diff --git a/group_vars/all.yml b/group_vars/all.yml
index ff3ea155..94b4b517 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -7,6 +7,9 @@ file_header: |
   #----------------------------------------------------------------#
   #              This file is managed with ansible!                #
   #----------------------------------------------------------------#
+# für Zugriff auf nicht öffentliche {{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net-Repos
+ansible_forgejo_user: svc_ansible
+ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
 
 ### mgrote_user_setup
 dotfiles:
@@ -15,9 +18,6 @@ dotfiles:
   - user: root
     home: /root
 dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
-ansible_forgejo_user: svc_ansible
-ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
-
 dotfiles_vim_vundle_repo_url: "https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/Vundle.vim.git"
 ### mgrote_netplan
 netplan_configure: true
@@ -220,21 +220,21 @@ munin_node_disabled_plugins:
 
 munin_node_plugins:
   - name: chrony
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
   - name: systemd_status
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
   - name: systemd_mem
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
     config: |
       [systemd_mem]
       env.all_services true
   - name: lvm_
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/disk/lvm_
     config: |
       [lvm_*]
       user root
   - name: fail2ban
-    src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
     config: |
       [fail2ban]
       env.client /usr/bin/fail2ban-client
diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml
index 4d373f52..f667a14c 100644
--- a/group_vars/blocky.yml
+++ b/group_vars/blocky.yml
@@ -24,9 +24,6 @@ apt_packages_extra:
   - libnet-dns-perl # für munin: dnsresponse_
 
 ### mgrote_user_setup
-ansible_forgejo_user: svc_ansible
-ansible_forgejo_user_pass: "{{ lookup('viczem.keepass.keepass', 'user_setup_forgejo_user_pass', 'password') }}" # user ist dem Repo als "Collaborator" + "RO" hinzugefügt worden
-
 dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
 dotfiles:
   - user: mg
diff --git a/group_vars/fileserver.yml b/group_vars/fileserver.yml
index 94df5466..eb3cf49a 100644
--- a/group_vars/fileserver.yml
+++ b/group_vars/fileserver.yml
@@ -34,23 +34,23 @@ smb_enable_snapshots_shadow: true
 ### mgrote_munin_node
 munin_node_plugins:
   - name: chrony
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
   - name: systemd_status
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
   - name: systemd_mem
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
     config: |
       [systemd_mem]
       env.all_services true
   - name: fail2ban
-    src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
     config: |
       [fail2ban]
       env.client /usr/bin/fail2ban-client
       env.config_dir /etc/fail2ban
       user root
   - name: samba
-    src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/samba
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/samba
     config: |
       [samba]
       user root
diff --git a/group_vars/pbs.yml b/group_vars/pbs.yml
index a49d370c..78ec0aa5 100644
--- a/group_vars/pbs.yml
+++ b/group_vars/pbs.yml
@@ -37,38 +37,38 @@ users:
 ### mgrote_munin_node
 munin_node_plugins:
   - name: chrony
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
   - name: systemd_status
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
   - name: systemd_mem
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
     config: |
       [systemd_mem]
       env.all_services true
   - name: fail2ban
-    src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
     config: |
       [fail2ban]
       env.client /usr/bin/fail2ban-client
       env.config_dir /etc/fail2ban
       user root
   - name: zfs_arcstats
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_arcstats
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_arcstats
   - name: zfsonlinux_stats_
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfsonlinux_stats_
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfsonlinux_stats_
   - name: zpool_iostat
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_iostat
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_iostat
   - name: zfs_list
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_list
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_list
     config: |
       [zfs_list]
       env.ignore_datasets_pattern autodaily
   - name: zfs_count
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_pool_dataset_count
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_pool_dataset_count
   - name: zpool_iostat
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_iostat
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_iostat
   - name: zpool_capacity
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_capacity
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_capacity
 munin_node_disabled_plugins:
   - meminfo # zu hohe last
   - hddtemp2 # ersetzt durch hddtemp_smartctl
diff --git a/group_vars/pve.yml b/group_vars/pve.yml
index 591d0ef1..7b3ca7ac 100644
--- a/group_vars/pve.yml
+++ b/group_vars/pve.yml
@@ -46,55 +46,55 @@ apt_packages_extra:
 ### mgrote_munin_node
 munin_node_plugins:
   - name: chrony
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony
   - name: systemd_status
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_status
   - name: systemd_mem
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/systemd/systemd_mem
     config: |
       [systemd_mem]
       env.all_services true
   - name: fail2ban
-    src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mg/munin-plugins/raw/branch/master/extern/fail2ban
     config: |
       [fail2ban]
       env.client /usr/bin/fail2ban-client
       env.config_dir /etc/fail2ban
       user root
   - name: zfs_arcstats
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_arcstats
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_arcstats
   - name: zfsonlinux_stats_
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfsonlinux_stats_
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfsonlinux_stats_
   - name: zpool_iostat
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_iostat
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_iostat
   - name: zfs_list
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_list
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_list
     config: |
       [zfs_list]
       env.ignore_datasets_pattern autodaily
   - name: zpool_capacity
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_capacity
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zpool_capacity
   - name: kvm_mem
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_mem
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_mem
   - name: kvm_net
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_net
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_net
   - name: kvm_io
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_io
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_io
     config: |
       [kvm_io]
       user root
   - name: kvm_cpu
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_cpu
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/libvirt/kvm_cpu
   - name: proxmox_count
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/proxmox/proxmox_vm_count
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/proxmox/proxmox_vm_count
     config: |
       [proxmox_count]
       user root
       group root
   - name: zfs_count
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_pool_dataset_count
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/zfs/zfs_pool_dataset_count
   - name: ksm_
-    src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/system/kernel_same_page_merging
+    src: https://{{  ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/system/kernel_same_page_merging
 munin_node_disabled_plugins:
   - meminfo # zu hohe last
   - hddtemp2 # ersetzt durch hddtemp_smartctl