diff --git a/.github/workflows/molecule-test.yaml b/.github/workflows/molecule-test.yaml
index 0af20d9..8d3bffb 100644
--- a/.github/workflows/molecule-test.yaml
+++ b/.github/workflows/molecule-test.yaml
@@ -9,7 +9,7 @@ jobs:
       fail-fast: false
       matrix:
         ansible: ["2.9", "latest"]
-        scenario: ["ring", "star", "openwrt"]
+        scenario: ["ring", "star", "openwrt", "switch"]
     steps:
       - uses: actions/checkout@v2
       - name: Install dependencies
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index bf6d25f..96555f3 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -8,8 +8,18 @@
     command: "ping -c 1 {{ item }}"
     with_items: "{{ ansible_play_batch }}"
     changed_when: false
-    register: ping_results
+    register: _ping
 
-  - name: Show ping results
+  - name: Show ping info
     debug:
-      var: ping_results
\ No newline at end of file
+      var: _ping
+
+  - name: Show vpn hosts data
+    command: "cat /etc/tinc/{{ tinc_netname }}/hosts/*"
+    changed_when: false
+    register: _hosts
+
+  - name: Debug hostfiles
+    debug:
+      var: _hosts
+
diff --git a/molecule/switch/Dockerfile.j2 b/molecule/switch/Dockerfile.j2
new file mode 120000
index 0000000..867ec5c
--- /dev/null
+++ b/molecule/switch/Dockerfile.j2
@@ -0,0 +1 @@
+../default/Dockerfile.j2
\ No newline at end of file
diff --git a/molecule/switch/converge.yml b/molecule/switch/converge.yml
new file mode 120000
index 0000000..73cb8da
--- /dev/null
+++ b/molecule/switch/converge.yml
@@ -0,0 +1 @@
+../default/converge.yml
\ No newline at end of file
diff --git a/molecule/switch/molecule.yml b/molecule/switch/molecule.yml
new file mode 100644
index 0000000..c2874a5
--- /dev/null
+++ b/molecule/switch/molecule.yml
@@ -0,0 +1,62 @@
+---
+lint: |
+  set -e
+  yamllint .
+  ansible-lint -vv --exclude=.tox
+scenario:
+  name: switch
+dependency:
+  name: galaxy
+driver:
+  name: docker
+verifier:
+  name: ansible
+provisioner:
+  name: ansible
+  log: True
+  options:
+    vvv: True
+  inventory:
+    group_vars:
+      tinc_nodes:
+        tinc_mode: switch
+    host_vars:
+      tinc-switch-1:
+        tinc_vpn_ip: 10.10.0.15
+      tinc-switch-2:
+        tinc_vpn_ip: 10.10.0.15
+      tinc-switch-3:
+        tinc_vpn_ip: 10.10.0.15
+platforms:
+  - name: tinc-switch-1
+    image: ubuntu-20.04
+    privileged: true
+    command: /lib/systemd/systemd
+    volumes:
+    - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    etc_hosts: &etchosts
+      tinc-switch-1:  10.10.0.11
+      tinc-switch-2:  10.10.0.12
+      tinc-switch-3:  10.10.0.13
+    groups: &tincgroups
+      - tinc_nodes
+      - tinc_spine_nodes
+      - tinc_leaf_nodes
+
+  - name: tinc-switch-2
+    image: ubuntu-20.04
+    privileged: true
+    command: /lib/systemd/systemd
+    volumes:
+    - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    etc_hosts: *etchosts
+    groups: *tincgroups
+
+  - name: tinc-switch-3
+    image: ubuntu-20.04
+    privileged: true
+    command: /lib/systemd/systemd
+    volumes:
+    - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    etc_hosts: *etchosts
+    groups: *tincgroups
\ No newline at end of file
diff --git a/molecule/switch/verify.yml b/molecule/switch/verify.yml
new file mode 120000
index 0000000..15a7868
--- /dev/null
+++ b/molecule/switch/verify.yml
@@ -0,0 +1 @@
+../default/verify.yml
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 69d35c4..ecf636b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -62,10 +62,12 @@
   notify:
     - Restart Service
 
-- name: Check whether /etc/tinc/netname/hosts/inventory_hostname contains public key
+- name: "Check whether /etc/tinc/netname/hosts/{{ inventory_hostname | replace('.','_') | replace('-','_') }} contains public key"
   lineinfile:
     dest: "/etc/tinc/{{ tinc_netname }}/hosts/{{ inventory_hostname | replace('.','_') | replace('-','_') }}"
     line: "-----END RSA PUBLIC KEY-----"
+    mode: "0600"
+    create: yes
   check_mode: yes
   register: contains_publickey_ending
 
@@ -81,14 +83,14 @@
 
 - name: Generate tinc keys and append public key to host file
   block:
-    - name: Create using tincd -K
+    - name:  Generate keys with tincd -K
       command: "tincd -n {{ tinc_netname }} -K{{ tinc_key_size }}"
       args:
         creates: "/etc/tinc/{{ tinc_netname }}/rsa_key.priv"
       notify:
         - Restart Service
   rescue:
-    - name: Create using tinc client
+    - name:  Generate keys with tinc client
       command:  "tinc -n {{ tinc_netname }} generate-keys {{ tinc_key_size }}"
       args:
         creates: "/etc/tinc/{{ tinc_netname }}/rsa_key.priv"
@@ -100,6 +102,11 @@
     src: "/etc/tinc/{{ tinc_netname }}/hosts/{{ inventory_hostname | replace('.','_') | replace('-','_') }}"
   register: tinc_host_file
 
+# TODO: REMOVE
+- name: Show generated files for debugging purposes
+  debug:
+    msg: "{{ tinc_host_file['content'] | b64decode }}"
+
 - name: Upload all hosts files on each host
   copy:
     dest: "/etc/tinc/{{ tinc_netname }}/hosts/{{ item | replace('.','_') | replace('-','_') }}"
diff --git a/tox.ini b/tox.ini
index e9412f3..b1ad91d 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,6 +1,6 @@
 [tox]
 minversion = 1.8
-envlist = ansible-{2.9,latest}-{ring,star,openwrt}
+envlist = ansible-{2.9,latest}-{ring,star,openwrt,switch}
 skipsdist = true
 
 [testenv]
@@ -16,3 +16,4 @@ commands =
     ring: molecule test []
     star: molecule test -s star []
     openwrt: molecule test -s openwrt []
+    switch: molecule test -s switch []