diff --git a/group_vars/all.yml b/group_vars/all.yml
index 783f26cc..49bf4c83 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -70,6 +70,7 @@
   ### mgrote.apt_manage_sources
   manage_sources_apt_proxy: "acng.grote.lan:9999"
   ### mgrote.restic
+  restic_enable_role: true
   restic_folders_to_backup: "/usr/local /etc /root /home"
   restic_cron_hours: "19"
   restic_repository: "//fileserver2.grote.lan/restic"
diff --git a/group_vars/tor.yml b/group_vars/tor.yml
index 17c387e7..c7bfc9a1 100644
--- a/group_vars/tor.yml
+++ b/group_vars/tor.yml
@@ -94,3 +94,5 @@
   f2b_findtime: 600
   f2b_maxretry: 3
   f2b_send_email_report: false
+  ### mgrote.restic
+  restic_enable_role: false
diff --git a/playbooks/base/restic.yml b/playbooks/base/restic.yml
index c2a58785..f592f96c 100644
--- a/playbooks/base/restic.yml
+++ b/playbooks/base/restic.yml
@@ -1,4 +1,4 @@
 ---
   - hosts: all
     roles:
-      - { role: mgrote.restic, tags: "restic", when: "not 'tor' in group_names" }
+      - { role: mgrote.restic, tags: "restic" }
diff --git a/roles/mgrote.restic/defaults/main.yml b/roles/mgrote.restic/defaults/main.yml
index 63b22953..b1896557 100644
--- a/roles/mgrote.restic/defaults/main.yml
+++ b/roles/mgrote.restic/defaults/main.yml
@@ -15,3 +15,4 @@
         **/**cache***/**
         **/**Cache***/**
         **/**AppData***/**
+  restic_enable_role: true
diff --git a/roles/mgrote.restic/meta/main.yml b/roles/mgrote.restic/meta/main.yml
deleted file mode 100644
index 2c0c14d6..00000000
--- a/roles/mgrote.restic/meta/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-  dependencies:
-  - role: mgrote.postfix
diff --git a/roles/mgrote.restic/tasks/config.yml b/roles/mgrote.restic/tasks/config.yml
new file mode 100644
index 00000000..0d004b82
--- /dev/null
+++ b/roles/mgrote.restic/tasks/config.yml
@@ -0,0 +1,63 @@
+---
+  - name: copy smb_password.txt
+    become: yes
+    ansible.builtin.template:
+      src: "smb_password.txt"
+      dest: "/etc/restic/smb_password.txt"
+      owner: root
+      group: root
+      mode: 0700
+
+  - name: copy restic_backup.sh
+    become: yes
+    ansible.builtin.template:
+      src: "restic_backup.sh"
+      dest: "/usr/local/bin/restic_backup.sh"
+      mode: a+x
+
+  - name: create exclude.txt
+    become: yes
+    ansible.builtin.blockinfile:
+      path: "/etc/restic/exclude.txt"
+      create: yes
+      block: "{{ restic_exclude }}"
+      mode: 0644
+
+  - name: copy password.txt
+    become: yes
+    ansible.builtin.template:
+      src: "password.txt"
+      dest: "/etc/restic/password.txt"
+      owner: root
+      group: root
+      mode: 0700
+
+  - name: create restic cronjob
+    become: yes
+    ansible.builtin.cron:
+      name: restic
+      state: present
+      job: "/usr/local/bin/restic_backup.sh"
+      minute: "{{ 59|random(seed=inventory_hostname) }}"
+      hour: "{{ restic_cron_hours }}"
+      # siehe: https://stackoverflow.com/questions/33379378/idempotence-and-random-variables-in-ansible
+
+  - name: Create restic log
+    become: true
+    ansible.builtin.file:
+      path: /var/log/restic.log
+      state: touch
+      owner: root
+      group: root
+      mode: 0640
+      access_time: preserve
+      modification_time: preserve
+
+  - name: copy logrotate config
+    become: yes
+    ansible.builtin.template:
+      src: logrotate_restic
+      dest: /etc/logrotate.d/restic
+      owner: root
+      group: root
+      mode: 0644
diff --git a/roles/mgrote.restic/tasks/folders.yml b/roles/mgrote.restic/tasks/folders.yml
new file mode 100644
index 00000000..8b6e4ccc
--- /dev/null
+++ b/roles/mgrote.restic/tasks/folders.yml
@@ -0,0 +1,15 @@
+---
+  - name: create /etc/restic
+    become: yes
+    ansible.builtin.file:
+      path: /etc/restic
+      state: directory
+
+  - name: create restic mount-directory
+    become: yes
+    ansible.builtin.file:
+      path: "{{ restic_mount }}"
+      state: directory
+      owner: root
+      group: root
+      mode: 0777
diff --git a/roles/mgrote.restic/tasks/install.yml b/roles/mgrote.restic/tasks/install.yml
new file mode 100644
index 00000000..f2bb7f3e
--- /dev/null
+++ b/roles/mgrote.restic/tasks/install.yml
@@ -0,0 +1,9 @@
+---
+  - name: install restic-packages
+    become: yes
+    ansible.builtin.package:
+      name:
+        - restic
+        - logrotate
+        - cifs-utils
+      state: present
diff --git a/roles/mgrote.restic/tasks/main.yml b/roles/mgrote.restic/tasks/main.yml
index 0b268a00..d4882096 100644
--- a/roles/mgrote.restic/tasks/main.yml
+++ b/roles/mgrote.restic/tasks/main.yml
@@ -1,87 +1,10 @@
 ---
-  - name: install restic-packages
-    become: yes
-    ansible.builtin.package:
-      name:
-        - restic
-        - logrotate
-        - cifs-utils
-      state: present
-
-  - name: create /etc/restic
-    become: yes
-    ansible.builtin.file:
-      path: /etc/restic
-      state: directory
-
-  - name: create restic mount-directory
-    become: yes
-    ansible.builtin.file:
-      path: "{{ restic_mount }}"
-      state: directory
-      owner: root
-      group: root
-      mode: 0777
-
-  - name: copy smb_password.txt
-    become: yes
-    ansible.builtin.template:
-      src: "smb_password.txt"
-      dest: "/etc/restic/smb_password.txt"
-      owner: root
-      group: root
-      mode: 0700
-
-  - name: copy restic_backup.sh
-    become: yes
-    ansible.builtin.template:
-      src: "restic_backup.sh"
-      dest: "/usr/local/bin/restic_backup.sh"
-      mode: a+x
-
-  - name: create exclude.txt
-    become: yes
-    ansible.builtin.blockinfile:
-      path: "/etc/restic/exclude.txt"
-      create: yes
-      block: "{{ restic_exclude }}"
-      mode: 0644
-
-  - name: copy password.txt
-    become: yes
-    ansible.builtin.template:
-      src: "password.txt"
-      dest: "/etc/restic/password.txt"
-      owner: root
-      group: root
-      mode: 0700
-
-  - name: create restic cronjob
-    become: yes
-    ansible.builtin.cron:
-      name: restic
-      state: present
-      job: "/usr/local/bin/restic_backup.sh"
-      minute: "{{ 59|random(seed=inventory_hostname) }}"
-      hour: "{{ restic_cron_hours }}"
-      # siehe: https://stackoverflow.com/questions/33379378/idempotence-and-random-variables-in-ansible
-
-  - name: Create restic log
-    become: true
-    ansible.builtin.file:
-      path: /var/log/restic.log
-      state: touch
-      owner: root
-      group: root
-      mode: 0640
-      access_time: preserve
-      modification_time: preserve
-
-  - name: copy logrotate config
-    become: yes
-    ansible.builtin.template:
-      src: logrotate_restic
-      dest: /etc/logrotate.d/restic
-      owner: root
-      group: root
-      mode: 0644
+  - name: include install tasks
+    include_tasks: install.yml
+    when: restic_enable_role
+  - name: include folder tasks
+    include_tasks: folders.yml
+    when: restic_enable_role
+  - name: include config tasks
+    include_tasks: config.yml
+    when: restic_enable_role