diff --git a/LICENSE b/LICENSE
index f76e763..33511fc 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 Copyright (c) 2022 Andreas Neue <an@dnix.de>
-Copyright (c) 2022-23 the make-deploy authors (see CONTRIBUTORS)
+Copyright (c) 2022-25 the make-deploy authors (see CONTRIBUTORS)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
diff --git a/Makefile b/Makefile
index c9ba6fc..59a1159 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,7 @@
 DEPLOY_START_DELAY = 0
+DEPLOY_PROJECT_DIR =
+
+MANDATORY = DEPLOY_NAME DEPLOY_HOSTS DEPLOY_PATH SSH_USER
 
 -include secrets.mk
 include config.mk
@@ -9,20 +12,19 @@ ifeq ($(DEPLOY_TYPE), copy)
 	DEPLOY_TYPE = simple
 endif
 
+project_dir = $(DEPLOY_PATH)/$(DEPLOY_NAME)$(DEPLOY_PROJECT_DIR)
+
 include make-deploy/$(DEPLOY_TYPE).mk
 
-.PHONY: self-update mandatory prerequisites prepare build test deploy pre-deploy post-deploy pre-local post-local upload pull start stop restart reload
+.PHONY: self-update mandatory cleanup prerequisites prepare build test deploy pre-deploy post-deploy pre-local post-local upload pull start stop restart reload notify
 
 self-update:
 	@- git submodule update --remote
 
-deploy: mandatory prepare build test upload pre-deploy pre-local pull start post-local post-deploy reload
+deploy: mandatory cleanup prepare build test upload pre-deploy pre-local pull start notify post-local post-deploy reload
 
 mandatory:
 	@- echo "\n### mandatory check"
-ifndef MANDATORY-$(DEPLOY_TYPE)
-	$(error MANDATORY-$(DEPLOY_TYPE) is not defined)
-endif
 	@ $(foreach var,$(MANDATORY), \
 		if test -z "${$(var)}"; then \
 			echo "Missing mandatory variable: $(var)"; \
@@ -33,7 +35,16 @@ endif
 prerequisites:
 	@- echo "\n### prerequisites ..."
 	@- ./prerequisites.sh
-	
+
+ifdef DEPLOY_CLEANUP
+cleanup:
+	@- echo "\n### cleanup ..."
+	@- $(foreach host,$(DEPLOY_HOSTS), \
+		scp cleanup.sh $(SSH_USER)@$(host):/$(DEPLOY_PATH)/$(DEPLOY_NAME); \
+		ssh $(SSH_USER)@$(host) "cd $(DEPLOY_PATH)/$(DEPLOY_NAME); sh cleanup.sh $(host)"; \
+	)
+endif
+
 prepare:
 	@- echo "\n### preparing ..."
 	@- chmod 600 secrets.mk
@@ -114,7 +125,17 @@ pull: pull-$(DEPLOY_TYPE)
 start: start-$(DEPLOY_TYPE)
 
 stop: stop-$(DEPLOY_TYPE)
-	
+
+notify:
+ifdef DEPLOY_NOTIFY_HOSTS
+ifdef DEPLOY_NOTIFY_MAIL
+ifdef DEPLOY_NOTIFY_MSG
+	@- echo "\n### notify"
+	@- echo "$$DEPLOY_NOTIFY_MSG :: Please deploy manually on following hosts: $$DEPLOY_NOTIFY_HOSTS" | mail -s "make-deploy notification" $(DEPLOY_MAIL)
+endif
+endif
+endif
+
 logs: logs-$(DEPLOY_TYPE)
 
 restart: restart-$(DEPLOY_TYPE)
diff --git a/README.md b/README.md
index 183d0ab..ca140d4 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,6 @@
 
 A simple Makefile based deployment system.
 
-**make-deploy** was initially hosted at https://git.dnix.de/an/make-deploy. Since it has become heavily used at chefkoch.de for system deployments, and lots of code is committed there, we moved the repo to https://git.chefkoch.net/pub/make-deploy. A mirror still exists at https://git.dnix.de/mirror/make-deploy.
-
 **make-deploy** is licensed under the terms of the MIT-License. See [LICENSE](LICENSE) for info.
 
 ## Installation
@@ -24,6 +22,7 @@ Example `config.mk`:
 	DEPLOY_PATH = /srv
 	DEPLOY_TYPE = compose
 	DEPLOY_HOSTS = server01.example.com server02.example.com
+	DEPLOY_SUBPATH = my-sub-path
 
 	DOCKER_IMAGE = dr.example.com/my-project:latest
 	DOCKER_LOGIN = 1
@@ -36,6 +35,8 @@ Example `secrets.mk`:
     DOCKER_USER = root
     DOCKER_PASS = secret1234
 
+`DEPLOY_SUBPATH` is used to define a location for `DEPLOY_TYPE` = compose that states where the docker-compose.yml is placed at. If that variable is undefined, it is expected to be in projects root.
+
 By setting `DEPLOY_CONFIG_OVERRIDE`, an alternative config can be loaded to override existing configuration settings. This is useful in script calling make deploy or in a `.gitlab-ci.yml` in order to control settings for different targets.
 
 ## Usage
@@ -54,6 +55,8 @@ Relying only on GNU Make and simple CLI tools makes deployments robust and still
 
 `mandatory`: Checks if all needed variables are set in config.mk.
 
+`cleanup`:  Runs `cleanup.sh` on each remote target, meant to be used to wipe contents of prior installations.
+
 `prepare`: Creates needed directory for the deployment on the target system, sets secure file permissions for `secrets.mk`.
 
 `build`: Calls `build.sh` locally. This is for building purposts, e.g. docker build and push.
@@ -131,3 +134,11 @@ systemd. (TBD)
 ##### apt
 
 APT deployment on debian-like distributions.
+
+##### tf
+
+Deploy via Terraform. Config is mostly done with terraform.
+
+`TF_FLAGS`: What you think.
+
+`TF_TARGET`: Limits deployment to `TF_TARGET`.
diff --git a/apt.mk b/apt.mk
index 7afe780..0741f74 100644
--- a/apt.mk
+++ b/apt.mk
@@ -1,4 +1,4 @@
-MANDATORY-apt = APT_PACKAGES
+MANDATORY = $(shell printenv MANDATORY) APT_PACKAGES
 
 pull-apt:
 	# nop
diff --git a/compose-file.mk b/compose-file.mk
index 0d1c7c9..37a98d1 100644
--- a/compose-file.mk
+++ b/compose-file.mk
@@ -1,4 +1,8 @@
-MANDATORY-compose-file = DEPLOY_HOSTS DEPLOY_TYPE TAG DEPLOY_COMPOSE_FILE DEPLOY_COMPOSE_PROJECT
+MANDATORY = $(shell printenv MANDATORY) SSH_USER DEPLOY_COMPOSE_FILE DEPLOY_COMPOSE_PROJECT
+
+ifndef DOCKER_LOGIN
+DOCKER_LOGIN = 0
+endif
 
 pull-compose-file:
 	@- echo "\n### pulling image(s)"
@@ -9,7 +13,10 @@ pull-compose-file:
 			echo "\n#### perfom docker login with user $(DOCKER_USER) on $(DOCKER_REGISTRY)"; \
 			ssh $(SSH_USER)@$(host) "docker login -u $(DOCKER_USER) -p $(DOCKER_PASS) $(DOCKER_REGISTRY)"; \
 		fi; \
-		ssh $(SSH_USER)@$(host) "docker pull $(DOCKER_IMAGE)"; \
+		if test -n "$(DOCKER_IMAGE)" ; \
+		then \
+			ssh $(SSH_USER)@$(host) "docker pull $(DOCKER_IMAGE)"; \
+		fi; \
 	)
 
 start-compose-file:
diff --git a/compose.mk b/compose.mk
index 197964d..ec8b6b3 100644
--- a/compose.mk
+++ b/compose.mk
@@ -25,12 +25,7 @@ start-compose:
 	@echo "\n### starting service(s)"
 	$(foreach host,$(DEPLOY_HOSTS), \
 		echo "$(host)"; \
-		if test -n "$(DEPLOY_SUBPATH)" ; \
-		then \
-			ssh $(SSH_USER)@$(host) "cd $(DEPLOY_PATH)/$(DEPLOY_NAME)/$(DEPLOY_SUBPATH); docker-compose up -d"; \
-		else \
-			ssh $(SSH_USER)@$(host) "cd $(DEPLOY_PATH)/$(DEPLOY_NAME); docker-compose up -d"; \
-		fi; \
+		ssh $(SSH_USER)@$(host) "cd $(project_dir); docker-compose up -d"; \
 		sleep $(DEPLOY_START_DELAY); \
 	)
 
@@ -38,18 +33,13 @@ logs-compose:
 	@echo "\n### logs"
 	$(foreach host,$(DEPLOY_HOSTS), \
 		echo "$(host)"; \
-		ssh $(SSH_USER)@$(host) "cd $(DEPLOY_PATH)/$(DEPLOY_NAME); docker-compose logs -f $(service)"; \
+		ssh $(SSH_USER)@$(host) "cd $(project_dir); docker-compose logs -f $(service)"; \
 	)
 
 restart-compose:
 	@echo "\n### restarting service(s)"
 	$(foreach host,$(DEPLOY_HOSTS), \
 		echo "$(host)"; \
-		if test -n "$(DEPLOY_SUBPATH)" ; \
-		then \
-			ssh $(SSH_USER)@$(host) "cd $(DEPLOY_PATH)/$(DEPLOY_NAME)/$(DEPLOY_SUBPATH); docker-compose restart"; \
-		else \
-			ssh $(SSH_USER)@$(host) "cd $(DEPLOY_PATH)/$(DEPLOY_NAME); docker-compose restart"; \
-		fi; \
+		ssh $(SSH_USER)@$(host) "cd $(project_dir); docker-compose restart"; \
 		sleep $(DEPLOY_START_DELAY); \
-	)
\ No newline at end of file
+	)
diff --git a/cron.mk b/cron.mk
index f107828..ad5a78d 100644
--- a/cron.mk
+++ b/cron.mk
@@ -1,4 +1,4 @@
-MANDATORY-cron = true
+MANDATORY = $(shell printenv MANDATORY) CRON_USER 
 
 start-cron:
 	@- echo "\n### starting..."
diff --git a/helm.mk b/helm.mk
index e0751e3..394fb8c 100644
--- a/helm.mk
+++ b/helm.mk
@@ -1,4 +1,4 @@
-MANDATORY-helm = K8S_CONTEXT HELM_CHART_NAME HELM_CHART_PATH HELM_VALUES_FILE NAMESPACE
+MANDATORY = $(shell printenv MANDATORY) K8S_CONTEXT HELM_CHART_NAME HELM_CHART_PATH HELM_VALUES_FILE K8S_NAMESPACE
 # helm
 #
 # deploys helm charts on k8s via helm
@@ -10,38 +10,31 @@ start-helm:
 
 ifdef TEST_MODE
 	@- echo "Testing chart with 'helm template --debug'"
-    @ envsubst < ${HELM_VALUES_FILE} | helm template ${HELM_CHART_NAME} ${HELM_CHART_PATH} --debug --values -
+	@ envsubst < ${HELM_VALUES_FILE} | helm template ${HELM_CHART_NAME} ${HELM_CHART_PATH} --debug --values -
 endif
 
 ifdef NAMESPACE
-	K8S_NAMESPACE = $(NAMESPACE)
+	@ $(eval K8S_NAMESPACE = $(NAMESPACE))
+endif
+
+ifdef HELM_REPO_URL
+	@- echo "Helm Repo: $(HELM_REPO_URL)"
+	@ helm repo add $(HELM_CHART_NAME) $(HELM_REPO_URL)
+	@- helm repo update $(HELM_CHART_NAME)
 endif
 
 ifdef DEBUG_MODE
-
 	@- echo "\n### deploying helm chart with --debug flag"
 	@- echo "-- DEBUG DEPLOYMENT --------------------"
 	@- echo " "
 	@- echo "Namespace: $(K8S_NAMESPACE)"
 	@- echo "Helm Chart: $(HELM_CHART_PATH)"
+	@- echo "Helm Version (use latest if empty): $(HELM_CHART_VERSION)"
 	@- echo "Values File: $(HELM_VALUES_FILE)"
 	@- echo " "
 	@- echo "----------------------------------"
 
-	@ envsubst < $(HELM_VALUES_FILE) | helm upgrade $(HELM_CHART_NAME) $(HELM_CHART_PATH) -n $(K8S_NAMESPACE) --install --atomic --debug --wait --values -
-
-ifdef ROLLBACK_MODE
-
-	@- echo "\n### rollback helm chart"
-	@- echo "-- DEBUG DEPLOYMENT --------------------"
-	@- echo " "
-	@- echo "Namespace: $(K8S_NAMESPACE)"
-	@- echo "Helm Chart: $(HELM_CHART_PATH)"
-	@- echo "Helm Release: $(HELM_CHART_NAME)"
-	@- echo " "
-	@- echo "----------------------------------"
-
-	@ helm rollback -n ${HELM_NAMESPACE} ${HELM_CHART_NAME}
+	@ envsubst < $(HELM_VALUES_FILE) | helm upgrade $(HELM_CHART_NAME) $(HELM_CHART_PATH) -n $(K8S_NAMESPACE) --install --debug --wait --values - --version "$(HELM_CHART_VERSION)"
 
 else
 	
@@ -50,14 +43,15 @@ else
 	@- echo " "
 	@- echo "Namespace: $(K8S_NAMESPACE)"
 	@- echo "Helm Chart: $(HELM_CHART_PATH)"
+	@- echo "Helm Version (use latest if empty): $(HELM_CHART_VERSION)"
 	@- echo "Values File: $(HELM_VALUES_FILE)"
 	@- echo " "
 	@- echo "----------------------------------"
 
-	@ envsubst < $(HELM_VALUES_FILE) | helm upgrade $(HELM_CHART_NAME) $(HELM_CHART_PATH) -n $(K8S_NAMESPACE) --install --atomic --wait --values -
+	@ envsubst < $(HELM_VALUES_FILE) | helm upgrade $(HELM_CHART_NAME) $(HELM_CHART_PATH) -n $(K8S_NAMESPACE) --install --wait --values - --version "$(HELM_CHART_VERSION)"
 
 endif
 
 
 pull-helm:
-# nop
\ No newline at end of file
+# nop
diff --git a/k8s.mk b/k8s.mk
index 37f712c..b439929 100644
--- a/k8s.mk
+++ b/k8s.mk
@@ -2,15 +2,16 @@
 #
 # deploys k8s
 
-MANDATORY-k8s = K8S_CONTEXT
+MANDATORY = $(shell printenv MANDATORY) K8S_CONTEXT
+K8S_MANIFEST_FILENAME ?= kubernetes.yaml
 
 start-k8s:
 	@- echo "\n### starting deployment with k8s"
 	@- echo "\n### setting kubernetes context to $(K8S_CONTEXT)"
 	@ kubectl config use-context $(K8S_CONTEXT)
 
-	@- echo "\n### run kubectl apply -f kubernetes.yaml and secrets.yaml"
-	@ cat kubernetes.yaml secrets.yaml | envsubst | kubectl apply -f -
+	@- echo "\n### run kubectl apply -f $(K8S_MANIFEST_FILENAME) and secrets.yaml"
+	@ cat $(K8S_MANIFEST_FILENAME) secrets.yaml | envsubst | kubectl apply $(K8S_ADDITIONAL_PARAMS) -f -
 
 pull-k8s:
 # nop
diff --git a/kustomize.mk b/kustomize.mk
index 60dacac..9bdcfdf 100644
--- a/kustomize.mk
+++ b/kustomize.mk
@@ -1,4 +1,4 @@
-MANDATORY-kustomize = K8S_CONTEXT KUSTOMIZE_FOLDER NAMESPACE
+MANDATORY = $(shell printenv MANDATORY) K8S_CONTEXT KUSTOMIZE_FOLDER NAMESPACE
 # kustomize
 #
 # this uses kustomize to install stuff on k8s
diff --git a/simple.mk b/simple.mk
index b95bf0f..8210118 100644
--- a/simple.mk
+++ b/simple.mk
@@ -1,11 +1,12 @@
-MANDATORY-copy = DEPLOY_TYPE DEPLOY_HOSTS SSH_USER DEPLOY_PATH DEPLOY_NAME
-MANDATORY-simple = $(MANDATORY-copy)
-
-# copy
+# simple 
 #
 # this just rsyncs the stuff to the remote server(s) and runs
 # build.sh, pre-/post-deploy, pre-/post-local, start.sh, etc.
 
+ifndef DEPLOY_StART_DELAY
+DEPLOY_START_DELAY = 0
+endif
+
 pull-simple:
 	# nop
 	
diff --git a/swarm.mk b/swarm.mk
index 913a125..45f67b8 100644
--- a/swarm.mk
+++ b/swarm.mk
@@ -1,5 +1,3 @@
-MANDATORY-swarm = DEPLOY_HOSTS DEPLOY_TYPE TAG
-
 pull-swarm:
 
 start-swarm:
diff --git a/test.sh b/test.sh
new file mode 100755
index 0000000..88d79e1
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+set -e
+
+DIR=$(mktemp -d)
+TESTS=$DIR/make-deploy/testing
+
+function prepdir() {
+  mkdir $DIR/make-deploy
+  cp -r * $DIR/make-deploy
+  cd $DIR
+  ln -s make-deploy/Makefile
+  touch secrets.mk
+  echo "::::::::: testing directory root: $DIR"
+}
+
+function cleandir(){
+  rm -fr $DIR
+  echo "::::::::: cleanup done"
+}
+
+function test_with_minimal_vars_apt(){
+  echo "::::::::: $FUNCNAME ::::::::::::"
+  cp $TESTS/apt_config.mk config.mk
+  make deploy
+}
+
+function test_with_minimal_vars_compose(){
+  echo "::::::::: $FUNCNAME ::::::::::::"
+  cp $TESTS/compose_config.mk config.mk
+  cp $TESTS/docker-compose.yml .
+  make deploy
+  rm -f docker-compose.yml
+}
+
+function test_with_minimal_vars_compose_file(){
+  echo "::::::::: $FUNCNAME ::::::::::::"
+  cp $TESTS/compose_file_config.mk config.mk
+  cp $TESTS/docker-compose.yml .
+  make deploy
+  rm -f docker-compose.yml
+}
+
+prepdir
+
+test_with_minimal_vars_apt
+test_with_minimal_vars_compose
+test_with_minimal_vars_compose_file
+
+cleandir
diff --git a/testing/apt_config.mk b/testing/apt_config.mk
new file mode 100644
index 0000000..444165f
--- /dev/null
+++ b/testing/apt_config.mk
@@ -0,0 +1,6 @@
+DEPLOY_NAME = make-deploy-test-apt
+DEPLOY_PATH = /tmp
+DEPLOY_HOSTS = localhost
+DEPLOY_TYPE = apt
+SSH_USER = $(USER)
+APT_PACKAGES = curl
diff --git a/testing/compose_config.mk b/testing/compose_config.mk
new file mode 100644
index 0000000..7d81afb
--- /dev/null
+++ b/testing/compose_config.mk
@@ -0,0 +1,5 @@
+DEPLOY_NAME = make-deploy-test-compose
+DEPLOY_PATH = /tmp
+DEPLOY_HOSTS = localhost
+DEPLOY_TYPE = compose
+SSH_USER = $(USER)
diff --git a/testing/compose_file_config.mk b/testing/compose_file_config.mk
new file mode 100644
index 0000000..bdd0ab8
--- /dev/null
+++ b/testing/compose_file_config.mk
@@ -0,0 +1,7 @@
+DEPLOY_NAME = make-deploy-test-compose-file
+DEPLOY_PATH = /tmp
+DEPLOY_HOSTS = localhost
+DEPLOY_TYPE = compose-file
+SSH_USER = $(USER)
+DEPLOY_COMPOSE_PROJECT = make-deploy-test-compose-file
+DEPLOY_COMPOSE_FILE = docker-compose.yml
diff --git a/testing/docker-compose.yml b/testing/docker-compose.yml
new file mode 100644
index 0000000..d362336
--- /dev/null
+++ b/testing/docker-compose.yml
@@ -0,0 +1,4 @@
+services:
+  curl:
+    image: "alpine/curl"
+    command: -s -o /dev/null https://www.test.de
diff --git a/tf.mk b/tf.mk
new file mode 100644
index 0000000..df910ed
--- /dev/null
+++ b/tf.mk
@@ -0,0 +1,16 @@
+MANDATORY = $(shell printenv MANDATORY) TF_FLAGS
+
+# tf
+#
+# deploys via tf apply
+#
+start-tf:
+ifdef TF_TARGET
+	terraform apply $(TF_FLAGS) -t $(TF_TARGET)
+else
+	terraform apply $(TF_FLAGS)
+endif
+	
+	
+pull-tf:
+# nop