diff --git a/roles/codimd/defaults/main.yml b/roles/codimd/defaults/main.yml
new file mode 100644
index 0000000..b90bf62
--- /dev/null
+++ b/roles/codimd/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+# service_name is the name of the project on GitHub
+service_name: codimd
+
+# URL to clone
+service_repo: https://github.com/hackmdio/codimd.git
+
+# name of the service user
+# It means that you will have to `sudo -u THISUSER zsh` to debug
+service_user: "{{ service_name }}"
+service_homedir: "/var/local/{{ service_name }}"
+
+# service_path is where the project is cloned
+# It can't be the home directory because of user hidden files.
+service_path: "{{ service_homedir }}/{{ service_name }}"
diff --git a/roles/codimd/tasks/1_user_group.yml b/roles/codimd/tasks/1_user_group.yml
deleted file mode 100644
index 8acc968..0000000
--- a/roles/codimd/tasks/1_user_group.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-# Security #1
-- name: Create CodiMD system group
-  group:
-    name: codimd
-    system: true
-    state: present
-
-# Security #2
-- name: Create CodiMD user
-  user:
-    name: codimd
-    group: codimd
-    home: /var/local/codimd
-    comment: CodiMD
-    system: true
-    state: present
-
-# Security #3
-- name: Secure CodiMD home directory
-  file:
-    path: /var/local/codimd
-    state: directory
-    owner: codimd
-    group: codimd
-    mode: 0750
diff --git a/roles/codimd/tasks/main.yml b/roles/codimd/tasks/main.yml
index f176b95..f304fad 100644
--- a/roles/codimd/tasks/main.yml
+++ b/roles/codimd/tasks/main.yml
@@ -2,26 +2,25 @@
 # Install APT dependencies
 - include_tasks: 0_apt_dependencies.yml
 
-# Create CodiMD user and group
-- include_tasks: 1_user_group.yml
+# Create service user
+- include_tasks: service_user.yml
 
-# Download CodiMD
-- name: Clone CodiMD project
+- name: "Clone {{ service_name }} project"
   git:
-    repo: https://github.com/hackmdio/codimd.git
-    dest: /var/local/codimd/codimd
+    repo: "{{ service_repo }}"
+    dest: "{{ service_path }}"
     version: 1.3.0
   become: true
-  become_user: codimd
+  become_user: "{{ service_user }}"
   notify: Build front-end for CodiMD
 
-# Setup dependencies and configs
-- name: Install CodiMD dependencies
+# Setup dependencies
+- name: "Install {{ service_name }} dependencies"
   yarn:
-    path: /var/local/codimd/codimd
+    path: "{{ service_path }}"
     production: true
   become: true
-  become_user: codimd
+  become_user: "{{ service_user }}"
   register: yarn_result
   retries: 3
   until: yarn_result is succeeded
@@ -30,33 +29,32 @@
 - name: Connect CodiMD to PostgreSQL db
   template:
     src: sequelizerc.j2
-    dest: /var/local/codimd/codimd/.sequelizerc
-    owner: codimd
-    group: codimd
+    dest: "{{ service_path }}/.sequelizerc"
+    owner: "{{ service_user }}"
+    group: nogroup
     mode: 0600
 
-# Configure
-- name: Configure CodiMD
+- name: "Configure {{ service_name }}"
   template:
     src: config.json.j2
-    dest: /var/local/codimd/codimd/config.json
-    owner: codimd
-    group: codimd
+    dest: "{{ service_path }}/config.json"
+    owner: "{{ service_user }}"
+    group: nogroup
     mode: 0600
 
 # Service file
-- name: Install CodiMD systemd unit
+- name: "Install {{ service_name }} systemd unit"
   template:
     src: systemd/codimd.service.j2
-    dest: /etc/systemd/system/codimd.service
+    dest: "/etc/systemd/system/{{ service_name }}.service"
     owner: root
     group: root
     mode: 0644
   notify: Reload systemd daemons
 
 # Run
-- name: Ensure that CodiMD is started
+- name: "Ensure that {{ service_name }} is started"
   service:
-    name: codimd
+    name: "{{ service_name }}"
     state: started
     enabled: true
diff --git a/roles/codimd/tasks/service_user.yml b/roles/codimd/tasks/service_user.yml
new file mode 100644
index 0000000..0818676
--- /dev/null
+++ b/roles/codimd/tasks/service_user.yml
@@ -0,0 +1,19 @@
+---
+# Having a custom group is useless so use nogroup
+- name: "Create {{ service_user }} user"
+  user:
+    name: "{{ service_user }}"
+    group: nogroup
+    home: "{{ service_homedir }}"
+    system: true
+    shell: /bin/false
+    state: present
+
+# Only service user should be able to go there
+- name: "Secure {{ service_user }} home directory"
+  file:
+    path: "{{ service_homedir }}"
+    state: directory
+    owner: "{{ service_user }}"
+    group: nogroup
+    mode: 0700
diff --git a/roles/codimd/templates/systemd/codimd.service.j2 b/roles/codimd/templates/systemd/codimd.service.j2
index 8468dfd..4b80a5b 100644
--- a/roles/codimd/templates/systemd/codimd.service.j2
+++ b/roles/codimd/templates/systemd/codimd.service.j2
@@ -7,12 +7,12 @@ Conflicts=shutdown.target
 
 [Service]
 Type=simple
-User=codimd
-Group=codimd
-WorkingDirectory=/var/local/codimd/codimd
+User={{ service_user }}
+WorkingDirectory={{ service_path }}
 Environment="NODE_ENV=production"
-ExecStart=/usr/bin/nodejs /var/local/codimd/codimd/app.js
+ExecStart=/usr/bin/nodejs ./app.js
 Restart=always
+RestartSec=3
 
 [Install]
 WantedBy=multi-user.target