diff --git a/docker-compose/traefik/file-provider.yml b/docker-compose/traefik/file-provider.yml
index 8f5b496e..45231304 100644
--- a/docker-compose/traefik/file-provider.yml
+++ b/docker-compose/traefik/file-provider.yml
@@ -22,7 +22,7 @@ http:
     ratelimit:
       rateLimit:
         average: 10
-        burst: 5
+        burst: 15
         sourceCriterion:
           ipStrategy:
             depth: 2
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 87b06980..8e05f536 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -7,6 +7,9 @@ file_header: |
   #----------------------------------------------------------------#
   #              This file is managed with ansible!                #
   #----------------------------------------------------------------#
+# für Zugriff auf nicht öffentliche git.mgrote.net-Repos
+ansible_forgejo_user: svc_ansible
+ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
 
 ### mgrote_user_setup
 dotfiles:
@@ -15,8 +18,7 @@ dotfiles:
   - user: root
     home: /root
 dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
-dotfiles_vim_vundle_repo_url: https://git.mgrote.net/mirrors/Vundle.vim.git
-
+dotfiles_vim_vundle_repo_url: "https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"
 ### mgrote_netplan
 netplan_configure: true
 
@@ -200,6 +202,8 @@ sanoid_templates:
 sanoid_deb_url: http://docker10.mgrote.net:3344/sanoid_v2.2.0.deb
 
 ### mgrote_munin_node
+munin_node_plugins_repo_user: "{{ ansible_forgejo_user }}"
+munin_node_plugins_repo_user_pass: "{{ ansible_forgejo_user_pass }}"
 munin_node_bind_host: "0.0.0.0"
 munin_node_bind_port: "4949"
 munin_node_allowed_cidrs: [192.168.2.0/24]
diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml
index b5ed8c83..f667a14c 100644
--- a/group_vars/blocky.yml
+++ b/group_vars/blocky.yml
@@ -24,7 +24,7 @@ apt_packages_extra:
   - libnet-dns-perl # für munin: dnsresponse_
 
 ### mgrote_user_setup
-dotfiles_vim_vundle_repo_url: http://192.168.2.42:3000/mirrors/Vundle.vim.git
+dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
 dotfiles:
   - user: mg
     home: /home/mg
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index 0c13e0fd..b9b4e553 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ
diff --git a/roles/mgrote_munin_node/tasks/additional.yml b/roles/mgrote_munin_node/tasks/additional.yml
index 6061c696..64d49100 100644
--- a/roles/mgrote_munin_node/tasks/additional.yml
+++ b/roles/mgrote_munin_node/tasks/additional.yml
@@ -1,15 +1,18 @@
 ---
-- name: download additional plugins
+- name: Ensure additional plugins are downloaded
   ansible.builtin.get_url:
     url: "{{ item.src }}"
     dest: "{{ munin_plugin_src_path }}{{ item.name }}"
     mode: '0755'
+    url_username: "{{ munin_node_plugins_repo_user | default(omit) }}"
+    url_password: "{{ munin_node_plugins_repo_user_pass | default(omit) }}"
+    force_basic_auth: true
   loop: "{{ munin_node_plugins }}"
   notify: restart munin-node
   no_log: true
   check_mode: false # damit werden auch im check-mode die Plugins heruntergeladen, sonst schlägt der nächste Task fehl
 
-- name: enable additional plugins
+- name: Enable additional plugins
   ansible.builtin.file:
     src: "{{ munin_plugin_src_path }}{{ item.name }}"
     dest: "{{ munin_plugin_dest_path }}{{ item.name }}"
@@ -18,7 +21,7 @@
   loop: "{{ munin_node_plugins }}"
   no_log: true
 
-- name: copy additional plugin-config
+- name: Template additional plugin-config
   ansible.builtin.copy:
     content: "{{ item.config }}"
     dest: "{{ munin_plugin_conf_dest_path }}{{ item.name }}"
@@ -30,7 +33,7 @@
   when: item.config is defined
   no_log: true
 
-- name: Ensure munin-node is running.
+- name: Ensure munin-node is running
   ansible.builtin.service:
     name: munin-node
     state: started
diff --git a/roles/mgrote_munin_node/tasks/install.yml b/roles/mgrote_munin_node/tasks/install.yml
index ca5dd9cd..0c8903db 100644
--- a/roles/mgrote_munin_node/tasks/install.yml
+++ b/roles/mgrote_munin_node/tasks/install.yml
@@ -1,5 +1,5 @@
 ---
-- name: install packages
+- name: Ensure packages are installed
   ansible.builtin.apt:
     name: munin-node
     state: present
@@ -7,7 +7,7 @@
     - munin-node-configure --shell
     - munin-node-configure --shell - 2
 
-- name: create directories
+- name: Ensure directories exist
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
@@ -15,11 +15,10 @@
     group: root
     mode: "0755"
   loop:
-    - /etc/munin
     - /etc/munin/plugin-conf.d
     - /etc/munin/plugins
 
-- name: Copy munin-node configuration.
+- name: Template munin-node configuration
   ansible.builtin.template:
     src: munin-node.conf.j2
     dest: /etc/munin/munin-node.conf
diff --git a/roles/mgrote_munin_node/tasks/main.yml b/roles/mgrote_munin_node/tasks/main.yml
index 688818dc..f17bf894 100644
--- a/roles/mgrote_munin_node/tasks/main.yml
+++ b/roles/mgrote_munin_node/tasks/main.yml
@@ -1,11 +1,14 @@
 ---
 - name: include install-tasks
   ansible.builtin.include_tasks: install.yml
+
 - name: include user tasks
   ansible.builtin.include_tasks: user.yml
+
 - name: include plugin-tasks
   ansible.builtin.include_tasks: additional.yml
   when: munin_node_plugins is defined
+
 - name: include remove-tasks
   ansible.builtin.include_tasks: remove.yml
   when: munin_node_disabled_plugins is defined
diff --git a/roles/mgrote_munin_node/tasks/remove.yml b/roles/mgrote_munin_node/tasks/remove.yml
index d469a219..9e3fb6fc 100644
--- a/roles/mgrote_munin_node/tasks/remove.yml
+++ b/roles/mgrote_munin_node/tasks/remove.yml
@@ -1,5 +1,5 @@
 ---
-- name: remove unwanted plugins
+- name: Ensure unwanted plugins are absent
   ansible.builtin.file:
     path: "{{ munin_plugin_dest_path }}{{ item }}"
     state: absent
@@ -7,7 +7,7 @@
   notify: restart munin-node
   when: munin_node_disabled_plugins is defined
 
-- name: remove additional plugin-config
+- name: Ensure additional plugin-config is absent
   ansible.builtin.file:
     state: absent
     dest: "{{ munin_plugin_conf_dest_path }}{{ item }}"
diff --git a/roles/mgrote_munin_node/tasks/user.yml b/roles/mgrote_munin_node/tasks/user.yml
index be0e785c..39049369 100644
--- a/roles/mgrote_munin_node/tasks/user.yml
+++ b/roles/mgrote_munin_node/tasks/user.yml
@@ -1,11 +1,11 @@
 ---
-- name: ensure group exists
+- name: Ensure group exists
   become: true
   ansible.builtin.group:
     name: "{{ munin_user_group }}"
     state: present
 
-- name: ensure user exists
+- name: Ensure user exists
   become: true
   ansible.builtin.user:
     name: munin
@@ -13,7 +13,7 @@
     shell: /usr/sbin/nologin
     create_home: false
 
-- name: add user to sudoers
+- name: Ensure user is added to sudoers
   become: true
   ansible.builtin.blockinfile:
     path: /etc/sudoers
diff --git a/roles/mgrote_user_setup/defaults/main.yml b/roles/mgrote_user_setup/defaults/main.yml
index 78fe4cdc..50de0e60 100644
--- a/roles/mgrote_user_setup/defaults/main.yml
+++ b/roles/mgrote_user_setup/defaults/main.yml
@@ -5,5 +5,8 @@ dotfiles:
     - user: root
       home: /root
 
-dotfiles_vim_vundle_repo_url: https://git.mgrote.net/mirrors/Vundle.vim.git
+ansible_forgejo_user: svc_ansible
+ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
+
+dotfiles_vim_vundle_repo_url: "https://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"
 dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles