diff --git a/defaults/main.yml b/defaults/main.yml
index ab89c89..1e8adbc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -29,3 +29,9 @@ nginx__snippet_files:
 nginx__dhparam_size: 4096
 
 nxinx__state: 'present'
+
+# disable it if you do not want a autogenerated infrastructure domain config
+nginx__infrastructure_domain__enabled: true
+
+# disable this variable if you don't want to use our acmetool role to manage tls certificates
+nginx__acmetool_enabled: true
diff --git a/tasks/default_site.yml b/tasks/default_site.yml
index 69dc88b..f5c883e 100644
--- a/tasks/default_site.yml
+++ b/tasks/default_site.yml
@@ -1,57 +1,42 @@
 ---
-
 - name: Create default site plain http configuration
-  template:
-    src: 'files/nginx/sites-available/default_http.j2'
+  become: true
+  ansible.builtin.template:
+    src: 'templates/nginx/sites-available/default_http.j2'
     dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
     owner: root
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 - name: Create default site tls https configuration
+  become: true
   template:
-    src: 'files/nginx/sites-available/default_tls.j2'
+    src: 'templates/nginx/sites-available/default_tls.j2'
     dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
     owner: root
     group: root
     mode: 'u=rw,g=r,o=r'
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 - name: Enable default site plain http configuration
+  become: true
   file:
     src: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
     dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
     state: link
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 # Note: Done by acmetool after sucessfully obtaining a suitable certificate
-#- name: Enable default site configuration
-#  file:
-#    src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
-#    dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
-#    state: link
-#  notify:
-#    - systemctl reload nginx
-#  tags:
-#    - configuration
-#    - nginx
-#    - sites
+- name: Enable default site configuration
+  become: true
+  file:
+    src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
+    dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
+    state: link
+  notify:
+    - systemctl reload nginx
+  when: not nginx__acmetool_enabled
diff --git a/tasks/main.yml b/tasks/main.yml
index 1e0b3ad..c94ea0c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -9,31 +9,21 @@
 - name: Configure nginx
   include_tasks: nginx.yml
 
-- name: Start nginx webserver
-  service:
+- name: start nginx webserver
+  ansible.builtin.systemd:
     name: nginx
     state: started
-    enabled: yes
-  tags:
-    - operation
-    - nginx
+    enabled: true
 
-- name: Configure nginx default site
+- name: configure nginx default site
   include_tasks: default_site.yml
-  tags:
-    - configuration
-    - nginx
-    - sites
+  when: nginx__infrastructure_domain__enabled | bool
 
 - name: Configure nginx sites
   include_tasks: single_site.yml
   with_items: '{{ nginx_sites }}'
   loop_control:
     loop_var: site
-  tags:
-    - configuration
-    - nginx
-    - sites
 
 # Restart nginx before doing acme stuff
 - name: Flush handlers to restart nginx now
diff --git a/tasks/single_site.yml b/tasks/single_site.yml
index ede1b41..5ee676d 100644
--- a/tasks/single_site.yml
+++ b/tasks/single_site.yml
@@ -1,10 +1,8 @@
 ---
-# TODO: Implement site config template templates
-
-
 - name: Create '{{ site.name }}' site plain http configuration
+  become: true
   template:
-    src:  'files/nginx/sites-available/http_plain_redirect.conf.j2'
+    src:  'templates/nginx/sites-available/http_plain_redirect.conf.j2'
     dest: '/etc/nginx/sites-available/{{ site.name }}_http'
     owner: root
     group: root
@@ -12,13 +10,9 @@
   #when: site.http_plain_template | default(True)
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 - name: Create '{{ site.name }}' site tls https configuration
+  become: true
   template:
     src: 'files/nginx/sites/{{ site.name }}_tls.conf'
     dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
@@ -28,13 +22,9 @@
   #when: not site.redirect_target | default(True)
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 - name: Create '{{ site.name }}' site tls parameter configuration
+  become: true
   template:
     src: 'files/nginx/snippets/tls_parameters.snippet.conf'
     dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
@@ -43,13 +33,9 @@
     mode: 'u=rw,g=r,o=r'
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 - name: Create '{{ site.name }}' site tls certificate configuration
+  become: true
   template:
     src: 'files/nginx/snippets/tls_certificate.snippet.conf'
     dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
@@ -58,13 +44,9 @@
     mode: 'u=rw,g=r,o=r'
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 - name: Create '{{ site.name }}' site logging configuration
+  become: true
   template:
     src: 'files/nginx/snippets/logging.snippet.conf'
     dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
@@ -73,13 +55,9 @@
     mode: 'u=rw,g=r,o=r'
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 #- name: Copy additional per site '{{ site.name }}' snippet files
+#  become: true
 #  template:
 #    src: 'files/nginx/snippets/{{ item }}'
 #    dest: '/etc/nginx/snippets/{{ item }}'
@@ -95,8 +73,8 @@
 #    - nginx
 #    - sites
 
-
 - name: Enable '{{ site.name }}' site plain http configuration
+  become: true
   file:
     src: '/etc/nginx/sites-available/{{ site.name }}_http'
     dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
@@ -104,21 +82,13 @@
   when: site.http_plain_template | default(True)
   notify:
     - systemctl reload nginx
-  tags:
-    - configuration
-    - nginx
-    - sites
-
 
 # Note: done by acmetool after sucessfully obtaining a suitable certificate
 #- name: Enable '{{ site.name }}' site tls configuration
+#  become: true
 #  file:
 #    src: '/etc/nginx/sites-available/{{ site.name }}_tls'
 #    dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
 #    state: link
 #  notify:
 #    - systemctl reload nginx
-#  tags:
-#    - configuration
-#    - nginx
-#    - sites
diff --git a/files/nginx/sites-available/default_http.j2 b/templates/nginx/sites-available/default_http.j2
similarity index 100%
rename from files/nginx/sites-available/default_http.j2
rename to templates/nginx/sites-available/default_http.j2
diff --git a/files/nginx/sites-available/default_tls.j2 b/templates/nginx/sites-available/default_tls.j2
similarity index 100%
rename from files/nginx/sites-available/default_tls.j2
rename to templates/nginx/sites-available/default_tls.j2
diff --git a/files/nginx/sites-available/http_plain_redirect.conf.j2 b/templates/nginx/sites-available/http_plain_redirect.conf.j2
similarity index 100%
rename from files/nginx/sites-available/http_plain_redirect.conf.j2
rename to templates/nginx/sites-available/http_plain_redirect.conf.j2