diff --git a/group_vars/fileserver.yml b/group_vars/fileserver.yml
index f899a077..a782ff2a 100644
--- a/group_vars/fileserver.yml
+++ b/group_vars/fileserver.yml
@@ -1,81 +1,70 @@
 ---
   ### mgrote.smb_fileserver
-  smb_nutzer:
+  smb_users:
     - name: 'annemariedroessler'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}"
     - name: 'restic'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_restic', 'password') }}"
     - name: 'win10'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_win10', 'password') }}"
     - name: 'kodi'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_kodi', 'password') }}"
     - name: 'michaelgrote'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_mg', 'password') }}"
     - name: 'navidrome'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_navidrome', 'password') }}"
     - name: 'docker'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_docker', 'password') }}"
     - name: 'pve'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_pve', 'password') }}"
     - name: 'brother_ads2700w'
-      groups: 'users'
       password: "{{ lookup('keepass', 'fileserver_smb_user_brother_ads2700w', 'password') }}"
-  smb_freigaben:
-    - freigabename: 'videos'
-      ordnerpfad: '/shares_videos'
-      lese_nutzer: ' win10 kodi'
-      schreibe_nutzer: 'annemariedroessler michaelgrote'
-    - freigabename: 'scans'
-      ordnerpfad: '/shares/scans'
-      lese_nutzer: 'annemariedroessler michaelgrote'
-      schreibe_nutzer: 'brother_ads2700w ocrmypdf'
-    - freigabename: 'replikation'
-      ordnerpfad: '/shares/replikation'
-      lese_nutzer: ''
-      schreibe_nutzer: 'win10 michaelgrote'
-    - freigabename: 'amd'
-      ordnerpfad: '/shares/amd'
-      lese_nutzer: 'win10 navidrome michaelgrote'
-      schreibe_nutzer: 'annemariedroessler'
-    - freigabename: 'backup'
-      ordnerpfad: '/shares/Backup'
-      lese_nutzer: ''
-      schreibe_nutzer: 'annemariedroessler restic win10 michaelgrote'
-    - freigabename: 'hm'
-      ordnerpfad: '/shares/hm'
-      lese_nutzer: 'win10'
-      schreibe_nutzer: 'michaelgrote'
-    - freigabename: 'mg'
-      ordnerpfad: '/shares/mg'
-      lese_nutzer: ''
-      schreibe_nutzer: 'win10 michaelgrote'
-    - freigabename: 'musik'
-      ordnerpfad: '/shares/Musik'
-      lese_nutzer: 'navidrome kodi annemariedroessler '
-      schreibe_nutzer: 'win10 michaelgrote'
-    - freigabename: 'tmp'
-      ordnerpfad: '/shares/tmp'
-      lese_nutzer: 'win10'
-      schreibe_nutzer: 'kodi annemariedroessler restic win10 michaelgrote'
-    - freigabename: 'bilder'
-      ordnerpfad: '/shares/bilder'
-      lese_nutzer: 'win10'
-      schreibe_nutzer: 'annemariedroessler michaelgrote'
-    - freigabename: 'proxmox'
-      ordnerpfad: '/shares/proxmox'
-      lese_nutzer: 'win10 michaelgrote'
-      schreibe_nutzer: 'pve'
+  smb_shares:
+    - name: 'videos'
+      path: '/shares_videos'
+      users_ro: ' win10 kodi'
+      users_rw: 'annemariedroessler michaelgrote'
+    - name: 'scans'
+      path: '/shares/scans'
+      users_ro: 'annemariedroessler michaelgrote'
+      users_rw: 'brother_ads2700w ocrmypdf'
+    - name: 'replikation'
+      path: '/shares/replikation'
+      users_ro: ''
+      users_rw: 'win10 michaelgrote'
+    - name: 'amd'
+      path: '/shares/amd'
+      users_ro: 'win10 navidrome michaelgrote'
+      users_rw: 'annemariedroessler'
+    - name: 'backup'
+      path: '/shares/Backup'
+      users_ro: ''
+      users_rw: 'annemariedroessler restic win10 michaelgrote'
+    - name: 'hm'
+      path: '/shares/hm'
+      users_ro: 'win10'
+      users_rw: 'michaelgrote'
+    - name: 'mg'
+      path: '/shares/mg'
+      users_ro: ''
+      users_rw: 'win10 michaelgrote'
+    - name: 'musik'
+      path: '/shares/Musik'
+      users_ro: 'navidrome kodi annemariedroessler '
+      users_rw: 'win10 michaelgrote'
+    - name: 'tmp'
+      path: '/shares/tmp'
+      users_ro: 'win10'
+      users_rw: 'kodi annemariedroessler restic win10 michaelgrote'
+    - name: 'bilder'
+      path: '/shares/bilder'
+      users_ro: 'win10'
+      users_rw: 'annemariedroessler michaelgrote'
+    - name: 'proxmox'
+      path: '/shares/proxmox'
+      users_ro: 'win10 michaelgrote'
+      users_rw: 'pve'
   smb_workgroup: WORKGROUP
-  smb_nutzer_loeschen:
-    - { name: 'ocrmypdf' }
   smb_min_protocol: "SMB2"
   smb_client_min_protocol: "SMB2"
   smb_client_max_protocol: "SMB3_11"
diff --git a/roles/mgrote.fileserver_smb/README.md b/roles/mgrote.fileserver_smb/README.md
index f542b9fb..fbb35cd7 100644
--- a/roles/mgrote.fileserver_smb/README.md
+++ b/roles/mgrote.fileserver_smb/README.md
@@ -1,7 +1,8 @@
-## mgrote.fileserver
+## mgrote.fileserver_smb
 
 ### Beschreibung
 Installiert und Konfiguriert einen Fileserver mit Samba.
+
 #### Rechte
 Rechte im Dateisystem sind
   - `chown -R root:users /shares/`
@@ -10,68 +11,40 @@ Rechte im Dateisystem sind
   - in Samba(global)
     - `force user = root`
     - `force group = users`
-
 Damit werden die Nutzer mit Ihrem Konto auf die SAMBA-Freigabe berechtigt, aber die Lese/Schreiboperationen auf dem Dateisystem als "root" durchgefuehrt.
 
 ### Funktioniert auf
 - [x] Ubuntu (>=18.04)
-- [ ] Debian
 
-
-### Variablen
-Es sind keine "defaults" gesetzt!
-##### Anzulegende Nutzer mit Name, Gruppe, Passwort
-  smb_nutzer:
-    - { name: 'andreasgrote', groups: 'nutzer', password: 'hallowelt' }
-##### um existierende Nutzer zu loeschen
-  smb_nutzer_loeschen:
-    - { name: '' }
-##### zu erstellende Freigaben: mit Name, Ordnername, Basis-Ordner, Nutzer die lesen und schreiben duerfen
-  smb_freigaben:
-    - { freigabename: 'Backup', ordnername: 'Backup', base_folder: '/shares', lese_nutzer: '', schreibe_nutzer: 'annemariedroessler mg restic toolserver win10' }
-##### Welche "Arbeitsgruppe"
-  smb_workgroup: WORKGROUP
-
-
-## Alternatives Dictionary Format:
-```bash
-  zfs_extra_zfs_pools:
-    - name: "ssd_vm_mirror"
-      type: "ssd"
-      cron_minute_zfs_trim: "5"
-      cron_hour_zfs_trim: "22"
-      cron_month_zfs_trim: "4,8,12"
-      cron_day_zfs_trim: "2"
-      cron_weekday_zfs_scrub: "6"
-      cron_minutes_zfs_scrub: "0"
-      cron_hour_zfs_scrub: "23"
-```
-ist das gleiche wie:
-```bash
-  zfs_extra_zfs_pools:
-    - { name: "ssd_vm_mirror", type: "ssd", cron_minute_zfs_trim: "5", cron_hour_zfs_trim: "22", cron_month_zfs_trim: "4,8,12", cron_day_zfs_trim: "2", cron_weekday_zfs_scrub: "6", cron_minutes_zfs_scrub: "0", cron_hour_zfs_scrub: "23"}
-```
-
-
-##### Samba Version
+### Samba Version
 ```
 Possible values are :
-
-CORE: Earliest version. No concept of user names.
-COREPLUS: Slight improvements on CORE for efficiency.
-LANMAN1: First modern version of the protocol. Long filename support.
-LANMAN2: Updates to Lanman1 protocol.
-NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
-SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.
 SMB2_02: The earliest SMB2 version.
 SMB2_10: Windows 7 SMB2 version.
 SMB2_22: Early Windows 8 SMB2 version.
 SMB2_24: Windows 8 beta SMB2 version.
-By default SMB2 selects the SMB2_10 variant.
-
 SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available.
 SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
 SMB3_02: Windows 8.1 SMB3 version.
 SMB3_10: early Windows 10 technical preview SMB3 version.
 SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
 ```
+
+### Variablen
+#### Nutzer
+```
+  smb_users:
+    - name: 'annemariedroessler' # Nutzername
+      password: "{{ lookup('keepass', 'fileserver_smb_user_amd', 'password') }}" # Passwort als Klartext
+      state: present # Status(default: present)
+      remove_dir: false # removes homedir if state is absent und remove_dir is true (default: false)
+      ```
+
+#### Freigaben
+```
+  smb_shares:
+    - name: 'videos' # Freigabename
+      path: '/shares_videos' # Pfad aus SMB-Server
+      users_ro: ' win10 kodi' # Nutzer - Lesezugriff
+      users_rw: 'annemariedroessler michaelgrote' # Nutzer - Schreibzugriff
+```
diff --git a/roles/mgrote.fileserver_smb/defaults/main.yml b/roles/mgrote.fileserver_smb/defaults/main.yml
index 311fbad4..e6f4cf86 100644
--- a/roles/mgrote.fileserver_smb/defaults/main.yml
+++ b/roles/mgrote.fileserver_smb/defaults/main.yml
@@ -1,15 +1,4 @@
 ---
-# Options: SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available:
-# SMB2_02: The earliest SMB2 version.
-# SMB2_10: Windows 7 SMB2 version. (By default SMB2 selects the SMB2_10 variant.)
-# SMB2_22: Early Windows 8 SMB2 version.
-# SMB2_24: Windows 8 beta SMB2 version.
-# SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available. SMB3 has sub protocols available:
-# SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
-# SMB3_02: Windows 8.1 SMB3 version.
-# SMB3_10: early Windows 10 technical preview SMB3 version.
-# SMB3_11: Windows 10 technical preview SMB3 version (maybe final). By default SMB3 selects the SMB3_11 variant.
-
   # Global SMB options
   smb_min_protocol: "SMB2_02"
   smb_client_min_protocol: "SMB2_02"
@@ -43,6 +32,7 @@
   smb_allocation_roundup_size: "4096"
   smb_force_user: "root"
   smb_force_group: "users"
+  smb_workgroup: WORKGROUP
   # Global shadow_copy2 options
   smb_vfs_objects: "shadow_copy2"
   smb_shadow_snapdir: ".zfs/snapshot"
@@ -51,3 +41,10 @@
   smb_shadow_snapprefix: "^autosnap"
   smb_shadow_delimiter: "_"
   smb_shadow_localtime: "no"
+  # packages
+  smb_packages:
+    - samba
+    - cifs-utils
+    - samba-common
+    - samba-common-bin
+    - samba-vfs-modules
diff --git a/roles/mgrote.fileserver_smb/handlers/main.yml b/roles/mgrote.fileserver_smb/handlers/main.yml
index be151c27..e4606859 100644
--- a/roles/mgrote.fileserver_smb/handlers/main.yml
+++ b/roles/mgrote.fileserver_smb/handlers/main.yml
@@ -1,4 +1,4 @@
-  - name: "smbd neustarten"
+  - name: restart_smbd
     become: yes
     systemd:
       name: smbd
@@ -9,5 +9,5 @@
     become: yes
     shell: "printf '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -a {{ item.name }}" # noqa 306 301 #pipefail: https://blog.christophersmart.com/2019/09/28/using-pipefail-with-shell-module-in-ansible/
     with_items:
-    - "{{ smb_nutzer }}"
+    - "{{ smb_users }}"
     no_log: True
diff --git a/roles/mgrote.fileserver_smb/tasks/main.yml b/roles/mgrote.fileserver_smb/tasks/main.yml
index cbbaef43..08a87266 100644
--- a/roles/mgrote.fileserver_smb/tasks/main.yml
+++ b/roles/mgrote.fileserver_smb/tasks/main.yml
@@ -1,59 +1,9 @@
-  - name: SAMBA installieren
-    become: yes
-    ansible.builtin.package:
-      name:
-        - samba
-        - cifs-utils
-        - samba-common
-        - samba-common-bin
-        - samba-vfs-modules
-      state: present
-
-  - name: Erstelle Linux-Gruppen # vat /etc/group  #kommt aus vars im playbook
-    become: yes
-    ansible.builtin.group:
-      name: "{{ item.groups }}"
-      state: present
-    loop: "{{ smb_nutzer }}"
-    no_log: True
-    notify: set_samba_passwords
-
-  - name: Erstelle Linux-Nutzer #kommt aus vars im playbook
-    become: yes
-    ansible.builtin.user:
-      name: "{{ item.name }}"
-      group: "{{ item.groups }}"
-      state: present
-      create_home: no
-    loop: "{{ smb_nutzer }}"
-    no_log: True
-    notify: set_samba_passwords
-
-  - name: Loesche alte Linux-Nutzer #kommt aus vars im playbook
-    become: yes
-    ansible.builtin.user:
-      name: "{{ item.name }}"
-      state: absent
-    loop: "{{ smb_nutzer_loeschen }}"
-    notify: set_samba_passwords
-
-  - name: Erstelle Freigabeordner
-    become: yes
-    ansible.builtin.file:
-      path: "{{ item.ordnerpfad }}"
-      state: directory
-      mode: 0777
-    loop: "{{ smb_freigaben }}"
-    notify: set_samba_passwords
-
-  - name: "Konfiguriere Freigaben"
-    become: yes
-    ansible.builtin.template:
-      src: smb.conf.j2
-      dest: /etc/samba/smb.conf
-      validate: 'testparm -s %s'
-    with_items:
-      - "{{ smb_freigaben }}"
-    notify:
-      - smbd neustarten
-      - set_samba_passwords
+---
+  - name: include install tasks
+    include_tasks: packages.yml
+  - name: include user tasks
+    include_tasks: users.yml
+    when: smb_users is defined
+  - name: include share tasks
+    include_tasks: shares.yml
+    when: smb_shares is defined
diff --git a/roles/mgrote.fileserver_smb/tasks/packages.yml b/roles/mgrote.fileserver_smb/tasks/packages.yml
new file mode 100644
index 00000000..42d3b302
--- /dev/null
+++ b/roles/mgrote.fileserver_smb/tasks/packages.yml
@@ -0,0 +1,6 @@
+---
+  - name: install packages
+    become: yes
+    ansible.builtin.package:
+      name: "{{ smb_packages }}"
+      state: present
diff --git a/roles/mgrote.fileserver_smb/tasks/shares.yml b/roles/mgrote.fileserver_smb/tasks/shares.yml
new file mode 100644
index 00000000..e2ce8832
--- /dev/null
+++ b/roles/mgrote.fileserver_smb/tasks/shares.yml
@@ -0,0 +1,21 @@
+---
+  - name: create smb shares directories
+    become: yes
+    ansible.builtin.file:
+      path: "{{ item.path }}"
+      state: directory
+      mode: 0777
+    loop: "{{ smb_shares }}"
+    notify: set_samba_passwords
+
+  - name: configure shares
+    become: yes
+    ansible.builtin.template:
+      src: smb.conf.j2
+      dest: /etc/samba/smb.conf
+      validate: 'testparm -s %s'
+    with_items:
+      - "{{ smb_shares }}"
+    notify:
+      - restart_smbd
+      - set_samba_passwords
diff --git a/roles/mgrote.fileserver_smb/tasks/users.yml b/roles/mgrote.fileserver_smb/tasks/users.yml
new file mode 100644
index 00000000..5f6e945d
--- /dev/null
+++ b/roles/mgrote.fileserver_smb/tasks/users.yml
@@ -0,0 +1,18 @@
+---
+  - name: create group
+    become: yes
+    ansible.builtin.group:
+      name: smb_users
+      state: present
+
+  - name: configure linux-users
+    become: yes
+    ansible.builtin.user:
+      name: "{{ item.name }}"
+      group: smb_users
+      state: "{{ item.state | default('present') }}"
+      remove: "{{ item.remove_dir | default('false') }}"
+      create_home: no
+    loop: "{{ smb_users }}"
+    no_log: True
+    notify: set_samba_passwords
diff --git a/roles/mgrote.fileserver_smb/templates/smb.conf.j2 b/roles/mgrote.fileserver_smb/templates/smb.conf.j2
index 00eff6c5..ee43f6e1 100644
--- a/roles/mgrote.fileserver_smb/templates/smb.conf.j2
+++ b/roles/mgrote.fileserver_smb/templates/smb.conf.j2
@@ -45,10 +45,10 @@ shadow: delimiter = {{ smb_shadow_delimiter }}
 shadow: localtime = {{ smb_shadow_localtime }}
 
 #======================= Share Definitions =======================
-{% for item in smb_freigaben %}
+{% for item in smb_shares %}
 
-[{{ item.freigabename }}]
-      path = {{ item.ordnerpfad }}
+[{{ item.name }}]
+      path = {{ item.path }}
       guest ok = no
       read only = no
       browseable = yes
@@ -64,9 +64,9 @@ shadow: localtime = {{ smb_shadow_localtime }}
       hide special files = yes
       follow symlinks = yes
       hide dot files = no
-      valid users = {{ item.lese_nutzer}} {{ item.schreibe_nutzer}}
+      valid users = {{ item.users_ro }} {{ item.users_rw }}
       invalid users =
-      read list ={{ item.lese_nutzer}}
-      write list = {{ item.schreibe_nutzer}}
+      read list = {{ item.users_ro }}
+      write list = {{ item.users_rw }}
 
 {% endfor %}
diff --git a/roles/mgrote.musterrolle/handlers/main.yml b/roles/mgrote.musterrolle/handlers/main.yml
index 925b52cb..d8158f63 100644
--- a/roles/mgrote.musterrolle/handlers/main.yml
+++ b/roles/mgrote.musterrolle/handlers/main.yml
@@ -1,4 +1,4 @@
-  - name: "smbd neustarten"
+  - name: restart_smbd
     become: yes
     systemd:
       name: smbd