diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 26f0ec15983d7c087bb3fd785c5b4613128fbd46..b4e785871981a4b0c74c4a777505a4a15c7e95bf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,69 +1,32 @@
----
 # A pipeline is composed of independent jobs that run scripts, grouped into stages.
 # Stages run in sequential order, but jobs within stages run in parallel.
 #
 # For more information, see: https://docs.gitlab.com/ee/ci/yaml/index.html#stages
 
 stages:          # List of stages for jobs, and their order of execution
-  - build
   - test
-  - cleanup
-
-variables:
-  IMAGE_TARGET: "$CI_REGISTRY_IMAGE/bullseye_ansible"
-#  CI_DEBUG_TRACE: "true"
 
 default:
-  image:
-    name: "${IMAGE_TARGET}:latest"
   before_script:
     - source /opt/molecule/bin/activate
     - ansible --version
     - molecule --version
-    - docker --version
-
-build-env-job:       # This job runs in the build stage, which runs first.
-  stage: build
-  timeout: 30m
-  tags:
-    - "docker"
-  image:
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  before_script: []
-  script:
-    - mkdir -p /kaniko/.docker
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"},\"$(printf "%s" "$CI_DEPENDENCY_PROXY_SERVER" | cut -d':' -f1)\":{\"auth\":\"$(printf "%s:%s" "$CI_DEPENDENCY_PROXY_USER" "$CI_DEPENDENCY_PROXY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
-    - >-
-      /kaniko/executor
-      --context "${CI_PROJECT_DIR}"
-      --dockerfile "${CI_PROJECT_DIR}/molecule/resources/playbooks/Dockerfile"
-      --destination "${IMAGE_TARGET}:latest"
 
-test-job:        # This job runs in the test stage.
-  stage: test    # It only starts when the job in the build stage completes successfully.
+test-job:
+  stage: test
   tags:
     - "shell"
   script:
     # make sure that Ansible Vaults are present and can be decrypted
-    # - sudo chown -R lza /builds/sachse/
     - echo "${VAULT_LZA_PROXY}" > ../lza_proxy.pass
     - export ANSIBLE_VAULT_PASSWORD_FILE=../lza_proxy.pass
     - rm -rf ../ansible_vaults/
-    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/
-    # - sudo chmod o-w "${CI_PROJECT_DIR}"
+    - git clone https://gitlab+deploy-token-25:${VAULT_ACCESS_TOKEN}@git.slub-dresden.de/slub-referat-2-3/ansible_vaults.git ../ansible_vaults/; \
     # run Molecule tests
     - molecule syntax --scenario-name default
     - molecule lint --scenario-name default
+    - molecule create --scenario-name default
     - molecule converge --scenario-name default
     - molecule idempotence --scenario-name default
-    # - molecule verify --scenario-name default
+      #- molecule verify --scenario-name default
     - molecule destroy --scenario-name default
-
-cleanup-job:
-  stage: cleanup
-  tags:
-    - "shell"
-  script:
-    - rm -rf "%CACHE_PATH%/%CI_PIPELINE_ID%"
-  when: always
diff --git a/handlers/main.yml b/handlers/main.yml
index c1ee46a7c2234b41a28d46297a9fa905f12f0dac..db701ee0aaf53e6b673972fb283feefe03c24935 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -22,5 +22,3 @@
   ansible.builtin.systemd:
     name: "squid.service"
     state: restarted
-  # Don't run systemd restart handler, because SystemD isn't available in the Docker container during Molecule tests.
-  tags: [molecule-notest]
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 82d95e29938d31645cc1fb21fdef736e8480538d..5424d3e9c29063b8594155baf5696d04e56fb16a 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -1,15 +1,12 @@
 ---
-prerun: false
 dependency:
   name: galaxy
-  enabled: false
 driver:
-  name: docker
+  name: vagrant
 platforms:
-  - name: instance
-    dockerfile: ../resources/playbooks/Dockerfile
-    image: registry.git.slub-dresden.de/sachse/mytestrole/bullseye_ansible:latest
-    pre_build_image: false
+  - name: vm-runner
+    box: debian/bullseye64
+    memory: 1024
 provisioner:
   name: ansible
   playbooks:
@@ -20,7 +17,3 @@ provisioner:
     verify: ../resources/playbooks/verify.yml
 verifier:
   name: ansible
-lint: |
-  set -e
-  yamllint .
-  ansible-lint -x no-loop-var-prefix,command-instead-of-module
diff --git a/molecule/resources/playbooks/Dockerfile b/molecule/resources/playbooks/Dockerfile
deleted file mode 100644
index 535145cc87a65124399c96a8a8ad21c1fe209a77..0000000000000000000000000000000000000000
--- a/molecule/resources/playbooks/Dockerfile
+++ /dev/null
@@ -1,15 +0,0 @@
-FROM debian:stable-slim
-
-RUN adduser lza;
-
-### configure SLUB Debian Repository
-RUN apt-get update; \
-    apt-get install -y --no-install-recommends gnupg wget git python3 ansible sudo; \
-    wget -O - http://sdvdebianrepo.slub-dresden.de/deb-repository/pub.gpg.key | apt-key add - ; \
-    echo "deb http://sdvdebianrepo.slub-dresden.de/deb-repository bullseye main" > /etc/apt/sources.list.d/slub.list; \
-    apt-get update;
-    #apt-get -y --no-install-recommends install python3-pip python3-virtualenv;
-
-RUN echo "lza     ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/lza-user
-
-USER lza
diff --git a/molecule/resources/playbooks/INSTALL.rst b/molecule/resources/playbooks/INSTALL.rst
new file mode 100644
index 0000000000000000000000000000000000000000..0c4bf5c7eb43b1b428b1824a62f8fb8a213f3600
--- /dev/null
+++ b/molecule/resources/playbooks/INSTALL.rst
@@ -0,0 +1,23 @@
+*********************************
+Vagrant driver installation guide
+*********************************
+
+Requirements
+============
+
+* Vagrant
+* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule_vagrant'
diff --git a/molecule/resources/playbooks/converge.yml b/molecule/resources/playbooks/converge.yml
index 540cfb67d67e60c4a90857b26c285ad6de674254..6817a16a4b224f11afe50d8b46afa6e7c6e777d9 100644
--- a/molecule/resources/playbooks/converge.yml
+++ b/molecule/resources/playbooks/converge.yml
@@ -1,8 +1,11 @@
 ---
 - name: Converge
   hosts: all
-  tasks:
-    - name: "Include role"
-      ansible.builtin.include_role:
-        name: "ansible_lza_proxy"
-  become: true
+  pre_tasks:
+    - name: update apt cache
+      ansible.builtin.apt:
+        update_cache: true
+        upgrade: dist
+      become: true
+  roles:
+    - {name: "ansible_lza_proxy", become: true}
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
index e707420ab5c87edfa59c7805ce4534ff1b387177..79044cd067d65d465136e1d68a529f32b58e0d38 100644
--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
@@ -6,5 +6,5 @@
   gather_facts: false
   tasks:
   - name: Example assertion
-    ansible.builtin.assert:
+    assert:
       that: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 279f3292be2f53309292e7507f66a44eb8a1e161..f3d7ed6df8e1e107f7fa497a510bdb03f61b18ca 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -19,5 +19,4 @@
 
 - name: configure iptables firewall
   ansible.builtin.import_tasks: "configure-iptables.yml"
-  # don't run iptables tasks, because iptables can't be used in an unprivileged Docker container
-  tags: [iptables, molecule-notest]
+  tags: [iptables]