diff --git a/group_vars/production/vars.yml b/group_vars/production/vars.yml
index 0b5978f..a216b96 100644
--- a/group_vars/production/vars.yml
+++ b/group_vars/production/vars.yml
@@ -1,16 +1,16 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-ldap_dn: "dc=data,dc=coop"
-
 vagrant: "{{ from_vagrant is defined and from_vagrant }}"
 letsencrypt_enabled: "{{ not vagrant }}"
 
 base_domain: "{{ 'datacoop.devel' if vagrant else 'data.coop' }}"
 letsencrypt_email: admin@data.coop
 
+services_exclude:
+  - uptime_kuma
+
 smtp_host: "postfix"
 smtp_port: "587"
 
-services_exclude:
-  - uptime_kuma
+ldap_dn: "dc=data,dc=coop"
diff --git a/group_vars/staging/vars.yml b/group_vars/staging/vars.yml
index 522f9f1..7cd6089 100644
--- a/group_vars/staging/vars.yml
+++ b/group_vars/staging/vars.yml
@@ -1,16 +1,16 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-ldap_dn: "dc=staging,dc=data,dc=coop"
-
 vagrant: "{{ from_vagrant is defined and from_vagrant }}"
 letsencrypt_enabled: "{{ not vagrant }}"
 
 base_domain: "{{ 'staging.datacoop.devel' if vagrant else 'staging.data.coop' }}"
 letsencrypt_email: admin@data.coop
 
+services_exclude:
+  - uptime_kuma
+
 smtp_host: "postfix"
 smtp_port: "587"
 
-services_exclude:
-  - uptime_kuma
+ldap_dn: "dc=staging,dc=data,dc=coop"
diff --git a/playbook.yml b/playbook.yml
index cdbbb37..9a5a7d2 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -4,10 +4,10 @@
 - hosts: all
   gather_facts: true
   become: true
-  tasks:
-    - import_role:
-        name: ubuntu_base
+  roles:
+    - name: os_base
       tags:
         - base_only
-    - import_role:
-        name: docker
+    - name: docker
+      tags:
+        - docker
diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/os_base/tasks/base.yml
similarity index 80%
rename from roles/ubuntu_base/tasks/base.yml
rename to roles/os_base/tasks/base.yml
index f9be46b..857d8d8 100644
--- a/roles/ubuntu_base/tasks/base.yml
+++ b/roles/os_base/tasks/base.yml
@@ -2,12 +2,12 @@
 # code: language=ansible
 ---
 - name: Install necessary packages via apt
-  apt:
+  ansible.builtin.apt:
     name: "{{ packages }}"
   vars:
     packages:
-      - aptitude
-      - python3-pip
       - apparmor
       - haveged
       - mosh
+      - ufw
+      - vim
diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/os_base/tasks/firewall.yml
similarity index 92%
rename from roles/ubuntu_base/tasks/firewall.yml
rename to roles/os_base/tasks/firewall.yml
index 59ddfeb..52008da 100644
--- a/roles/ubuntu_base/tasks/firewall.yml
+++ b/roles/os_base/tasks/firewall.yml
@@ -22,3 +22,4 @@
     - port: 587    # Email
     - port: 993    # Email
     - port: 19022  # SSH
+  when: inventory_hostname in groups['virtual']
diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/os_base/tasks/main.yml
similarity index 51%
rename from roles/ubuntu_base/tasks/main.yml
rename to roles/os_base/tasks/main.yml
index f8c1b29..c9a7d95 100644
--- a/roles/ubuntu_base/tasks/main.yml
+++ b/roles/os_base/tasks/main.yml
@@ -1,18 +1,15 @@
 # vim: ft=yaml.ansible
 # code: language=ansible
 ---
-- import_tasks: ssh-port.yml
+- ansible.builtin.import_tasks: ssh-port.yml
   tags: [change-ssh-port]
   when: ansible_port != 22
 
-- import_tasks: upgrade.yml
-  tags: [do-full-system-upgrade]
-
-- import_tasks: base.yml
+- ansible.builtin.import_tasks: base.yml
   tags: [install-base-packages]
 
-- import_tasks: users.yml
+- ansible.builtin.import_tasks: users.yml
   tags: [setup-users]
 
-- import_tasks: firewall.yml
+- ansible.builtin.import_tasks: firewall.yml
   tags: [setup-firewall]
diff --git a/roles/ubuntu_base/tasks/ssh-port.yml b/roles/os_base/tasks/ssh-port.yml
similarity index 100%
rename from roles/ubuntu_base/tasks/ssh-port.yml
rename to roles/os_base/tasks/ssh-port.yml
diff --git a/roles/ubuntu_base/tasks/upgrade.yml b/roles/os_base/tasks/upgrade.yml
similarity index 100%
rename from roles/ubuntu_base/tasks/upgrade.yml
rename to roles/os_base/tasks/upgrade.yml
diff --git a/roles/ubuntu_base/tasks/users.yml b/roles/os_base/tasks/users.yml
similarity index 100%
rename from roles/ubuntu_base/tasks/users.yml
rename to roles/os_base/tasks/users.yml
diff --git a/uptime.data.coop.yml b/uptime.data.coop.yml
deleted file mode 100644
index 6058b91..0000000
--- a/uptime.data.coop.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-# vim: ft=yaml.ansible
-# code: language=ansible
----
-- hosts: monitoring
-  gather_facts: true
-  become: true
-  vars:
-  tasks:
-    - import_role:
-        name: ubuntu_base
-      tags:
-        - base_only
-    - import_role:
-        name: docker
diff --git a/vagrant_host b/vagrant.ini
similarity index 100%
rename from vagrant_host
rename to vagrant.ini