diff --git a/inventory/desktops.yml b/inventory/desktops.yml
index 7735433..7abb083 100644
--- a/inventory/desktops.yml
+++ b/inventory/desktops.yml
@@ -7,11 +7,11 @@ desktops:
     ohm:
 
   vars:
-    system_sshd_port: 22
-    system_sshd_sign_host_keys: false
-    system_sshd_auth_password_authentication: "yes"
+    sshd_port: 22
+    sshd_sign_host_keys: false
+    sshd_auth_password_authentication: "yes"
 
-    system_flatpak_apps:
+    flatpak_apps:
       - "com.chatterino.chatterino/{{ ansible_architecture }}/stable"
       - com.discordapp.Discord
       - com.spotify.Client
diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml
index ac986f6..41af8d0 100644
--- a/playbooks/bootstrap.yml
+++ b/playbooks/bootstrap.yml
@@ -17,22 +17,22 @@
       become: true
 
     # Enable Cockpit
-    - role: system/cockpit
+    - role: cockpit
       become: true
       tags: cockpit
 
     # Enable Flathub repository and install configured flatpaks
-    - role: system/flatpak
+    - role: flatpak
       when: ansible_distribution != "Ubuntu"
       tags: flatpak
 
     # Install Podman and configure UIDs/GIDs for rootless usage
-    - role: system/podman
+    - role: podman
       become: true
       tags: podman
 
     # Install and configure SSH server
-    - role: system/sshd
+    - role: sshd
       become: true
       tags: sshd
 
diff --git a/roles/system/cockpit/defaults/main.yml b/roles/cockpit/defaults/main.yml
similarity index 83%
rename from roles/system/cockpit/defaults/main.yml
rename to roles/cockpit/defaults/main.yml
index ee6f952..7acd7c3 100644
--- a/roles/system/cockpit/defaults/main.yml
+++ b/roles/cockpit/defaults/main.yml
@@ -2,4 +2,4 @@
 # Boolean variable that adjust the Cockpit config when it's being served via
 # reverse proxy (adjusts the origin, so that the Cockpit doesn't drop sessions,
 # and checks for SSL/TLS connections)
-system_cockpit_has_reverse_proxy: false
+cockpit_has_reverse_proxy: false
diff --git a/roles/system/cockpit/tasks/install.yml b/roles/cockpit/tasks/install.yml
similarity index 100%
rename from roles/system/cockpit/tasks/install.yml
rename to roles/cockpit/tasks/install.yml
diff --git a/roles/system/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml
similarity index 90%
rename from roles/system/cockpit/tasks/main.yml
rename to roles/cockpit/tasks/main.yml
index 162a247..12022dc 100644
--- a/roles/system/cockpit/tasks/main.yml
+++ b/roles/cockpit/tasks/main.yml
@@ -10,7 +10,7 @@
     mode: 0644
     owner: root
     group: root
-  when: system_cockpit_has_reverse_proxy
+  when: cockpit_has_reverse_proxy
 
 - name: Enable cockpit
   ansible.builtin.service:
diff --git a/roles/system/cockpit/templates/cockpit.conf b/roles/cockpit/templates/cockpit.conf
similarity index 100%
rename from roles/system/cockpit/templates/cockpit.conf
rename to roles/cockpit/templates/cockpit.conf
diff --git a/roles/system/flatpak/defaults/main.yml b/roles/flatpak/defaults/main.yml
similarity index 66%
rename from roles/system/flatpak/defaults/main.yml
rename to roles/flatpak/defaults/main.yml
index 847e8eb..e1fd47b 100644
--- a/roles/system/flatpak/defaults/main.yml
+++ b/roles/flatpak/defaults/main.yml
@@ -1,3 +1,3 @@
 ---
 # List of the flatpak apps to be installed
-system_flatpak_apps: []
+flatpak_apps: []
diff --git a/roles/system/flatpak/tasks/main.yml b/roles/flatpak/tasks/main.yml
similarity index 83%
rename from roles/system/flatpak/tasks/main.yml
rename to roles/flatpak/tasks/main.yml
index e48b3db..f0f8d5a 100644
--- a/roles/system/flatpak/tasks/main.yml
+++ b/roles/flatpak/tasks/main.yml
@@ -11,6 +11,6 @@
   community.general.flatpak:
     name: "{{ item }}"
     state: present
-  loop: "{{ system_flatpak_apps }}"
+  loop: "{{ flatpak_apps }}"
   become: true
-  when: system_flatpak_apps
+  when: flatpak_apps
diff --git a/roles/system/podman/tasks/install.yml b/roles/podman/tasks/install.yml
similarity index 100%
rename from roles/system/podman/tasks/install.yml
rename to roles/podman/tasks/install.yml
diff --git a/roles/system/podman/tasks/main.yml b/roles/podman/tasks/main.yml
similarity index 100%
rename from roles/system/podman/tasks/main.yml
rename to roles/podman/tasks/main.yml
diff --git a/roles/system/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml
similarity index 65%
rename from roles/system/sshd/defaults/main.yml
rename to roles/sshd/defaults/main.yml
index 73513a5..402331b 100644
--- a/roles/system/sshd/defaults/main.yml
+++ b/roles/sshd/defaults/main.yml
@@ -1,15 +1,15 @@
 ---
 # Whether to accept password auth; ‹yes› or ‹no›
-system_sshd_auth_password_authentication: "no"
+sshd_auth_password_authentication: "no"
 
 # Whether to allow ‹root› login; ‹yes› or ‹no›
-system_sshd_auth_permit_root_login: "no"
+sshd_auth_permit_root_login: "no"
 
 # Whether to setup trusted CA (against the HashiCorp Vault instance)
-system_sshd_auth_trusted_ca: true
+sshd_auth_trusted_ca: true
 
 # Default port where the SSH daemon runs; also adjusts the SELinux policy
-system_sshd_port: 10022
+sshd_port: 10022
 
 # [TODO]: Whether to sign the host keys (against the HashiCorp Vault instance)
-system_sshd_sign_host_keys: true
+sshd_sign_host_keys: true
diff --git a/roles/system/sshd/files/10-ca.conf b/roles/sshd/files/10-ca.conf
similarity index 100%
rename from roles/system/sshd/files/10-ca.conf
rename to roles/sshd/files/10-ca.conf
diff --git a/roles/system/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml
similarity index 100%
rename from roles/system/sshd/handlers/main.yml
rename to roles/sshd/handlers/main.yml
diff --git a/roles/system/sshd/tasks/install.yml b/roles/sshd/tasks/install.yml
similarity index 100%
rename from roles/system/sshd/tasks/install.yml
rename to roles/sshd/tasks/install.yml
diff --git a/roles/system/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
similarity index 91%
rename from roles/system/sshd/tasks/main.yml
rename to roles/sshd/tasks/main.yml
index 7fc441e..073d3eb 100644
--- a/roles/system/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -29,7 +29,7 @@
 
 - name: Notify SELinux about new port
   community.general.seport:
-    ports: "{{ system_sshd_port }}"
+    ports: "{{ sshd_port }}"
     proto: "tcp"
     setype: "ssh_port_t"
     state: "present"
@@ -37,7 +37,7 @@
 
 - name: Enable the new SSH port on firewall
   ansible.posix.firewalld:
-    port: "{{ system_sshd_port }}/tcp"
+    port: "{{ sshd_port }}/tcp"
     immediate: true
     permanent: true
     state: enabled
@@ -53,4 +53,4 @@
 
 - name: Set trusted CA
   ansible.builtin.include_tasks: trusted_ca.yml
-  when: system_sshd_auth_trusted_ca
+  when: sshd_auth_trusted_ca
diff --git a/roles/system/sshd/tasks/trusted_ca.yml b/roles/sshd/tasks/trusted_ca.yml
similarity index 100%
rename from roles/system/sshd/tasks/trusted_ca.yml
rename to roles/sshd/tasks/trusted_ca.yml
diff --git a/roles/sshd/templates/10-harden.conf b/roles/sshd/templates/10-harden.conf
new file mode 100644
index 0000000..1b24217
--- /dev/null
+++ b/roles/sshd/templates/10-harden.conf
@@ -0,0 +1,6 @@
+# Port
+Port {{ sshd_port }}
+
+# Auth
+PermitRootLogin {{ sshd_auth_permit_root_login }}
+PasswordAuthentication {{ sshd_auth_password_authentication }}
diff --git a/roles/system/sshd/templates/10-signed-host-key.conf b/roles/sshd/templates/10-signed-host-key.conf
similarity index 100%
rename from roles/system/sshd/templates/10-signed-host-key.conf
rename to roles/sshd/templates/10-signed-host-key.conf
diff --git a/roles/system/sshd/templates/10-harden.conf b/roles/system/sshd/templates/10-harden.conf
deleted file mode 100644
index 12e9911..0000000
--- a/roles/system/sshd/templates/10-harden.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# Port
-Port {{ system_sshd_port }}
-
-# Auth
-PermitRootLogin {{ system_sshd_auth_permit_root_login }}
-PasswordAuthentication {{ system_sshd_auth_password_authentication }}