diff --git a/ansible/prod/group_vars/all/vars.yml b/ansible/prod/group_vars/all/vars.yml
index 54ee412..7f1d9dd 100644
--- a/ansible/prod/group_vars/all/vars.yml
+++ b/ansible/prod/group_vars/all/vars.yml
@@ -8,10 +8,16 @@ storagebox_managed_directories:
     mode: "0777"
   - path: "{{ storagebox_mount_point }}/ssl"
     mode: "0777"
-  - path: "{{ storagebox_mount_point }}/swag/config"
+  - path: "{{ storagebox_mount_point }}/swag"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag/dns-conf"
     mode: "0777"
   - path: "{{ storagebox_mount_point }}/swag/site-confs"
     mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag/proxy-confs"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag/certbot"
+    mode: "0777"
   - path: "{{ storagebox_managed_directories_grafana_path | default(storagebox_mount_point ~ '/grafana/data') }}"
     mode: "0777"
   - path: "{{ storagebox_mount_point }}/precipitation/images"
diff --git a/ansible/roles/node_dirs/tasks/main.yml b/ansible/roles/node_dirs/tasks/main.yml
index ca5a68d..5ab5081 100644
--- a/ansible/roles/node_dirs/tasks/main.yml
+++ b/ansible/roles/node_dirs/tasks/main.yml
@@ -5,29 +5,6 @@
     state: directory
     mode: '0755'
 
-- name: Create app specific directories
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    mode: '0755'
-  loop:
-    - /opt/iklimco/ssl
-    - /opt/iklimco/init
-    - /opt/iklimco/init/postgresql
-    - /opt/iklimco/init/mongodb
-    - /opt/iklimco/stacks
-    - /opt/iklimco/vault/data
-  when: inventory_hostname in groups['app']
-
-- name: Set vault data directory ownership (vault container runs as uid 100)
-  ansible.builtin.file:
-    path: /opt/iklimco/vault/data
-    state: directory
-    owner: '100'
-    group: '100'
-    mode: '0750'
-  when: inventory_hostname in groups['app']
-
 - name: Create db specific directories
   ansible.builtin.file:
     path: "{{ item }}"
@@ -37,3 +14,12 @@
     - /opt/iklimco/db
     - /opt/iklimco/backup
   when: inventory_hostname in groups['db']
+
+- name: Create service node directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - /opt/iklimco/ssl
+  when: inventory_hostname in groups['app']
diff --git a/ansible/roles/storagebox/handlers/main.yml b/ansible/roles/storagebox/handlers/main.yml
index 6866c5d..d727cf2 100644
--- a/ansible/roles/storagebox/handlers/main.yml
+++ b/ansible/roles/storagebox/handlers/main.yml
@@ -2,9 +2,3 @@
 - name: Reload systemd
   ansible.builtin.systemd:
     daemon_reload: yes
-
-- name: Remount storagebox
-  ansible.builtin.shell: |
-    umount {{ storagebox_mount_point }} || true
-    mount {{ storagebox_mount_point }}
-  listen: "refresh storagebox mount"
diff --git a/ansible/roles/storagebox/tasks/main.yml b/ansible/roles/storagebox/tasks/main.yml
index d2cd3fd..44262e7 100644
--- a/ansible/roles/storagebox/tasks/main.yml
+++ b/ansible/roles/storagebox/tasks/main.yml
@@ -4,6 +4,15 @@
     name: davfs2
     state: present
 
+- name: Enable user_allow_other in /etc/fuse.conf
+  ansible.builtin.lineinfile:
+    path: /etc/fuse.conf
+    regexp: '^#?\s*user_allow_other'
+    line: 'user_allow_other'
+    state: present
+    create: yes
+  register: fuse_conf
+
 - name: Configure davfs2 secrets
   ansible.builtin.lineinfile:
     path: /etc/davfs2/secrets
@@ -22,28 +31,32 @@
 - name: Add fstab entry for StorageBox
   ansible.builtin.lineinfile:
     path: /etc/fstab
-    line: "{{ storagebox_url }} {{ storagebox_mount_point }} davfs _netdev,auto,user,rw,uid={{ storagebox_uid | default('root') }},gid={{ storagebox_gid | default('root') }}{% if storagebox_dir_mode is defined %},dir_mode={{ storagebox_dir_mode }}{% endif %}{% if storagebox_file_mode is defined %},file_mode={{ storagebox_file_mode }}{% endif %} 0 0"
+    line: "{{ storagebox_url }} {{ storagebox_mount_point }} davfs _netdev,auto,user,rw,uid={{ storagebox_uid | default('root') }},gid={{ storagebox_gid | default('root') }}{% if storagebox_dir_mode is defined %},dir_mode={{ storagebox_dir_mode }}{% endif %}{% if storagebox_file_mode is defined %},file_mode={{ storagebox_file_mode }}{% endif %},allow_other 0 0"
     regexp: "^{{ storagebox_url | regex_escape() }}"
     state: present
-  notify:
-    - Reload systemd
-    - refresh storagebox mount
+  register: fstab_entry
+
+- name: Remove stale davfs2 PID file
+  ansible.builtin.shell: |
+    mountpoint -q {{ storagebox_mount_point }} && exit 0
+    rm -f /var/run/mount.davfs/mnt-storagebox.pid
+  changed_when: false
+
+- name: Remount StorageBox to apply updated options
+  ansible.builtin.shell: |
+    if mountpoint -q {{ storagebox_mount_point }}; then
+      umount -l {{ storagebox_mount_point }} || true
+      sleep 3
+    fi
+    rm -f /var/run/mount.davfs/mnt-storagebox.pid 2>/dev/null || true
+    mount {{ storagebox_mount_point }}
+  when: fuse_conf.changed or fstab_entry.changed
 
 - name: Mount StorageBox
-  ansible.builtin.mount:
-    path: "{{ storagebox_mount_point }}"
-    src: "{{ storagebox_url }}"
-    fstype: davfs
-    opts: "_netdev,auto,user,rw,uid={{ storagebox_uid | default('root') }},gid={{ storagebox_gid | default('root') }}{% if storagebox_dir_mode is defined %},dir_mode={{ storagebox_dir_mode }}{% endif %}{% if storagebox_file_mode is defined %},file_mode={{ storagebox_file_mode }}{% endif %}"
-    state: mounted
-  notify:
-    - refresh storagebox mount
-
-- name: Write mount marker
-  ansible.builtin.copy:
-    content: "mounted by ansible"
-    dest: "{{ storagebox_mount_point }}/.mounted_marker"
-    mode: '0644'
+  ansible.builtin.shell: |
+    mountpoint -q {{ storagebox_mount_point }} && exit 0
+    mount {{ storagebox_mount_point }}
+  changed_when: false
 
 - name: Create managed StorageBox directories
   ansible.builtin.file:
@@ -53,4 +66,3 @@
     group: "{{ item.group | default(omit) }}"
     mode: "{{ item.mode | default('0755') }}"
   loop: "{{ storagebox_managed_directories | default([]) }}"
-  notify: "refresh storagebox mount"
diff --git a/ansible/test/group_vars/all/vars.yml b/ansible/test/group_vars/all/vars.yml
index eb10138..c30e07d 100644
--- a/ansible/test/group_vars/all/vars.yml
+++ b/ansible/test/group_vars/all/vars.yml
@@ -3,7 +3,25 @@ storagebox_user: "{{ storagebox_account }}-sub4"
 storagebox_url: "https://{{ storagebox_user }}.your-storagebox.de/"
 storagebox_mount_point: "/mnt/storagebox"
 storagebox_password: "{{ vault_storagebox_password }}"
+storagebox_uid: "1000"
+storagebox_gid: "1000"
+storagebox_dir_mode: "0777"
+storagebox_file_mode: "0666"
 storagebox_managed_directories:
+  - path: "{{ storagebox_mount_point }}/db"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/ssl"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag/dns-conf"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag/site-confs"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag/proxy-confs"
+    mode: "0777"
+  - path: "{{ storagebox_mount_point }}/swag/certbot"
+    mode: "0777"
   - path: "{{ storagebox_mount_point }}/precipitation/images"
     mode: "0755"
 iklim_password: "{{ vault_iklim_password }}"