diff --git a/inventory b/inventory
index fa4f6bb..64feb95 100644
--- a/inventory
+++ b/inventory
@@ -78,3 +78,6 @@ all:
         34613761363237633865306332653631323366343232353666343165666664343838
     unicorn.n39.eu:
       server_admin: "admin+unicorn@netz39.de"
+    platon.n39.eu:
+      server_admin: "admin+platon@netz39.de"
+      ansible_ssh_user: pi
\ No newline at end of file
diff --git a/main.yml b/main.yml
index c725c75..97e6da4 100644
--- a/main.yml
+++ b/main.yml
@@ -42,3 +42,6 @@
 
 - name: Specific setup for host unicorn
   import_playbook: unicorn.yml
+
+- name: Platon specific setup
+  import_playbook: platon.yml
\ No newline at end of file
diff --git a/platon.yml b/platon.yml
new file mode 100644
index 0000000..c066509
--- /dev/null
+++ b/platon.yml
@@ -0,0 +1,9 @@
+---
+- hosts: platon.n39.eu
+  become: true
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+    door_open_command: '/home/pi/netz39_rollladensteuerung/raspberry/doorcontrol/door-open.sh'
+    ble_keykeeper_dir: '/home/pi/netz39_ble_keykeeper'
+  roles:
+    - role: ble-keykeeper-role
\ No newline at end of file
diff --git a/pottwal.yml b/pottwal.yml
index 41a96e7..a4b48c2 100644
--- a/pottwal.yml
+++ b/pottwal.yml
@@ -8,7 +8,7 @@
     mosquitto_image: eclipse-mosquitto:1.6
     mosquitto_data: /srv/data/mosquitto
 
-    openhab_image: openhab/openhab:3.1.0
+    openhab_image: openhab/openhab:2.5.11
     openhab_data: /srv/data/openhab
     openhab_host_port: 8081
     openhab_configuration_source: https://github.com/netz39/n39-openhab.git
@@ -28,199 +28,199 @@
 
   tasks:
 
-  - name: Check if gitea data dir exists
-    ansible.builtin.stat:
-      path: "/srv/data/gitea"
-    register: gitea_dir
-  - name: Fail if gitea data dir does not exist
-    ansible.builtin.fail:
-      msg: "Gitea data dir is missing, please restore from the backup!"
-    when: not gitea_dir.stat.exists
+    - name: Check if gitea data dir exists
+      ansible.builtin.stat:
+        path: "/srv/data/gitea"
+      register: gitea_dir
+    - name: Fail if gitea data dir does not exist
+      ansible.builtin.fail:
+        msg: "Gitea data dir is missing, please restore from the backup!"
+      when: not gitea_dir.stat.exists
 
-  # If port 2222 is changed here, it must also be adapted
-  # in the gitea config file (see application volume)!!
-  - name: Setup the docker container for gitea
-    docker_container:
-      name: gitea
-      image: "gitea/gitea:1.15.10"
-      pull: true
-      state: started
-      restart_policy: unless-stopped
-      detach: yes
-      ports:
-#      - 127.0.0.1:{{ gitea_host_port }}:3000
-      - "{{ gitea_host_port }}:3000"
-      - 2222:2222
-      env:
-        APP_NAME="Netz39 Gitea"
-        RUN_MODE="prod"
-        SSH_DOMAIN="gitea.n39.eu"
-        SSH_PORT="2222"
-        SSH_START_SERVER="false"
-        ROOT_URL="https://gitea.n39.eu"
-        DISABLE_REGISTRATION="true"
-        USER_UID=1000
-        USER_GID=1000
-      volumes:
-      - "/srv/data/gitea:/data:rw"
+    # If port 2222 is changed here, it must also be adapted
+    # in the gitea config file (see application volume)!!
+    - name: Setup the docker container for gitea
+      docker_container:
+        name: gitea
+        image: "gitea/gitea:1.15.10"
+        pull: true
+        state: started
+        restart_policy: unless-stopped
+        detach: yes
+        ports:
+#          - 127.0.0.1:{{ gitea_host_port }}:3000
+          - "{{ gitea_host_port }}:3000"
+          - 2222:2222
+        env:
+          APP_NAME="Netz39 Gitea"
+          RUN_MODE="prod"
+          SSH_DOMAIN="gitea.n39.eu"
+          SSH_PORT="2222"
+          SSH_START_SERVER="false"
+          ROOT_URL="https://gitea.n39.eu"
+          DISABLE_REGISTRATION="true"
+          USER_UID=1000
+          USER_GID=1000
+        volumes:
+          - "/srv/data/gitea:/data:rw"
 
-  - name: Setup proxy site gitea.n39.eu
-    include_role:
-      name: setup-http-site-proxy
-    vars:
-      site_name: "gitea.n39.eu"
-      proxy_port: "{{ gitea_host_port }}"
+    - name: Setup proxy site gitea.n39.eu
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: "gitea.n39.eu"
+        proxy_port: "{{ gitea_host_port }}"
 
-  - name: Ensure apt-cacher container is running
-    docker_container:
-      name: apt_cacher_ng
-      image: "mrtux/apt-cacher-ng"
-      pull: true
-      state: started
-      restart_policy: unless-stopped
-      detach: yes
-      ports:
-        - 3142:3142
+    - name: Ensure apt-cacher container is running
+      docker_container:
+        name: apt_cacher_ng
+        image: "mrtux/apt-cacher-ng"
+        pull: true
+        state: started
+        restart_policy: unless-stopped
+        detach: yes
+        ports:
+          - 3142:3142
 
 
-  - name: Ensure the mosquitto directories exist
-    file:
-      path: "{{ item }}"
-      state: directory
-    with_items:
-      - "{{ mosquitto_data }}/config"
-      - "{{ mosquitto_data }}/data"
-      - "{{ mosquitto_data }}/log"
+    - name: Ensure the mosquitto directories exist
+      file:
+        path: "{{ item }}"
+        state: directory
+      with_items:
+        - "{{ mosquitto_data }}/config"
+        - "{{ mosquitto_data }}/data"
+        - "{{ mosquitto_data }}/log"
 
-  - name: Make sure mosquitto config is there
-    template:
-      src: "templates/mosquitto.conf.j2"
-      dest: "{{ mosquitto_data }}/config/mosquitto.conf"
-    notify: restart_mosquitto
+    - name: Make sure mosquitto config is there
+      template:
+        src: "templates/mosquitto.conf.j2"
+        dest: "{{ mosquitto_data }}/config/mosquitto.conf"
+      notify: restart_mosquitto
 
-  - name: Ensure mosquitto is running
-    docker_container:
-      name: mosquitto
-      image: "{{ mosquitto_image }}"
-      pull: true
-      state: started
-      ports:
-        - 1883:1883
-        - 9001:9001
-      volumes:
-        - "{{ mosquitto_data }}/config:/mosquitto/config"
-        - "{{ mosquitto_data }}/data:/mosquitto/data"
-        - "{{ mosquitto_data }}/log:/mosquitto/log"
-      detach: yes
-      keep_volumes: yes
-      restart_policy: unless-stopped
+    - name: Ensure mosquitto is running
+      docker_container:
+        name: mosquitto
+        image: "{{ mosquitto_image }}"
+        pull: true
+        state: started
+        ports:
+          - 1883:1883
+          - 9001:9001
+        volumes:
+          - "{{ mosquitto_data }}/config:/mosquitto/config"
+          - "{{ mosquitto_data }}/data:/mosquitto/data"
+          - "{{ mosquitto_data }}/log:/mosquitto/log"
+        detach: yes
+        keep_volumes: yes
+        restart_policy: unless-stopped
 
-  - name: Ensure the openhab directories exist
-    file:
-      path: "{{ item }}"
-      state: directory
-    with_items:
-      - "{{ openhab_data }}/addons"
-      - "{{ openhab_data }}/conf"
-      - "{{ openhab_data }}/userdata"
+    - name: Ensure the openhab directories exist
+      file:
+        path: "{{ item }}"
+        state: directory
+      with_items:
+        - "{{ openhab_data }}/addons"
+        - "{{ openhab_data }}/conf"
+        - "{{ openhab_data }}/userdata"
 
-  - name: Clone or update configuration
-    git:
-      repo: "{{ openhab_configuration_source }}"
-      version: "{{ openhab_configuration_version }}"
-      dest: "{{ openhab_data }}/conf"
-      clone: yes
-      update: yes
+    - name: Clone or update configuration
+      git:
+        repo: "{{ openhab_configuration_source }}"
+        version: "{{ openhab_configuration_version }}"
+        dest: "{{ openhab_data }}/conf"
+        clone: yes
+        update: yes
 
-  - name: ensure openhab is up and running
-    docker_container:
-      name: openhab
-      image: "{{ openhab_image }}"
-      pull: true
-      state: started
-      detach: yes
-      interactive: yes
-      tty: yes
-      ports:
-        - "{{ openhab_host_port }}:8080"
-      volumes:
-        - /etc/localtime:/etc/localtime:ro
-        - /etc/timezone:/etc/timezone:ro
-        - "{{ openhab_data }}/addons:/openhab/addons:rw"
-        - "{{ openhab_data }}/conf:/openhab/conf:rw"
-        - "{{ openhab_data }}/userdata:/openhab/userdata:rw"
-      keep_volumes: yes
-      restart_policy: unless-stopped
-      env: EXTRA_JAVA_OPTS="-Duser.timezone=Europe/Berlin"
+    - name: ensure openhab is up and running
+      docker_container:
+        name: openhab
+        image: "{{ openhab_image }}"
+        pull: true
+        state: started
+        detach: yes
+        interactive: yes
+        tty: yes
+        ports:
+          - "{{ openhab_host_port }}:8080"
+        volumes:
+          - /etc/localtime:/etc/localtime:ro
+          - /etc/timezone:/etc/timezone:ro
+          - "{{ openhab_data }}/addons:/openhab/addons:rw"
+          - "{{ openhab_data }}/conf:/openhab/conf:rw"
+          - "{{ openhab_data }}/userdata:/openhab/userdata:rw"
+        keep_volumes: yes
+        restart_policy: unless-stopped
+        env: EXTRA_JAVA_OPTS="-Duser.timezone=Europe/Berlin"
 
-  - name: Setup proxy site openhab.n39.eu
-    include_role:
-      name: setup-http-site-proxy
-    vars:
-      site_name: openhab.n39.eu
-      proxy_port: "{{ openhab_host_port }}"
+    - name: Setup proxy site openhab.n39.eu
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: openhab.n39.eu
+        proxy_port: "{{ openhab_host_port }}"
 
-  - name: Ensure container for URI tools is running
-    docker_container:
-      name: uritools
-      image: mrtux/clean_uri
-      pull: true
-      state: started
-      detach: yes
-      ports:
-        - "{{ uritools_host_port }}:8080"
-      restart_policy: unless-stopped
+    - name: Ensure container for URI tools is running
+      docker_container:
+        name: uritools
+        image: mrtux/clean_uri
+        pull: true
+        state: started
+        detach: yes
+        ports:
+          - "{{ uritools_host_port }}:8080"
+        restart_policy: unless-stopped
 
-  - name: Setup proxy site uritools.n39.eu
-    include_role:
-      name: setup-http-site-proxy
-    vars:
-      site_name: uritools.n39.eu
-      proxy_port: "{{ uritools_host_port }}"
+    - name: Setup proxy site uritools.n39.eu
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: uritools.n39.eu
+        proxy_port: "{{ uritools_host_port }}"
 
-  - name: Ensure container for entities validation service is running
-    docker_container:
-      name: entities_validation_svc
-      image: netz39/entities_validation_svc:v1.0.0
-      pull: true
-      state: started
-      detach: yes
-      ports:
-        - "{{ entities_validation_svc_host_port }}:8080"
-      restart_policy: unless-stopped
+    - name: Ensure container for entities validation service is running
+      docker_container:
+        name: entities_validation_svc
+        image: netz39/entities_validation_svc:v1.0.0
+        pull: true
+        state: started
+        detach: yes
+        ports:
+          - "{{ entities_validation_svc_host_port }}:8080"
+        restart_policy: unless-stopped
 
-  - name: Setup proxy site entities-validation.svc.n39.eu
-    include_role:
-      name: setup-http-site-proxy
-    vars:
-      site_name: entities-validation.svc.n39.eu
-      proxy_port: "{{ entities_validation_svc_host_port }}"
+    - name: Setup proxy site entities-validation.svc.n39.eu
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: entities-validation.svc.n39.eu
+        proxy_port: "{{ entities_validation_svc_host_port }}"
 
-  - name: Ensure container for shlink is running
-    docker_container:
-      name: shlink
-      image: shlinkio/shlink:2.6.2
-      pull: true
-      state: started
-      detach: yes
-      ports:
-        - "{{ shlink_host_port }}:8080"
-      restart_policy: unless-stopped
-      env:
-        SHORT_DOMAIN_HOST: "{{ shlink_domain_name }}"
-        SHORT_DOMAIN_SCHEMA: https
-        GEOLITE_LICENSE_KEY: "{{ shlink_geolite_license_key }}"
+    - name: Ensure container for shlink is running
+      docker_container:
+        name: shlink
+        image: shlinkio/shlink:2.6.2
+        pull: true
+        state: started
+        detach: yes
+        ports:
+          - "{{ shlink_host_port }}:8080"
+        restart_policy: unless-stopped
+        env:
+          SHORT_DOMAIN_HOST: "{{ shlink_domain_name }}"
+          SHORT_DOMAIN_SCHEMA: https
+          GEOLITE_LICENSE_KEY: "{{ shlink_geolite_license_key }}"
+
+    - name: Setup proxy site {{ shlink_domain_name }}
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: "{{ shlink_domain_name }}"
+        proxy_port: "{{ shlink_host_port }}"
 
-  - name: Setup proxy site {{ shlink_domain_name }}
-    include_role:
-      name: setup-http-site-proxy
-    vars:
-      site_name: "{{ shlink_domain_name }}"
-      proxy_port: "{{ shlink_host_port }}"
-    
   handlers:
-  - name: restart mosquitto
-    docker_container:
-      name: mosquitto
-      state: started
-      restart: yes
+    - name: restart mosquitto
+      docker_container:
+        name: mosquitto
+        state: started
+        restart: yes
diff --git a/requirements.yml b/requirements.yml
index a608f7f..3641f1f 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -5,3 +5,5 @@
   version: 3.0.0
 - src: git+https://github.com/24367dfa/ansible-role-dehydrated.git
   version: 1.0.2
+- src: git+https://github.com/maz3max/ble-keykeeper-role.git
+  version: v1.0.1
diff --git a/tau.yml b/tau.yml
index 60bb1f7..74f6e1d 100644
--- a/tau.yml
+++ b/tau.yml
@@ -5,6 +5,9 @@
   vars:
     ansible_python_interpreter: /usr/bin/python3
 
+    docker_registry_port: 5000 # this is the reg standard port
+    docker_registry_domain: "docker.n39.eu"
+
   roles:
     - role: docker_setup
     - role: apache
@@ -31,6 +34,8 @@
             deploy_challenge_hook: "/bin/systemctl restart apache2"
           - name: "mysql.adm.netz39.de"
             deploy_challenge_hook: "/bin/systemctl restart apache2"
+          - name: "{{ docker_registry_domain }}"
+            deploy_challenge_hook: "/bin/systemctl restart apache2"
 
     - name: Setup forward site reservierung.netz39.de
       include_role:
@@ -68,3 +73,43 @@
       vars:
         site_name: mysql.adm.netz39.de
         proxy_port: 9001
+
+
+    - name: Check if Docker Registry auth dir exists
+      ansible.builtin.stat:
+        path: "/srv/docker/registry/auth"
+      register: docker_dir
+    - name: Fail if docker registry data dir does not exist
+      ansible.builtin.fail:
+        msg: "Docker Registry auth dir is missing, please restore from the backup!"
+      when: not docker_dir.stat.exists
+    - name: Ensure the Docker Registry data directory exists
+      # This may not be part of the backup
+      file:
+        path: "/srv/docker/registry/data"
+        state: directory
+
+    - name: Setup Docker Registry Container
+      docker_container:
+        name: registry
+        image: "registry:2"
+        pull: true
+        state: started
+        restart_policy: unless-stopped
+        detach: yes
+        ports:
+        - 127.0.0.1:{{ docker_registry_port }}:{{ docker_registry_port }}
+        env:
+          REGISTRY_HTTP_HOST: "https://{{ docker_registry_domain }}"
+          REGISTRY_AUTH_HTPASSWD_REALM: "Netz39 Docker Registry"
+          REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd"
+        volumes:
+        - "/srv/docker/registry/data:/var/lib/registry:rw"
+        - "/srv/docker/registry/auth:/auth:rw"
+
+    - name: Setup proxy site for the Docker Registry
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: "{{ docker_registry_domain }}"
+        proxy_port: "{{ docker_registry_port }}"
diff --git a/unicorn.yml b/unicorn.yml
index 5d94c81..cf990d8 100644
--- a/unicorn.yml
+++ b/unicorn.yml
@@ -1,11 +1,32 @@
 ---
+# this is for a dedicated vm just hosting the unifi controller.
 - hosts: unicorn.n39.eu
   become: true
-
   vars:
     ansible_python_interpreter: /usr/bin/python3
-
   roles:
     - role: docker_setup
       vars:
         docker_data_root: "/srv/docker"
+  tasks:
+    - name: Setup the docker container for unifi-controller
+      docker_container:
+        name: unifi-controller
+        image: "jacobalberty/unifi:v6.5.55"
+        state: started
+        restart_policy: unless-stopped
+        container_default_behavior: no_defaults
+        env:
+          TZ: "Europe/Berlin"
+        # These fixed ports are needed.
+        # https://help.ui.com/hc/en-us/articles/218506997-UniFi-Ports-Used
+        ports:
+          - "8080:8080/tcp" # Device command/control
+          - "8443:8443/tcp" # Web interface + API
+          - "8843:8843/tcp" # HTTPS portal
+          - "8880:8880/tcp" # HTTP portal
+          - "3478:3478/udp" # STUN service
+          - "6789:6789/tcp" # Speed Test (unifi5 only)
+        volumes:
+          - "/srv/data/unifi-controller/data:/unifi/data"
+          - "/srv/data/unifi-controller/log:/unifi/log"