diff --git a/client/defaults/main.yml b/client/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b102a09561378f49cdd616b7ccd22cb99ebc9190
--- /dev/null
+++ b/client/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+client_use_proprietary_google_apps: False
+client_do_rsyslog: True
+client_provision_mozilla: True
diff --git a/client/files/icedove/defaults/pref/asta.js b/client/files/icedove/defaults/pref/asta.js
new file mode 100644
index 0000000000000000000000000000000000000000..7a7395fc44be2ed4bc0e1975d9b154f1ec464734
--- /dev/null
+++ b/client/files/icedove/defaults/pref/asta.js
@@ -0,0 +1,35 @@
+// Disable offline folder
+lockPref("mail.server.default.autosync_offline_stores", false);
+lockPref("mail.server.default.offline_download", false);
+
+// for newly generated profiles HTML mail is disabled by default, however the user can change it
+pref("mail.identity.default.compose_html", false);
+
+// disable playing sound on incoming mail
+pref("mail.biff.play_sound", false);
+
+// disable cloud files for large attachments
+lockPref("mail.cloud_files.enabled", false);
+
+// send HTML mails also in plaintext
+lockPref("mail.default_html_action", 3);
+
+// always show quota
+pref("mail.quota.mainwindow_threshold.show", 0);
+
+// warning at 80%
+pref("mail.quota.mainwindow_threshold.warning", 80);
+
+// critical at 95%
+pref("mail.quota.mainwindow_threshold.critical", 95);
+
+
+// find out how this works...
+// // define asta mail account
+// pref("mail.accountmanager.appendaccounts", "AStA");
+// pref("mail.accountmanager.defaultaccount", "AStA");
+// pref("mail.account.account0.server", "mail.asta.rwth-aachen.de");
+
+
+
+
diff --git a/client/files/icedove/defaults/pref/vendor.js b/client/files/icedove/defaults/pref/vendor.js
new file mode 100644
index 0000000000000000000000000000000000000000..13e07931133cdb7313fbddaa9df53b333a31b192
--- /dev/null
+++ b/client/files/icedove/defaults/pref/vendor.js
@@ -0,0 +1,6 @@
+// Forbid application updates
+lockPref("app.update.enabled", false);
+
+// Pointing the "Help -> What's new" menu entry to mozilla.debian.net
+// pref("mailnews.start_page.override_url", "http://wiki.debian.org/Icedove/WhatsNew45");
+
diff --git a/client/files/iceweasel/defaults/pref/local-settings.js b/client/files/iceweasel/defaults/pref/local-settings.js
new file mode 100644
index 0000000000000000000000000000000000000000..e677e61cc8c5adb49d88e3882f0e6d070c7fd49b
--- /dev/null
+++ b/client/files/iceweasel/defaults/pref/local-settings.js
@@ -0,0 +1,2 @@
+pref("general.config.obscure_value", 0); // the mozilla.cfg is not ROT13 "encrypted"
+pref("general.config.filename", "mozilla.cfg");
diff --git a/client/files/iceweasel/mozilla.cfg b/client/files/iceweasel/mozilla.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..8d1e5a21acfd55a2ed5944faf4577d3eaefb03ca
--- /dev/null
+++ b/client/files/iceweasel/mozilla.cfg
@@ -0,0 +1,14 @@
+//
+lockPref("browser.cache.disk.enable", false);
+lockPref("browser.cache.memory.enable", true);
+// since our system are multi seated systems lower the ram use, our internet connection is fast enough
+lockPref("browser.cache.memory.capacity", 65536);
+// disable proxy autodiscovery
+lockPref("network.enablePad", false);
+// disable proxy
+// 0 --> direct connection no proxy
+// 1 --> manual proxy, e.g. via network.proxy.*
+// 2 --> autoconfiguration via network.proxy.autoconfig_url
+// 3 --> same as 0
+// 4 --> auto detect proxy settings
+lockPref("network.proxy.type", 0);
diff --git a/client/tasks/configuration.yml b/client/tasks/configuration.yml
index 25cd16d7d7f7f7a9954ee8098460abc037ac5b5f..ffabc847f07277e8af22ceed5d40c73e5c630210 100644
--- a/client/tasks/configuration.yml
+++ b/client/tasks/configuration.yml
@@ -3,92 +3,33 @@
 
 - name: ensure correct hosts file
   template: src=hosts.j2 dest=/etc/hosts
-  tags:
-    - client
-    - config
 
 - name: ensure i3 is able to lock the screen
   copy: src=i3lock dest=/usr/local/bin/i3lock owner=root group=root mode=0755
-  tags:
-    - desktop
-    - config
-
-- name: ensure kde nepomuk is disabled
-  file: path=/usr/share/autostart/nepomukserver.desktop state=absent
-  tags:
-    - config
-    - desktop
-    - clean
 
 - name: ensure a sane default web browser
   alternatives: name=x-www-browser path=/usr/bin/firefox
-  tags:
-    - config
-    - desktop
-
-- name: ensure a rotten default session manager
-  alternatives: name=x-session-manager path=/usr/bin/startkde
-  tags:
-    - config
-    - desktop
-
-- name: ensure a rotten default display manager
-  copy: src=displayManager dest=/etc/X11/default-display-manager owner=root group=root mode=0644
-  tags:
-    - config
-    - desktop
-
-#- name: ensure we got a properly configured kdm
-#  copy: src=kdm/kdmrc dest=/etc/kde4/kdm/kdmrc owner=root group=root mode=0644
-#  tags:
-#    - config
-#    - desktop
-#    - fsmpi
-#
-#- name: ensure deployment of a nice kdm theme
-#  copy: src=kdm/fsmpi_theme/ dest=/usr/share/kde4/apps/kdm/themes/fsmpi owner=root group=root mode=0644
-#  tags:
-#    - config
-#    - desktop
-#    - fsmpi
-#
-#- name: ensure kdm is enabled
-#  service: name=kdm state=running
-#  tags:
-#    - service
-#    - desktop
-#
-#- name: ensure deployment of kde provisioning
-#  copy: src=kde/ dest=/etc/kde4 owner=root group=root mode=0644
-#  tags:
-#    - config
-#    - desktop
-#    - fsmpi
 
 - name: ensure we have the correct printer
   template: src=lpoptions.j2 dest=/etc/cups/lpoptions owner=root group=root mode=0644
-  tags:
-    - desktop
-    - fsmpi
-    - config
+  when: smb_domain == 'FSMPI' # not ported yet
 
-# granting all users access to sound card
 - name: grant user access to soundcard
   copy: src=udev_audio-perm.rules dest=/etc/udev/rules.d/50-audio-perm.rules owner=root group=root mode=0644
-  tags:
-    - config
-    - desktop
 
-- name: "copy fonts"
+- name: ensure RWTH fonts are available
   copy: src={{ item }} dest=/usr/local/share/fonts/ owner=root group=root mode=0644
   with_fileglob:
     - fonts/*
-  tags:
-    - fonts
-    - desktop
 
 - name: configure logrotate for rsyslog files to fit the client needs
   copy: src=logrotate/rsyslog dest=/etc/logrotate.d/rsyslog owner=root group=root mode=0644
-  tags:
-    - client
-    - logrotate
+  when: client_do_rsyslog
+
+#- name: ensure iceweasel default profile stuff is installed
+#  copy: src=iceweasel/ dest=/usr/lib/firefox-esr/ owner=root group=root mode=0644
+#  when: client_provision_mozilla
+#
+#- name: ensure icedove default profile stuff is installed
+#  copy: src=icedove/ dest=/usr/lib/icedove/ owner=root group=root mode=0644
+#  when: client_provision_mozilla
diff --git a/client/tasks/kde.yml b/client/tasks/kde.yml
index c37d76b93e188146de61d74b758b3fbac286ccfc..a793018053a9cd1d8f37dfb3ac5de9613ff68818 100644
--- a/client/tasks/kde.yml
+++ b/client/tasks/kde.yml
@@ -76,4 +76,24 @@
     - kde
     - desktop
 
+- name: ensure kde nepomuk is disabled
+  file: path=/usr/share/autostart/nepomukserver.desktop state=absent
+
+- name: ensure a rotten default session manager
+  alternatives: name=x-session-manager path=/usr/bin/startkde
+
+- name: ensure a rotten default display manager
+  copy: src=displayManager dest=/etc/X11/default-display-manager owner=root group=root mode=0644
+
+#- name: ensure we got a properly configured kdm
+#  copy: src=kdm/kdmrc dest=/etc/kde4/kdm/kdmrc owner=root group=root mode=0644
+#
+#- name: ensure deployment of a nice kdm theme
+#  copy: src=kdm/fsmpi_theme/ dest=/usr/share/kde4/apps/kdm/themes/fsmpi owner=root group=root mode=0644
+#
+#- name: ensure kdm is enabled
+#  service: name=kdm state=running
+#
+#- name: ensure deployment of kde provisioning
+#  copy: src=kde/ dest=/etc/kde4 owner=root group=root mode=0644
 
diff --git a/client/tasks/main.yml b/client/tasks/main.yml
index f77c217a0ddd712b155eaf70abf83df2a9e44ef2..ac7c66a3f2301bcdda9961b7d3be1578fc049031 100644
--- a/client/tasks/main.yml
+++ b/client/tasks/main.yml
@@ -7,5 +7,8 @@
 - meta: flush_handlers
 - include: software.yml
 - meta: flush_handlers
+- include: proprietary.yml
+  when: client_use_proprietary_google_apps
+- meta: flush_handlers
 - include: configuration.yml
 - meta: flush_handlers
diff --git a/client/tasks/proprietary.yml b/client/tasks/proprietary.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d5aad4a7a0af47ab8d938123d2957c69e73760c9
--- /dev/null
+++ b/client/tasks/proprietary.yml
@@ -0,0 +1,14 @@
+---
+
+- name: ensure apt got the key to verify the google repo
+  apt_key: data="{{ lookup('file', 'google.gpg') }}" state=present
+  notify:
+    - update apt cache
+
+- name: ensure apt knows about the google repo
+  apt_repository: repo='deb http://dl.google.com/linux/chrome/deb/ stable main' state=present
+  notify:
+    - update apt cache
+
+- name: ensure proprietary google applications are installed
+  apt: name=google-chrome-stable state=installed
diff --git a/client/tasks/software.yml b/client/tasks/software.yml
index 55ac1d8f0a7dff375918f2de313e0416174bc94e..7b78e4999f442d8584d58402ba8667b94621e9a9 100644
--- a/client/tasks/software.yml
+++ b/client/tasks/software.yml
@@ -5,158 +5,206 @@
   apt: name={{ item }} state=installed
   with_items:
     - libreoffice # this is a meta-package
+    - libreoffice-help-de
+    - libreoffice-l10n-de
+    - texstudio
+
+- name: ensure artistic applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
+    - inkscape
     - gimp
     - gimp-dcraw
     - gimp-texturize
-    - gnucash
     - scribus
     - scribus-doc
     - scribus-template
-    - gv
-    - inkscape
-    - ttf-mscorefonts-installer
-    - ttf-opensymbol
-    - pdftk
+    - dia
+    - gnuplot
+
+- name: ensure pdf applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
     - evince
-    - okular
+    - gv
     - pdfgrep
     - pdfjam
-    - meld
-    - gnuplot
-    - texstudio
-    - kwrite
+    - pdfmod
+    - pdftk
+    - xournal
+
+- name: ensure finance applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
+    - gnucash
     - kmymoney
-  tags:
-    - packages
-    - office
 
-- name: ensure development applications are installed
+- name: ensure python packages are installed
   apt: name={{ item }} state=installed
   with_items:
-    - dia
-    - subversion
-    - emacs
-    - joe
-    - python-openssl
+    - python-matplotlib
     - python-numpy
+    - python-opencv
+    - python-openssl
+    - python-pip
+    - python-prettytable
+    - python-pysnmp4
     - python-scipy
-    - python-matplotlib
+    - python-virtualenv
+    - python3
+    - python3-matplotlib
+    - python3-pip
+    - python3-pyqt5
+    - python3-scipy
+    - python3-virtualenv
+    - virtualenv
     - ipython
+    - ipython3
+
+- name: ensure haskell packages are installed
+  apt: name={{ item }} state=installed
+  with_items:
+    - pandoc
     - ghc
     - c2hs
     - libghc-hakyll-dev
     - cabal-install
     - alex
     - happy
-    - python3
-    - ipython3
-    - virtualenv
-    - python3-virtualenv
-    - python3-matplotlib
-    - python3-pip
-    - default-jdk
-    - python-opencv
-    - python-pip
-    - python-virtualenv
-    #- root-system
-    - octave
-    #- libroot-bindings-python5.34
-    - mysql-client
+
+- name: ensure x11 development packages are installed
+  apt: name={{ item }} state=installed
+  with_items:
     - libasound2-dev
     - libx11-dev
-    - libxinerama-dev
     - libxext-dev
     - libxft-dev
+    - libxinerama-dev
     - libxrandr-dev
+
+- name: ensure other development environments are installed
+  apt: name={{ item }} state=installed
+  with_items:
+    - default-jdk
+    - octave
+#    - root-system
+#    - libroot-bindings-python5.34
+
+- name: ensure development applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
     - cmake
-    - gitk
+    - meld
+    - subversion
     - git-svn
-  tags:
-    - packages
-    - development
+    - gitk
+    - mysql-client
+    - gdb
 
-- name: ensure internet applications are installed
+- name: ensure mozilla applications are installed
   apt: name={{ item }} state=installed
   with_items:
     - thunderbird
+    - thunderbird-l10n-de
     - firefox-esr
+    - firefox-esr-l10n-de
     - lightning
-    - xul-ext-quotecolors
+    - lightning-l10n-de
     - enigmail
+    - xul-ext-quotecolors
+#    - xul-ext-ublock-origin
+#    - xul-ext-https-everywhere
+#    - xul-ext-sieve
+#    - xul-ext-noscript
+#    - xul-ext-kwallet5
+
+- name: ensure google applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
     - chromium
     - chromium-l10n
+
+- name: ensure chat applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
     - pidgin
     - pidgin-otr
     - pidgin-themes
     - pidgin-plugin-pack
     - irssi
     - weechat
-    - filezilla
-    - keepassx
+
+- name: ensure remote session applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
     - rdesktop
-    - imapfilter
-    - mutt
-    - w3m
     - x2goclient
-  tags:
-    - packages
-    - internet
+    - remmina
+    - remmina-plugin-rdp
+    - remmina-plugin-vnc
+    - freerdp-x11
+    - x11vnc
+    - filezilla
 
-- name: ensure multimedia applications are installed
+- name: ensure audio environment is installed
   apt: name={{ item }} state=installed
   with_items:
-    - vlc
-    - smplayer
+    - alsa-utils
     - pulseaudio
+    - pulseaudio-utils
     - pavucontrol
+
+- name: ensure multimedia applications are installed
+  apt: name={{ item }} state=installed
+  with_items:
+    - vlc
     - mplayer
-    - pulseaudio-utils
-    - alsa-utils
-    - arandr
-  tags:
-    - packages
-    - multimedia
+    - smplayer
+    - ffmpeg
 
-- name: ensure desktop environments are installed
+- name: ensure password managers are installed
   apt: name={{ item }} state=installed
   with_items:
-    - inkscape
-    - i3
-    - i3-wm
-    - i3status
-    - suckless-tools
-    - dunst
-  tags:
-    - packages
-    - desktop
+    - pass
+    - keepassx
 
-- name: ensure console applications are installed
+- name: ensure non-desktop-environment applications are installed
   apt: name={{ item }} state=installed
   with_items:
-    - konsole
+    - i3-wm
+    - i3status
+    - dunst
+    - suckless-tools
+    - arandr
     - rxvt-unicode
-  tags:
-    - packages
-    - console
+    - mutt
+    - imapfilter
+    - offlineimap
+    - tnef
+    - w3m
+    - away
 
-- name: ensure localisation is installed
+- name: ensure dictionaries and spell checkers are installed
   apt: name={{ item }} state=installed
   with_items:
     - aspell-de
-    - aspell-de-alt
     - manpages-de
     - ingerman
     - wngerman
     - hunspell-de-de
     - hyphen-de
-    - iceweasel-l10n-de
-    - libreoffice-help-de
-    - libreoffice-l10n-de
     - mythes-de
-    - kde-l10n-de
-  tags:
-    - packages
-    - locale
+
+- name: ensure additional fonts are installed
+  apt: name={{ item }} state=installed
+  with_items:
+    - ttf-mscorefonts-installer
+    - ttf-opensymbol
+    - fonts-unfonts-core
+    - fonts-ipafont-gothic
+    - fonts-ipafont-mincho
+    - fonts-arphic-ukai
+    - fonts-arphic-uming
 
 - name: ensure unwanted applications are uninstalled
   apt: name={{ item }} state=absent
@@ -166,19 +214,3 @@
     - update-manager-gnome
     - popularity-contest
     - konqueror
-  tags:
-    - packages
-    - clean
-
-- name: ensure korean letters are more than squares
-  apt: name="{{item}}" state=installed
-  with_items:
-    - fonts-unfonts-core
-    - fonts-ipafont-gothic
-    - fonts-ipafont-mincho
-    - fonts-arphic-ukai
-    - fonts-arphic-uming
-  tags:
-    - locale
-    - font
-    - packages