diff --git a/hardening.yml b/hardening.yml
new file mode 100644
index 0000000..ff43a4a
--- /dev/null
+++ b/hardening.yml
@@ -0,0 +1,79 @@
+- hosts: test
+  vars:
+    ansible_user: vagrant
+    ansible_password: vagrant
+    management_user_list:
+      - name: admin
+        shell: '/bin/bash'
+        authorized_keys:
+          - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
+            exclusive: yes
+        sudo:
+          hosts: ALL
+          as: ALL
+          commands: ALL
+          nopasswd: ALL
+    netbird_setup_key: 26659E99-DED1-4ED4-B2D0-C0CC1246EFAE
+    netbird_register: true
+    node_exporter_tls_server_config:
+      cert_file: /etc/node_exporter/tls.cert
+      key_file: /etc/node_exporter/tls.key
+    node_exporter_basic_auth_users:
+      randomuser: examplepassword
+    node_exporter_web_listen_address: 192.168.0.20:9100
+  become: true
+  gather_facts: true
+
+  pre_tasks:
+
+    - name: Create node_exporter cert dir
+      file:
+        path: "{{ item }}"
+        state: directory
+        owner: root
+        group: root
+      loop:
+        - /etc/node_exporter
+
+    - name: Generate an OpenSSL private key with the default values (4096 bits, RSA) and a passphrase
+      community.crypto.openssl_privatekey:
+        path: /etc/node_exporter/tls.key
+        mode: 0644
+
+# /etc/node_exporter# chmod 644 tls.key
+
+    - name: Generate an OpenSSL Certificate Signing Request with a passphrase protected private key
+      community.crypto.openssl_csr:
+        path: /etc/node_exporter/tls.csr
+        privatekey_path: /etc/node_exporter/tls.key
+        common_name: www.ansible.com
+
+    - name: Generate a Self Signed OpenSSL certificate
+      community.crypto.x509_certificate:
+        path: /etc/node_exporter/tls.cert
+        privatekey_path: /etc/node_exporter/tls.key
+        csr_path: /etc/node_exporter/tls.csr
+        provider: selfsigned
+
+# export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES ---> ERROR! A worker was found in a dead state
+
+# chmod go+r /usr/share/keyrings/netbird-archive-keyring.gpg for error:
+#||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available
+
+  roles:
+    # - robertdebock.update
+    # - devsec.hardening.os_hardening
+    # - devsec.hardening.ssh_hardening
+    # - maxlareo.rkhunter
+    # - maxlareo.chkrootkit
+    # - robertdebock.auditd
+    # - geerlingguy.firewall
+    # - grog.management-user
+    # - GROG.user
+    # - GROG.authorized-key
+    # - GROG.sudo
+    # - ansible_unattended_upgrades
+    # - dominion_solutions.netbird.netbird
+    # - buluma.lynis
+    - prometheus.prometheus.node_exporter
+# https://galaxy.ansible.com/ui/repo/published/prometheus/prometheus/content/role/node_exporter/
\ No newline at end of file
diff --git a/host_vars/test.yml b/host_vars/test.yml
new file mode 100644
index 0000000..78096c1
--- /dev/null
+++ b/host_vars/test.yml
@@ -0,0 +1,18 @@
+---
+# unattended_origins_patterns:
+#   - 'origin=Ubuntu,archive=${distro_codename}-security'
+#   - 'o=Ubuntu,a=${distro_codename}'
+#   - 'o=Ubuntu,a=${distro_codename}-updates'
+#   - 'o=Ubuntu,a=${distro_codename}-proposed-updates'
+
+# management_user_list:
+#   - name: admin
+#     shell: '/bin/bash'
+#     authorized_keys:
+#       - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
+#         exclusive: yes
+#     sudo:
+#       hosts: ALL
+#       as: ALL
+#       commands: ALL
+#       nopasswd: ALL
\ No newline at end of file
diff --git a/hosts b/hosts
index 35d7ed6..3aa9a79 100644
--- a/hosts
+++ b/hosts
@@ -13,6 +13,8 @@ ovh_worker ansible_host=5.135.181.11 ansible_user=stephane
 [controller]
 scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
 
+[test]
+192.168.0.20
 
 ; # TO KNOW WHOIS CHISEL SERVER
 ; [server]
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..c12f5cd
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,5 @@
+collections:
+  - name: devsec.hardening
+  - name: dominion_solutions.netbird
+  - name: prometheus.prometheus
+  - name: community.crypto
\ No newline at end of file
diff --git a/roles/.gitignore b/roles/.gitignore
index be27457..839a484 100644
--- a/roles/.gitignore
+++ b/roles/.gitignore
@@ -30,4 +30,15 @@ ome.selinux_utils/
 # CHISEL
 justin_p.chisel/
 # HELM
-geerlingguy.helm
\ No newline at end of file
+geerlingguy.helm
+devsec.hardening.os_hardening
+devsec.hardening.ssh_hardening
+buluma.lynis
+ansible-hardening
+maxlareo.rkhunter
+maxlareo.chkrootkit
+buluma.auditd
+jnv.unattended-upgrades
+ansible_unattended_upgrades
+robertdebock.auditd
+robertdebock.update
diff --git a/roles/requirements.yml b/roles/requirements.yml
index 3865ea5..f0fd56a 100644
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -16,9 +16,6 @@
 # SYSTEM
 - src: tumf.systemd-service
 # SSH client side
-- src: linux-system-roles.ssh
-# SSH server side
-- src: willshersystems.sshd
 # PACKAGE
 - src: GROG.package
 # IPTABLES
@@ -31,7 +28,20 @@
 # BACKUP
 - src: ome.rsync_server
 - src: ome.selinux_utils
-# CHISEL
-- src: justin_p.chisel
 # HELM
 - src: geerlingguy.helm
+
+
+## SETUP
+- src: buluma.lynis
+- src: maxlareo.rkhunter
+- src: maxlareo.chkrootkit
+- src: robertdebock.auditd
+- src: robertdebock.update
+# - src: buluma.auditd
+#   version: v1.0.10
+# - src: jnv.unattended-upgrades
+# - src: dominion_solutions.netbird
+  # version: 0.1.6
+- name: ansible_unattended_upgrades
+  src: git+https://gitlab.epfl.ch/ansible-sti-roles/ansible-unattended-upgrades.git