diff --git a/ldap.yaml b/ldap.yaml
index f53e4b2..793f352 100644
--- a/ldap.yaml
+++ b/ldap.yaml
@@ -1,26 +1,9 @@
 ---
-# 1) Deploy the lxc container(s)
-- hosts: 'ldap'
-  # The host may not exist yet: do not gather facts
-  gather_facts: false
-  tags:
-    - 'lxc'
-  tasks:
-    # Delegate lxc container deployment to `ansible_lxc_host`
-    - import_role: name='lxc_guest'
-      vars:
-        vm_name: '{{ inventory_hostname }}'
-        vm_size: '1G'
-      delegate_to: '{{ ansible_lxc_host }}'
-    # The host may not be directly reachable: use `ssh_lxc` proxy to
-    # gather facts (setup) and configure SSH.
-    - set_fact: ansible_connection='ssh_lxc'
-    - setup:
-    - import_role: name='ssh_server'
-    # Now the host should be ssh-reachable
-    - set_fact: ansible_connection='ssh'
+- import_playbook: 'prepare_lxc_guest.yaml'
+  vars:
+    host: 'ldap'
+    vm_size: '1G'
 
-# 2) Deploy LDAP server(s)
 - hosts: 'ldap'
   roles:
       - role: 'dns_record'
@@ -30,8 +13,9 @@
         # Default values:
         #ldap_tls_enabled: true
         #ldap_check_tree: true
+      - role: 'monitoring-agent'
 
-# 3) Enable monitoring
-- hosts: 'status'
+- hosts: 'monitoring_hosts'
   roles:
     - role: 'icinga2-monitoring'
+...
diff --git a/matrix.yaml b/matrix.yaml
index 7a883e0..e5bcd34 100644
--- a/matrix.yaml
+++ b/matrix.yaml
@@ -1,19 +1,8 @@
 ---
-- hosts: 'matrix'
-  gather_facts: false
-  tags:
-    - 'lxc'
-  tasks:
-    - import_role: name='lxc_guest'
-      vars:
-        vm_name: '{{ inventory_hostname }}'
-        vm_size: '2G'
-        vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}'
-      delegate_to: '{{ ansible_lxc_host }}'
-    - set_fact: ansible_connection='ssh_lxc'
-    - setup:
-    - import_role: name='ssh_server'
-    - set_fact: ansible_connection='ssh'
+- import_playbook: 'prepare_lxc_guest.yaml'
+  vars:
+    host: 'matrix'
+    vm_size: '2G'
 
 - hosts: 'matrix'
   roles:
@@ -25,7 +14,9 @@
     - role: 'coturn'
     - role: 'matrix-synapse'
     - role: 'riot-web'
+    - role: 'monitoring-agent'
 
-- hosts: 'status'
+- hosts: 'monitoring_hosts'
   roles:
     - role: 'icinga2-monitoring'
+...
diff --git a/nextcloud.yaml b/nextcloud.yaml
index 544a176..f227014 100644
--- a/nextcloud.yaml
+++ b/nextcloud.yaml
@@ -1,24 +1,17 @@
 ---
-- hosts: 'cloud'
-  gather_facts: false
-  tasks:
-    - import_role: name='lxc_guest'
-      vars:
-        vm_name: '{{ inventory_hostname }}'
-        vm_size: '4G'
-        vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}'
-      delegate_to: '{{ ansible_lxc_host }}'
-    - set_fact: ansible_connection='ssh_lxc'
-    - setup:
-    - import_role: name='ssh_server'
-    - set_fact: ansible_connection='ssh'
+- import_playbook: 'prepare_lxc_guest.yaml'
+  vars:
+    host: 'cloud'
+    vm_size: '4G'
 
 - hosts: 'cloud'
   roles:
     - role: 'dns_record'
     - role: 'reverse_proxy'
     - role: 'nextcloud'
+    - role: 'monitoring-agent'
 
-- hosts: 'status'
+- hosts: 'monitoring_hosts'
   roles:
     - role: 'icinga2-monitoring'
+...
diff --git a/prepare_lxc_guest.yaml b/prepare_lxc_guest.yaml
new file mode 100644
index 0000000..17615c4
--- /dev/null
+++ b/prepare_lxc_guest.yaml
@@ -0,0 +1,26 @@
+---
+- hosts: '{{ host }}'
+  # Skip gather facts - host may not exist yet
+  gather_facts: false
+  tasks:
+    - name: 'import lxc_guest role on lxc_host'
+      import_role: name='lxc_guest'
+      vars:
+        vm_name: '{{ inventory_hostname }}'
+        vm_size: '{{ vm_size }}'
+      delegate_to: '{{ ansible_lxc_host }}'
+
+    - name: 'enable ssh->lxc_attach connection'
+      set_fact: ansible_connection='ssh_lxc'
+
+    - name: 'gather facts - now the host must exist'
+      setup:
+      tags:
+        - 'always'
+
+    - name: 'configure ssh server'
+      import_role: name='ssh_server'
+
+    - name: 'enable ssh direct connection - ssh is configured on host'
+      set_fact: ansible_connection='ssh'
+...
diff --git a/projects.yaml b/projects.yaml
index 52c8434..66c1d5f 100644
--- a/projects.yaml
+++ b/projects.yaml
@@ -1,19 +1,8 @@
 ---
-- hosts: 'projects'
-  gather_facts: false
-  tags:
-    - 'lxc'
-  tasks:
-    - import_role: name='lxc_guest'
-      vars:
-        vm_name: '{{ inventory_hostname }}'
-        vm_size: '4G'
-        vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}'
-      delegate_to: '{{ ansible_lxc_host }}'
-    - set_fact: ansible_connection='ssh_lxc'
-    - setup:
-    - import_role: name='ssh_server'
-    - set_fact: ansible_connection='ssh'
+- import_playbook: 'prepare_lxc_guest.yaml'
+  vars:
+    host: 'projects'
+    vm_size: '4G'
 
 - hosts: 'projects'
   roles:
@@ -23,7 +12,9 @@
         - 'projects.{{ domain }}'
         - 'mattermost.{{ domain }}'
     - role: 'gitlab'
+    - role: 'monitoring-agent'
 
-- hosts: 'status'
+- hosts: 'monitoring_hosts'
   roles:
     - role: 'icinga2-monitoring'
+...
diff --git a/status.yaml b/status.yaml
index ce4a5e3..885f0b7 100644
--- a/status.yaml
+++ b/status.yaml
@@ -1,16 +1,17 @@
-- hosts: biff
+---
+- import_playbook: 'prepare_lxc_guest.yaml'
+  vars:
+    host: 'status'
+    vm_size: '2G'
+
+- hosts: 'status'
   roles:
-    - role: lxc_guest
-      vm_name: status
-      distro: stretch
-    - role: ssh_server
-      ansible_connection: ssh_lxc
-      ansible_ssh_lxc_name: status
-- hosts: status
+      - role: 'dns_record'
+      - role: 'reverse_proxy'
+      - role: 'icinga2'
+
+
+- hosts: 'status'
   roles:
-      - role: dns_record
-      - role: icinga2
-      - role: reverse_proxy
-- hosts: status
-  roles:
-    - role: icinga2-monitoring
+    - role: 'icinga2-monitoring'
+...