch-service-tokens create elastic/kibana token
+# bin/elasticsearch-create-enrollment-token -s kibana --url "https://172.0.0.3:9200"
     - ansible.builtin.import_role: 
-        name: ansible-role-labocbz-install-grafana
-      when: group_names is search("monitoring") 
+        name: netways.elasticstack.elasticsearch
+      tags: elastic
+
+
+# Wait the end install to have th url to connect and put the enroll token
+    - ansible.builtin.import_role: 
+        name: netways.elasticstack.kibana
+      tags: kibana
+
+    # - ansible.builtin.import_role: 
+    #     name: netways.elasticstack.logstash
+    #   tags: test2
+
+# FileBEAT 
+# filebeat test config -e filebeat.yml
+# filebeat setup -e
+# restart filebeat
+    - ansible.builtin.import_role: 
+        name: netways.elasticstack.beats
+      tags: filebeat
diff --git a/host_vars/ovh01.yml b/host_vars/ovh01.yml
index 05086e6..b2540e8 100644
--- a/host_vars/ovh01.yml
+++ b/host_vars/ovh01.yml
@@ -1,4 +1,8 @@
 ---
+
+#* SSH
+#ssh_listen_to: "{{ host_private_address }}"
+
 #* USERS 
 
 management_user_list:
diff --git a/host_vars/ubuntu.yml b/host_vars/ubuntu.yml
index b1eb537..a85aea1 100644
--- a/host_vars/ubuntu.yml
+++ b/host_vars/ubuntu.yml
@@ -1,4 +1,12 @@
 ---
+
+# elasticstack_ca_pass: setuppassword
+elasticsearch_api_host: 192.168.0.26
+elasticsearch_http_publish_host: 192.168.0.26
+elasticsearch_network_host: 192.168.0.26
+elasticsearch_ssl_verification_mode: none
+# logstash_elasticsearch: 192.168.0.26
+
 #* USERS 
 
 management_user_list:
diff --git a/hosts b/hosts
index 72e04ee..99f13da 100644
--- a/hosts
+++ b/hosts
@@ -17,8 +17,11 @@ scaleway ansible_host=163.172.84.28 ansible_user=stephane
 ovh01 ansible_host=5.135.181.11 ansible_user=stephane
 ; ubuntu ansible_host=192.168.0.22 ansible_user=vagrant ansible_password=vagrant
 
+[elasticsearch]
+ubuntu ansible_host=192.168.0.26 ansible_user=vagrant ansible_password=vagrant
+
 [test]
-ubuntu ansible_host=192.168.0.22 ansible_user=vagrant ansible_password=vagrant
+ubuntu ansible_host=192.168.0.26 ansible_user=vagrant ansible_password=vagrant
 
 ; # TO KNOW WHOIS CHISEL SERVER
 ; [server]
diff --git a/requirements.yml b/requirements.yml
index 7021dc3..2c1ba66 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -3,4 +3,8 @@ collections:
   - name: prometheus.prometheus
   - name: community.crypto
   - name: ansible.utils
-  - name: community.grafana
\ No newline at end of file
+  - name: community.grafana
+  # - name: geerlingguy.redis
+  - name: git+https://github.com/netways/ansible-collection-elasticstack.git
+  # - name: elastic.elasticsearch
+  # - name: geerlingguy.kibana
\ No newline at end of file
diff --git a/roles/requirements.yml b/roles/requirements.yml
index 50521a0..5a91ad9 100644
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -47,4 +47,3 @@
   src: git+https://gitlab.epfl.ch/ansible-sti-roles/ansible-unattended-upgrades.git
 - name: ansible-role-labocbz-install-grafana
   src: git+https://gitlab.com/cbz-d-velop/public-ansible/ansible-role-labocbz-install-grafana.git
-