diff --git a/.gitignore b/.gitignore
index 3cd4328..cbcb724 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 traefik/acme*
+deploy/vaultpass
diff --git a/deploy/deploy b/deploy/deploy
old mode 100644
new mode 100755
index 15658be..5ece10b
--- a/deploy/deploy
+++ b/deploy/deploy
@@ -1 +1 @@
-/usr/bin/env ansible-playbook --ask-become -i inventory playbook.yml --vault-password-file vaultpass "$@"
+/usr/bin/env ansible-playbook -i inventory playbook.yml --vault-password-file vaultpass "$@"
diff --git a/deploy/inventory b/deploy/inventory
new file mode 100644
index 0000000..6a913d6
--- /dev/null
+++ b/deploy/inventory
@@ -0,0 +1,2 @@
+[servers]
+club_secure
diff --git a/deploy/roles/mailserver/tasks/main.yml b/deploy/roles/mailserver/tasks/main.yml
index fccc36c..8f93072 100644
--- a/deploy/roles/mailserver/tasks/main.yml
+++ b/deploy/roles/mailserver/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
+
+- include_vars: vault.yml
+
 - name: Create project folder
   file:
     name: "{{ docker_project_folder }}/mailserver"
@@ -11,7 +14,7 @@
 
 - name: Create nginx include folder
   file:
-    name: "{{ docker_data_folder }}/mailserver/nginx"
+    name: "{{ docker_project_folder }}/mailserver/nginx"
     state: directory
 
 - name: Copy nginx config \#1
@@ -27,22 +30,31 @@
 - name: Copy smtp
   copy:
     src: smtp
-    dest: "{{ docker_project_folder }}/mailserver/smtp"
+    dest: "{{ docker_project_folder }}/mailserver"
+
+- name: make start executable in traefik
+  shell: chmod +x "{{ docker_project_folder }}/mailserver/smtp/start.sh"
 
 - name: Copy imap
   copy:
     src: imap
-    dest: "{{ docker_project_folder }}/mailserver/imap"
+    dest: "{{ docker_project_folder }}/mailserver"
+
+- name: make start executable imap
+  shell: chmod +x "{{ docker_project_folder }}/mailserver/imap/start.sh"
 
 - name: Copy spam
   copy:
     src: spam
-    dest: "{{ docker_project_folder }}/mailserver/spam"
+    dest: "{{ docker_project_folder }}/mailserver"
+
+- name: make start executable in spam
+  shell: chmod +x "{{ docker_project_folder }}/mailserver/spam/start.sh"
 
 - name: Copy traefik
   copy:
     src: traefik
-    dest: "{{ docker_project_folder }}/mailserver/traefik" 
+    dest: "{{ docker_project_folder }}/mailserver" 
 
 - name: Copy mailman-conf
   copy:
@@ -53,10 +65,11 @@
   copy:
     src: docker-entrypoint.sh
     dest: "{{ docker_project_folder }}/mailserver/docker-entrypoint.sh"
+    mode: "+x"
 
 - name: Copy docker-compose
-  copy:
-    src: docker-compose.yml
+  template:
+    src: docker-compose.yml.j2
     dest: "{{ docker_project_folder }}/mailserver/docker-compose.yml"
 
 - name: Start mailserver
diff --git a/deploy/roles/mailserver/files/docker-compose.yml b/deploy/roles/mailserver/templates/docker-compose.yml.j2
similarity index 51%
rename from deploy/roles/mailserver/files/docker-compose.yml
rename to deploy/roles/mailserver/templates/docker-compose.yml.j2
index 543504a..d35d531 100644
--- a/deploy/roles/mailserver/files/docker-compose.yml
+++ b/deploy/roles/mailserver/templates/docker-compose.yml.j2
@@ -17,9 +17,15 @@ services:
     volumes:
       - ./smtp/main.cf:/etc/postfix/main.cf:ro
       - ./smtp/master.cf:/etc/postfix/master.cf:ro
-      - /data/mailserver/mailman/data:/mailman
+      - {{ docker_data_folder }}/mailserver/mailman/data:/mailman
       - mails:/home/vmail
       - certs:/certs
+    environment:
+      - DATABASE_USER=mail
+      - DATABASE_PASSWORD={{ DB_PASSWORD }}
+      - DATABASE_NAME=postfix
+      - MYORIGIN={{ DOMAIN }}
+      - MYHOSTNAME=mail.{{ DOMAIN }}
     labels:
       - "traefik.enable=false"
 
@@ -42,6 +48,11 @@ services:
     volumes:
       - mails:/home/vmail
       - certs:/certs
+    environment:
+      - "DATABASE_USER=mail"
+      - "DATABASE_PASSWORD={{ DB_PASSWORD }}"
+      - "DATABASE_NAME=postfix"
+      - "MAILDOMAIN=mail.{{ DOMAIN }}"
     labels:
       - "traefik.enable=false"
 
@@ -52,10 +63,13 @@ services:
     expose:
       - 11334
     volumes:
-      - spam:/data
+      - spam:{{ docker_data_folder }}
       - /etc/localtime:/etc/localtime:ro
+    environment:
+      - PASSWORD={{ WEB_PASSWORD }}
+      - PORT=11334
     labels:
-      - "traefik.frontend.rule=Host:spam.creditcards.bayern"
+      - "traefik.frontend.rule=Host:spam.{{ DOMAIN }}"
       - "traefik.port=11334"
 
   webmail:
@@ -69,8 +83,18 @@ services:
     links:
       - imap:imap
       - smtp:smtp
+    environment:
+      ROUNDCUBEMAIL_DEFAULT_HOST: imap
+      ROUNDCUBEMAIL_SMTP_SERVER: smtp
+      ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
+      ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
+      ROUNDCUBEMAIL_DB_TYPE: mysql
+      ROUNDCUBEMAIL_DB_HOST: db
+      ROUNDCUBEMAIL_DB_USER: mail
+      ROUNDCUBEMAIL_DB_PASSWORD: {{ DB_PASSWORD }}
+      ROUNDCUBEMAIL_DB_NAME: postfix
     labels:
-      - "traefik.frontend.rule=Host:mail.creditcards.bayern"
+      - "traefik.frontend.rule=Host:mail.{{ DOMAIN }}"
       - "traefik.port=80"
 
   admin:
@@ -83,16 +107,29 @@ services:
     expose:
       - "8888"
     restart: always
+    environment:
+      DBTYPPE: mysql
+      DBHOST: db
+      DBUSER: mail
+      DBNAME: postfix
+      DBPASS: {{ DB_PASSWORD }}
+      SMTPHOST: smtp
+      DOMAIN: {{ DOMAIN }}
     labels:
-      - "traefik.frontend.rule=Host:admin.creditcards.bayern"
+      - "traefik.frontend.rule=Host:admin.{{ DOMAIN }}"
       - "traefik.port=8888"
   
   db:
     container_name: mariadb
     image: mariadb:10.3
     restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: {{ DB_ROOT_PASSWORD }}
+      MYSQL_DATABASES: "postfix mailman"
+      MYSQL_USER: mail
+      MYSQL_PASSWORD: {{ DB_PASSWORD }}
     volumes:
-      - database:/var/lib/mysql
+      - {{ docker_data_fodler }}:/var/lib/mysql
       - ./docker-entrypoint.sh:/docker-entrypoint.sh
     labels:
       - "traefik.enable=false"
@@ -102,14 +139,19 @@ services:
     container_name: mailman-core
     hostname: mailman-core
     volumes:
-      - /data/mailserver/mailman/core:/opt/mailman/
+      - {{ docker_data_folder }}/mailserver/mailman/core:/opt/mailman/
       - ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
     links:
-     - db
-     - smtp
-     - imap
+     - db:db
+     - smtp:smtp
+     - imap:imap
     depends_on:
       - db
+    environment:
+      - DATABASE_URL=mysql://mail:{{ DB_PASSWORD }}@db/mailman
+      - DATABASE_TYPE=mysql
+      - DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
+      - HYPERKITTY_API_KEY=someapikey
     labels:
       - "traefik.enable=false"
 
@@ -126,9 +168,20 @@ services:
       - mailman-core:mailman-core
       - db:db
     volumes:
-      - /data/mailserver/mailman/web:/opt/mailman-web-data
+      - {{ docker_data_folder }}/mailserver/mailman/web:/opt/mailman-web-data
+    environment:
+      - DATABASE_URL=mysql://mail:{{ DB_PASSWORD }}@db/mailman
+      - DATABASE_TYPE=mysql   
+      - HYPERKITTY_API_KEY=someapikey
+      - SECRET_KEY={{ WEB_PASSWORD }}
+      - DYLD_LIBRARY_PATH=/usr/local/mysql/lib/
+      - SERVE_FROM_DOMAIN=lists.{{ DOMAIN }}
+      - DJANGO_ALLOWED_HOSTS=mailman.{{ DOMAIN }}
+      - MAILMAN_ADMIN_USER=admin
+      - MAILMAN_ADMIN_EMAIL=a3x@eris.cc
+      - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
     labels:
-      #- "traefik.frontend.rule=Host:mailman.creditcards.bayern"
+      #- "traefik.frontend.rule=Host:mailman.{{ DOMAIN }}"
       #- "traefik.port=8000"
       - "traefik.enable=false"
   
@@ -143,9 +196,9 @@ services:
       - mailman-web:mailman-web
     volumes:
       - ./nginx/:/etc/nginx/conf.d/
-      - /data/mailserver/mailman/web:/opt/mailman/
+      - {{ docker_data_folder }}/mailserver/mailman/web:/opt/mailman/
     labels:
-      - "traefik.frontend.rule=Host:mailman.creditcards.bayern"
+      - "traefik.frontend.rule=Host:mailman.{{ DOMAIN }}"
       - "traefik.port=80"
 
 
@@ -153,24 +206,24 @@ services:
 
   traefik:
     container_name: traefik
-    image: traefik  # The official Traefik docker image
+    image: traefik  
     command: --api --docker  # Enables the web UI and tells Traefik to listen to docker
     restart: always
     ports:
-      - "80:80"      # The HTTP port
+      - "80:80"      
       - "443:443"
-      - "8080:8080"  # The Web UI (enabled by --api)
+      - "8080:8080"  
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock  # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock  
       - ./traefik/:/etc/traefik
     labels:
-      - "traefik.frontend.rule=Host:traefik.creditcards.bayern"
+      - "traefik.frontend.rule=Host:traefik.{{ DOMAIN }}"
 
   extractor:
     container_name: extractor
     image: danielhuisman/traefik-certificate-extractor
     volumes: 
-      - /data/mailserver/traefik:/app/data
+      - {{ docker_data_folder }}/mailserver/traefik:/app/data
       - certs:/app/certs_flat
     labels:
       - "traefik.enable=false"
@@ -178,7 +231,6 @@ services:
 
 
 volumes:
-  database:
   mails:
   certs:
   spam:
diff --git a/deploy/roles/mailserver/templates/env.j2 b/deploy/roles/mailserver/templates/env.j2
index 064ac5f..6cf7253 100644
--- a/deploy/roles/mailserver/templates/env.j2
+++ b/deploy/roles/mailserver/templates/env.j2
@@ -9,7 +9,7 @@ MYHOSTNAME=mail.{{ DOMAIN }}
 MAILDOMAIN=mail.{{ DOMAIN }}
 #spam
 PORT=11334
-PASSWORD= {{ WEB_PASSWORD }}
+PASSWORD={{ WEB_PASSWORD }}
 #roundcube
 ROUNDCUBEMAIL_DEFAULT_HOST=imap
 ROUNDCUBEMAIL_SMTP_SERVER=smtp
diff --git a/deploy/roles/mailserver/vars/all.yml b/deploy/roles/mailserver/vars/main.yml
similarity index 88%
rename from deploy/roles/mailserver/vars/all.yml
rename to deploy/roles/mailserver/vars/main.yml
index 2a2d56f..9ec9e4a 100644
--- a/deploy/roles/mailserver/vars/all.yml
+++ b/deploy/roles/mailserver/vars/main.yml
@@ -1,7 +1,7 @@
 ---
 become_method: sudo
 ansible_ask_become_pass: yes
-docker_data_folder: /data
+docker_data_folder: /data_ansible
 docker_project_folder: /var/docker
 DOMAIN: creditcards.bayern