diff --git a/inventory-sample.yml b/inventory-sample.yml
index 91967e2..5cca733 100644
--- a/inventory-sample.yml
+++ b/inventory-sample.yml
@@ -6,5 +6,148 @@ all:
     kde_desktop_pkg:
       - akonadi-backend-sqlite
 
+
+    ## Proxy configuration (see: doc/localproxy.md)
+    # localproxy: true
+    # no_proxy: "firewall.{{ domain }},server.{{ domain }},.{{ domain }}"
+
+    # kerberize_uris: "idam.{{ domain }}, server.{{ domain }}, *.{{ domain }}"
+
+    ## Configure additional apt options. E.g. Apt-cacher?
+    # apt_conf: "Acquire::http::Proxy \"http://aptcache.{{ domain }}:3142/\";"
+
+    ## Configure NTP-Server
+    # ntp_serv: "server.{{ domain }}"
+
+    ## NFS-Server for additional mount. Comment out or leave empty to use no additional NFS-Server:
+    # nfs_server: "files.{{ domain }}"
+
+    ## List of print servers. The order of the print servers determines which print server the printer will be installed from:
+    # printservers:
+    #   - "server.{{ domain }}"
+    #   - "print.{{ domain }}"
+
+    ## PAM mount nextcloud. Comment out or leave empty to skip:
+    # web_dav: "https://nc.{{ domain }}/remote.php/dav/files/%(USER)"
+
+    ## Local mirror for mscorefonts. Comment out or leave empty to use no mirror:
+    # mirror_msfonts: "http://livebox.{{ domain }}/mscorefonts/"
+
+    ## Local mirror for libdvdcss. Comment out or leave empty to use no mirror:
+    # mirror_dvdcss: "http://livebox.{{ domain }}/libdvdcss/"
+
+    ## SSH-keys to deploy:
+    ## passwordless login for default-user (ansible)
+    ##
+    # keys2deploy:
+    #   - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI........ admin1@example.com'
+    #   - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI........ admin2@example.com'
+
+    ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
+    # grub_pwd: 'grub.pbkdf2.sha512.10000.EF6E2F4F758771751EF4A8A85B1F3F25F35A3AF859DBF0BB8153D9DF6B48D27A2DCDF4ECDC0711D2A93DCBBCF2C4D6FC69D02E1179AB14B62750BDD502C81C95.442C213A064A98E5FF089F3E647C6481327750127D310ABC39596176233C0CE75311EE818EE7F77BD961BBB723A15F853DE6DDD3BF30C7273769C7AC2587CD28'
+
+    ## Installs VM-support (QEMU/KVM)
+    ## Additional infrastructure (seedbox) nedded. See: doc/vm.md
+    ##
+    # vm_support: true
+    # vm_torrent_serv: "seedbox.{{ domain }}"
+    # vm_uploadseed_pwd: secret = "token:topsecret"
+
+    ## Additional packages to install
+    ##
+    # extra_pkgs:
+    #   - vim
+    #   - mc
+    #   - tmux
+    #   - debconf-utils
+
+    ## WLAN configuration (see: doc/vpn.md):
+    ##
+    ## WPA Personal
+    # wlan: psk
+    # wlan_ssid: devicesPSK
+    # wlan_password: "topsecretpasswd"
+    #
+    ## WPA Enterprise with EAP-TLS
+    ## Additional infrastructure (radius server) needed. See: doc/vpn.md
+    # wlan: eap-tls
+    # wlan_ssid: devicesEAPtls
+    # wlan_eap_ca:
+    #   C: DE
+    #   ST: Baden-Wuerttemberg
+    #   L: Reutlingen
+    #   O: Linuxschule
+    #   emailAddress: admin@example.com
+    #   CN: Radius Certificate Authority
+    #   password: "secret4radiusCA"
+    # wlan_eap_ca_crl: "http://radius.{{ domain }}/radius-ca.crl"
+
+    ## VPN Configuration (Wireguard)
+    ## Additional infrastructure needed (see: doc/vpn.md)
+    ##
+    # vpn: wg # only set on hosts/groups, which will get wireguard profiles
+    # wg_endpoint: "203.0.113.1:51820"
+    # wg_allowed_ips: "10.0.0.0/16;"
+    # wg_ip_cdr: 24
+    # wg_dns: "9.9.9.9"
+    # wg_dns_search: "{{ domain }}"
+
+    ## Reporter service
+    ## Enable automatic reports
+    # misc_reporter: true
+    ## Server to which reports should be sent. If you don't want to use reporting, this can be empty:
+    # misc_reporter_serv: "collector.{{ domain }}"
+
+    ## Additional roles to run (see: doc/custom_roles.md):
+    ##
+    # custom_roles:
+    #   - fvs
+
   hosts:
     localhost:
+
+laptops:
+  children:
+    teacherlaptop: # teacherlaptops will get laptop vars too
+  hosts:
+  vars:
+    ## Activate WLAN and select authentication mode (see: doc/wlan.md)
+    wlan: psk # (none|psk|eap-tls)
+
+    ## Use localhome on mobile devices
+    localhome: true
+
+    ## Create local guest user
+    localuser: guest
+    localuser_password: !unsafe Muster!
+
+teacherlaptop:
+  hosts:
+  vars:
+    exam_mode: false
+    # vpn: wg
+    extra_pkgs1:
+      - plasma-discover
+      - nextcloud-desktop
+      - dolphin-nextcloud
+    sudo_permissions:
+      "%role-teacher":
+        - /usr/bin/apt
+        - /usr/sbin/cryptsetup
+    polkit_rules:
+      "role-teacher":
+        - "org.freedesktop.NetworkManager.settings.modify.system"
+        - "org.freedesktop.packagekit.package-install"
+        - "org.freedesktop.packagekit.package-reinstall"
+        - "org.freedesktop.packagekit.system-update"
+        - "org.freedesktop.packagekit.upgrade-system"
+        - "org.freedesktop.packagekit.package-install-untrusted"
+    localuser: false
+    localhome_logout_missing_serverhome: false
+    wlan_enable_on_boot: false
+    misc_avoid_suspend: false
+    misc_pwroff: false
+    misc_pwroff_idle: false
+    misc_reporter: false # privacy for teachers
+    printer_admin_group: role-teacher
+    fvs_remove_discover: false # Custom role feature to give teachers package store