diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 74b5bbb..d74b907 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -29,6 +29,11 @@ slapd_backup_submit_token: HISTORY_PURGED_SECRET
 
 tube_archivist_elasticsearch_password: HISTORY_PURGED_SECRET
 
+keep_journal_for_days: 3
+
+michy_email: HISTORY_PURGED_SECRET
+sheppy_email: HISTORY_PURGED_SECRET
+
 reactive_resume_postgres_password: HISTORY_PURGED_SECRET
 reactive_resume_minio_password: HISTORY_PURGED_SECRET
 reactive_resume_refresh_token: HISTORY_PURGED_SECRET
diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml
index 30d0b14..f7161ff 100644
--- a/roles/base/tasks/main.yaml
+++ b/roles/base/tasks/main.yaml
@@ -56,4 +56,19 @@
     name: "check dirs"
     minute: "0"
     hour: "0"
-    job: "/usr/bin/journalctl --vacuum-time=7d"
+    job: "/usr/bin/journalctl --vacuum-time={{ keep_journal_for_days }}d"
+
+- name: Remove mails in var-mail
+  ansible.builtin.cron:
+    name: "Cleanup local mails"
+    minute: "0"
+    hour: "0"
+    job: "/usr/bin/rm -f /var/mail/*"
+
+- name: Template Logrotate configs
+  template:
+    src: "{{ item }}"
+    dest: "/etc/logrotate/logrotate.d/"
+  with_items:
+    - daemon.conf
+    - syslog.conf
diff --git a/roles/base/templates/daemon.conf b/roles/base/templates/daemon.conf
new file mode 100644
index 0000000..148298c
--- /dev/null
+++ b/roles/base/templates/daemon.conf
@@ -0,0 +1,9 @@
+/var/log/daemon.log {
+    daily
+    rotate {{ keep_journal_for_days }}
+    compress
+    delaycompress
+    missingok
+    notifempty
+    create
+}
diff --git a/roles/base/templates/syslog.conf b/roles/base/templates/syslog.conf
new file mode 100644
index 0000000..fe2ee15
--- /dev/null
+++ b/roles/base/templates/syslog.conf
@@ -0,0 +1,9 @@
+/var/log/syslog.log {
+    daily
+    rotate {{ keep_journal_for_days }}
+    compress
+    delaycompress
+    missingok
+    notifempty
+    create
+}
diff --git a/roles/monitoring-master/files/users.conf b/roles/monitoring-master/files/users.conf
deleted file mode 100644
index 4163144..0000000
--- a/roles/monitoring-master/files/users.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-object User "michy" {
-  import "generic-user"
-
-  display_name = "Michy Monitoring"
-  groups =  ["ese"]
-
-  email = "HISTORY_PURGED_SECRET"
-}
-
-object User "icingaadmin" {
-  import "generic-user"
-
-  display_name = "Icinga 2 Admin"
-  groups = [ "icingaadmins" ]
-
-  email = "HISTORY_PURGED_SECRET"
-}
-
-object UserGroup "icingaadmins" {
-  display_name = "Icinga 2 Admin Group"
-}
-
-object UserGroup "ese" {
-  display_name = "ESports-Erlangen Gruppe"
-}
diff --git a/roles/monitoring-master/tasks/icinga.yaml b/roles/monitoring-master/tasks/icinga.yaml
index 251e50b..c083790 100644
--- a/roles/monitoring-master/tasks/icinga.yaml
+++ b/roles/monitoring-master/tasks/icinga.yaml
@@ -76,6 +76,16 @@
     state: started
     enabled: yes
 
+- name: Copy icinga configuration
+  template:
+    src: "{{ item }}"
+    dest: /etc/icinga2/conf.d/
+    owner: root
+    group: nagios
+    mode: 0640
+  with_items:
+    - users.conf
+
 - name: Copy icinga configuration
   copy:
     src: "{{ item }}"
@@ -89,7 +99,6 @@
     - services_passive.conf
     - services_passive_mail_extern.conf
     - services_async.conf
-    - users.conf
     - michy-ese-server.conf
     - async-icinga-services-dynamic.conf
   notify: