diff --git a/host_vars/folald.yml b/host_vars/folald.yml
index 39d1672..873c9c2 100644
--- a/host_vars/folald.yml
+++ b/host_vars/folald.yml
@@ -5,7 +5,7 @@ ansible_host: 85.209.118.134
 ansible_port: 19022
 
 vm_host: cavall
-vm_type: qemu
+vm_type: control
 
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
diff --git a/host_vars/hestur.yml b/host_vars/hestur.yml
index 7314872..c4cc026 100644
--- a/host_vars/hestur.yml
+++ b/host_vars/hestur.yml
@@ -5,7 +5,7 @@ ansible_host: 159.223.17.241
 ansible_port: 22
 
 vm_host: cloud
-vm_type: vps
+vm_type: app
 
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
diff --git a/host_vars/poltre.yml b/host_vars/poltre.yml
index c0c73bf..386ea55 100644
--- a/host_vars/poltre.yml
+++ b/host_vars/poltre.yml
@@ -5,7 +5,7 @@ ansible_host: 85.209.118.142
 ansible_port: 19022
 
 vm_host: cavall
-vm_type: qemu
+vm_type: app
 
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
diff --git a/host_vars/varsa.yml b/host_vars/varsa.yml
index 43f1ce4..9e5ec81 100644
--- a/host_vars/varsa.yml
+++ b/host_vars/varsa.yml
@@ -5,7 +5,7 @@ ansible_host: 85.209.118.143
 ansible_port: 19022
 
 vm_host: cavall
-vm_type: qemu
+vm_type: app
 
 hostname: "{{ inventory_hostname }}"
 fqdn: "{{ hostname }}.vm.{{ vm_host }}.servers.data.coop"
diff --git a/playbook.yml b/playbook.yml
index 9a5a7d2..c8d2da7 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -5,9 +5,11 @@
   gather_facts: true
   become: true
   roles:
-    - name: os_base
-      tags:
-        - base_only
+    - name: vm-common
+      tags: [base_only]
+    - name: zfs
+      tags: [zfs]
     - name: docker
-      tags:
-        - docker
+      tags: [docker]
+    - name: services
+      tags: [services]
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 60b8453..809262e 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -1,226 +1,6 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-volume_root_folder: "/docker-volumes"
-volume_website_folder: "{{ volume_root_folder }}/websites"
-
-services:
-  ### Internal services ###
-  postfix:
-    domain: "smtp.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/postfix"
-    pre_deploy_tasks: true
-    version: "v3.6.1-alpine"
-
-  nginx_proxy:
-    volume_folder: "{{ volume_root_folder }}/nginx"
-    pre_deploy_tasks: true
-    version: "1.3-alpine"
-    acme_companion_version: "2.2"
-
-  openldap:
-    domain: "ldap.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/openldap"
-    pre_deploy_tasks: true
-    version: "1.5.0"
-    phpldapadmin_version: "0.9.0"
-
-  netdata:
-    domain: "netdata.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/netdata"
-    version: "v1"
-
-  portainer:
-    domain: "portainer.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/portainer"
-    version: "2.19.0"
-
-  keycloak:
-    domain: sso.{{ base_domain }}
-    volume_folder: "{{ volume_root_folder }}/keycloak"
-    version: "22.0"
-    postgres_version: "10"
-    allowed_sender_domain: true
-
-  restic:
-    volume_folder: "{{ volume_root_folder }}/restic"
-    pre_deploy_tasks: true
-    remote_user: dc-user
-    remote_domain: rynkeby.skovgaard.tel
-    host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
-    repository: restic
-    version: "1.7.0"
-    # mail dance
-    domain: "noreply.{{ base_domain }}"
-    allowed_sender_domain: true
-    mail_from: "backup@noreply.{{ base_domain }}"
-
-  docker_registry:
-    domain: "docker.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/docker-registry"
-    pre_deploy_tasks: true
-    post_deploy_tasks: true
-    username: "docker"
-    password: "{{ docker_password }}"
-    version: "2"
-
-  ### External services ###
-  nextcloud:
-    domain: "cloud.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/nextcloud"
-    pre_deploy_tasks: true
-    version: 28-apache
-    postgres_version: "10"
-    redis_version: 7-alpine
-    allowed_sender_domain: true
-
-  forgejo:
-    domain: "git.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/forgejo"
-    version: "1.21.8-0"
-    allowed_sender_domain: true
-
-  passit:
-    domain: "passit.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/passit"
-    version: stable
-    postgres_version: 15-alpine
-    allowed_sender_domain: true
-
-  matrix:
-    domain: "matrix.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/matrix"
-    pre_deploy_tasks: true
-    version: v1.98.0
-    postgres_version: 15-alpine
-    allowed_sender_domain: true
-
-  element:
-    domain: "element.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/element"
-    pre_deploy_tasks: true
-    version: v1.11.51
-
-  privatebin:
-    domain: "paste.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/privatebin"
-    pre_deploy_tasks: true
-    version: "20221009"
-
-  hedgedoc:
-    domain: "pad.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/hedgedoc"
-    pre_deploy_tasks: true
-    version: 1.9.9-alpine
-    postgres_version: 10-alpine
-
-  data_coop_website:
-    domain: "{{ base_domain }}"
-    www_domain: "www.{{ base_domain }}"
-    volume_folder: "{{ volume_website_folder }}/datacoop"
-    pre_deploy_tasks: true
-    version: stable
-    staging_domain: "staging.{{ base_domain }}"
-    staging_version: staging
-
-  slides_2022_website:
-    domain: "2022.slides.{{ base_domain }}"
-    volume_folder: "{{ volume_website_folder }}/slides-2022"
-    version: latest
-
-  fedi_dk_website:
-    domain: fedi.dk
-    volume_folder: "{{ volume_website_folder }}/fedidk"
-    version: latest
-
-  vhs_website:
-    domain: vhs.data.coop
-    volume_folder: "{{ volume_website_folder }}/vhs"
-    version: latest
-
-  cryptohagen_website:
-    domains:
-      - "cryptohagen.dk"
-      - "www.cryptohagen.dk"
-    volume_folder: "{{ volume_website_folder }}/cryptohagen"
-
-  ulovliglogning_website:
-    domains:
-      - "ulovliglogning.dk"
-      - "www.ulovliglogning.dk"
-      - "ulovlig-logning.dk"
-      - "www.ulovlig-logning.dk"
-    volume_folder: "{{ volume_website_folder }}/ulovliglogning"
-
-  cryptoaarhus_website:
-    domains:
-      - "cryptoaarhus.dk"
-      - "www.cryptoaarhus.dk"
-    volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
-
-  drone:
-    domain: "drone.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/drone"
-    version: "1"
-
-  mailu:
-    domain: "mail.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/mailu"
-    pre_deploy_tasks: true
-    dns: 192.168.203.254
-    subnet: 192.168.203.0/24
-    version: "2.0"
-    postgres_version: 14-alpine
-    redis_version: alpine
-
-  mastodon:
-    domain: "social.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/mastodon"
-    pre_deploy_tasks: true
-    version: v4.2.8
-    postgres_version: 14-alpine
-    redis_version: 6-alpine
-    allowed_sender_domain: true
-
-  rallly:
-    domain: "when.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/rallly"
-    pre_deploy_tasks: true
-    version: "2"
-    postgres_version: 14-alpine
-    allowed_sender_domain: true
-
-  membersystem:
-    domain: "member.{{ base_domain }}"
-    django_admins: "Vidir:valberg@orn.li"
-    volume_folder: "{{ volume_root_folder }}/membersystem"
-    version: latest
-    postgres_version: 13-alpine
-    allowed_sender_domain: true
-
-  writefreely:
-    domain: "write.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/writefreely"
-    pre_deploy_tasks: true
-    version: v0.15.0
-    mariadb_version: "11.2"
-    allowed_sender_domain: true
-
-  watchtower:
-    volume_folder: "{{ volume_root_folder }}/watchtower"
-    version: "1.5.3"
-
-  diun:
-    version: "4.27"
-    volume_folder: "{{ volume_root_folder }}/diun"
-
-  ### Uptime monitoring ###
-  uptime_kuma:
-    domain: "uptime.{{ base_domain }}"
-    status_domain: "status.{{ base_domain }}"
-    volume_folder: "{{ volume_root_folder }}/uptime_kuma"
-    pre_deploy_tasks: true
-    version: "latest"
-
-services_exclude: []
-services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
+docker_rootless: false
+docker_rootless_user: docker_user
+docker_rootless_user_uid: 1100
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index a6a2c84..626331f 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -1,15 +1,16 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-- name: Add Docker PGP key
-  apt_key:
-    keyserver: pgp.mit.edu
-    id: 8D81803C0EBFCD88
+- name: Add Docker apt PGP key
+  ansible.builtin.apt_key:
+    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    url: https://download.docker.com/linux/debian/gpg
     state: present
 
 - name: Add Docker apt repository
-  apt_repository:
-    repo: deb https://download.docker.com/linux/ubuntu bionic stable
+  ansible.builtin.apt_repository:
+    filename: docker
+    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
     state: present
     update_cache: true
 
@@ -17,27 +18,84 @@
   apt:
     name:
       - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-buildx-plugin
       - docker-compose-plugin
     state: present
 
-- name: Configure cron job to prune unused Docker data weekly
-  cron:
-    name: Prune unused Docker data
-    cron_file: ansible_docker_prune
-    job: 'docker system prune -fa && docker volume prune -fa'
-    special_time: weekly
-    user: root
-    state: present
+- name: Configure rootful Docker
+  when: not docker_rootless
+  block:
+    - name: Make sure Docker is running
+      ansible.builtin.service:
+        name: docker
+        state: started
+        enabled: true
 
-- name: Create folder structure for bind mounts
-  file:
-    name: "{{ item }}"
-    state: directory
-  loop:
-    - "{{ volume_root_folder }}"
-    - "{{ volume_website_folder }}"
+    - name: Configure cron job to prune unused Docker data weekly
+      ansible.builtin.cron:
+        name: Prune unused Docker data
+        cron_file: ansible_docker_prune
+        job: docker system prune -fa --volumes --filter "until=6h"
+        special_time: weekly
+        user: root
+        state: present
 
-- name: Set up services
-  import_tasks: services.yml
-  tags:
-    - setup_services
+- name: Configure rootless Docker
+  when: docker_rootless
+  block:
+    - name: Make sure rootful Docker is stopped and disabled
+      ansible.builtin.systemd_service:
+        scope: system
+        name: docker
+        state: stopped
+        enabled: false
+
+    - name: Install packages needed by rootless Docker
+      ansible.builtin.apt:
+        name:
+          - docker-ce-rootless-extras
+          - uidmap
+          - dbus-user-session
+          - fuse-overlayfs
+          - slirp4netns
+
+    - name: Enable lingering for Docker user
+      ansible.builtin.command:
+        cmd: loginctl enable-linger {{ docker_rootless_user }}
+        creates: /var/lib/systemd/linger/{{ docker_rootless_user }}
+
+    - name: Run rootless Docker setup script
+      ansible.builtin.command:
+        cmd: dockerd-rootless-setuptool.sh install
+        creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service
+      become: true
+      become_user: "{{ docker_rootless_user }}"
+
+    - name: Set DOCKER_HOST environment variable
+      ansible.builtin.lineinfile:
+        path: /home/{{ docker_rootless_user }}/.bashrc
+        regexp: '^export DOCKER_HOST='
+        line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock
+        state: present
+      become: true
+      become_user: "{{ docker_rootless_user }}"
+
+    - name: Make sure rootless Docker is running
+      ansible.builtin.systemd_service:
+        scope: user
+        name: docker.service
+        state: started
+        enabled: true
+      become: true
+      become_user: "{{ docker_rootless_user }}"
+
+    - name: Configure cron job to prune unused Docker data weekly
+      ansible.builtin.cron:
+        name: Prune unused Docker data
+        cron_file: ansible_docker_rootless_prune
+        job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"
+        special_time: weekly
+        user: "{{ docker_rootless_user }}"
+        state: present
diff --git a/roles/services/defaults/main.yml b/roles/services/defaults/main.yml
new file mode 100644
index 0000000..60b8453
--- /dev/null
+++ b/roles/services/defaults/main.yml
@@ -0,0 +1,226 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+volume_root_folder: "/docker-volumes"
+volume_website_folder: "{{ volume_root_folder }}/websites"
+
+services:
+  ### Internal services ###
+  postfix:
+    domain: "smtp.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/postfix"
+    pre_deploy_tasks: true
+    version: "v3.6.1-alpine"
+
+  nginx_proxy:
+    volume_folder: "{{ volume_root_folder }}/nginx"
+    pre_deploy_tasks: true
+    version: "1.3-alpine"
+    acme_companion_version: "2.2"
+
+  openldap:
+    domain: "ldap.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/openldap"
+    pre_deploy_tasks: true
+    version: "1.5.0"
+    phpldapadmin_version: "0.9.0"
+
+  netdata:
+    domain: "netdata.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/netdata"
+    version: "v1"
+
+  portainer:
+    domain: "portainer.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/portainer"
+    version: "2.19.0"
+
+  keycloak:
+    domain: sso.{{ base_domain }}
+    volume_folder: "{{ volume_root_folder }}/keycloak"
+    version: "22.0"
+    postgres_version: "10"
+    allowed_sender_domain: true
+
+  restic:
+    volume_folder: "{{ volume_root_folder }}/restic"
+    pre_deploy_tasks: true
+    remote_user: dc-user
+    remote_domain: rynkeby.skovgaard.tel
+    host_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBLGol2G+a87ssy0nu/STKBZSiGyhZhZKx/ujfe9IeFo
+    repository: restic
+    version: "1.7.0"
+    # mail dance
+    domain: "noreply.{{ base_domain }}"
+    allowed_sender_domain: true
+    mail_from: "backup@noreply.{{ base_domain }}"
+
+  docker_registry:
+    domain: "docker.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/docker-registry"
+    pre_deploy_tasks: true
+    post_deploy_tasks: true
+    username: "docker"
+    password: "{{ docker_password }}"
+    version: "2"
+
+  ### External services ###
+  nextcloud:
+    domain: "cloud.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/nextcloud"
+    pre_deploy_tasks: true
+    version: 28-apache
+    postgres_version: "10"
+    redis_version: 7-alpine
+    allowed_sender_domain: true
+
+  forgejo:
+    domain: "git.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/forgejo"
+    version: "1.21.8-0"
+    allowed_sender_domain: true
+
+  passit:
+    domain: "passit.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/passit"
+    version: stable
+    postgres_version: 15-alpine
+    allowed_sender_domain: true
+
+  matrix:
+    domain: "matrix.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/matrix"
+    pre_deploy_tasks: true
+    version: v1.98.0
+    postgres_version: 15-alpine
+    allowed_sender_domain: true
+
+  element:
+    domain: "element.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/element"
+    pre_deploy_tasks: true
+    version: v1.11.51
+
+  privatebin:
+    domain: "paste.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/privatebin"
+    pre_deploy_tasks: true
+    version: "20221009"
+
+  hedgedoc:
+    domain: "pad.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/hedgedoc"
+    pre_deploy_tasks: true
+    version: 1.9.9-alpine
+    postgres_version: 10-alpine
+
+  data_coop_website:
+    domain: "{{ base_domain }}"
+    www_domain: "www.{{ base_domain }}"
+    volume_folder: "{{ volume_website_folder }}/datacoop"
+    pre_deploy_tasks: true
+    version: stable
+    staging_domain: "staging.{{ base_domain }}"
+    staging_version: staging
+
+  slides_2022_website:
+    domain: "2022.slides.{{ base_domain }}"
+    volume_folder: "{{ volume_website_folder }}/slides-2022"
+    version: latest
+
+  fedi_dk_website:
+    domain: fedi.dk
+    volume_folder: "{{ volume_website_folder }}/fedidk"
+    version: latest
+
+  vhs_website:
+    domain: vhs.data.coop
+    volume_folder: "{{ volume_website_folder }}/vhs"
+    version: latest
+
+  cryptohagen_website:
+    domains:
+      - "cryptohagen.dk"
+      - "www.cryptohagen.dk"
+    volume_folder: "{{ volume_website_folder }}/cryptohagen"
+
+  ulovliglogning_website:
+    domains:
+      - "ulovliglogning.dk"
+      - "www.ulovliglogning.dk"
+      - "ulovlig-logning.dk"
+      - "www.ulovlig-logning.dk"
+    volume_folder: "{{ volume_website_folder }}/ulovliglogning"
+
+  cryptoaarhus_website:
+    domains:
+      - "cryptoaarhus.dk"
+      - "www.cryptoaarhus.dk"
+    volume_folder: "{{ volume_website_folder }}/cryptoaarhus"
+
+  drone:
+    domain: "drone.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/drone"
+    version: "1"
+
+  mailu:
+    domain: "mail.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/mailu"
+    pre_deploy_tasks: true
+    dns: 192.168.203.254
+    subnet: 192.168.203.0/24
+    version: "2.0"
+    postgres_version: 14-alpine
+    redis_version: alpine
+
+  mastodon:
+    domain: "social.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/mastodon"
+    pre_deploy_tasks: true
+    version: v4.2.8
+    postgres_version: 14-alpine
+    redis_version: 6-alpine
+    allowed_sender_domain: true
+
+  rallly:
+    domain: "when.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/rallly"
+    pre_deploy_tasks: true
+    version: "2"
+    postgres_version: 14-alpine
+    allowed_sender_domain: true
+
+  membersystem:
+    domain: "member.{{ base_domain }}"
+    django_admins: "Vidir:valberg@orn.li"
+    volume_folder: "{{ volume_root_folder }}/membersystem"
+    version: latest
+    postgres_version: 13-alpine
+    allowed_sender_domain: true
+
+  writefreely:
+    domain: "write.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/writefreely"
+    pre_deploy_tasks: true
+    version: v0.15.0
+    mariadb_version: "11.2"
+    allowed_sender_domain: true
+
+  watchtower:
+    volume_folder: "{{ volume_root_folder }}/watchtower"
+    version: "1.5.3"
+
+  diun:
+    version: "4.27"
+    volume_folder: "{{ volume_root_folder }}/diun"
+
+  ### Uptime monitoring ###
+  uptime_kuma:
+    domain: "uptime.{{ base_domain }}"
+    status_domain: "status.{{ base_domain }}"
+    volume_folder: "{{ volume_root_folder }}/uptime_kuma"
+    pre_deploy_tasks: true
+    version: "latest"
+
+services_exclude: []
+services_include: "{{ services | dict2items | map(attribute='key') | list | difference(services_exclude) }}"
diff --git a/roles/docker/files/element/riot.im.conf b/roles/services/files/element/riot.im.conf
similarity index 100%
rename from roles/docker/files/element/riot.im.conf
rename to roles/services/files/element/riot.im.conf
diff --git a/roles/docker/files/mastodon/postgresql.conf b/roles/services/files/mastodon/postgresql.conf
similarity index 100%
rename from roles/docker/files/mastodon/postgresql.conf
rename to roles/services/files/mastodon/postgresql.conf
diff --git a/roles/docker/files/matrix/log.config b/roles/services/files/matrix/log.config
similarity index 100%
rename from roles/docker/files/matrix/log.config
rename to roles/services/files/matrix/log.config
diff --git a/roles/docker/files/privatebin/conf.php b/roles/services/files/privatebin/conf.php
similarity index 100%
rename from roles/docker/files/privatebin/conf.php
rename to roles/services/files/privatebin/conf.php
diff --git a/roles/docker/files/sso/sso.data.coop.pem b/roles/services/files/sso/sso.data.coop.pem
similarity index 100%
rename from roles/docker/files/sso/sso.data.coop.pem
rename to roles/services/files/sso/sso.data.coop.pem
diff --git a/roles/docker/files/vhost/base_domain b/roles/services/files/vhost/base_domain
similarity index 100%
rename from roles/docker/files/vhost/base_domain
rename to roles/services/files/vhost/base_domain
diff --git a/roles/docker/files/vhost/docker_registry b/roles/services/files/vhost/docker_registry
similarity index 100%
rename from roles/docker/files/vhost/docker_registry
rename to roles/services/files/vhost/docker_registry
diff --git a/roles/docker/files/vhost/element b/roles/services/files/vhost/element
similarity index 100%
rename from roles/docker/files/vhost/element
rename to roles/services/files/vhost/element
diff --git a/roles/docker/files/vhost/mastodon b/roles/services/files/vhost/mastodon
similarity index 100%
rename from roles/docker/files/vhost/mastodon
rename to roles/services/files/vhost/mastodon
diff --git a/roles/docker/files/vhost/matrix b/roles/services/files/vhost/matrix
similarity index 100%
rename from roles/docker/files/vhost/matrix
rename to roles/services/files/vhost/matrix
diff --git a/roles/docker/files/vhost/nextcloud b/roles/services/files/vhost/nextcloud
similarity index 100%
rename from roles/docker/files/vhost/nextcloud
rename to roles/services/files/vhost/nextcloud
diff --git a/roles/docker/files/vhost/uptime_kuma b/roles/services/files/vhost/uptime_kuma
similarity index 100%
rename from roles/docker/files/vhost/uptime_kuma
rename to roles/services/files/vhost/uptime_kuma
diff --git a/roles/docker/files/vhost/www.base_domain b/roles/services/files/vhost/www.base_domain
similarity index 100%
rename from roles/docker/files/vhost/www.base_domain
rename to roles/services/files/vhost/www.base_domain
diff --git a/roles/docker/handlers/main.yml b/roles/services/handlers/main.yml
similarity index 100%
rename from roles/docker/handlers/main.yml
rename to roles/services/handlers/main.yml
diff --git a/roles/docker/tasks/block.yml b/roles/services/tasks/block.yml
similarity index 100%
rename from roles/docker/tasks/block.yml
rename to roles/services/tasks/block.yml
diff --git a/roles/services/tasks/main.yml b/roles/services/tasks/main.yml
new file mode 100644
index 0000000..146b4fa
--- /dev/null
+++ b/roles/services/tasks/main.yml
@@ -0,0 +1,15 @@
+# vim: ft=yaml.ansible
+# code: language=ansible
+---
+- name: Create folder structure for bind mounts
+  file:
+    name: "{{ item }}"
+    state: directory
+  loop:
+    - "{{ volume_root_folder }}"
+    - "{{ volume_website_folder }}"
+
+- name: Set up services
+  import_tasks: services.yml
+  tags:
+    - setup_services
diff --git a/roles/docker/tasks/post_deploy/docker_registry.yml b/roles/services/tasks/post_deploy/docker_registry.yml
similarity index 100%
rename from roles/docker/tasks/post_deploy/docker_registry.yml
rename to roles/services/tasks/post_deploy/docker_registry.yml
diff --git a/roles/docker/tasks/pre_deploy/data_coop_website.yml b/roles/services/tasks/pre_deploy/data_coop_website.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/data_coop_website.yml
rename to roles/services/tasks/pre_deploy/data_coop_website.yml
diff --git a/roles/docker/tasks/pre_deploy/docker_registry.yml b/roles/services/tasks/pre_deploy/docker_registry.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/docker_registry.yml
rename to roles/services/tasks/pre_deploy/docker_registry.yml
diff --git a/roles/docker/tasks/pre_deploy/element.yml b/roles/services/tasks/pre_deploy/element.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/element.yml
rename to roles/services/tasks/pre_deploy/element.yml
diff --git a/roles/docker/tasks/pre_deploy/hedgedoc.yml b/roles/services/tasks/pre_deploy/hedgedoc.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/hedgedoc.yml
rename to roles/services/tasks/pre_deploy/hedgedoc.yml
diff --git a/roles/docker/tasks/pre_deploy/mailu.yml b/roles/services/tasks/pre_deploy/mailu.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/mailu.yml
rename to roles/services/tasks/pre_deploy/mailu.yml
diff --git a/roles/docker/tasks/pre_deploy/mastodon.yml b/roles/services/tasks/pre_deploy/mastodon.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/mastodon.yml
rename to roles/services/tasks/pre_deploy/mastodon.yml
diff --git a/roles/docker/tasks/pre_deploy/matrix.yml b/roles/services/tasks/pre_deploy/matrix.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/matrix.yml
rename to roles/services/tasks/pre_deploy/matrix.yml
diff --git a/roles/docker/tasks/pre_deploy/nextcloud.yml b/roles/services/tasks/pre_deploy/nextcloud.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/nextcloud.yml
rename to roles/services/tasks/pre_deploy/nextcloud.yml
diff --git a/roles/docker/tasks/pre_deploy/nginx_proxy.yml b/roles/services/tasks/pre_deploy/nginx_proxy.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/nginx_proxy.yml
rename to roles/services/tasks/pre_deploy/nginx_proxy.yml
diff --git a/roles/docker/tasks/pre_deploy/openldap.yml b/roles/services/tasks/pre_deploy/openldap.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/openldap.yml
rename to roles/services/tasks/pre_deploy/openldap.yml
diff --git a/roles/docker/tasks/pre_deploy/postfix.yml b/roles/services/tasks/pre_deploy/postfix.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/postfix.yml
rename to roles/services/tasks/pre_deploy/postfix.yml
diff --git a/roles/docker/tasks/pre_deploy/privatebin.yml b/roles/services/tasks/pre_deploy/privatebin.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/privatebin.yml
rename to roles/services/tasks/pre_deploy/privatebin.yml
diff --git a/roles/docker/tasks/pre_deploy/rallly.yml b/roles/services/tasks/pre_deploy/rallly.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/rallly.yml
rename to roles/services/tasks/pre_deploy/rallly.yml
diff --git a/roles/docker/tasks/pre_deploy/restic.yml b/roles/services/tasks/pre_deploy/restic.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/restic.yml
rename to roles/services/tasks/pre_deploy/restic.yml
diff --git a/roles/docker/tasks/pre_deploy/uptime_kuma.yml b/roles/services/tasks/pre_deploy/uptime_kuma.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/uptime_kuma.yml
rename to roles/services/tasks/pre_deploy/uptime_kuma.yml
diff --git a/roles/docker/tasks/pre_deploy/writefreely.yml b/roles/services/tasks/pre_deploy/writefreely.yml
similarity index 100%
rename from roles/docker/tasks/pre_deploy/writefreely.yml
rename to roles/services/tasks/pre_deploy/writefreely.yml
diff --git a/roles/docker/tasks/services.yml b/roles/services/tasks/services.yml
similarity index 100%
rename from roles/docker/tasks/services.yml
rename to roles/services/tasks/services.yml
diff --git a/roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2 b/roles/services/templates/compose-files/cryptoaarhus_website.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/cryptoaarhus_website.yml.j2
rename to roles/services/templates/compose-files/cryptoaarhus_website.yml.j2
diff --git a/roles/docker/templates/compose-files/cryptohagen_website.yml.j2 b/roles/services/templates/compose-files/cryptohagen_website.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/cryptohagen_website.yml.j2
rename to roles/services/templates/compose-files/cryptohagen_website.yml.j2
diff --git a/roles/docker/templates/compose-files/data_coop_website.yml.j2 b/roles/services/templates/compose-files/data_coop_website.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/data_coop_website.yml.j2
rename to roles/services/templates/compose-files/data_coop_website.yml.j2
diff --git a/roles/docker/templates/compose-files/diun.yml.j2 b/roles/services/templates/compose-files/diun.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/diun.yml.j2
rename to roles/services/templates/compose-files/diun.yml.j2
diff --git a/roles/docker/templates/compose-files/docker_registry.yml.j2 b/roles/services/templates/compose-files/docker_registry.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/docker_registry.yml.j2
rename to roles/services/templates/compose-files/docker_registry.yml.j2
diff --git a/roles/docker/templates/compose-files/drone.yml.j2 b/roles/services/templates/compose-files/drone.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/drone.yml.j2
rename to roles/services/templates/compose-files/drone.yml.j2
diff --git a/roles/docker/templates/compose-files/element.yml.j2 b/roles/services/templates/compose-files/element.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/element.yml.j2
rename to roles/services/templates/compose-files/element.yml.j2
diff --git a/roles/docker/templates/compose-files/fedi_dk_website.yml.j2 b/roles/services/templates/compose-files/fedi_dk_website.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/fedi_dk_website.yml.j2
rename to roles/services/templates/compose-files/fedi_dk_website.yml.j2
diff --git a/roles/docker/templates/compose-files/forgejo.yml.j2 b/roles/services/templates/compose-files/forgejo.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/forgejo.yml.j2
rename to roles/services/templates/compose-files/forgejo.yml.j2
diff --git a/roles/docker/templates/compose-files/hedgedoc.yml.j2 b/roles/services/templates/compose-files/hedgedoc.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/hedgedoc.yml.j2
rename to roles/services/templates/compose-files/hedgedoc.yml.j2
diff --git a/roles/docker/templates/compose-files/keycloak.yml.j2 b/roles/services/templates/compose-files/keycloak.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/keycloak.yml.j2
rename to roles/services/templates/compose-files/keycloak.yml.j2
diff --git a/roles/docker/templates/compose-files/mailu.yml.j2 b/roles/services/templates/compose-files/mailu.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/mailu.yml.j2
rename to roles/services/templates/compose-files/mailu.yml.j2
diff --git a/roles/docker/templates/compose-files/mastodon.yml.j2 b/roles/services/templates/compose-files/mastodon.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/mastodon.yml.j2
rename to roles/services/templates/compose-files/mastodon.yml.j2
diff --git a/roles/docker/templates/compose-files/matrix.yml.j2 b/roles/services/templates/compose-files/matrix.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/matrix.yml.j2
rename to roles/services/templates/compose-files/matrix.yml.j2
diff --git a/roles/docker/templates/compose-files/membersystem.yml.j2 b/roles/services/templates/compose-files/membersystem.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/membersystem.yml.j2
rename to roles/services/templates/compose-files/membersystem.yml.j2
diff --git a/roles/docker/templates/compose-files/netdata.yml.j2 b/roles/services/templates/compose-files/netdata.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/netdata.yml.j2
rename to roles/services/templates/compose-files/netdata.yml.j2
diff --git a/roles/docker/templates/compose-files/nextcloud.yml.j2 b/roles/services/templates/compose-files/nextcloud.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/nextcloud.yml.j2
rename to roles/services/templates/compose-files/nextcloud.yml.j2
diff --git a/roles/docker/templates/compose-files/nginx_proxy.yml.j2 b/roles/services/templates/compose-files/nginx_proxy.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/nginx_proxy.yml.j2
rename to roles/services/templates/compose-files/nginx_proxy.yml.j2
diff --git a/roles/docker/templates/compose-files/openldap.yml.j2 b/roles/services/templates/compose-files/openldap.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/openldap.yml.j2
rename to roles/services/templates/compose-files/openldap.yml.j2
diff --git a/roles/docker/templates/compose-files/passit.yml.j2 b/roles/services/templates/compose-files/passit.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/passit.yml.j2
rename to roles/services/templates/compose-files/passit.yml.j2
diff --git a/roles/docker/templates/compose-files/portainer.yml.j2 b/roles/services/templates/compose-files/portainer.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/portainer.yml.j2
rename to roles/services/templates/compose-files/portainer.yml.j2
diff --git a/roles/docker/templates/compose-files/postfix.yml.j2 b/roles/services/templates/compose-files/postfix.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/postfix.yml.j2
rename to roles/services/templates/compose-files/postfix.yml.j2
diff --git a/roles/docker/templates/compose-files/privatebin.yml.j2 b/roles/services/templates/compose-files/privatebin.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/privatebin.yml.j2
rename to roles/services/templates/compose-files/privatebin.yml.j2
diff --git a/roles/docker/templates/compose-files/rallly.yml.j2 b/roles/services/templates/compose-files/rallly.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/rallly.yml.j2
rename to roles/services/templates/compose-files/rallly.yml.j2
diff --git a/roles/docker/templates/compose-files/restic.yml.j2 b/roles/services/templates/compose-files/restic.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/restic.yml.j2
rename to roles/services/templates/compose-files/restic.yml.j2
diff --git a/roles/docker/templates/compose-files/slides_2022_website.yml.j2 b/roles/services/templates/compose-files/slides_2022_website.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/slides_2022_website.yml.j2
rename to roles/services/templates/compose-files/slides_2022_website.yml.j2
diff --git a/roles/docker/templates/compose-files/ulovliglogning_website.yml.j2 b/roles/services/templates/compose-files/ulovliglogning_website.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/ulovliglogning_website.yml.j2
rename to roles/services/templates/compose-files/ulovliglogning_website.yml.j2
diff --git a/roles/docker/templates/compose-files/uptime_kuma.yml.j2 b/roles/services/templates/compose-files/uptime_kuma.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/uptime_kuma.yml.j2
rename to roles/services/templates/compose-files/uptime_kuma.yml.j2
diff --git a/roles/docker/templates/compose-files/vhs_website.yml.j2 b/roles/services/templates/compose-files/vhs_website.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/vhs_website.yml.j2
rename to roles/services/templates/compose-files/vhs_website.yml.j2
diff --git a/roles/docker/templates/compose-files/watchtower.yml.j2 b/roles/services/templates/compose-files/watchtower.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/watchtower.yml.j2
rename to roles/services/templates/compose-files/watchtower.yml.j2
diff --git a/roles/docker/templates/compose-files/writefreely.yml.j2 b/roles/services/templates/compose-files/writefreely.yml.j2
similarity index 100%
rename from roles/docker/templates/compose-files/writefreely.yml.j2
rename to roles/services/templates/compose-files/writefreely.yml.j2
diff --git a/roles/docker/templates/element/config.json.j2 b/roles/services/templates/element/config.json.j2
similarity index 100%
rename from roles/docker/templates/element/config.json.j2
rename to roles/services/templates/element/config.json.j2
diff --git a/roles/docker/templates/mailu/env.j2 b/roles/services/templates/mailu/env.j2
similarity index 100%
rename from roles/docker/templates/mailu/env.j2
rename to roles/services/templates/mailu/env.j2
diff --git a/roles/docker/templates/mastodon/env.j2 b/roles/services/templates/mastodon/env.j2
similarity index 100%
rename from roles/docker/templates/mastodon/env.j2
rename to roles/services/templates/mastodon/env.j2
diff --git a/roles/docker/templates/matrix/homeserver.yaml.j2 b/roles/services/templates/matrix/homeserver.yaml.j2
similarity index 100%
rename from roles/docker/templates/matrix/homeserver.yaml.j2
rename to roles/services/templates/matrix/homeserver.yaml.j2
diff --git a/roles/docker/templates/rallly/env.j2 b/roles/services/templates/rallly/env.j2
similarity index 100%
rename from roles/docker/templates/rallly/env.j2
rename to roles/services/templates/rallly/env.j2
diff --git a/roles/docker/templates/restic/failure.sh.j2 b/roles/services/templates/restic/failure.sh.j2
similarity index 100%
rename from roles/docker/templates/restic/failure.sh.j2
rename to roles/services/templates/restic/failure.sh.j2
diff --git a/roles/docker/templates/restic/ssh.config.j2 b/roles/services/templates/restic/ssh.config.j2
similarity index 100%
rename from roles/docker/templates/restic/ssh.config.j2
rename to roles/services/templates/restic/ssh.config.j2
diff --git a/roles/docker/templates/restic/ssh.known_hosts.j2 b/roles/services/templates/restic/ssh.known_hosts.j2
similarity index 100%
rename from roles/docker/templates/restic/ssh.known_hosts.j2
rename to roles/services/templates/restic/ssh.known_hosts.j2
diff --git a/roles/docker/templates/restic/success.sh.j2 b/roles/services/templates/restic/success.sh.j2
similarity index 100%
rename from roles/docker/templates/restic/success.sh.j2
rename to roles/services/templates/restic/success.sh.j2
diff --git a/roles/docker/templates/writefreely/config.ini.j2 b/roles/services/templates/writefreely/config.ini.j2
similarity index 100%
rename from roles/docker/templates/writefreely/config.ini.j2
rename to roles/services/templates/writefreely/config.ini.j2
diff --git a/roles/os_base/tasks/base.yml b/roles/vm-common/tasks/base.yml
similarity index 100%
rename from roles/os_base/tasks/base.yml
rename to roles/vm-common/tasks/base.yml
diff --git a/roles/os_base/tasks/firewall.yml b/roles/vm-common/tasks/firewall.yml
similarity index 100%
rename from roles/os_base/tasks/firewall.yml
rename to roles/vm-common/tasks/firewall.yml
diff --git a/roles/os_base/tasks/main.yml b/roles/vm-common/tasks/main.yml
similarity index 100%
rename from roles/os_base/tasks/main.yml
rename to roles/vm-common/tasks/main.yml
diff --git a/roles/os_base/tasks/users.yml b/roles/vm-common/tasks/users.yml
similarity index 100%
rename from roles/os_base/tasks/users.yml
rename to roles/vm-common/tasks/users.yml