diff --git a/production/host_vars/web1.dmz.mateu.be.yml b/production/host_vars/web1.dmz.mateu.be.yml
index 4c407ff..3a4ae78 100644
--- a/production/host_vars/web1.dmz.mateu.be.yml
+++ b/production/host_vars/web1.dmz.mateu.be.yml
@@ -5,4 +5,3 @@ mariadb_root_pass: !vault |
           61363465343165366430323033373730356636356462623332616364323265613934383664393461
           6266393162633761340a613835393138353438656136643132353966646536316563646439336534
           3064
-
diff --git a/production/host_vars/web2.dmz.mateu.be.yml b/production/host_vars/web2.dmz.mateu.be.yml
index edc6539..5dc7553 100644
--- a/production/host_vars/web2.dmz.mateu.be.yml
+++ b/production/host_vars/web2.dmz.mateu.be.yml
@@ -5,4 +5,4 @@ mariadb_root_pass: !vault |
           39396636346563346135313431373630643536363838333964353636373437653166633761363664
           3437653064323138310a663363373736623931336432376466316666616234356133383263373136
           31343534663063663134306464306234366430323762656165653930333134326231
-
+mariadb_query_cache_memory: 128
diff --git a/roles/mariadb/defaults/main.yml b/roles/mariadb/defaults/main.yml
index 5e0276c..035956b 100644
--- a/roles/mariadb/defaults/main.yml
+++ b/roles/mariadb/defaults/main.yml
@@ -1,2 +1,3 @@
 mariadb_backup_hour: 5
 mariadb_backup_minute: 0
+mariadb_query_cache_memory: 64
diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml
index 736ae88..adfe8b6 100644
--- a/roles/mariadb/tasks/main.yml
+++ b/roles/mariadb/tasks/main.yml
@@ -17,8 +17,8 @@
   notify: restart mariadb
 
 - name: replace conffile
-  copy:
-      src: files/50-server.cnf
+  template:
+      src: 50-server.cnf.j2
       dest: /etc/mysql/mariadb.conf.d/50-server.cnf
   notify: restart mariadb
 
diff --git a/roles/mariadb/templates/50-server.cnf.j2 b/roles/mariadb/templates/50-server.cnf.j2
new file mode 100644
index 0000000..dd12da7
--- /dev/null
+++ b/roles/mariadb/templates/50-server.cnf.j2
@@ -0,0 +1,137 @@
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+#
+# See the examples of server my.cnf files in /usr/share/mysql
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+
+#
+# * Basic Settings
+#
+user                    = mysql
+pid-file                = /run/mysqld/mysqld.pid
+socket                  = /run/mysqld/mysqld.sock
+#port                   = 3306
+basedir                 = /usr
+datadir                 = /srv/mysql
+tmpdir                  = /tmp
+lc-messages-dir         = /usr/share/mysql
+default-storage-engine  = InnoDB
+#skip-external-locking
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = 127.0.0.1
+
+#
+# * Fine Tuning
+#
+key_buffer_size        = 32M
+max_allowed_packet     = 64M
+thread_stack           = 256K
+thread_cache_size      = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam_recover_options = BACKUP
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 16M
+query_cache_size        = {{ mariadb_query_cache_memory}}M
+
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# As of 5.1 you can enable the log at runtime!
+#general_log_file       = /var/log/mysql/mysql.log
+#general_log            = 1
+#
+# Error log - should be very few entries.
+#
+log_error = /var/log/mysql/error.log
+#
+# Enable the slow query log to see queries with especially long duration
+#slow_query_log_file    = /var/log/mysql/mariadb-slow.log
+#long_query_time        = 10
+#log_slow_rate_limit    = 1000
+#log_slow_verbosity     = query_plan
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id              = 1
+#log_bin                = /var/log/mysql/mysql-bin.log
+expire_logs_days        = 10
+max_binlog_size        = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = exclude_database_name
+
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+#chroot = /srv/mysql/
+#
+# For generating SSL certificates you can use for example the GUI tool "tinyca".
+#
+#ssl-ca = /etc/mysql/cacert.pem
+#ssl-cert = /etc/mysql/server-cert.pem
+#ssl-key = /etc/mysql/server-key.pem
+#
+# Accept only connections using the latest and most secure TLS protocol version.
+# ..when MariaDB is compiled with OpenSSL:
+#ssl-cipher = TLSv1.2
+# ..when MariaDB is compiled with YaSSL (default in Debian):
+#ssl = on
+
+#
+# * Character sets
+#
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+#
+character-set-server  = utf8mb4
+collation-server      = utf8mb4_general_ci
+
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /srv/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+
+innodb_file_per_table
+innodb_data_file_path=ibdata1:10M:autoextend
+
+#
+# * Unix socket authentication plugin is built-in since 10.0.22-6
+#
+# Needed so the root database user can authenticate without a password but
+# only when running as the unix root user.
+#
+# Also available for other users if required.
+# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.3 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.3]
diff --git a/roles/munin-client/tasks/main.yml b/roles/munin-client/tasks/main.yml
index 168aea6..013e8ea 100644
--- a/roles/munin-client/tasks/main.yml
+++ b/roles/munin-client/tasks/main.yml
@@ -67,14 +67,29 @@
       - restart munin-node
   when: munin_need_reconfigure
 
-## Useless junks for LXC
-- name: delete diskstats from LXC machines
+## Useless junks for everyone
+- name: "delete {{ item }}"
   file:
-      path: /etc/munin/plugins/diskstats
+      path: "/etc/munin/plugins/{{ item }}"
+      state: absent
+  when: munin_need_reconfigure
+  loop:
+      - uptime
+      - users
+
+## Useless junks for LXC
+- name: "delete {{ item }} from LXC machines"
+  file:
+      path: "/etc/munin/plugins/{{ item }}"
       state: absent
   notify:
       - restart munin-node
   when: ansible_facts['virtualization_type'] == "lxc"
+  loop:
+      - cpuspeed
+      - diskstats
+      - entropy
+      - irqstats
 
 ## Useless junks for hypervisors
 - name: delete squid plugins