diff --git a/airootfs/root/install.sh b/airootfs/root/install.sh
index a444efa..63bff7a 100644
--- a/airootfs/root/install.sh
+++ b/airootfs/root/install.sh
@@ -230,7 +230,10 @@ function prepareInstallation() {
   [[ -z "$INSTALLATION_DOMAIN" ]] && INSTALLATION_DOMAIN="localhost"
 
   # installation type
-  INSTALLATION_TYPE=$(dialog --clear --title "Choose the main installation type of this host" --radiolist "Select one" 10 70 3 gaming Game-Server false proxy Proxy-Server false build Build-Server false 3>&1 1>&2 2>&3 3>&-)
+  # INSTALLATION_TYPE=$(dialog --clear --title "Choose the main installation type of this host" --radiolist "Select one" 10 70 3 gaming Game-Server false proxy Proxy-Server false build Build-Server false 3>&1 1>&2 2>&3 3>&-)
+
+  # standalone or managed
+  INSTALLATION_MODE=$(dialog --clear --title "Choose the main installation mode of this host" --radiolist "Select one" 10 70 3 controller Controller false managed Managed false standalone Standalone false 3>&1 1>&2 2>&3 3>&-)
 
   # show summary
   summary
@@ -242,7 +245,7 @@ function prepareInstallation() {
 function summary() {
   dialog --stdout --clear --title "Summary" --yes-label "Confirm" --no-label "Abort" --yesno "\n
 Hostname:       ${INSTALLATION_HOSTNAME}.${INSTALLATION_DOMAIN}\n
-Type:           ${INSTALLATION_TYPE}\n
+Mode:           ${INSTALLATION_MODE}\n
 Disk:           ${INSTALLATION_DISK}
   " 9 60
 
@@ -338,7 +341,7 @@ function installation() {
   installationSubtaskTitle "Install base packages"
   wget https://raw.githubusercontent.com/alpinelinux/alpine-make-rootfs/v0.7.0/alpine-make-rootfs
   chmod u+x alpine-make-rootfs
-  ./alpine-make-rootfs --no-cleanup --branch 'v'$(echo ${INSTALLATION_ALPINE_VERSION} | rev | cut -d. -f2- | rev) --packages "apk-tools alpine-base linux-lts linux-firmware-none zsh vim btrfs-progs dialog wget git mkinitfs lsblk parted lshw shadow" ${INSTALLATION_MOUNTPOINT}
+  ./alpine-make-rootfs --no-cleanup --branch 'v'$(echo ${INSTALLATION_ALPINE_VERSION} | rev | cut -d. -f2- | rev) --packages "apk-tools alpine-base linux-lts linux-firmware-none curl sudo fish fish-doc mandoc man-pages vim btrfs-progs dialog wget git mkinitfs lsblk parted lshw shadow openssh" ${INSTALLATION_MOUNTPOINT}
 
   installationSubtaskTitle "Setup resolv.conf"
   if [[ -f "${INSTALLATION_MOUNTPOINT}/etc/resolv.conf" ]]; then
@@ -386,6 +389,39 @@ function installation() {
   installationSubtaskTitle "Set root password"
   runInChroot "echo -e \"${INSTALLATION_ROOT_PW}\n${INSTALLATION_ROOT_PW}\" | passwd" || installationFailed
 
+  installationSubtaskTitle "Set root shell"
+  runInChroot "chsh -s /usr/bin/fish root" || installationFailed
+
+  case "$INSTALLATION_MODE" in
+    "controller")
+        installationSubtaskTitle "Create ansible user"
+        runInChroot "adduser -s /usr/bin/fish -S -D -h /var/lib/ansible ansible"
+
+        installationSubtaskTitle "Enable ansible passwordless sudo"
+        runInChroot "echo 'ansible ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/ansible"
+
+        installationSubtaskTitle "Generate ansible ssh-keypair"
+        runInChroot "su - ansible -c 'mkdir -p ~/.ssh'"
+        runInChroot "su - ansible -c 'ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -P \"\"'" || installationFailed
+
+        installationSubtaskTitle "Clone Playbook-repo"
+        mkdir -p ${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/playbooks
+        git clone ${INSTALLATION_ANSIBLE_GIT} ${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/playbooks
+    ;;
+    "managed")
+        installationSubtaskTitle "Create ansible user"
+        runInChroot "adduser -s /usr/bin/fish -S -D ansible"
+
+        installationSubtaskTitle "Enable ansible passwordless sudo"
+        runInChroot "echo 'ansible ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/ansible"
+    ;;
+    "standalone")
+        installationSubtaskTitle "Clone Playbook-repo"
+        mkdir -p ${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/playbooks
+        git clone ${INSTALLATION_ANSIBLE_GIT} ${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/playbooks
+    ;;
+  esac
+
   installationSubtaskTitle "Enable btrfs module"
   runInChroot "echo 'btrfs' >> /etc/modules"
   runInChroot "echo 'efivarfs' >> /etc/modules"
@@ -396,22 +432,21 @@ function installation() {
   runInChroot "rc-update add udev-settle sysinit"
   runInChroot "rc-update add udev-postmount default"
 
-  echo ""
-  echo "┌──────────────────────────────────────────┐"
-  echo "│    Configure Ansible and playbook-run    │"
-  echo "└──────────────────────────────────────────┘"
 
-  installationSubtaskTitle "Clone Playbook-repo"
-  mkdir -p ${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/playbooks
-  git clone ${INSTALLATION_ANSIBLE_GIT} ${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/playbooks
+  case "$INSTALLATION_MODE" in
+    "standalone"|"controller")
+      echo ""
+      echo "┌──────────────────────────────────────────┐"
+      echo "│    Configure Ansible and playbook-run    │"
+      echo "└──────────────────────────────────────────┘"
 
-  mkdir -p ${INSTALLATION_MOUNTPOINT}/etc/ansible
-  cat >"${INSTALLATION_MOUNTPOINT}/etc/ansible/ansible.cfg" <<EOT || installationFailed
+      mkdir -p ${INSTALLATION_MOUNTPOINT}/etc/ansible
+      cat >"${INSTALLATION_MOUNTPOINT}/etc/ansible/ansible.cfg" <<EOT || installationFailed
 [defaults]
 inventory=/${INSTALLATION_ANSIBLE_ROOT}/inventory.yml
 EOT
 
-  cat >"${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/inventory.yml" <<EOT
+      cat >"${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/inventory.yml" <<EOT
 ungrouped:
   hosts:
     localhost
@@ -419,14 +454,19 @@ ungrouped:
     ansible_connection: local
     start_timestamp: ${START_TIMESTAMP}
     tmpfs_size: 4G
-    installation_type: ${INSTALLATION_TYPE}
     mysql_root_password: $(randomPasswordGen 32)
     release_version: 2412
     alpine_version: v3.21
 EOT
+      installationSubtaskTitle "Execute Ansible playbooks"
+      if [[ "$INSTALLATION_MODE" == "standalone" ]]; then
+        runInChroot "ansible-playbook /${INSTALLATION_ANSIBLE_ROOT}/playbooks/standalone.ansible.yml" || installationFailed
+      else
+        runInChroot "ansible-playbook /${INSTALLATION_ANSIBLE_ROOT}/playbooks/base.ansible.yml" || installationFailed
+      fi
+      ;;
+  esac
 
-  installationSubtaskTitle "Execute Ansible playbooks"
-  runInChroot "ansible-playbook /${INSTALLATION_ANSIBLE_ROOT}/playbooks/top.ansible.yml" || installationFailed
 
   echo ""
   echo "┌──────────────────────────────────────────┐"
diff --git a/template/root/install.sh b/template/root/install.sh
index f84d66a..10e5dc7 100644
--- a/template/root/install.sh
+++ b/template/root/install.sh
@@ -395,13 +395,15 @@ function installation() {
   case "$INSTALLATION_MODE" in
     "controller")
         installationSubtaskTitle "Create ansible user"
-        runInChroot "adduser -s /usr/bin/fish -S -D ansible"
+        runInChroot "addgroup -S ansible"
+        runInChroot "adduser -s /usr/bin/fish -S -D -h /var/lib/ansible -G ansible ansible"
 
         installationSubtaskTitle "Enable ansible passwordless sudo"
         runInChroot "echo 'ansible ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/ansible"
 
         installationSubtaskTitle "Generate ansible ssh-keypair"
-        runInChroot "sudo -u ansible 'ssh-keygen -t ed25519 -P ""'" || installationFailed
+        runInChroot "su - ansible -c 'mkdir -p ~/.ssh'"
+        runInChroot "su - ansible -c 'ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -P \"\"'" || installationFailed
 
         installationSubtaskTitle "Clone Playbook-repo"
         mkdir -p ${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/playbooks
@@ -432,19 +434,20 @@ function installation() {
   runInChroot "rc-update add udev-postmount default"
 
 
-if [[ "$INSTALLATION_MODE" == "standalone" ]]; then
-    echo ""
-    echo "┌──────────────────────────────────────────┐"
-    echo "│    Configure Ansible and playbook-run    │"
-    echo "└──────────────────────────────────────────┘"
+  case "$INSTALLATION_MODE" in
+    "standalone"|"controller")
+      echo ""
+      echo "┌──────────────────────────────────────────┐"
+      echo "│    Configure Ansible and playbook-run    │"
+      echo "└──────────────────────────────────────────┘"
 
-    mkdir -p ${INSTALLATION_MOUNTPOINT}/etc/ansible
-    cat >"${INSTALLATION_MOUNTPOINT}/etc/ansible/ansible.cfg" <<EOT || installationFailed
+      mkdir -p ${INSTALLATION_MOUNTPOINT}/etc/ansible
+      cat >"${INSTALLATION_MOUNTPOINT}/etc/ansible/ansible.cfg" <<EOT || installationFailed
 [defaults]
 inventory=/${INSTALLATION_ANSIBLE_ROOT}/inventory.yml
 EOT
 
-    cat >"${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/inventory.yml" <<EOT
+      cat >"${INSTALLATION_MOUNTPOINT}/${INSTALLATION_ANSIBLE_ROOT}/inventory.yml" <<EOT
 ungrouped:
   hosts:
     localhost
@@ -456,10 +459,14 @@ ungrouped:
     release_version: %REL_VER%
     alpine_version: %ALP_VER%
 EOT
-
-    installationSubtaskTitle "Execute Ansible playbooks"
-    runInChroot "ansible-playbook /${INSTALLATION_ANSIBLE_ROOT}/playbooks/standalone.ansible.yml" || installationFailed
-fi
+      installationSubtaskTitle "Execute Ansible playbooks"
+      if [[ "$INSTALLATION_MODE" == "standalone" ]]; then
+        runInChroot "ansible-playbook /${INSTALLATION_ANSIBLE_ROOT}/playbooks/standalone.ansible.yml" || installationFailed
+      else
+        runInChroot "ansible-playbook /${INSTALLATION_ANSIBLE_ROOT}/playbooks/base.ansible.yml" || installationFailed
+      fi
+      ;;
+  esac
 
 
   echo ""