diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index afe089f..8db22ca 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -9,6 +9,7 @@ ansible_become_password: "{{ vault_ansible_become_password }}"
 # system:base
 # --------------------------------------------------------------------------------------------------
 system_base_ssh_user: "{{ vault_system_base_ssh_user }}"
+system_base_ntp_timezone: "{{ vault_system_base_ntp_timezone }}"
 
 # --------------------------------------------------------------------------------------------------
 # system:mail
diff --git a/playbooks/roles/services/setup/system/meta/main.yml b/playbooks/roles/services/setup/system/meta/main.yml
index 7644cba..67d258d 100644
--- a/playbooks/roles/services/setup/system/meta/main.yml
+++ b/playbooks/roles/services/setup/system/meta/main.yml
@@ -1,4 +1,4 @@
 ---
 dependencies:
-  - role: "system/nftables"
+  - role: "system/base/nftables"
   - role: "vpn/bridge"
diff --git a/playbooks/roles/system/base/fail2ban/meta/argument_specs.yml b/playbooks/roles/system/base/fail2ban/meta/argument_specs.yml
new file mode 100644
index 0000000..cdecb95
--- /dev/null
+++ b/playbooks/roles/system/base/fail2ban/meta/argument_specs.yml
@@ -0,0 +1,10 @@
+---
+argument_specs:
+  main:
+    options:
+      ansible_port:
+        type: "int"
+        required: true
+      system_base_fail2ban_ignoreip:
+        type: "str"
+        required: true
diff --git a/playbooks/roles/system/base/tasks/include/fail2ban.yml b/playbooks/roles/system/base/fail2ban/tasks/main.yml
similarity index 68%
rename from playbooks/roles/system/base/tasks/include/fail2ban.yml
rename to playbooks/roles/system/base/fail2ban/tasks/main.yml
index dbb6a01..720dac5 100644
--- a/playbooks/roles/system/base/tasks/include/fail2ban.yml
+++ b/playbooks/roles/system/base/fail2ban/tasks/main.yml
@@ -1,34 +1,34 @@
 ---
-- name: "fail2ban : install fail2ban"
+- name: "install fail2ban"
   ansible.builtin.apt:
     name: "fail2ban"
 
-- name: "fail2ban : configure fail2ban"
+- name: "configure fail2ban"
   ansible.builtin.template:
-    src: "./fail2ban/jail.local.j2"
+    src: "./jail.local.j2"
     dest: "/etc/fail2ban/jail.local"
     mode: 0644
   register: system_base_fail2ban_conf
 
-- name: "fail2ban : configure fail2ban sshd jail"
+- name: "configure fail2ban sshd jail"
   ansible.builtin.template:
-    src: "./fail2ban/jail.d/sshd.local.j2"
+    src: "./jail.d/sshd.local.j2"
     dest: "/etc/fail2ban/jail.d/sshd.local"
     mode: 0644
   register: system_base_fail2ban_sshd_jail
 
-- name: "fail2ban : enable fail2ban"
+- name: "enable fail2ban"
   ansible.builtin.systemd:
     name: "fail2ban"
     enabled: true
 
-- name: "fail2ban : start fail2ban"
+- name: "start fail2ban"
   ansible.builtin.systemd:
     name: "fail2ban"
     state: "started"
   register: system_base_fail2ban_start
 
-- name: "fail2ban : restart fail2ban"
+- name: "restart fail2ban"
   ansible.builtin.systemd:
     name: "fail2ban"
     state: "restarted"
diff --git a/playbooks/roles/system/base/templates/fail2ban/jail.d/sshd.local.j2 b/playbooks/roles/system/base/fail2ban/templates/jail.d/sshd.local.j2
similarity index 100%
rename from playbooks/roles/system/base/templates/fail2ban/jail.d/sshd.local.j2
rename to playbooks/roles/system/base/fail2ban/templates/jail.d/sshd.local.j2
diff --git a/playbooks/roles/system/base/templates/fail2ban/jail.local.j2 b/playbooks/roles/system/base/fail2ban/templates/jail.local.j2
similarity index 100%
rename from playbooks/roles/system/base/templates/fail2ban/jail.local.j2
rename to playbooks/roles/system/base/fail2ban/templates/jail.local.j2
diff --git a/playbooks/roles/system/base/tasks/include/fstrim.yml b/playbooks/roles/system/base/fstrim/tasks/main.yml
similarity index 70%
rename from playbooks/roles/system/base/tasks/include/fstrim.yml
rename to playbooks/roles/system/base/fstrim/tasks/main.yml
index 6e40ffd..de61297 100644
--- a/playbooks/roles/system/base/tasks/include/fstrim.yml
+++ b/playbooks/roles/system/base/fstrim/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: "fstrim : enable fstrim.timer"
+- name: "enable fstrim.timer"
   ansible.builtin.systemd:
     name: "fstrim.timer"
     enabled: true
diff --git a/playbooks/roles/system/base/files/logcheck/ignore b/playbooks/roles/system/base/logs/files/ignore
similarity index 100%
rename from playbooks/roles/system/base/files/logcheck/ignore
rename to playbooks/roles/system/base/logs/files/ignore
diff --git a/playbooks/roles/system/base/files/logcheck/logcheck.conf b/playbooks/roles/system/base/logs/files/logcheck.conf
similarity index 100%
rename from playbooks/roles/system/base/files/logcheck/logcheck.conf
rename to playbooks/roles/system/base/logs/files/logcheck.conf
diff --git a/playbooks/roles/system/base/tasks/include/logs.yml b/playbooks/roles/system/base/logs/tasks/main.yml
similarity index 68%
rename from playbooks/roles/system/base/tasks/include/logs.yml
rename to playbooks/roles/system/base/logs/tasks/main.yml
index b840666..8e0ae84 100644
--- a/playbooks/roles/system/base/tasks/include/logs.yml
+++ b/playbooks/roles/system/base/logs/tasks/main.yml
@@ -1,19 +1,19 @@
 ---
-- name: "logs : install logcheck and logrotate"
+- name: "install logcheck and logrotate"
   ansible.builtin.apt:
     name:
       - "logcheck"
       - "logrotate"
 
-- name: "logs : configure logcheck"
+- name: "configure logcheck"
   ansible.builtin.copy:
-    src: "./logcheck/logcheck.conf"
+    src: "./logcheck.conf"
     dest: "/etc/logcheck/logcheck.conf"
     mode: 0640
 
 - name: "logs : configure logcheck ignores"
   ansible.builtin.copy:
-    src: "./logcheck/ignore"
+    src: "./ignore"
     dest: "/etc/logcheck/ignore.d.server/{{ ansible_hostname }}"
     group: "logcheck"
     mode: 0644
diff --git a/playbooks/roles/system/mail/meta/argument_specs.yml b/playbooks/roles/system/base/mail/meta/argument_specs.yml
similarity index 100%
rename from playbooks/roles/system/mail/meta/argument_specs.yml
rename to playbooks/roles/system/base/mail/meta/argument_specs.yml
diff --git a/playbooks/roles/system/mail/tasks/main.yml b/playbooks/roles/system/base/mail/tasks/main.yml
similarity index 100%
rename from playbooks/roles/system/mail/tasks/main.yml
rename to playbooks/roles/system/base/mail/tasks/main.yml
diff --git a/playbooks/roles/system/mail/templates/aliases.j2 b/playbooks/roles/system/base/mail/templates/aliases.j2
similarity index 100%
rename from playbooks/roles/system/mail/templates/aliases.j2
rename to playbooks/roles/system/base/mail/templates/aliases.j2
diff --git a/playbooks/roles/system/mail/templates/mailname.j2 b/playbooks/roles/system/base/mail/templates/mailname.j2
similarity index 100%
rename from playbooks/roles/system/mail/templates/mailname.j2
rename to playbooks/roles/system/base/mail/templates/mailname.j2
diff --git a/playbooks/roles/system/mail/templates/mailutils.conf.j2 b/playbooks/roles/system/base/mail/templates/mailutils.conf.j2
similarity index 100%
rename from playbooks/roles/system/mail/templates/mailutils.conf.j2
rename to playbooks/roles/system/base/mail/templates/mailutils.conf.j2
diff --git a/playbooks/roles/system/mail/templates/postfix/main.cf.j2 b/playbooks/roles/system/base/mail/templates/postfix/main.cf.j2
similarity index 100%
rename from playbooks/roles/system/mail/templates/postfix/main.cf.j2
rename to playbooks/roles/system/base/mail/templates/postfix/main.cf.j2
diff --git a/playbooks/roles/system/mail/templates/postfix/sasl_passwd.j2 b/playbooks/roles/system/base/mail/templates/postfix/sasl_passwd.j2
similarity index 100%
rename from playbooks/roles/system/mail/templates/postfix/sasl_passwd.j2
rename to playbooks/roles/system/base/mail/templates/postfix/sasl_passwd.j2
diff --git a/playbooks/roles/system/base/motd/meta/argument_specs.yml b/playbooks/roles/system/base/motd/meta/argument_specs.yml
new file mode 100644
index 0000000..b1d3163
--- /dev/null
+++ b/playbooks/roles/system/base/motd/meta/argument_specs.yml
@@ -0,0 +1,10 @@
+---
+argument_specs:
+  main:
+    options:
+      ansible_hostname:
+        type: "str"
+        required: true
+      system_base_motd_dir:
+        type: "str"
+        required: false
diff --git a/playbooks/roles/system/base/tasks/include/motd.yml b/playbooks/roles/system/base/motd/tasks/main.yml
similarity index 91%
rename from playbooks/roles/system/base/tasks/include/motd.yml
rename to playbooks/roles/system/base/motd/tasks/main.yml
index b24b157..090d3b6 100644
--- a/playbooks/roles/system/base/tasks/include/motd.yml
+++ b/playbooks/roles/system/base/motd/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: "motd : set motd"
+- name: "set motd"
   ansible.builtin.copy:
     src: "{{ item }}"
     dest: "/etc/motd"
diff --git a/playbooks/roles/system/nftables/defaults/main.yml b/playbooks/roles/system/base/nftables/defaults/main.yml
similarity index 100%
rename from playbooks/roles/system/nftables/defaults/main.yml
rename to playbooks/roles/system/base/nftables/defaults/main.yml
diff --git a/playbooks/roles/system/nftables/meta/argument_specs.yml b/playbooks/roles/system/base/nftables/meta/argument_specs.yml
similarity index 100%
rename from playbooks/roles/system/nftables/meta/argument_specs.yml
rename to playbooks/roles/system/base/nftables/meta/argument_specs.yml
diff --git a/playbooks/roles/system/nftables/tasks/main.yml b/playbooks/roles/system/base/nftables/tasks/main.yml
similarity index 100%
rename from playbooks/roles/system/nftables/tasks/main.yml
rename to playbooks/roles/system/base/nftables/tasks/main.yml
diff --git a/playbooks/roles/system/nftables/templates/nftables.conf.j2 b/playbooks/roles/system/base/nftables/templates/nftables.conf.j2
similarity index 100%
rename from playbooks/roles/system/nftables/templates/nftables.conf.j2
rename to playbooks/roles/system/base/nftables/templates/nftables.conf.j2
diff --git a/playbooks/roles/system/base/ntp/meta/argument_specs.yml b/playbooks/roles/system/base/ntp/meta/argument_specs.yml
new file mode 100644
index 0000000..b86ba1b
--- /dev/null
+++ b/playbooks/roles/system/base/ntp/meta/argument_specs.yml
@@ -0,0 +1,7 @@
+---
+argument_specs:
+  main:
+    options:
+      system_base_ntp_timezone:
+        type: "str"
+        required: true
diff --git a/playbooks/roles/system/base/tasks/include/ntp.yml b/playbooks/roles/system/base/ntp/tasks/main.yml
similarity index 56%
rename from playbooks/roles/system/base/tasks/include/ntp.yml
rename to playbooks/roles/system/base/ntp/tasks/main.yml
index 91b0ffc..37f7bd4 100644
--- a/playbooks/roles/system/base/tasks/include/ntp.yml
+++ b/playbooks/roles/system/base/ntp/tasks/main.yml
@@ -1,14 +1,14 @@
 ---
-- name: "ntp : install systemd-timesyncd"
+- name: "install systemd-timesyncd"
   ansible.builtin.apt:
     name: "systemd-timesyncd"
 
-- name: "ntp : enable systemd-timesyncd"
+- name: "enable systemd-timesyncd"
   ansible.builtin.systemd:
     name: "systemd-timesyncd"
     enabled: true
     state: started
 
-- name: "ntp : set timezone"
+- name: "set timezone"
   community.general.timezone:
-    name: "Europe/Amsterdam"
+    name: "{{ system_base_ntp_timezone }}"
diff --git a/playbooks/roles/system/base/files/root/su b/playbooks/roles/system/base/root/files/su
similarity index 100%
rename from playbooks/roles/system/base/files/root/su
rename to playbooks/roles/system/base/root/files/su
diff --git a/playbooks/roles/system/base/tasks/include/root.yml b/playbooks/roles/system/base/root/tasks/main.yml
similarity index 57%
rename from playbooks/roles/system/base/tasks/include/root.yml
rename to playbooks/roles/system/base/root/tasks/main.yml
index b3ab8e1..304d9cb 100644
--- a/playbooks/roles/system/base/tasks/include/root.yml
+++ b/playbooks/roles/system/base/root/tasks/main.yml
@@ -1,11 +1,11 @@
 ---
-- name: "root : disable root shell"
+- name: "disable root shell"
   ansible.builtin.user:
     name: "root"
     shell: "/usr/sbin/nologin"
 
-- name: "root : disable su for non-wheel users"
+- name: "disable su for non-wheel users"
   ansible.builtin.copy:
-    src: "./root/su"
+    src: "./su"
     dest: "/etc/pam.d/su"
     mode: 0644
diff --git a/playbooks/roles/system/base/defaults/main.yml b/playbooks/roles/system/base/sshd/defaults/main.yml
similarity index 100%
rename from playbooks/roles/system/base/defaults/main.yml
rename to playbooks/roles/system/base/sshd/defaults/main.yml
diff --git a/playbooks/roles/system/base/meta/argument_specs.yml b/playbooks/roles/system/base/sshd/meta/argument_specs.yml
similarity index 56%
rename from playbooks/roles/system/base/meta/argument_specs.yml
rename to playbooks/roles/system/base/sshd/meta/argument_specs.yml
index 436ad95..c1a296a 100644
--- a/playbooks/roles/system/base/meta/argument_specs.yml
+++ b/playbooks/roles/system/base/sshd/meta/argument_specs.yml
@@ -2,9 +2,6 @@
 argument_specs:
   main:
     options:
-      ansible_hostname:
-        type: "str"
-        required: true
       ansible_port:
         type: "int"
         required: true
@@ -15,9 +12,3 @@ argument_specs:
         type: "list"
         elements: "str"
         required: true
-      system_base_fail2ban_ignoreip:
-        type: "str"
-        required: true
-      system_base_motd_dir:
-        type: "str"
-        required: false
diff --git a/playbooks/roles/system/base/tasks/include/sshd.yml b/playbooks/roles/system/base/sshd/tasks/main.yml
similarity index 76%
rename from playbooks/roles/system/base/tasks/include/sshd.yml
rename to playbooks/roles/system/base/sshd/tasks/main.yml
index 2e90657..230a9dc 100644
--- a/playbooks/roles/system/base/tasks/include/sshd.yml
+++ b/playbooks/roles/system/base/sshd/tasks/main.yml
@@ -1,25 +1,25 @@
 ---
 # SSH must be installed so we don't bother with installing it.
 
-- name: "sshd : configure sshd"
+- name: "configure sshd"
   ansible.builtin.template:
-    src: "./sshd/99-local.conf.j2"
+    src: "./99-local.conf.j2"
     dest: "/etc/ssh/sshd_config.d/99-local.conf"
     mode: 0600
   register: system_base_sshd_conf
 
-- name: "sshd : enable sshd"
+- name: "enable sshd"
   ansible.builtin.systemd:
     name: "sshd"
     enabled: true
 
-- name: "sshd : start sshd"
+- name: "start sshd"
   ansible.builtin.systemd:
     name: "sshd"
     state: "started"
   register: system_base_sshd_start
 
-- name: "sshd : restart sshd"
+- name: "restart sshd"
   ansible.builtin.systemd:
     name: "sshd"
     state: "restarted"
diff --git a/playbooks/roles/system/base/templates/sshd/99-local.conf.j2 b/playbooks/roles/system/base/sshd/templates/99-local.conf.j2
similarity index 100%
rename from playbooks/roles/system/base/templates/sshd/99-local.conf.j2
rename to playbooks/roles/system/base/sshd/templates/99-local.conf.j2
diff --git a/playbooks/roles/system/base/files/systemd_mail/system/status-mail@.service b/playbooks/roles/system/base/systemd_mail/files/system/status-mail@.service
similarity index 100%
rename from playbooks/roles/system/base/files/systemd_mail/system/status-mail@.service
rename to playbooks/roles/system/base/systemd_mail/files/system/status-mail@.service
diff --git a/playbooks/roles/system/base/files/systemd_mail/user/status-mail@.service b/playbooks/roles/system/base/systemd_mail/files/user/status-mail@.service
similarity index 100%
rename from playbooks/roles/system/base/files/systemd_mail/user/status-mail@.service
rename to playbooks/roles/system/base/systemd_mail/files/user/status-mail@.service
diff --git a/playbooks/roles/system/base/systemd_mail/meta/argument_specs.yml b/playbooks/roles/system/base/systemd_mail/meta/argument_specs.yml
new file mode 100644
index 0000000..70c76c4
--- /dev/null
+++ b/playbooks/roles/system/base/systemd_mail/meta/argument_specs.yml
@@ -0,0 +1,7 @@
+---
+argument_specs:
+  main:
+    options:
+      ansible_hostname:
+        type: "str"
+        required: true
diff --git a/playbooks/roles/system/base/tasks/include/systemd_mail.yml b/playbooks/roles/system/base/systemd_mail/tasks/main.yml
similarity index 58%
rename from playbooks/roles/system/base/tasks/include/systemd_mail.yml
rename to playbooks/roles/system/base/systemd_mail/tasks/main.yml
index 070a5b5..1b84d7f 100644
--- a/playbooks/roles/system/base/tasks/include/systemd_mail.yml
+++ b/playbooks/roles/system/base/systemd_mail/tasks/main.yml
@@ -1,31 +1,31 @@
 ---
-- name: "systemd_mail : systemd mail root script"
+- name: "systemd mail root script"
   ansible.builtin.template:
-    src: "./systemd_mail/system/systemd-mail-systemctl-status.j2"
+    src: "./system/systemd-mail-systemctl-status.j2"
     dest: "/usr/local/sbin/systemd-mail-systemctl-status"
     mode: 0755
 
-- name: "systemd_mail : systemd mail user script"
+- name: "systemd mail user script"
   ansible.builtin.template:
-    src: "./systemd_mail/user/systemd-mail-systemctl-status.j2"
+    src: "./user/systemd-mail-systemctl-status.j2"
     dest: "/usr/local/bin/systemd-mail-systemctl-status"
     mode: 0755
 
-- name: "systemd_mail : systemd mail root service"
+- name: "systemd mail root service"
   ansible.builtin.copy:
-    src: "./systemd_mail/system/status-mail@.service"
+    src: "./system/status-mail@.service"
     dest: "/etc/systemd/system/status-mail@.service"
     mode: 0644
   register: system_base_system_status_mail_service_file
 
-- name: "systemd_mail : systemd mail user service"
+- name: "systemd mail user service"
   ansible.builtin.copy:
-    src: "./systemd_mail/user/status-mail@.service"
+    src: "./user/status-mail@.service"
     dest: "/etc/systemd/user/status-mail@.service"
     mode: 0644
   register: system_base_user_status_mail_service_file
 
-- name: "systemd_mail : systemd daemon reload"
+- name: "systemd daemon reload"
   ansible.builtin.systemd:
     daemon_reload: true
   when:
diff --git a/playbooks/roles/system/base/templates/systemd_mail/system/systemd-mail-systemctl-status.j2 b/playbooks/roles/system/base/systemd_mail/templates/system/systemd-mail-systemctl-status.j2
similarity index 100%
rename from playbooks/roles/system/base/templates/systemd_mail/system/systemd-mail-systemctl-status.j2
rename to playbooks/roles/system/base/systemd_mail/templates/system/systemd-mail-systemctl-status.j2
diff --git a/playbooks/roles/system/base/templates/systemd_mail/user/systemd-mail-systemctl-status.j2 b/playbooks/roles/system/base/systemd_mail/templates/user/systemd-mail-systemctl-status.j2
similarity index 100%
rename from playbooks/roles/system/base/templates/systemd_mail/user/systemd-mail-systemctl-status.j2
rename to playbooks/roles/system/base/systemd_mail/templates/user/systemd-mail-systemctl-status.j2
diff --git a/playbooks/roles/system/base/tasks/include/unattended_upgrades.yml b/playbooks/roles/system/base/tasks/include/unattended_upgrades.yml
deleted file mode 100644
index 14fcc88..0000000
--- a/playbooks/roles/system/base/tasks/include/unattended_upgrades.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: "unattended_upgrades : install unattended-upgrades"
-  ansible.builtin.apt:
-    name: "unattended-upgrades"
-
-- name: "unattended_upgrades : configure unattended-upgrades"
-  ansible.builtin.copy:
-    src: "./unattended_upgrades/50unattended-upgrades"
-    dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
-    mode: 0644
-
-- name: "unattended_upgrades : enable unattended-upgrades"
-  ansible.builtin.copy:
-    src: "./unattended_upgrades/20auto-upgrades"
-    dest: "/etc/apt/apt.conf.d/20auto-upgrades"
-    mode: 0644
diff --git a/playbooks/roles/system/base/tasks/main.yml b/playbooks/roles/system/base/tasks/main.yml
deleted file mode 100644
index 905dbd6..0000000
--- a/playbooks/roles/system/base/tasks/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-- name: "play:system : role:base : tasks:sshd"
-  ansible.builtin.import_tasks: "include/sshd.yml"
-  tags: "system:base:sshd"
-
-- name: "play:system : role:base : tasks:ntp"
-  ansible.builtin.import_tasks: "include/ntp.yml"
-  tags: "system:base:ntp"
-
-- name: "play:system : role:base : tasks:fail2ban"
-  ansible.builtin.import_tasks: "include/fail2ban.yml"
-  tags: "system:base:fail2ban"
-
-- name: "play:system : role:base : tasks:fstrim"
-  ansible.builtin.import_tasks: "include/fstrim.yml"
-  tags: "system:base:fstrim"
-
-- name: "play:system : role:base : tasks:unattended_upgrades"
-  ansible.builtin.import_tasks: "include/unattended_upgrades.yml"
-  tags: "system:base:unattended_upgrades"
-
-- name: "play:system : role:base : tasks:logs"
-  ansible.builtin.import_tasks: "include/logs.yml"
-  tags: "system:base:logs"
-
-- name: "play:system : role:base : tasks:systemd_mail"
-  ansible.builtin.import_tasks: "include/systemd_mail.yml"
-  tags: "system:base:systemd_mail"
-
-- name: "play:system : role:base : tasks:utils"
-  ansible.builtin.import_tasks: "include/utils.yml"
-  tags: "system:base:utils"
-
-- name: "play:system : role:base : tasks:motd"
-  ansible.builtin.import_tasks: "include/motd.yml"
-  tags: "system:base:motd"
-
-- name: "play:system : role:base : tasks:root"
-  ansible.builtin.import_tasks: "include/root.yml"
-  tags: "system:base:root"
-
-- name: "play:system : role:base : tasks:user"
-  ansible.builtin.import_tasks: "include/user.yml"
-  tags: "system:base:user"
diff --git a/playbooks/roles/system/base/files/unattended_upgrades/20auto-upgrades b/playbooks/roles/system/base/unattended_upgrades/files/20auto-upgrades
similarity index 100%
rename from playbooks/roles/system/base/files/unattended_upgrades/20auto-upgrades
rename to playbooks/roles/system/base/unattended_upgrades/files/20auto-upgrades
diff --git a/playbooks/roles/system/base/files/unattended_upgrades/50unattended-upgrades b/playbooks/roles/system/base/unattended_upgrades/files/50unattended-upgrades
similarity index 100%
rename from playbooks/roles/system/base/files/unattended_upgrades/50unattended-upgrades
rename to playbooks/roles/system/base/unattended_upgrades/files/50unattended-upgrades
diff --git a/playbooks/roles/system/base/unattended_upgrades/tasks/main.yml b/playbooks/roles/system/base/unattended_upgrades/tasks/main.yml
new file mode 100644
index 0000000..ee77d8b
--- /dev/null
+++ b/playbooks/roles/system/base/unattended_upgrades/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: "install unattended-upgrades"
+  ansible.builtin.apt:
+    name: "unattended-upgrades"
+
+- name: "configure unattended-upgrades"
+  ansible.builtin.copy:
+    src: "./50unattended-upgrades"
+    dest: "/etc/apt/apt.conf.d/50unattended-upgrades"
+    mode: 0644
+
+- name: "enable unattended-upgrades"
+  ansible.builtin.copy:
+    src: "./20auto-upgrades"
+    dest: "/etc/apt/apt.conf.d/20auto-upgrades"
+    mode: 0644
diff --git a/playbooks/roles/system/base/files/user/bashrc b/playbooks/roles/system/base/user/files/bashrc
similarity index 100%
rename from playbooks/roles/system/base/files/user/bashrc
rename to playbooks/roles/system/base/user/files/bashrc
diff --git a/playbooks/roles/system/base/files/user/tmux.conf b/playbooks/roles/system/base/user/files/tmux.conf
similarity index 100%
rename from playbooks/roles/system/base/files/user/tmux.conf
rename to playbooks/roles/system/base/user/files/tmux.conf
diff --git a/playbooks/roles/system/base/tasks/include/user.yml b/playbooks/roles/system/base/user/tasks/main.yml
similarity index 68%
rename from playbooks/roles/system/base/tasks/include/user.yml
rename to playbooks/roles/system/base/user/tasks/main.yml
index 0841ba8..d857c1a 100644
--- a/playbooks/roles/system/base/tasks/include/user.yml
+++ b/playbooks/roles/system/base/user/tasks/main.yml
@@ -1,22 +1,22 @@
 ---
 - block:
 
-    - name: "user : clone tmux dotfiles"
+    - name: "clone tmux dotfiles"
       ansible.builtin.git:
         repo: "https://git.wojciechkozlowski.eu/config/tmux.git"
         dest: ".tmux"
         recursive: true
 
     # On first tmux launch install plugins with <Ctrl + a + I>
-    - name: "user : configure tmux"
+    - name: "configure tmux"
       ansible.builtin.copy:
-        src: "./user/tmux.conf"
+        src: "./tmux.conf"
         dest: ".tmux.conf"
         mode: 0644
 
-    - name: "user : configure bashrc"
+    - name: "configure bashrc"
       ansible.builtin.copy:
-        src: "./user/bashrc"
+        src: "./bashrc"
         dest: ".bashrc"
         mode: 0644
 
diff --git a/playbooks/roles/system/base/tasks/include/utils.yml b/playbooks/roles/system/base/utils/tasks/main.yml
similarity index 80%
rename from playbooks/roles/system/base/tasks/include/utils.yml
rename to playbooks/roles/system/base/utils/tasks/main.yml
index 3929a4a..01a87af 100644
--- a/playbooks/roles/system/base/tasks/include/utils.yml
+++ b/playbooks/roles/system/base/utils/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: "utils : install utility programs"
+- name: "install utility programs"
   ansible.builtin.apt:
     name:
       - "acl"
diff --git a/playbooks/system.yml b/playbooks/system.yml
index c16c6c9..b69d503 100644
--- a/playbooks/system.yml
+++ b/playbooks/system.yml
@@ -37,11 +37,57 @@
 - name: "system : all"
   hosts: "all"
   roles:
-    - role: "system/mail"
-      tags: "system:mail"
-    - role: "system/nftables"
-      tags: "system:nftables"
-    - role: "system/base"
+    - role: "system/base/nftables"
+      tags:
+        - "system:base"
+        - "system:base:nftables"
+    - role: "system/base/mail"
+      tags:
+        - "system:base"
+        - "system:base:mail"
+    - role: "system/base/sshd"
+      tags:
+        - "system:base"
+        - "system:base:sshd"
+    - role: "system/base/ntp"
+      tags:
+        - "system:base"
+        - "system:base:ntp"
+    - role: "system/base/fail2ban"
+      tags:
+        - "system:base"
+        - "system:base:fail2ban"
+    - role: "system/base/fstrim"
+      tags:
+        - "system:base"
+        - "system:base:fstrim"
+    - role: "system/base/unattended_upgrades"
+      tags:
+        - "system:base"
+        - "system:base:unattended_upgrades"
+    - role: "system/base/logs"
+      tags:
+        - "system:base"
+        - "system:base:logs"
+    - role: "system/base/systemd_mail"
+      tags:
+        - "system:base"
+        - "system:base:systemd_mail"
+    - role: "system/base/utils"
+      tags:
+        - "system:base"
+        - "system:base:utils"
+    - role: "system/base/motd"
       vars:
         system_base_motd_dir: "files/system/base/motd"
-      tags: "system:base"
+      tags:
+        - "system:base"
+        - "system:base:motd"
+    - role: "system/base/root"
+      tags:
+        - "system:base"
+        - "system:base:root"
+    - role: "system/base/user"
+      tags:
+        - "system:base"
+        - "system:base:user"