diff --git a/group_vars/chat.yaml b/group_vars/chat.yaml
index 60ce3e3..0aaaf94 100644
--- a/group_vars/chat.yaml
+++ b/group_vars/chat.yaml
@@ -33,3 +33,36 @@ nginx_sites:
 group_nft_input:
   - "tcp dport { http, https } accept # Allow web-traffic from world"
   - "tcp dport 113 accept # Allow identd from world"
+---
+root_access:
+  - blackdragon
+  - ak
+  - foobar
+  - polyfloyd
+nodejs_version: 22.x
+thelounge_version: "4.4.3"
+thelounge_ldap_url: ldaps://ldap.bitlair.nl
+thelounge_ldap_filter: (objectClass=inetOrgPerson)
+thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
+chat_hostname: chat.bitlair.nl
+acme_domains:
+ - "{{ chat_hostname }}"
+
+nginx_sites:
+  - server_name: "{{ chat_hostname }}"
+    config:
+      - |-
+        location / {
+          proxy_pass http://127.0.0.1:9000/;
+          proxy_http_version 1.1;
+          proxy_set_header Connection "upgrade";
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_set_header X-Forwarded-Proto $scheme;
+
+          # by default nginx times out connections in one minute
+          proxy_read_timeout 1d;
+        }
+
+group_nft_input:
+  - "tcp dport { http, https } accept # Allow web-traffic from world"
diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml
index 213270e..6fa26d1 100644
--- a/roles/chat/tasks/main.yaml
+++ b/roles/chat/tasks/main.yaml
@@ -5,7 +5,6 @@
       - gpg
       - apt-transport-https
       - build-essential
-      - authbind
 
 - name: Import nodesource signing key
   ansible.builtin.shell:
@@ -79,15 +78,7 @@
     system: yes
     state: present
   become: yes
-  
-- name: Give thelounge access to port 113 via authbind
-  file:
-    path: /etc/authbind/byport/113
-    owner: thelounge
-    group: thelounge
-    mode: 0500
-    state: touch
-    
+      
 - name: Ensure JS and JSON syntax checking packages are installed
   yarn:
     name: "{{ item }}"
@@ -118,7 +109,7 @@
 
 - name: Ensure user configuration directory is present
   file:
-    path: /etc/thelounge/users
+    path: /var/local/thelounge/users
     owner: thelounge
     group: thelounge
     state: directory
@@ -126,7 +117,7 @@
 
 - name: Ensure preview storage directory is present
   file:
-    path: /etc/thelounge/storage
+    path: /var/local/thelounge/storage
     owner: thelounge
     group: thelounge
     mode: "0770"
diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2
index 0ad4de5..c606576 100644
--- a/roles/chat/templates/config.js.j2
+++ b/roles/chat/templates/config.js.j2
@@ -42,8 +42,7 @@ module.exports = {
         },
     },
     identd: {
-        enable: true,
-        port: 113,
+        enable: false,
     },
     ldap: {
         enable: true,
diff --git a/roles/chat/templates/thelounge.service b/roles/chat/templates/thelounge.service
index 9170235..3fc7396 100644
--- a/roles/chat/templates/thelounge.service
+++ b/roles/chat/templates/thelounge.service
@@ -7,8 +7,8 @@ Wants=network-online.target
 User=thelounge
 Group=thelounge
 Type=simple
-Environment=THELOUNGE_HOME=/etc/thelounge
-ExecStart=/usr/bin/authbind --deep /usr/local/bin/thelounge start
+Environment=THELOUNGE_HOME=/var/local/thelounge
+ExecStart=/usr/local/bin/thelounge start
 ProtectSystem=yes
 ProtectHome=yes
 PrivateTmp=yes