diff --git a/playbooks/deploy_zitadel_docker.yaml b/playbooks/deploy_zitadel_docker.yaml
index dddde7c..b1b2c8d 100644
--- a/playbooks/deploy_zitadel_docker.yaml
+++ b/playbooks/deploy_zitadel_docker.yaml
@@ -7,6 +7,6 @@
     zitadel_masterkey: MasterkeyNeedsToHave32Characters
     zitadel_workspace: /opt/zitadel
   roles:
-    - roles/vhosts/common/
-    - roles/vhosts/docker/
-    - roles/docker/zitadel/
+    - vhosts/common/
+    - vhosts/docker/
+    - docker/zitadel/
diff --git a/playbooks/playbooks/roles/docker/keycloak/defaults/main.yml b/playbooks/playbooks/roles/docker/keycloak/defaults/main.yml
deleted file mode 100644
index a357d8e..0000000
--- a/playbooks/playbooks/roles/docker/keycloak/defaults/main.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-postgres_db: keycloak
-postgres_user: keycloak_user
-postgres_password: keycloak_password
-
-keycloak_admin: admin
-keycloak_admin_password: admin_password
-
-keycloak_key_store_password: ''
-keycloak_trust_store_password: ''
-
-ssl_certificate_path: /etc/ssl/onwalk.net.pem
-ssl_certificate_key_path: /etc/ssl/onwalk.net.key
-dhparam_path: /etc/ssl/dhparam.pem
diff --git a/playbooks/playbooks/roles/docker/keycloak/files/nginx.conf b/playbooks/playbooks/roles/docker/keycloak/files/nginx.conf
deleted file mode 100644
index 17db275..0000000
--- a/playbooks/playbooks/roles/docker/keycloak/files/nginx.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-server {
-    listen 80;
-    server_name keycloak.onwalk.net;
-
-    # 强制 HTTP 请求重定向到 HTTPS
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl;
-    server_name keycloak.onwalk.net;
-
-    # SSL 配置
-    ssl_certificate /etc/ssl/certs/onwalk.net.pem;
-    ssl_certificate_key /etc/ssl/certs/onwalk.net.key;
-
-    # 日志设置
-    access_log /dev/stdout;
-    error_log /dev/stderr;
-
-    # 配置反向代理
-    location / {
-        proxy_pass https://127.0.0.1:8443;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header Cookie $http_cookie;
-        proxy_redirect off;
-    }
-
-    # SSL 强化
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256';
-    ssl_prefer_server_ciphers off;
-}
diff --git a/playbooks/playbooks/roles/docker/keycloak/tasks/main.yml b/playbooks/playbooks/roles/docker/keycloak/tasks/main.yml
deleted file mode 100644
index 7f63148..0000000
--- a/playbooks/playbooks/roles/docker/keycloak/tasks/main.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-- name: 执行 pre-setup 操作
-  include_tasks: "{{ playbook_dir }}/roles/docker/keycloak/tasks/pre-setup.yml"
-
-- name: 渲染 .env 配置文件
-  template:
-    src: "{{ playbook_dir }}/roles/docker/keycloak/templates/.env.j2"
-    dest: "{{ playbook_dir }}/roles/docker/keycloak/files/.env"
-
-- name: 执行 create_keystore.sh 脚本
-  script: "{{ playbook_dir }}/roles/docker/keycloak/files/create_keystore.sh"
-  args:
-    chdir: "/home/ubuntu"
-
-- name: 渲染 Docker Compose 配置文件
-  template:
-    src: "{{ playbook_dir }}/roles/docker/keycloak/templates/docker-compose.yml.j2"
-    dest: "{{ playbook_dir }}/roles/docker/keycloak/files/docker-compose.yml"
-
-- name: 启动 Docker Compose 服务
-  become: true
-  docker_compose:
-    project_src: "{{ playbook_dir }}/roles/docker/keycloak"
-    files:
-      - "{{ playbook_dir }}/roles/docker/keycloak/files/docker-compose.yml"
-    restarted: true
-    state: present
-
-- name: 执行 post-setup 操作
-  include_tasks: "{{ playbook_dir }}/roles/docker/keycloak/tasks/post-setup.yml"
diff --git a/playbooks/playbooks/roles/docker/keycloak/templates/docker-compose.yml.j2 b/playbooks/playbooks/roles/docker/keycloak/templates/docker-compose.yml.j2
deleted file mode 100644
index bd8a3b8..0000000
--- a/playbooks/playbooks/roles/docker/keycloak/templates/docker-compose.yml.j2
+++ /dev/null
@@ -1,64 +0,0 @@
-version: '3.7'
-
-services:
-  postgres:
-    image: postgres:16.0-bookworm
-    environment:
-      POSTGRES_DB: {{ postgres_db }}
-      POSTGRES_USER: {{ postgres_user }}
-      POSTGRES_PASSWORD: {{ postgres_password }}
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-    networks:
-      - keycloak_network
-
-  keycloak:
-    image: bitnami/keycloak:latest
-    environment:
-      KEYCLOAK_ADMIN: {{ keycloak_admin }}
-      KEYCLOAK_ADMIN_PASSWORD: {{ keycloak_admin_password }}
-      KEYCLOAK_DATABASE_VENDOR: postgresql
-      KEYCLOAK_DATABASE_HOST: postgres
-      KEYCLOAK_DATABASE_PORT: 5432
-      KEYCLOAK_DATABASE_USER: {{ postgres_user }}
-      KEYCLOAK_DATABASE_NAME: {{ postgres_db }}
-      KEYCLOAK_DATABASE_PASSWORD: {{ postgres_password }}
-      KEYCLOAK_ENABLE_HTTPS: true
-      KEYCLOAK_HTTPS_KEY_STORE_FILE: /etc/ssl/keystore.jks
-      KEYCLOAK_HTTPS_KEY_STORE_PASSWORD: {{ keycloak_key_store_password }}
-      KEYCLOAK_HTTPS_TRUST_STORE_FILE: /etc/ssl/truststore.jks
-      KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD: {{ keycloak_trust_store_password }}
-    ports:
-      - 8080:8080
-    volumes:
-      - /etc/ssl/keystore.jks:/etc/ssl/keystore.jks
-      - /etc/ssl/truststore.jks:/etc/ssl/truststore.jks
-    restart: always
-    depends_on:
-      - postgres
-    networks:
-      - keycloak_network
-
-  nginx:
-    image: nginx:latest
-    depends_on:
-      - keycloak
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - /etc/ssl/onwalk.net.pem:/etc/ssl/certs/onwalk.net.pem
-      - /etc/ssl/onwalk.net.key:/etc/ssl/certs/onwalk.net.key
-      - /etc/ssl/dhparam.pem:/etc/nginx/ssl/dhparam.pem
-      - ./nginx.conf:/etc/nginx/nginx.conf
-    restart: unless-stopped
-    networks:
-      - keycloak_network
-
-volumes:
-  postgres_data:
-    driver: local
-
-networks:
-  keycloak_network:
-    driver: bridge