diff --git a/roles/dashboard/defaults/main.yml b/roles/dashboard/defaults/main.yml
index 1a2678d68..e18cfbac3 100644
--- a/roles/dashboard/defaults/main.yml
+++ b/roles/dashboard/defaults/main.yml
@@ -1,2 +1,4 @@
 dashboard_organization: SURFconext
 dashboard_hide_tabs: none
+dashboard_server_restart_policy: always
+dashboard_server_restart_retries: 0
diff --git a/roles/dashboard/tasks/main.yml b/roles/dashboard/tasks/main.yml
index 1a904966f..cffc075cc 100644
--- a/roles/dashboard/tasks/main.yml
+++ b/roles/dashboard/tasks/main.yml
@@ -27,7 +27,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-dashboard/dashboard-server:{{ dashboard_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ dashboard_server_restart_policy }}"
+    restart_retries: "{{ dashboard_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks:
       - name: "loadbalancer"
diff --git a/roles/invite/defaults/main.yml b/roles/invite/defaults/main.yml
index d6fcaa208..a32f7600a 100644
--- a/roles/invite/defaults/main.yml
+++ b/roles/invite/defaults/main.yml
@@ -18,3 +18,5 @@ invite_cronjobmaster: true
 invite_logback_json: true
 invite_docker_networks:
   - name: loadbalancer
+invite_server_restart_policy: always
+invite_server_restart_retries: 0
diff --git a/roles/invite/tasks/main.yml b/roles/invite/tasks/main.yml
index 33bccea42..d43a4de75 100644
--- a/roles/invite/tasks/main.yml
+++ b/roles/invite/tasks/main.yml
@@ -63,7 +63,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-invite/inviteserver:{{ invite_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ invite_server_restart_policy }}"
+    restart_retries: "{{ invite_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks: "{{ invite_docker_networks }}"
     mounts:
diff --git a/roles/manage/defaults/main.yml b/roles/manage/defaults/main.yml
index bb53ccc23..41c6f34d4 100644
--- a/roles/manage/defaults/main.yml
+++ b/roles/manage/defaults/main.yml
@@ -34,3 +34,5 @@ manage_tabs_enabled:
   - organisation
 manage_docker_networks:
   - name: loadbalancer
+manage_server_restart_policy: always
+manage_server_restart_retries: 0
diff --git a/roles/manage/tasks/main.yml b/roles/manage/tasks/main.yml
index 5181c742d..35c20b29a 100644
--- a/roles/manage/tasks/main.yml
+++ b/roles/manage/tasks/main.yml
@@ -100,7 +100,8 @@
     image: ghcr.io/openconext/openconext-manage/manage-server:{{ manage_server_version }}
     entrypoint: /__cacert_entrypoint.sh
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ manage_server_restart_policy }}"
+    restart_retries: "{{ manage_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks: "{{ manage_docker_networks }}"
     mounts:
diff --git a/roles/myconext/defaults/main.yml b/roles/myconext/defaults/main.yml
index 3c6a21613..3e8c209c4 100644
--- a/roles/myconext/defaults/main.yml
+++ b/roles/myconext/defaults/main.yml
@@ -3,3 +3,5 @@ myconext_cronjobmaster: true
 myconext_logback_json: true
 myconext_docker_networks:
   - name: loadbalancer
+myconext_server_restart_policy: always
+myconext_server_restart_retries: 0
diff --git a/roles/myconext/tasks/main.yml b/roles/myconext/tasks/main.yml
index 469a7c847..9689ff47e 100644
--- a/roles/myconext/tasks/main.yml
+++ b/roles/myconext/tasks/main.yml
@@ -128,7 +128,8 @@
     name: myconextserver
     image: ghcr.io/openconext/openconext-myconext/myconext-server:{{ myconext_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ myconext_server_restart_policy }}"
+    restart_retries: "{{ myconext_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     env:
       USE_SYSTEM_CA_CERTS: "1"
diff --git a/roles/oidc-playground/defaults/main.yml b/roles/oidc-playground/defaults/main.yml
index 58cb18672..91c4346a8 100644
--- a/roles/oidc-playground/defaults/main.yml
+++ b/roles/oidc-playground/defaults/main.yml
@@ -1 +1,3 @@
 oidc_playground_dir: /opt/openconext/oidc-playground
+oidc_playground_server_restart_policy: always
+oidc_playground_server_restart_retries: 0
diff --git a/roles/oidc-playground/tasks/main.yml b/roles/oidc-playground/tasks/main.yml
index 48afef265..c969ee246 100644
--- a/roles/oidc-playground/tasks/main.yml
+++ b/roles/oidc-playground/tasks/main.yml
@@ -27,8 +27,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-oidc-playground/oidc-playground-server:{{ oidc_playground_server_version }}
     pull: true
-    restart_policy: "always"
-    state: started
+    restart_policy: "{{ oidc_playground_server_restart_policy }}"
+    restart_retries: "{{ oidc_playground_server_restart_retries }}" # Only for restart policy on-failure
     networks:
       - name: "loadbalancer"
     mounts:
diff --git a/roles/oidcng/defaults/main.yml b/roles/oidcng/defaults/main.yml
index 44641c6c1..3dcbd97b3 100644
--- a/roles/oidcng/defaults/main.yml
+++ b/roles/oidcng/defaults/main.yml
@@ -21,3 +21,5 @@ oidcng_manage_provision_samlsp_sign: "True"
 oidcng_manage_provision_samlsp_trusted_proxy: "True"
 oidcng_docker_networks:
   - name: loadbalancer
+oidcng_server_restart_policy: always
+oidcng_server_restart_retries: 0
diff --git a/roles/oidcng/tasks/main.yml b/roles/oidcng/tasks/main.yml
index fa35fac7c..a306fa7f1 100644
--- a/roles/oidcng/tasks/main.yml
+++ b/roles/oidcng/tasks/main.yml
@@ -101,7 +101,8 @@
     image: ghcr.io/openconext/openconext-oidcng/oidcng:{{ oidcng_version }}
     entrypoint: /__cacert_entrypoint.sh
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ oidcng_server_restart_policy }}"
+    restart_retries: "{{ oidcng_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks: "{{ oidcng_docker_networks }}"
     mounts:
diff --git a/roles/openaccess/defaults/main.yml b/roles/openaccess/defaults/main.yml
new file mode 100644
index 000000000..ba813a4c8
--- /dev/null
+++ b/roles/openaccess/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+openaccess_server_restart_policy: always
+openaccess_server_restart_retries: 0
diff --git a/roles/openaccess/tasks/main.yml b/roles/openaccess/tasks/main.yml
index 30ffc9fad..c3cfb6e4a 100644
--- a/roles/openaccess/tasks/main.yml
+++ b/roles/openaccess/tasks/main.yml
@@ -33,7 +33,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-access/accessserver:{{ openconextaccess_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ openaccess_server_restart_policy }}"
+    restart_retries: "{{ openaccess_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks:
       - name: "loadbalancer"
diff --git a/roles/pdp/defaults/main.yml b/roles/pdp/defaults/main.yml
index 782635029..902c68c6e 100644
--- a/roles/pdp/defaults/main.yml
+++ b/roles/pdp/defaults/main.yml
@@ -23,3 +23,5 @@ pdp_spring_flyway_enabled: true
 pdp_manage_push_testmode: true
 pdp_docker_networks:
   - name: loadbalancer
+pdp_server_restart_policy: always
+pdp_server_restart_retries: 0
diff --git a/roles/pdp/tasks/main.yml b/roles/pdp/tasks/main.yml
index 2933eb586..f0266493b 100644
--- a/roles/pdp/tasks/main.yml
+++ b/roles/pdp/tasks/main.yml
@@ -34,7 +34,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-pdp/pdp-server:{{ pdp_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ pdp_server_restart_policy }}"
+    restart_retries: "{{ pdp_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks: "{{ pdp_docker_networks }}"
     mounts:
diff --git a/roles/teams/defaults/main.yml b/roles/teams/defaults/main.yml
index 60d344650..c0e6deeb3 100644
--- a/roles/teams/defaults/main.yml
+++ b/roles/teams/defaults/main.yml
@@ -29,3 +29,5 @@ teams_manage_provision_samlsp_sign: false
 teams_spring_flyway_enabled: true
 teams_docker_networks: 
   - name: "loadbalancer"
+teams_server_restart_policy: always
+teams_server_restart_retries: 0
diff --git a/roles/teams/tasks/main.yml b/roles/teams/tasks/main.yml
index 2e250d0af..498c99d4c 100644
--- a/roles/teams/tasks/main.yml
+++ b/roles/teams/tasks/main.yml
@@ -33,7 +33,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-teams-ng/teams-server:{{ teams_server_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ teams_server_restart_policy }}"
+    restart_retries: "{{ teams_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks: "{{ teams_docker_networks }}"
     mounts:
diff --git a/roles/voot/defaults/main.yml b/roles/voot/defaults/main.yml
index a22394b56..503efce44 100644
--- a/roles/voot/defaults/main.yml
+++ b/roles/voot/defaults/main.yml
@@ -4,3 +4,5 @@ voot_manage_provision_oauth_rs_rp_secret: "{{ voot.oidcng_checkToken_secret }}"
 voot_manage_provision_oauth_rs_name_en: "{{ instance_name }} VOOT Resource Server"
 voot_manage_provision_oauth_rs_description_en: "The VOOT API is for group membership information"
 voot_manage_provision_oauth_rs_scopes: "groups"
+voot_server_restart_policy: always
+voot_server_restart_retries: 0
diff --git a/roles/voot/tasks/main.yml b/roles/voot/tasks/main.yml
index 15403e587..978106249 100644
--- a/roles/voot/tasks/main.yml
+++ b/roles/voot/tasks/main.yml
@@ -27,7 +27,8 @@
       TZ: "{{ timezone }}"
     image: ghcr.io/openconext/openconext-voot/voot:{{ voot_version }}
     pull: true
-    restart_policy: "always"
+    restart_policy: "{{ voot_server_restart_policy }}"
+    restart_retries: "{{ voot_server_restart_retries }}" # Only for restart policy on-failure
     state: started
     networks:
       - name: "loadbalancer"