diff --git a/roles/headscale-server/tasks/main.yml b/roles/headscale-server/tasks/main.yml
index 9d3e02d..4adfc02 100644
--- a/roles/headscale-server/tasks/main.yml
+++ b/roles/headscale-server/tasks/main.yml
@@ -1,4 +1,18 @@
 ---
+- name: Update APT package cache
+  apt:
+    update_cache: true
+    upgrade: dist
+
+- name: Install debian packages
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - "unattended-upgrades"
+    - "joe"
+    - "fail2ban"
+
 #- name: Download headscale .deb
 #  get_url: 
 #    url="https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_arm64.deb"
@@ -34,3 +48,11 @@
     name: headscale.service
     state: started
     enabled: true
+
+# Exit node:
+#    curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
+#    curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
+# apt-get update
+# apt-get install tailscale
+# tailscale up --advertise-exit-node --login-server https://headscale.wolkige.abgruen.de
+#
diff --git a/roles/headscale-server/templates/config.yaml b/roles/headscale-server/templates/config.yaml
index 8a0e421..f2d313b 100644
--- a/roles/headscale-server/templates/config.yaml
+++ b/roles/headscale-server/templates/config.yaml
@@ -23,7 +23,14 @@ dns_config:
 # DERP
 derp:
   server:
-    enabled: false
+    enabled: true
+    region_id: 999
+    region_code: "aws-headscale-maecki"
+    region_name: "aws-headscale-maecki"
+    stun_listen_addr: "0.0.0.0:3478"
+  paths: []
+  auto_update_enabled: false
+  update_frequency: 24h
 
 # DB
 db_type: sqlite3