diff --git a/roles/lmn_vm/files/pam-umount.sh b/roles/lmn_vm/files/pam-umount.sh
index 0d90dd5..952127a 100644
--- a/roles/lmn_vm/files/pam-umount.sh
+++ b/roles/lmn_vm/files/pam-umount.sh
@@ -13,12 +13,12 @@ slp=false
 shutdownVMs(){
     local VM
     for VM in $(sudo -u $usr XDG_RUNTIME_DIR="/run/user/$uid" \
-		     XDG_CONFIG_HOME="/tmp/$uid/.config/" \
+		     XDG_CONFIG_HOME="/var/tmp/vm/$uid/.config" \
 		     XDG_CACHE_HOME="/var/cache/user/$uid/" \
 		     virsh list --state-running | \
 		    sed -nE "s/.*\s+(\S+)\s+running/\1/p") ; do
 	sudo -u $usr XDG_RUNTIME_DIR="/run/user/$uid" \
-	     XDG_CONFIG_HOME="/tmp/$uid/.config/" \
+	     XDG_CONFIG_HOME="/var/tmp/vm/$uid/.config" \
 	     XDG_CACHE_HOME="/var/cache/user/$uid/" \
 	     virsh destroy "$VM" 2>&1 | systemd-cat || true
 	slp=true
diff --git a/roles/lmn_vm/files/vm-netboot b/roles/lmn_vm/files/vm-netboot
index a55be59..141f496 100755
--- a/roles/lmn_vm/files/vm-netboot
+++ b/roles/lmn_vm/files/vm-netboot
@@ -5,7 +5,7 @@
 set -eu
 
 ## Imporant for all virsh libvirt calls:
-export XDG_CONFIG_HOME="/tmp/${UID}/.config"
+export XDG_CONFIG_HOME="/var/tmp/vm/${UID}/.config"
 
 menu=(standard "CLI Standard Debian GNU/Linux NFS"
       standard-ram "CLI Standard Debian GNU/Linux RAM"
diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run
index 9e24290..abacd42 100755
--- a/roles/lmn_vm/files/vm-run
+++ b/roles/lmn_vm/files/vm-run
@@ -295,7 +295,7 @@ if [[ "${PERSISTENT}" == 1 ]] && [[ ! -f "${VM_DIR_PERSISTENT}/${VM_NAME}.qcow2"
 fi
 
 # because virsh has problems with long pathnames, using diffent configdir
-export XDG_CONFIG_HOME="/tmp/${UID}/.config"
+export XDG_CONFIG_HOME="/var/tmp/vm/${UID}/.config"
 
 if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
     echo "VM not yet running."
diff --git a/roles/lmn_vm/files/vm.conf b/roles/lmn_vm/files/vm.conf
index f4a70a9..824bac1 100644
--- a/roles/lmn_vm/files/vm.conf
+++ b/roles/lmn_vm/files/vm.conf
@@ -9,10 +9,10 @@ DESKTOPSTARTERDIR="/srv/samba/schools/default-school/share/school/AdminIT/deskto
 
 VM_SYSDIR="/lmn/vm"
 if [[ -v SUDO_UID ]]; then
-  VM_DIR="/tmp/${SUDO_UID}/vm"
+  VM_DIR="/var/tmp/vm/${SUDO_UID}/vm"
   VM_DIR_PERSISTENT="/var/vm/${SUDO_UID}"
 else
-  VM_DIR="/tmp/${UID}/vm"
+  VM_DIR="/var/tmp/vm/${UID}/vm"
   VM_DIR_PERSISTENT="/var/vm/${UID}"
 fi
 
diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml
index e8fc421..e2d750f 100644
--- a/roles/lmn_vm/tasks/main.yml
+++ b/roles/lmn_vm/tasks/main.yml
@@ -126,6 +126,12 @@
     group: lmnsynci
     mode: 0755
 
+- name: Create cleanup-vm.conf
+  ansible.builtin.copy:
+    dest: /etc/tmpfiles.d/clean-vm.conf
+    content: |
+      R! /var/tmp/vm
+
 - name: Install squid
   apt:
     name: