diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml
index 0ff2335..432f357 100644
--- a/inventories/chaosknoten/hosts.yaml
+++ b/inventories/chaosknoten/hosts.yaml
@@ -51,6 +51,21 @@ all:
           ansible_host: zammad-intern.hamburg.ccc.de
           ansible_user: chaos
           ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
+    base_config_hosts:
+      hosts:
+        ccchoir:
+        cloud:
+        grafana:
+        keycloak:
+        lists:
+        mumble:
+        onlyoffice:
+        pad:
+        pretalx:
+        public-reverse-proxy:
+        tickets:
+        wiki:
+        zammad:
     docker_compose_hosts:
       hosts:
         ccchoir:
@@ -82,21 +97,6 @@ all:
     public_reverse_proxy_hosts:
       hosts:
         public-reverse-proxy:
-    ssh_server_config_hosts:
-      hosts:
-        ccchoir:
-        cloud:
-        grafana:
-        keycloak:
-        lists:
-        mumble:
-        onlyoffice:
-        pad:
-        pretalx:
-        public-reverse-proxy:
-        tickets:
-        wiki:
-        zammad:
     certbot_hosts:
       hosts:
         ccchoir:
diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml
index ba1bea6..91cdf0f 100644
--- a/playbooks/deploy.yaml
+++ b/playbooks/deploy.yaml
@@ -1,8 +1,8 @@
 ---
-- name: Ensure SSH server config deployment on ssh_server_config_hosts
-  hosts: ssh_server_config_hosts
+- name: Ensure base config is deployment on base_config_hosts
+  hosts: base_config_hosts
   roles:
-    - deploy_ssh_server_config
+    - base_config
 
 - name: Ensure deployment of infrastructure authorized keys
   hosts: infrastructure_authorized_keys_hosts
diff --git a/roles/base_config/meta/main.yaml b/roles/base_config/meta/main.yaml
new file mode 100644
index 0000000..d1704a2
--- /dev/null
+++ b/roles/base_config/meta/main.yaml
@@ -0,0 +1,4 @@
+---
+dependencies:
+  - role: deploy_ssh_server_config
+  - role: deploy_systemd_journal_config
diff --git a/roles/deploy_systemd_journal_config/files/10-ccchh.conf b/roles/deploy_systemd_journal_config/files/10-ccchh.conf
new file mode 100644
index 0000000..3419fd9
--- /dev/null
+++ b/roles/deploy_systemd_journal_config/files/10-ccchh.conf
@@ -0,0 +1,3 @@
+[Journal]
+MaxFileSec=2day
+MaxRetentionSec=2week
diff --git a/roles/deploy_systemd_journal_config/handlers/main.yaml b/roles/deploy_systemd_journal_config/handlers/main.yaml
new file mode 100644
index 0000000..685f2ce
--- /dev/null
+++ b/roles/deploy_systemd_journal_config/handlers/main.yaml
@@ -0,0 +1,5 @@
+- name: Restart `systemd-journald.service`
+  ansible.builtin.systemd:
+    name: systemd-journald.service
+    state: restarted
+  become: true
diff --git a/roles/deploy_systemd_journal_config/tasks/main.yaml b/roles/deploy_systemd_journal_config/tasks/main.yaml
new file mode 100644
index 0000000..1161a33
--- /dev/null
+++ b/roles/deploy_systemd_journal_config/tasks/main.yaml
@@ -0,0 +1,18 @@
+- name: Create 'journald.conf.d' directory if it does not exist
+  ansible.builtin.file:
+    path: "/etc/systemd/journald.conf.d"
+    state: directory
+    mode: '0644'
+    owner: root
+    group: root
+  become: true
+
+- name: make sure the custom configuration file is deployed
+  ansible.builtin.copy:
+    src: "10-ccchh.conf"
+    dest: "/etc/systemd/journald.conf.d/10-ccchh.conf"
+    mode: "0644"
+    owner: root
+    group: root
+  become: true
+  notify: Restart `systemd-journald.service`
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml
index 6ccfac4..e4d4fb0 100644
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@@ -1,5 +1,6 @@
 nginx__deploy_redirect_conf: true
 nginx__deploy_tls_conf: true
+nginx__deploy_logging_conf: true
 nginx__configurations: [ ]
 nginx__use_custom_nginx_conf: false
 nginx__custom_nginx_conf: ""
diff --git a/roles/nginx/files/logging.conf b/roles/nginx/files/logging.conf
new file mode 100644
index 0000000..304996f
--- /dev/null
+++ b/roles/nginx/files/logging.conf
@@ -0,0 +1,2 @@
+error_log  syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=warn debug;
+access_log  syslog:server=unix:/run/systemd/journal/dev-log,nohostname,severity=info main;
diff --git a/roles/nginx/meta/argument_specs.yaml b/roles/nginx/meta/argument_specs.yaml
index 7c5cfe6..d79ba9e 100644
--- a/roles/nginx/meta/argument_specs.yaml
+++ b/roles/nginx/meta/argument_specs.yaml
@@ -23,6 +23,12 @@ argument_specs:
         type: bool
         required: false
         default: true
+      nginx__deploy_logging_conf:
+        description: >-
+          Whether or not to deploy a `logging.conf` to `/etc/nginx/conf.d/logging.conf`.
+        type: bool
+        required: false
+        default: true
       nginx__configurations:
         description: A list of nginx configurations.
         type: list
diff --git a/roles/nginx/tasks/main/config_deploy.yaml b/roles/nginx/tasks/main/config_deploy.yaml
index 47bc050..01580b1 100644
--- a/roles/nginx/tasks/main/config_deploy.yaml
+++ b/roles/nginx/tasks/main/config_deploy.yaml
@@ -100,6 +100,24 @@
       ansible.builtin.set_fact:
         nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'redirect.conf' ] }}"  # noqa: jinja[spacing]
 
+- name: handle the case, where logging.conf should be deployed
+  when: nginx__deploy_logging_conf
+  block:
+    - name: make sure logging.conf is deployed
+      ansible.builtin.copy:
+        force: true
+        dest: /etc/nginx/conf.d/logging.conf
+        mode: "0644"
+        owner: root
+        group: root
+        src: logging.conf
+      become: true
+      notify: Restart `nginx.service`
+
+    - name: add logging.conf to nginx__config_files_to_exist
+      ansible.builtin.set_fact:
+        nginx__config_files_to_exist: "{{ nginx__config_files_to_exist + [ 'logging.conf' ] }}"  # noqa: jinja[spacing]
+
 - name: make sure all given configuration files are deployed
   ansible.builtin.copy:
     content: "{{ item.content }}"