diff --git a/filter_plugins/domain_to_username.py b/filter_plugins/domain_to_username.py
new file mode 100644
index 0000000..d55d43e
--- /dev/null
+++ b/filter_plugins/domain_to_username.py
@@ -0,0 +1,25 @@
+from pathlib import Path
+import re
+import sys
+
+NOT_ALLOWED_CHARS = re.compile(r'[^A-Za-z0-9-]+')
+DOMAIN_SHORTS = Path(__file__).parent / '..' / 'public_keys/domain_shorts'
+
+def rreplace(text, to_replace, replacement, count=1):
+    return replacement.join(text.rsplit(to_replace, count))
+
+def domain_to_username(domain):
+    with DOMAIN_SHORTS.open() as f:
+        for l in f:
+            long_domain, _, short_domain = l.strip().partition(' ')
+            if domain.endswith(long_domain):
+                domain = rreplace(domain, long_domain, short_domain)
+                break
+    return NOT_ALLOWED_CHARS.sub('-', domain)
+
+class FilterModule(object):
+    def filters(self):
+        return {'domain_to_username': domain_to_username}
+
+if __name__ == '__main__':
+    print(domain_to_username(sys.argv[1]))
diff --git a/playbooks/host_nvak.banananet.work.yml b/playbooks/host_nvak.banananet.work.yml
index 7e2481f..47ac843 100644
--- a/playbooks/host_nvak.banananet.work.yml
+++ b/playbooks/host_nvak.banananet.work.yml
@@ -17,6 +17,7 @@
     # Linx Server
     - role: server/linx
       domain: drop.banananet.work
+      system_user: drop-banananet-work
       bind_port: 12840
       site_name: "BananaNetwork Drop Server"
     # SpotMe Server
@@ -112,10 +113,12 @@
     # Firefox Sync Server
     - role: server/firefox-sync
       domain: firefox.banananet.work
+      system_user: firefox-banananet-work
     # RSS Server
     # TODO Manual initialization of database required
     - role: server/tt-rss
       domain: rss.banananet.work
+      system_user: rss-banananet-work
     # DSA Seite
 #    - role: server/node
 #      domain: dsa.banananet.work
@@ -125,6 +128,7 @@
     # Forum der Schande
     - role: server/php
       domain: forumderschan.de
+      system_user: forumderschan-de
       repo: git@git.banananet.work:strichliste/strichliste-php.git
       root: html
       installation_includes:
@@ -135,6 +139,7 @@
     # WG Nextcloud
     - role: server/nextcloud
       domain: wg.banananet.work
+      system_user: wg-banananet-work
       nextcloud_admin_user: felix
       enabled_apps_list:
         - accessibility
diff --git a/playbooks/local.yml b/playbooks/local.yml
index fc77082..2c68bb2 100644
--- a/playbooks/local.yml
+++ b/playbooks/local.yml
@@ -16,10 +16,21 @@
         - "{{ global_credentials_directory }}"
         - "{{ global_public_key_directory }}"
         - "{{ global_dns_list_directory }}"
+        - "{{ global_dns_changes_directory }}"
         - "{{ global_ssh_key_directory }}"
         - "{{ global_ssh_host_key_directory }}"
         - "{{ global_wireguard_private_directory }}"
         - "{{ global_wireguard_public_directory }}"
+    - name: Configure shorts table
+      copy:
+        content: |
+          banananet.work bnet
+          forumderschan.de striche
+          stadtpiraten-karlsruhe.de pirat-ka
+        dest: "{{ global_public_key_directory }}/domain_shorts"
+        owner: "{{ global_local_user }}"
+        group: "{{ global_local_user }}"
+        mode: u=rw,g=r,o=r
     - name: Install required tools
       become: yes
       become_user: root
diff --git a/roles/server/firefox-sync/defaults/main.yml b/roles/server/firefox-sync/defaults/main.yml
index 87a0b96..c6dc1dc 100644
--- a/roles/server/firefox-sync/defaults/main.yml
+++ b/roles/server/firefox-sync/defaults/main.yml
@@ -4,7 +4,7 @@ remote_repository_url: "https://github.com/mozilla-services/syncserver"
 remote_repository_version: master
 
 # domain: firefox.example
-system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+system_user: "{{ domain | domain_to_username }}"
 
 service_name: "{{ domain }}.service"
 socket_name: "{{ domain }}.socket"
diff --git a/roles/server/gitea/defaults/main.yml b/roles/server/gitea/defaults/main.yml
index 889ddd0..3ce58fc 100644
--- a/roles/server/gitea/defaults/main.yml
+++ b/roles/server/gitea/defaults/main.yml
@@ -3,7 +3,7 @@
 domain: "gitea.localhost"
 description: "{{ domain }} Gitea"
 
-gitea_system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+gitea_system_user: "{{ domain | domain_to_username }}"
 gitea_service_name: "{{ domain }}.service"
 
 user_directory: "{{ global_webservers_directory }}/{{ domain }}"
diff --git a/roles/server/linx/defaults/main.yml b/roles/server/linx/defaults/main.yml
index 028c329..9057e5b 100644
--- a/roles/server/linx/defaults/main.yml
+++ b/roles/server/linx/defaults/main.yml
@@ -4,7 +4,7 @@
 
 binary_architecture: "linux-amd64"
 
-system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+system_user: "{{ domain | domain_to_username }}"
 service_name: "{{ domain }}.service"
 
 user_directory: "{{ global_webservers_directory }}/{{ domain }}"
diff --git a/roles/server/minecraft/defaults/main.yml b/roles/server/minecraft/defaults/main.yml
index c6465bf..d059650 100644
--- a/roles/server/minecraft/defaults/main.yml
+++ b/roles/server/minecraft/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 # domain: minecraft.example
-system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-')  }}"
+system_user: "{{ domain | domain_to_username }}"
 service_name: "{{ domain }}.service"
 
 user_directory: "{{ global_webservers_directory }}/{{ domain }}"
diff --git a/roles/server/nextcloud/defaults/main.yml b/roles/server/nextcloud/defaults/main.yml
index cee7c88..9adb5f5 100644
--- a/roles/server/nextcloud/defaults/main.yml
+++ b/roles/server/nextcloud/defaults/main.yml
@@ -2,7 +2,7 @@
 
 domain: "nextcloud.localhost"
 
-system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+system_user: "{{ domain | domain_to_username }}"
 
 nextcloud_gpg_fingerprint: "28806A878AE423A28372792ED75899B9A724937A"
 nextcloud_gpg_key_remote: "https://nextcloud.com/nextcloud.asc"
diff --git a/roles/server/php/defaults/main.yml b/roles/server/php/defaults/main.yml
index f97d9e4..50e9647 100644
--- a/roles/server/php/defaults/main.yml
+++ b/roles/server/php/defaults/main.yml
@@ -3,7 +3,7 @@
 # repo
 
 # domain: php.example
-system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+system_user: "{{ domain | domain_to_username }}"
 
 user_directory: "{{ global_webservers_directory }}/{{ domain }}"
 installation_directory: "{{ user_directory }}/repository"
diff --git a/roles/server/spotme/defaults/main.yml b/roles/server/spotme/defaults/main.yml
index 48bf76a..62b0f1c 100644
--- a/roles/server/spotme/defaults/main.yml
+++ b/roles/server/spotme/defaults/main.yml
@@ -2,7 +2,7 @@
 
 domain: "spotme.localhost"
 
-spotme_system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+spotme_system_user: "{{ domain | domain_to_username }}"
 spotme_service_name: "{{ domain }}.service"
 # bind_port
 
diff --git a/roles/server/tt-rss/defaults/main.yml b/roles/server/tt-rss/defaults/main.yml
index 42982bb..e3941f4 100644
--- a/roles/server/tt-rss/defaults/main.yml
+++ b/roles/server/tt-rss/defaults/main.yml
@@ -4,7 +4,7 @@ repo: "https://git.banananet.work/banananetwork/tt-rss.git"
 
 # domain: tt-rss.example
 service_name: "{{ domain }}.service"
-system_user: "{{ domain | regex_replace('[^A-Za-z0-9-]+', '-') }}"
+system_user: "{{ domain | domain_to_username }}"
 
 user_directory: "{{ global_webservers_directory }}/{{ domain }}"
 installation_directory: "{{ user_directory }}/repository"