diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index 3f7baee..53140dd 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -8,10 +8,10 @@
     
     # перечисли файлы/глобы, которые нужно временно расшифровать
     vault_targets:
-      - /ansible/vault/secrets.yml
-      - /ansible/files/playbooks/group_vars/*/vault.yml
-      - /ansible/files/playbooks/host_vars/*/vault.yml
-      - /ansible/roles/**/vars/vault.yml
+      - /workspace/vault/secrets.yml
+      - /workspace/files/playbooks/group_vars/*/vault.yml
+      - /workspace/files/playbooks/host_vars/*/vault.yml
+      - /workspace/roles/**/vars/vault.yml
 
   tasks:
     - name: Load preset configuration
@@ -19,10 +19,10 @@
       when: preset_file is file
       ignore_errors: true
 
-    - name: Install collections
-      community.docker.docker_container_exec:
-        container: ansible-controller
-        command: bash -lc "ansible-galaxy collection install -r /ansible/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
+#    - name: Install collections
+#      community.docker.docker_container_exec:
+#        container: ansible-controller
+#        command: bash -lc "ansible-galaxy collection install -r /workspace/requirements.yml --force --no-deps --upgrade >/dev/null 2>&1 || true"
 
     - name: Preflight vault — normalize state (encrypt if plaintext, then decrypt)
       community.docker.docker_container_exec:
@@ -37,10 +37,10 @@
                 echo "[vault] already encrypted: $f";
               else
                 echo "[vault] plaintext -> encrypt: $f";
-                ansible-vault encrypt --encrypt-vault-id default --vault-password-file /ansible/vault-password.txt "$f";
+                ansible-vault encrypt --encrypt-vault-id default --vault-password-file /workspace/vault-password.txt "$f";
               fi
               echo "[vault] decrypt for run: $f";
-              ansible-vault decrypt --vault-password-file /ansible/vault-password.txt "$f";
+              ansible-vault decrypt --vault-password-file /workspace/vault-password.txt "$f";
             done
           done
           '
@@ -50,8 +50,8 @@
         container: ansible-controller
         command: >
           bash -lc "
-            ANSIBLE_ROLES_PATH=/ansible/roles
-            ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /ansible/files/playbooks/site.yml
+            ANSIBLE_ROLES_PATH=/workspace/roles
+            ansible-playbook -i {{ lookup('env','MOLECULE_EPHEMERAL_DIRECTORY') }}/inventory/hosts.ini /workspace/molecule/default/site.yml
           "
 
     - name: Post-run — re-encrypt secrets
@@ -67,7 +67,7 @@
                 echo "[vault] ok (encrypted): $f";
               else
                 echo "[vault] encrypt back: $f";
-                ansible-vault encrypt --encrypt-vault-id default --vault-password-file /ansible/vault-password.txt "$f" || true;
+                ansible-vault encrypt --encrypt-vault-id default --vault-password-file /workspace/vault-password.txt "$f" || true;
               fi
             done
           done