diff --git a/krypton.yml b/krypton.yml
index e3e2c10..d70f2db 100644
--- a/krypton.yml
+++ b/krypton.yml
@@ -7,6 +7,11 @@
 
     data_dir: "/srv/data"
 
+    openldap_image_version: 1.5.0
+    openldap_data: "{{ data_dir }}/openldap"
+    openldap_domain: "ldap.n39.eu"
+    ldap_org: "Netz39 e.V."
+
   roles:
     - role: docker_setup
       vars:
@@ -14,4 +19,86 @@
 
   tasks:
 
+    # - name: Setup dehydrated challenge endpoint for {{ openldap_domain }}
+    #   include_role:
+    #     name: setup-http-dehydrated
+    #   vars:
+    #     site_name: "{{ openldap_domain }}"
+
+    - name: Ensure openLDAP directories are present.
+      file:
+        path: "{{ item }}"
+        state: directory
+      with_items:
+        - "{{ openldap_data }}/ldap"
+        - "{{ openldap_data }}/slapd"
+        - "{{ openldap_data }}/ldif"
+        # - "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}"
+
+    - name: Ensure container for openLDAP is running.
+      docker_container:
+        name: openLDAP
+        image: "osixia/openldap:{{ openldap_image_version }}"
+        detach: yes
+        state: started
+        restart_policy: unless-stopped
+        container_default_behavior: no_defaults
+        pull: true
+        env:
+          LDAP_LOG_LEVEL: "256"
+          LDAP_ORGANISATION: "{{ldap_org}}"
+          LDAP_DOMAIN: "{{ldap_domain}}"
+          LDAP_BASE_DN: "{{ldap_base_dn}}"
+          LDAP_READONLY_USER: "false"
+
+          LDAP_ADMIN_PASSWORD: "{{ldap_admin_password}}"
+          LDAP_CONFIG_PASSWORD: "{{ldap_config_password}}"
+
+          LDAP_RFC2307BIS_SCHEMA: "true"
+
+          LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
+
+          LDAP_REPLICATION: "{{ldap_replication_enable}}"
+          LDAP_REPLICATION_CONFIG_SYNCPROV: "{{ldap_replication_config_syncprov}}"
+          LDAP_REPLICATION_DB_SYNCPROV: "{{ldap_replication_db_syncprov}}"
+          LDAP_REPLICATION_HOSTS: "{{ldap_replication_hosts}}"
+
+          KEEP_EXISTING_CONFIG: "false"
+          LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+        published_ports:
+          - "{{ldap_ip}}:389:389" # unencrypted/STARTTLS
+          - "{{ldap_ip}}:636:636" # SSL
+        volumes:
+          - "{{ openldap_data }}/ldap:/var/lib/ldap"
+          - "{{ openldap_data }}/slapd:/etc/ldap/slapd.d"
+          # - "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}:/container/service/slapd/assets/certs"
+          - "{{ openldap_data }}/ldif/custom-element.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/01_netz39.ldif"
+        timeout: 500
+        # For replication to work correctly, domainname and hostname must be
+        # set correctly so that "hostname"."domainname" equates to the
+        # fully-qualified domain name for the host.
+        domainname: "{{ldap_domainname}}"
+        hostname: "{{ldap_hostname}}"
+        command: "--copy-service --loglevel debug"
+
+    - name: Allow access to openLDAP from local docker container [1/2]
+      become: true
+      community.general.ufw:
+        rule: allow
+        port: '389'
+        proto: tcp
+        from: "{{  item  }}"
+        comment: LDAP Docker Access
+      loop: "{{  docker_ip_ranges  }}"
+
+    - name: Allow access to openLDAP from local docker container [2/2]
+      become: true
+      community.general.ufw:
+        rule: allow
+        port: '636'
+        proto: tcp
+        from: "{{  item  }}"
+        comment: LDAP Docker Access
+      loop: "{{  docker_ip_ranges  }}"
+
   handlers:
diff --git a/pottwal.yml b/pottwal.yml
index c71e11f..c30cea2 100644
--- a/pottwal.yml
+++ b/pottwal.yml
@@ -23,12 +23,6 @@
     hedgedoc_host_port: 8084
     hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3
 
-    openldap_image_version: 1.5.0
-    openldap_data: "{{ data_dir }}/openldap"
-    openldap_domain: "ldap.n39.eu"
-    ldap_org: "Netz39 e.V."
-    
-
   roles:
     - role: docker_setup
       vars:
@@ -267,86 +261,5 @@
         site_name: pad.n39.eu
         proxy_port: "{{ hedgedoc_host_port }}"
 
-    # - name: Setup dehydrated challenge endpoint for {{ openldap_domain }}
-    #   include_role:
-    #     name: setup-http-dehydrated
-    #   vars:
-    #     site_name: "{{ openldap_domain }}"
-
-    - name: Ensure openLDAP directories are present.
-      file:
-        path: "{{ item }}"
-        state: directory
-      with_items:
-        - "{{ openldap_data }}/ldap"
-        - "{{ openldap_data }}/slapd"
-        - "{{ openldap_data }}/ldif"
-        # - "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}"
-
-    - name: Ensure container for openLDAP is running.
-      docker_container:
-        name: openLDAP
-        image: "osixia/openldap:{{ openldap_image_version }}"
-        detach: yes
-        state: started
-        restart_policy: unless-stopped
-        container_default_behavior: no_defaults
-        pull: true
-        env:
-          LDAP_LOG_LEVEL: "256"
-          LDAP_ORGANISATION: "{{ldap_org}}"
-          LDAP_DOMAIN: "{{ldap_domain}}"
-          LDAP_BASE_DN: "{{ldap_base_dn}}"
-          LDAP_READONLY_USER: "false"
-
-          LDAP_ADMIN_PASSWORD: "{{ldap_admin_password}}"
-          LDAP_CONFIG_PASSWORD: "{{ldap_config_password}}"
-
-          LDAP_RFC2307BIS_SCHEMA: "true"
-
-          LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
-
-          LDAP_REPLICATION: "{{ldap_replication_enable}}"
-          LDAP_REPLICATION_CONFIG_SYNCPROV: "{{ldap_replication_config_syncprov}}"
-          LDAP_REPLICATION_DB_SYNCPROV: "{{ldap_replication_db_syncprov}}"
-          LDAP_REPLICATION_HOSTS: "{{ldap_replication_hosts}}"
-
-          KEEP_EXISTING_CONFIG: "false"
-          LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
-        published_ports:
-          - "{{ldap_ip}}:389:389" # unencrypted/STARTTLS
-          - "{{ldap_ip}}:636:636" # SSL
-        volumes:
-          - "{{ openldap_data }}/ldap:/var/lib/ldap"
-          - "{{ openldap_data }}/slapd:/etc/ldap/slapd.d"
-          # - "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}:/container/service/slapd/assets/certs"
-          - "{{ openldap_data }}/ldif/custom-element.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/01_netz39.ldif"
-        timeout: 500
-        # For replication to work correctly, domainname and hostname must be
-        # set correctly so that "hostname"."domainname" equates to the
-        # fully-qualified domain name for the host.
-        domainname: "{{ldap_domainname}}"
-        hostname: "{{ldap_hostname}}"
-        command: "--copy-service --loglevel debug"
-    
-    - name: Allow access to openLDAP from local docker container [1/2]
-      become: true
-      community.general.ufw:
-        rule: allow
-        port: '389'
-        proto: tcp
-        from: "{{  item  }}"
-        comment: LDAP Docker Access
-      loop: "{{  docker_ip_ranges  }}"
-
-    - name: Allow access to openLDAP from local docker container [2/2]
-      become: true
-      community.general.ufw:
-        rule: allow
-        port: '636'
-        proto: tcp
-        from: "{{  item  }}"
-        comment: LDAP Docker Access
-      loop: "{{  docker_ip_ranges  }}"
 
   handlers: