diff --git a/all.yml b/all.yml
index bcf25a8..6328aec 100644
--- a/all.yml
+++ b/all.yml
@@ -16,3 +16,7 @@
       tags: ["docker"]
     - role: "traefik"
       tags: ["docker", "traefik"]
+    - role: "grav"
+      tags: ["docker", "grav"]
+    - role: "lychee"
+      tags: ["docker", "lychee"]
diff --git a/inv/host_vars/new.chosto.me/secrets.yml b/inv/host_vars/new.chosto.me/secrets.yml
index 20cb1b9..ce91bcd 100644
--- a/inv/host_vars/new.chosto.me/secrets.yml
+++ b/inv/host_vars/new.chosto.me/secrets.yml
@@ -1,16 +1,18 @@
 $ANSIBLE_VAULT;1.1;AES256
-66363166326338646463393939653335373564616361303565363066633931333637656330616636
-3031633235313930666138646662643036376662613139340a396466303434386232663131346466
-35653261386639623264646331363037336439373065323437663039333635633430323938363861
-6631656433626432320a303938333734373961333264663835316134326464643365393963613036
-30306337373636366336373736633233393466323663306331343762336465373737383536393735
-35353837316264663461643733653536346537333731646436646566656538643661623530323536
-62646665303566633461343739626332326334636531336264636533353431393436336333393564
-30353062326434613663373730656431623638333537383031343837353231323665666432356166
-31653432383261396664383863623864633633373431356363656131313862336364343061393730
-38666236323237626536313739643063303838653636613037383465663163313061326532356239
-32363966323363353233356631363033616462313036376663383833636331353763373132303031
-38653866303636633163303064343239663330666537333833373630326335323261356534643062
-30363463643162623736373233633661623530353037353430376535636361336534353936336136
-61346235373034626563343637336166633531373939636366666666616338396339353535323032
-623138313638333138323638336365643930
+30666166383930623566383530643039346135323862643935353063396638333462393530333363
+3862636461353565353331663163323362663635396666370a336633623666343361613035316632
+30663833623362393139343237326137643537343036336635663930343330303663393235653661
+3339396266373636300a653733666236646637343735373931613033666532636437363965323461
+39633032616233663464343635313838616431356363363333356265343030376337646137313436
+39613230393965333764366465353361366361336661386464303763663739613435373735346139
+35353131303038633561336464366162636362316538363735653730383531306363326138636265
+36383936623162613335356430383934356435353039353437393063653739356165323637343738
+35636433343139656631643636393232333431333039656136393734383639373066323364323766
+66316638636237353164623861303639343930396162633866313730613066393361643661666633
+63346263326165326239623232303335336332643265303465353364616530373065383961363537
+64333339393934623838333863353532353735383137626234363562353264373661633032333363
+37386534636664653239356432623232643031633731323336313839633633643630653862376461
+37366336396237353939663365366137323766393238373036346531393231396665616364653465
+64643438643963333438353363333237323233663730313732313665303238643863316463326262
+30663531346432373235353065316132336265306136326339316530343232356131663034616662
+65633730343337623736396461623737393337633165643264396531646461306564
diff --git a/inv/host_vars/new.chosto.me/vars.yml b/inv/host_vars/new.chosto.me/vars.yml
index e0a4afb..ed44830 100644
--- a/inv/host_vars/new.chosto.me/vars.yml
+++ b/inv/host_vars/new.chosto.me/vars.yml
@@ -10,6 +10,7 @@ ssh_port: "2220"
 prometheus_server_ip: "51.178.182.35"
 
 docker_files: "/home/{{ base_user_name }}/docker"
+compose_version: "3.7"
 
 traefik_network: proxy
 
diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml
index dba89b2..22654d6 100644
--- a/roles/base/vars/main.yml
+++ b/roles/base/vars/main.yml
@@ -14,3 +14,4 @@ ihl_base_apt_packages:
   - smartmontools
   - sudo
   - nano
+  - rsync
diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json
new file mode 100644
index 0000000..7596124
--- /dev/null
+++ b/roles/docker/files/daemon.json
@@ -0,0 +1,7 @@
+{
+	"log-driver": "json-file",
+	"log-opts": {
+	 	"max-size": "100m",
+	    	"max-file": "3"
+	}
+}
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 088e33d..084a3f8 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -21,6 +21,15 @@
     state: "{{ docker_service_state }}"
     enabled: "{{ docker_service_enabled }}"
 
+- name: Copy Docker configuration
+  copy:
+    src: daemon.json
+    dest: /etc/docker/daemon.json
+    owner: root
+    group: root
+    mode: 0644
+    notify: Restart docker
+
 - name: Ensure handlers are notified now to avoid firewall conflicts.
   meta: flush_handlers
 
diff --git a/roles/grav/files/entrypoint.sh b/roles/grav/files/entrypoint.sh
new file mode 100644
index 0000000..5b01202
--- /dev/null
+++ b/roles/grav/files/entrypoint.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+echo "Launching supercronic..."
+supercronic /var/www/crontab &
+echo "Launching Grav..."
+exec $@
diff --git a/roles/grav/tasks/main.yml b/roles/grav/tasks/main.yml
new file mode 100644
index 0000000..445cfd4
--- /dev/null
+++ b/roles/grav/tasks/main.yml
@@ -0,0 +1,41 @@
+---
+- name: Create Grav directory
+  file:
+    path: "{{ grav_folder_name }}"
+    state: directory
+    owner: "{{ base_user_name }}"
+    group: "{{ base_user_name }}"
+    mode: 0755
+
+- name: Copy Grav templates
+  template:
+    src: "{{ item }}"
+    # Remove .j2 extension
+    dest: "{{ grav_folder_name }}/{{ (item | splitext)[0] }}"
+    owner: "{{ base_user_name }}"
+    group: "{{ base_user_name }}"
+    mode: 0644
+  loop:
+    - docker-compose.yml.j2
+    - Dockerfile.j2
+
+- name: Copy Grav entrypoint
+  copy:
+    src: entrypoint.sh
+    dest: "{{ grav_folder_name }}/entrypoint.sh"
+    owner: "{{ base_user_name }}"
+    group: "{{ base_user_name }}"
+    mode: 0644
+
+- name: Build Grav
+  community.docker.docker_compose:
+    project_src: "{{ grav_folder_name }}"
+    build: yes
+    
+- name: Ensure container is up to date
+  community.docker.docker_compose:
+    project_src: "{{ traefik_folder_name }}"
+    remove_orphans: yes
+    pull: yes
+    recreate: smart
+    state: present
diff --git a/roles/grav/templates/Dockerfile.j2 b/roles/grav/templates/Dockerfile.j2
new file mode 100644
index 0000000..d041214
--- /dev/null
+++ b/roles/grav/templates/Dockerfile.j2
@@ -0,0 +1,92 @@
+FROM php:7.4-apache
+LABEL maintainer="Andy Miller <rhuk@getgrav.org> (@rhukster)"
+
+# Enable Apache Rewrite + Expires Module
+RUN a2enmod rewrite expires && \
+    sed -i 's/ServerTokens OS/ServerTokens ProductOnly/g' \
+    /etc/apache2/conf-available/security.conf
+
+# Install dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    unzip \
+    libfreetype6-dev \
+    libjpeg62-turbo-dev \
+    libpng-dev \
+    libyaml-dev \
+    libzip4 \
+    libzip-dev \
+    zlib1g-dev \
+    libicu-dev \
+    g++ \
+    git \
+    cron \
+    vim \
+    && docker-php-ext-install opcache \
+    && docker-php-ext-configure intl \
+    && docker-php-ext-install intl \
+    && docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr/include/ \
+    && docker-php-ext-install -j$(nproc) gd \
+    && docker-php-ext-install zip \
+    && rm -rf /var/lib/apt/lists/*
+
+# set recommended PHP.ini settings
+# see https://secure.php.net/manual/en/opcache.installation.php
+RUN { \
+    echo 'opcache.memory_consumption=128'; \
+    echo 'opcache.interned_strings_buffer=8'; \
+    echo 'opcache.max_accelerated_files=4000'; \
+    echo 'opcache.revalidate_freq=2'; \
+    echo 'opcache.fast_shutdown=1'; \
+    echo 'opcache.enable_cli=1'; \
+    echo 'upload_max_filesize=128M'; \
+    echo 'post_max_size=128M'; \
+    echo 'expose_php=off'; \
+    } > /usr/local/etc/php/conf.d/php-recommended.ini
+
+RUN pecl install apcu \
+    && pecl install yaml-2.0.4 \
+    && docker-php-ext-enable apcu yaml
+
+# Install Supercronic
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.12/supercronic-linux-amd64 \
+    SUPERCRONIC=supercronic-linux-amd64 \
+    SUPERCRONIC_SHA1SUM=048b95b48b708983effb2e5c935a1ef8483d9e3e
+
+RUN curl -fsSLO "$SUPERCRONIC_URL" \
+ && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
+ && chmod +x "$SUPERCRONIC" \
+ && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
+ && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
+
+# Create cron job for Grav maintenance scripts
+RUN echo "*/30 * * * * cd /var/www/html;/usr/local/bin/php bin/grav scheduler 1>> /dev/null 2>&1" > /var/www/crontab
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+RUN sed -i s/80/{{ grav_internal_port }}/g /etc/apache2/sites-enabled/000-default.conf /etc/apache2/ports.conf
+
+# Set user to www-data
+RUN chown www-data:www-data /var/www
+USER www-data
+
+
+# Set Grav version
+ARG GRAV_VERSION={{ grav_version }}
+
+# Install grav
+WORKDIR /var/www
+RUN curl -o grav-admin.zip -SL https://getgrav.org/download/core/grav-admin/${GRAV_VERSION} && \
+    unzip grav-admin.zip && \
+    mv -T /var/www/grav-admin /var/www/html && \
+    rm grav-admin.zip
+
+# Install plugins
+RUN cd html && \
+    bin/gpm install admin
+
+# provide container inside image for data persistance
+VOLUME ["/var/www/html"]
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["apache2-foreground"]
diff --git a/roles/grav/templates/docker-compose.yml.j2 b/roles/grav/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..6f9e6de
--- /dev/null
+++ b/roles/grav/templates/docker-compose.yml.j2
@@ -0,0 +1,25 @@
+version: "{{ compose_version }}"
+
+networks:
+  proxy:
+    name: "{{ traefik_network }}"
+
+volumes:
+  grav_lola:
+    name: grav_lola
+
+services:
+  grav_lola:
+    image: grav:{{ grav_version }}
+    build: .
+    container_name: grav_lola
+    volumes:
+      - grav_lola:/var/www/html
+    networks:
+      - proxy
+    labels:
+      traefik.http.routers.grav.entrypoints: websecure
+      traefik.http.routers.grav.rule: "Host(`blog.leaula.me`)"
+      traefik.http.services.grav.loadbalancer.server.port: "{{ grav_internal_port }}"
+      traefik.enable: true
+    restart: unless-stopped
diff --git a/roles/grav/vars/main.yml b/roles/grav/vars/main.yml
new file mode 100644
index 0000000..baec59a
--- /dev/null
+++ b/roles/grav/vars/main.yml
@@ -0,0 +1,3 @@
+grav_internal_port: 8080
+grav_version: 1.7.13
+grav_folder_name: "{{ docker_files }}/grav"
diff --git a/roles/lychee/tasks/main.yml b/roles/lychee/tasks/main.yml
new file mode 100644
index 0000000..7ca9cf6
--- /dev/null
+++ b/roles/lychee/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Create Lychee directory
+  file:
+    path: "{{ lychee_folder_name }}"
+    state: directory
+    owner: "{{ base_user_name }}"
+    group: "{{ base_user_name }}"
+    mode: 0755
+
+- name: Copy Lychee Compose file
+  template:
+    src: docker-compose.yml.j2
+    # Remove .j2 extension
+    dest: "{{ lychee_folder_name }}/docker-compose.yml"
+    owner: "{{ base_user_name }}"
+    group: "{{ base_user_name }}"
+    mode: 0644
+
+- name: Ensure container is up to date
+  community.docker.docker_compose:
+    project_src: "{{ lychee_folder_name }}"
+    remove_orphans: yes
+    pull: yes
+    recreate: smart
+    state: present
diff --git a/roles/lychee/templates/docker-compose.yml.j2 b/roles/lychee/templates/docker-compose.yml.j2
new file mode 100644
index 0000000..fb084af
--- /dev/null
+++ b/roles/lychee/templates/docker-compose.yml.j2
@@ -0,0 +1,57 @@
+version: "{{ compose_version }}"
+
+networks:
+  proxy:
+    name: "{{ traefik_network }}"
+  db:
+    name: lychee_db
+
+volumes:
+  lychee_db:
+    name: lychee_db
+  lychee_uploads:
+    name: lychee_uploads
+
+services:
+  lychee:
+    container_name: lychee
+    image: "lycheeorg/lychee:{{ lychee_version }}"
+    volumes:
+      - lychee_uploads:/uploads
+    labels:
+      traefik.http.routers.lychee.entrypoints: websecure
+      traefik.http.routers.lychee.rule: "Host(`pic.{{ domain_name }}`)"
+      traefik.http.services.lychee.loadbalancer.server.port: 80
+      traefik.enable: true
+    environment:
+      PUID: 1001
+      PGID: 1001
+      PHP_TZ: Europe/Paris
+      DB_CONNECTION: pgsql
+      DB_HOST: lychee_db
+      DB_PORT: 5432
+      DB_DATABASE: lychee
+      DB_USERNAME: lychee
+      DB_PASSWORD: "{{ lychee_db_password }}"
+      APP_NAME: Lychee
+      APP_ENV: production
+      APP_DEBUG: "false"
+      STARTUP_DELAY: 5
+    networks:
+      - proxy
+      - db
+    restart: unless-stopped
+
+  lychee_db:
+    image: "postgres:{{ postgres_version }}-alpine"
+    container_name: lychee_db
+    volumes:
+      - lychee_db:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      POSTGRES_USER: lychee
+      POSTGRES_PASSWORD: "{{ lychee_db_password }}"
+      POSTGRES_DB: lychee
+    networks:
+      - db
+    restart: unless-stopped
diff --git a/roles/lychee/vars/main.yml b/roles/lychee/vars/main.yml
new file mode 100644
index 0000000..1e19bd4
--- /dev/null
+++ b/roles/lychee/vars/main.yml
@@ -0,0 +1,3 @@
+lychee_folder_name: "{{ docker_files }}/lychee"
+lychee_version: v4.3.0
+postgres_version: 13
diff --git a/roles/traefik/defaults/main.yml b/roles/traefik/defaults/main.yml
deleted file mode 100644
index af2e53a..0000000
--- a/roles/traefik/defaults/main.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-traefik_folder_name: "{{ docker_files }}/traefik"
-traefik_certs_directory: "{{ traefik_folder_name }}/certs"
-traefik_metrics_port: 8082
-traefik_http_port: 80
-traefik_https_port: 443
-# Equivalent of docker-compose stop
-traefik_stopped: no
-# Equivalent of docker-compose restart
-traefik_restarted: no
-# If always, equivalent to up -d --force-recreate
-traefik_recreated: smart
-# If present, up (or restart/stop depending of the above)
-# If absent, equivalent of docker-compose down
-traefik_state: present
-traefik_subdomain: proxy
-
-traefik_version: 2.4
diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml
index c8d563f..603910f 100644
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -43,7 +43,5 @@
     project_src: "{{ traefik_folder_name }}"
     remove_orphans: yes
     pull: yes
-    recreate: "{{ traefik_recreated }}"
-    restarted: "{{ traefik_restarted }}"
-    state: "{{ traefik_state }}"
-    stopped: "{{ traefik_stopped }}"
+    recreate: smart
+    state: present
diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2
index d8f81a9..43f7629 100644
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@@ -1,4 +1,4 @@
-version: "3.7"
+version: "{{ compose_version }}"
 
 networks:
   proxy:
@@ -34,5 +34,5 @@ services:
     environment:
       GANDIV5_API_KEY: "{{ gandi_api_key }}"
     networks:
-      - "{{ traefik_network }}"
+      - proxy
     restart: unless-stopped
diff --git a/roles/traefik/vars/main.yml b/roles/traefik/vars/main.yml
new file mode 100644
index 0000000..fa60a9f
--- /dev/null
+++ b/roles/traefik/vars/main.yml
@@ -0,0 +1,8 @@
+traefik_folder_name: "{{ docker_files }}/traefik"
+traefik_certs_directory: "{{ traefik_folder_name }}/certs"
+traefik_metrics_port: 8082
+traefik_http_port: 80
+traefik_https_port: 443
+traefik_subdomain: proxy
+
+traefik_version: 2.4
diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml
new file mode 100644
index 0000000..e69de29
diff --git a/roles/web/templates/docker-compose.yml b/roles/web/templates/docker-compose.yml
new file mode 100644
index 0000000..e69de29