diff --git a/roles/mas/defaults/main.json b/roles/mas/defaults/main.json
index 7e5ae2c..8536c1b 100644
--- a/roles/mas/defaults/main.json
+++ b/roles/mas/defaults/main.json
@@ -16,7 +16,7 @@
 	"var_mas_authentication_upstream_data_authelia_url_base": "https://authelia.example.org",
 	"var_mas_authentication_upstream_data_authelia_auth_method": "client_secret_post",
 	"var_mas_authentication_upstream_data_authelia_scope": "openid profile email",
-	"var_mas_authentication_upstream_data_authelia_name": "authelia",
+	"var_mas_authentication_upstream_data_authelia_id": "01JADRQ54Y0KCQS0AEJQ4YTY36",
 	"var_mas_authentication_upstream_data_authelia_client_id": "mas",
 	"var_mas_authentication_upstream_data_authelia_client_secret": "REPLACE_ME"
 }
diff --git a/roles/mas/files/conf-compose.py b/roles/mas/files/conf-compose.py
index c1fe8cc..354e882 100644
--- a/roles/mas/files/conf-compose.py
+++ b/roles/mas/files/conf-compose.py
@@ -65,20 +65,12 @@ def main():
 	## args
 	argument_parser = _argparse.ArgumentParser()
 	argument_parser.add_argument(
-		"-b",
-		"--base-file-path",
+		"-s",
+		"--source-directory",
 		type = str,
-		dest = "base_file_path",
-		default = "/opt/mas/conf.d/base.json",
-		metavar = "<base-file-path>",
-	)
-	argument_parser.add_argument(
-		"-c",
-		"--clients-directory-path",
-		type = str,
-		dest = "clients_directory_path",
-		default = "/opt/mas/conf.d/clients",
-		metavar = "<clients-directory-path>",
+		dest = "source_directory",
+		default = "/opt/mas/conf.d",
+		metavar = "<source-directory>",
 	)
 	argument_parser.add_argument(
 		"-f",
@@ -105,7 +97,25 @@ def main():
 	if True:
 		data = dict_merge(
 			data,
-			_json.loads(file_read(args.base_file_path))
+			_yaml.loads(file_read(_os.path.join(args.source_directory, "base.yaml")))
+		)
+	### database
+	if True:
+		data = dict_merge(
+			data,
+			_json.loads(file_read(_os.path.join(args.source_directory, "database.json")))
+		)
+	### matrix
+	if True:
+		data = dict_merge(
+			data,
+			_json.loads(file_read(_os.path.join(args.source_directory, "matrix.json")))
+		)
+	### upstream
+	if True:
+		data = dict_merge(
+			data,
+			_json.loads(file_read(_os.path.join(args.source_directory, "upstream.json")))
 		)
 	### clients
 	if True:
@@ -114,8 +124,8 @@ def main():
 			{
 				"clients": list(
 					map(
-						lambda name: _json.loads(file_read(_os.path.join(args.clients_directory_path, name))),
-						_os.listdir(args.clients_directory_path)
+						lambda name: _json.loads(file_read(_os.path.join(args.source_directory, "clients", name))),
+						_os.listdir(_os.path.join(args.source_directory, "clients"))
 					)
 				),
 			}
diff --git a/roles/mas/tasks/config-database.json.j2 b/roles/mas/tasks/config-database.json.j2
new file mode 100644
index 0000000..c227ba6
--- /dev/null
+++ b/roles/mas/tasks/config-database.json.j2
@@ -0,0 +1,9 @@
+{
+	"database": {
+		"host": "{{var_mas_database_host}}",
+		"port": {{var_mas_database_port | string}},
+		"username": "{{var_mas_database_username}}",
+		"password": "{{var_mas_database_password}}",
+		"database": "{{var_mas_database_schema}}"
+	}
+}
diff --git a/roles/mas/tasks/main.json b/roles/mas/tasks/main.json
index c117ce6..6a18f0f 100644
--- a/roles/mas/tasks/main.json
+++ b/roles/mas/tasks/main.json
@@ -66,9 +66,36 @@
 		"name": "configuration | base",
 		"become": true,
 		"become_user": "{{var_mas_user}}",
+		"ansible.builtin.command": {
+			"cmd": "./mas-cli config generate > {{var_mas_directory}}/conf.d/base.yaml",
+			"chdir": "{{var_mas_directory}}"
+		}
+	},
+	{
+		"name": "configuration | database",
+		"become": true,
+		"become_user": "{{var_mas_user}}",
 		"ansible.builtin.template": {
-			"src": "config-base.json.j2",
-			"dest": "{{var_mas_directory}}/conf.d/base.json"
+			"src": "config-database.json.j2",
+			"dest": "{{var_mas_directory}}/conf.d/database.json"
+		}
+	},
+	{
+		"name": "configuration | matrix",
+		"become": true,
+		"become_user": "{{var_mas_user}}",
+		"ansible.builtin.template": {
+			"src": "config-matrix.json.j2",
+			"dest": "{{var_mas_directory}}/conf.d/matrix.json"
+		}
+	},
+	{
+		"name": "configuration | upstream",
+		"become": true,
+		"become_user": "{{var_mas_user}}",
+		"ansible.builtin.template": {
+			"src": "config-upstream.json.j2",
+			"dest": "{{var_mas_directory}}/conf.d/upstream.json"
 		}
 	},
 	{
diff --git a/roles/mas/templates/config-base.json.j2 b/roles/mas/templates/config-base.json.j2
index 0c727a1..f70405b 100644
--- a/roles/mas/templates/config-base.json.j2
+++ b/roles/mas/templates/config-base.json.j2
@@ -94,7 +94,7 @@
 	"upstream_oauth2": {
 		"providers": [
 			{
-				"id": "{{var_mas_authentication_upstream_data_authelia_name}}",
+				"id": "{{var_mas_authentication_upstream_data_authelia_id}}",
 				"issuer": "{{var_mas_authentication_upstream_data_authelia_url_base}}",
 				"authorization_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/authorization",
 				"token_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/token",
diff --git a/roles/mas/templates/config-matrix.json.j2 b/roles/mas/templates/config-matrix.json.j2
new file mode 100644
index 0000000..5c6d5d1
--- /dev/null
+++ b/roles/mas/templates/config-matrix.json.j2
@@ -0,0 +1,7 @@
+{
+	"matrix": {
+		"homeserver": "{{var_mas_matrix_server}}",
+		"secret": "{{var_mas_matrix_secret}}",
+		"endpoint": "{{var_mas_matrix_endpoint}}"
+	}
+}
diff --git a/roles/mas/templates/config-upstream.json.j2 b/roles/mas/templates/config-upstream.json.j2
new file mode 100644
index 0000000..5b246fd
--- /dev/null
+++ b/roles/mas/templates/config-upstream.json.j2
@@ -0,0 +1,20 @@
+{
+{% if var_mas_authentication_upstream_kind == 'none' %}
+{% endif %}
+{% if var_mas_authentication_upstream_kind == 'authelia' %}
+	"upstream_oauth2": {
+		"providers": [
+			{
+				"id": "{{var_mas_authentication_upstream_data_authelia_id}}",
+				"issuer": "{{var_mas_authentication_upstream_data_authelia_url_base}}",
+				"authorization_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/authorization",
+				"token_endpoint": "{{var_mas_authentication_upstream_data_authelia_url_base}}/api/oidc/token",
+				"token_endpoint_auth_method": "{{var_mas_authentication_upstream_data_authelia_auth_method}}",
+				"scope": "{{var_mas_authentication_upstream_data_authelia_scope}}",
+				"client_id": "{{var_mas_authentication_upstream_data_authelia_client_id}}",
+				"client_secret": "{{var_mas_authentication_upstream_data_authelia_client_secret}}"
+			}
+		]
+	}
+{% endif %}	
+}