diff --git a/roles/fai/defaults/main.yml b/roles/fai/defaults/main.yml
index 8709d60..7d8227b 100644
--- a/roles/fai/defaults/main.yml
+++ b/roles/fai/defaults/main.yml
@@ -10,3 +10,12 @@ server_netbits: 24
 server_netmask: 255.255.255.0
 apt_cacher_offline_mode: false
 debian_release: buster
+
+fai_configdir: /srv/fai/config
+fai_profiles_archive: "config.tar"
+fai_squashfs_file: "squash.img"
+
+tftp_dir: "/srv/tftp/fai"
+http_mirror_ipxe_path_prefix: "ipxe"
+http_mirror_fai_path_prefix: "fai"
+
diff --git a/roles/fai/tasks/fai-configure.yml b/roles/fai/tasks/fai-configure.yml
index 4b6d30e..d4f59e3 100644
--- a/roles/fai/tasks/fai-configure.yml
+++ b/roles/fai/tasks/fai-configure.yml
@@ -19,3 +19,4 @@
     group: root
     content: |
       LOGUSER=root
+      FAI_CONFIGDIR={{ fai_configdir }}
diff --git a/roles/fai/tasks/fai-pxe-ipxe.yml b/roles/fai/tasks/fai-ipxe.yml
similarity index 81%
rename from roles/fai/tasks/fai-pxe-ipxe.yml
rename to roles/fai/tasks/fai-ipxe.yml
index 39cbf2b..9b2bbfd 100644
--- a/roles/fai/tasks/fai-pxe-ipxe.yml
+++ b/roles/fai/tasks/fai-ipxe.yml
@@ -15,6 +15,7 @@
   copy:
     content: |
       #!ipxe
+      set boot-root {{ http_mirror_ipxe_root_url }}
       set menu-default fai
       set menu-timeout 5000
       set submenu-timeout ${menu-timeout}
@@ -64,15 +65,13 @@
       exit
 
       :fai
-      kernel {{ fai_live_vmlinuz }}
-      initrd {{ fai_live_initrd }}
-      imgargs {{ fai_live_vmlinuz }} ip=dhcp root=live:http://{{ server_name }}/tftp/fai/squash.img FAI_FLAGS=verbose,sshd,createv,menu FAI_CONFIG_SRC=http://{{ server_name }}/fai/config.tar FAI_ACTION=install net.ifnames=0
+      kernel --name fai ${boot-root}/{{ fai_live_vmlinuz }} root=live:{{ http_mirror_fai_squashfs_url }} FAI_FLAGS=verbose,sshd,createv,menu FAI_CONFIG_SRC={{ http_mirror_fai_profiles_url }} FAI_ACTION=install net.ifnames=0 ip=dhcp
+      imgfetch --name fai ${boot-root}/{{ fai_live_initrd }}
       boot || goto failed
       goto start
 
       :dban
-      kernel dban.bzi
-      imgargs dban.bzi silent vga=785
+      kernel ${boot-root}/dban.bzi silent vga=785
       boot || goto failed
       goto start
     dest: /srv/tftp/fai/menu.ipxe
diff --git a/roles/fai/tasks/fai-prepare.yml b/roles/fai/tasks/fai-prepare.yml
index 353e945..942b031 100644
--- a/roles/fai/tasks/fai-prepare.yml
+++ b/roles/fai/tasks/fai-prepare.yml
@@ -13,3 +13,24 @@
   package:
     name: [fai-server, squashfs-tools, ipxe]
     state: present
+
+- name: create fai profiles directory
+  file:
+    name: "{{ fai_configdir }}"
+    state: directory
+    mode: u=rwx,g=rx,o=rx
+    owner: root
+    group: root
+    recurse: true
+
+- name: create http download directories
+  file:
+    name: "{{ item }}"
+    state: directory
+    mode: u=rwx,g=rx,o=rx
+    owner: root
+    group: root
+    recurse: true
+  with_items:
+    - "{{ fai_download_dir }}"
+    - "{{ ipxe_download_dir }}"
diff --git a/roles/fai/tasks/fai-profiles.yml b/roles/fai/tasks/fai-profiles.yml
index 9b119d6..d379b8a 100644
--- a/roles/fai/tasks/fai-profiles.yml
+++ b/roles/fai/tasks/fai-profiles.yml
@@ -6,10 +6,10 @@
     group: root
     mode: u=rw,g=r,o=r
 
-- name: copy fai profile
+- name: copy fai profiles
   synchronize:
     src: profiles/
-    dest: /srv/fai/config/
+    dest: "{{ fai_configdir }}"
     mode: push
     delete: yes
     recursive: yes
@@ -18,13 +18,13 @@
 - name: Set APT proxy
   template:
     src: fai-profile-00-proxy.yml
-    dest: /srv/fai/config/files/etc/apt/apt.conf.d/00-proxy/HW4F_DESKTOP
+    dest: "{{ fai_configdir }}/files/etc/apt/apt.conf.d/00-proxy/HW4F_DESKTOP"
     owner: root
     group: root
     mode: u=rw,g=r,o=r
   register: fai_profiles_apt_proxy
 
 - name: pack fai configuration
-  shell: tar -C /srv/fai/config -cf /srv/fai/config.tar .
+  shell: "tar -C {{ fai_configdir }} -cf {{ fai_download_dir }}/{{ fai_profiles_archive }} ."
   when: "fai_profiles.changed or fai_profiles_apt_proxy.changed"
 
diff --git a/roles/fai/tasks/fai-pxe.yml b/roles/fai/tasks/fai-pxe.yml
index d3d6c6f..9c8c8b1 100644
--- a/roles/fai/tasks/fai-pxe.yml
+++ b/roles/fai/tasks/fai-pxe.yml
@@ -15,7 +15,7 @@
 - name: copy linux kernel and initrd to tftp root
   copy:
     src: "/srv/fai/nfsroot/boot/{{ item }}"
-    dest: "/srv/tftp/fai/{{ item }}"
+    dest: "{{ ipxe_download_dir }}/{{ item }}"
     owner: root
     group: root
     mode: u=rw,g=r,o=r
@@ -26,25 +26,17 @@
 
 - name: generate squashfs image of root files
   stat:
-    path: /srv/tftp/fai/squash.img
+    path: "{{ fai_squashfs_path }}"
   register: squash_img
 
 - name: generate a downloadable squashfs of root filesystem
-  shell: fai-cd -f -M -S /srv/tftp/fai/squash.img
-  when: "not squash_img.stat.exists or fai_profiles.changed or fai_profiles_apt_proxy.changed"
+  shell: "fai-cd -f -M -S {{ fai_squashfs_path }} -d {{ http_mirror_fai_profiles_url }}"
+  when: "not squash_img.stat.exists"
 
 - name: copy dban image
   copy:
     src: files/dban/dban.bzi
-    dest: /srv/tftp/fai/dban.bzi
+    dest: "{{ ipxe_download_dir }}/dban.bzi"
     owner: root
     group: root
     mode: u=rw,g=r,o=r
-
-- name: setup iPXE
-  include: fai-pxe-ipxe.yml
-
-- name: force restart tftp server
-  service:
-    name: tftpd-hpa
-    state: restarted
diff --git a/roles/fai/tasks/finish.yml b/roles/fai/tasks/finish.yml
new file mode 100644
index 0000000..bd60de0
--- /dev/null
+++ b/roles/fai/tasks/finish.yml
@@ -0,0 +1,41 @@
+- name: force restart tftp server
+  service:
+    name: tftpd-hpa
+    state: restarted
+
+- name: ensure inetd is started
+  service:
+    name: inetd
+    state: started
+    enabled: true
+
+- name: ensure inetd is refreshed, when config changed
+  service:
+    name: inetd
+    state: restarted
+  when: inetd_conf.changed
+
+- name: ntp is running and enabled
+  service:
+    name: ntp
+    state: started
+    enabled: true
+
+- name: reload ntp config
+  service:
+    name: ntp
+    state: restarted
+  when: ntp_conf.changed
+
+- name: ensure http server is running
+  service:
+    name: nginx
+    state: started
+    enabled: true
+
+- name: ensure http server is restart after config change
+  systemd:
+    name: nginx
+    state: restarted
+  when: nginx_conf.changed
+
diff --git a/roles/fai/tasks/main.yml b/roles/fai/tasks/main.yml
index c1951ae..5f01539 100644
--- a/roles/fai/tasks/main.yml
+++ b/roles/fai/tasks/main.yml
@@ -26,3 +26,6 @@
 - include: fai-profiles.yml
 - include: fai-root.yml
 - include: fai-pxe.yml
+- include: fai-ipxe.yml
+- include: finish.yml
+
diff --git a/roles/fai/tasks/nginx.yml b/roles/fai/tasks/nginx.yml
index 6462fcf..077d774 100644
--- a/roles/fai/tasks/nginx.yml
+++ b/roles/fai/tasks/nginx.yml
@@ -9,17 +9,16 @@
       server {
         listen 80 default_server;
         listen [::]:80 default_server;
-        root /srv;
+        root /var/www/html;
         index index.html;
         server_name _;
 
-        location / {
+        location /{{ http_mirror_ipxe_path_prefix }} {
           autoindex on;
-          try_files $uri $uri/ =404;
         }
 
-        location /apt-mirror {
-          root /var/cache/apt-cacher-ng/uburep;
+        location /{{ http_mirror_fai_path_prefix }} {
+          autoindex on;
         }
       }
     dest: /etc/nginx/sites-enabled/default
@@ -28,15 +27,21 @@
     group: root
   register: nginx_conf
 
-- name: ensure http server is running
-  service:
-    name: nginx
-    state: started
-    enabled: true
+- name: place info site
+  copy:
+    content: |
+      <html>
+        <head>
+          <title>Hardware for Future - PXE Environment</title>
+        </head>
+        <body>
+          <p>This mirror is part of the <a href="https://hardwareforfuture.de/">Hardware for Future</a> project</p>
+          <p>Restart the computer and boot into PXE to install Ubuntu.</p>
+        </body>
+      </html>
 
-- name: ensure http server is restart after config change
-  systemd:
-    name: nginx
-    state: restarted
-  when: nginx_conf.changed
+    dest: /var/www/html/index.html
+    mode: 0644
+    owner: root
+    group: root
 
diff --git a/roles/fai/tasks/time-server.yml b/roles/fai/tasks/time-server.yml
index dd66279..cdd3a96 100644
--- a/roles/fai/tasks/time-server.yml
+++ b/roles/fai/tasks/time-server.yml
@@ -1,9 +1,4 @@
-- name: install inetd
-  package:
-    name: inetutils-tools
-    state: present
-
-- name: activate rdate
+- name: configure rdate for inetd
   copy:
     content: |
       time stream tcp nowait root internal
@@ -13,18 +8,10 @@
     mode: u=rw,g=r,o=r
   register: inetd_conf
 
-- name: ensure inetd is started
-  service:
-    name: inetd
-    state: started
-    enabled: true
-  when: inetd_conf.changed
-
-- name: ensure inetd is refreshed, when config changed
-  service:
-    name: inetd
-    state: restarted
-  when: inetd_conf.changed
+- name: install inetd
+  package:
+    name: inetutils-tools
+    state: present
 
 - name: install ntp server
   package:
@@ -63,15 +50,3 @@
     group: root
   register: ntp_conf
 
-- name: ntp is running and enabled
-  service:
-    name: ntp
-    state: started
-    enabled: true
-
-- name: reload ntp config
-  service:
-    name: ntp
-    state: restarted
-  when: ntp_conf.changed
-
diff --git a/roles/fai/vars/main.yml b/roles/fai/vars/main.yml
index 6dd67d7..daae4c5 100644
--- a/roles/fai/vars/main.yml
+++ b/roles/fai/vars/main.yml
@@ -2,3 +2,14 @@
 # vars file for fai
 
 server_net: "{{ server_ip |regex_replace('.[0-9]+$', '') }}"
+
+fai_download_dir: "/var/www/html/{{ http_mirror_fai_path_prefix }}"
+ipxe_download_dir: "/var/www/html/{{ http_mirror_ipxe_path_prefix }}"
+fai_squashfs_path: "{{ fai_download_dir }}/{{ fai_squashfs_file }}"
+
+http_mirror: "http://{{ server_name }}"
+http_mirror_ipxe_root_url: "{{ http_mirror }}/{{ http_mirror_ipxe_path_prefix }}"
+http_mirror_fai_profiles_url: "{{ http_mirror }}/{{ http_mirror_fai_path_prefix }}/{{ fai_profiles_archive }}"
+http_mirror_fai_squashfs_url: "{{ http_mirror }}/{{ http_mirror_fai_path_prefix }}/{{ fai_squashfs_file }}"
+
+