diff --git a/README.md b/README.md
index adafacda..371603d1 100644
--- a/README.md
+++ b/README.md
@@ -49,8 +49,7 @@ generated in this repository.
 
 Deployment is managed on a separate private repository that includes several
 secrets. Deployment is done with ansible using a
-[dedicated role](https://github.com/EGI-Federation/ansible-role-fedcloud-ops)
-with:
+[dedicated role](./deploy/roles/catchall) with:
 
 ```sh
 ansible-playbook -i inventory.yaml --extra-vars "@secrets.yaml" playbook.yaml
diff --git a/deploy/cloud-init.yaml b/deploy/cloud-init.yaml
index 50b49fc5..8d79eea9 100644
--- a/deploy/cloud-init.yaml
+++ b/deploy/cloud-init.yaml
@@ -11,13 +11,6 @@ users:
       - gh:enolfc
       - gh:gwarf
 
-apt:
-  sources:
-    ansible-ppa.list:
-      source: "deb http://ppa.launchpad.net/ansible/ansible/ubuntu xenial main"
-      # this is not a secret
-      keyid: 6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367 # gitleaks:allow
-
 packages:
   - git
   - ansible
diff --git a/deploy/roles/catchall/defaults/main.yaml b/deploy/roles/catchall/defaults/main.yaml
index 5f6605cc..8ad330ae 100644
--- a/deploy/roles/catchall/defaults/main.yaml
+++ b/deploy/roles/catchall/defaults/main.yaml
@@ -4,7 +4,7 @@ ams_host: msg.argo.grnet.gr
 ams_token: secret
 
 # check-in endpoint
-checkin_token_endpoint: "https://aai.egi.eu/oidc/token"
+checkin_token_endpoint: "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token"
 
 # docker image for the cloud info provider
 cloud_info_image: egifedcloud/ops-cloud-info:latest
diff --git a/deploy/roles/catchall/handlers/main.yml b/deploy/roles/catchall/handlers/main.yml
new file mode 100644
index 00000000..de86a989
--- /dev/null
+++ b/deploy/roles/catchall/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Restart docker
+  ansible.builtin.systemd:
+    name: docker
+    state: restarted
+    daemon_reload: true
diff --git a/deploy/roles/catchall/tasks/docker.yml b/deploy/roles/catchall/tasks/docker.yml
index 15405be8..ba0d3406 100644
--- a/deploy/roles/catchall/tasks/docker.yml
+++ b/deploy/roles/catchall/tasks/docker.yml
@@ -35,6 +35,8 @@
     path: /etc/docker
     state: directory
     mode: "775"
+  notify:
+   - Restart docker
 
 - name: Configure docker
   ansible.builtin.copy:
@@ -51,9 +53,5 @@
       }
     dest: /etc/docker/daemon.json
     mode: "660"
-
-- name: Restart docker
-  ansible.builtin.systemd:
-    name: docker
-    state: restarted
-    daemon_reload: true
+  notify:
+   - Restart docker