diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..c6123e8
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,14 @@
+#warn_list:  # or 'skip_list' to silence them completely
+skip_list:
+  - experimental
+  - var-naming[no-role-prefix]
+  - name
+warn_list:
+  - '204'   # Lines should be no longer than 160 chars
+  - no-handler
+  - ignore-errors
+  - fqcn-builtins
+  - fqcn
+  - partial-become[task]
+  - template-instead-of-copy
+offline: true
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..781c027
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.password-store
+.gitignore
+.envrc
diff --git a/.yamllint.yaml b/.yamllint.yaml
index d932357..2d3284c 100644
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@@ -15,3 +15,8 @@ rules:
     max-spaces-after: -1
   commas:
     max-spaces-after: -1
+  comments:
+    min-spaces-from-content: 1
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
diff --git a/authorized_keys/blackdragon.keys b/authorized_keys/blackdragon.keys
deleted file mode 100644
index d488f52..0000000
--- a/authorized_keys/blackdragon.keys
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLZGbt/we3JQ482/NYcdOKGoKDOj1MgmYFP2GDmjLw/ kyan@flandre
diff --git a/bitlair.yaml b/bitlair.yaml
index f4ece91..d09757f 100644
--- a/bitlair.yaml
+++ b/bitlair.yaml
@@ -1,77 +1,80 @@
 ---
 
-- hosts: all
+- name: common
+  hosts: all
   gather_facts: true
   roles:
     - { role: "common", tags: ["common"] }
     - { role: "nft", tags: ["nft"] }
 
-- hosts: bank
+- name: bank
+  hosts: bank
   roles:
     - { role: "bank", tags: ["bank"] }
 
-- hosts: homeassistant
+- name: homeassistant
+  hosts: homeassistant
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
 
-- hosts: raspi
+- name: raspi
+  hosts: raspi
   roles:
     - { role: "raspi", tags: ["raspi"] }
     - { role: "bank-terminal", tags: ["bank-terminal"] }
 
-- hosts: fotos
+- name: fotos
+  hosts: fotos
   roles:
     - { role: "photos", tags: ["photos"] }
 
-- hosts: git-ci
+- name: CI
+  hosts: git-ci
   roles:
-    - { role: "git_ci", tags: ["git_ci"] }
+    - { role: "git-ci", tags: ["git-ci"] }
 
-- hosts: git
+- name: git
+  hosts: git
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "git-server", tags: ["git-server"] }
 
-- hosts: monitoring
+- name: monitoring
+  hosts: monitoring
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "monitoring", tags: ["monitoring"] }
 
-- hosts: mqtt
+- name: mqtt
+  hosts: mqtt
   roles:
     - { role: "mqtt", tags: ["mqtt"] }
 
-- hosts: music
+- name: music
+  hosts: music
   roles:
     - { role: "acme", tags: ["acme"] }
+    - { role: "go", tags: ["go"] }
     - { role: "music", tags: ["music"] }
 
-- hosts: pad
+- name: pad
+  hosts: pad
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "etherpad", tags: ["etherpad"] }
 
-- hosts: services
+- name: services
+  hosts: services
   roles:
-    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "services", tags: ["services"] }
 
-- hosts: wiki
+- name: wiki
+  hosts: wiki
   roles:
     - { role: "acme", tags: ["acme"] }
     - { role: "nginx", tags: ["nginx"] }
     - { role: "www", tags: ["www"] }
-
-- hosts: chat
-  roles:
-    - { role: "acme", tags: [ "acme" ] }
-    - { role: "nginx", tags: [ "nginx" ] }
-    - { role: "chat", tags: [ "chat" ] }
-
-- hosts: ldap
-  roles:
-    - { role: "common", tags: [ "common" ] }
diff --git a/chat.yaml b/chat.yaml
deleted file mode 100644
index fdf3a9a..0000000
--- a/chat.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- hosts: chat
-  roles:
-    - { role: "common", tags: [ "common" ] }
-    - { role: "nft", tags: [ "nft" ] }
-    - { role: "nginx", tags: [ "nginx" ] }
-    - { role: "acme", tags: [ "acme" ] }
-    - { role: "nodesource", tags: [ "nodesource" ] }
-    - { role: "chat", tags: [ "chat" ] }
diff --git a/git-ci.yaml b/git-ci.yaml
index 4a53a08..711dac4 100644
--- a/git-ci.yaml
+++ b/git-ci.yaml
@@ -3,4 +3,4 @@
 - hosts: git-ci
   roles:
     - { role: "common", tags: [ "common" ] }
-    - { role: "git_ci", tags: [ "git_ci" ] }
+    - { role: "git-ci", tags: [ "git-ci" ] }
diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 0169ce1..3deb227 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -36,8 +36,3 @@ mqtt_public_host: bitlair.nl
 debian_repourl: "http://deb.debian.org/debian/"
 debian_securityurl: "http://security.debian.org/debian-security"
 
-deb_forgejo_repos:
-  - host: git.bitlair.nl
-    owner: bitlair
-  - host: git.polyfloyd.net
-    owner: polyfloyd
diff --git a/group_vars/chat.yaml b/group_vars/chat.yaml
deleted file mode 100644
index 08a3480..0000000
--- a/group_vars/chat.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-
-root_access:
-  - blackdragon
-  - ak
-  - foobar
-  - polyfloyd
-
-nodejs_version: 22.x
-thelounge_version: "4.4.3"
-thelounge_ldap_url: ldaps://ldap.bitlair.nl
-thelounge_ldap_filter: (objectClass=inetOrgPerson)
-thelounge_ldap_base: ou=Members,dc=bitlair,dc=nl
-chat_hostname: chat.bitlair.nl
-
-acme_domains:
- - "{{ chat_hostname }}"
-
-nginx_sites:
-  - server_name: "{{ chat_hostname }}"
-    config:
-      - |-
-        location / {
-          proxy_pass http://127.0.0.1:9000/;
-          proxy_http_version 1.1;
-          proxy_set_header Connection "upgrade";
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header X-Forwarded-For $remote_addr;
-          proxy_set_header X-Forwarded-Proto $scheme;
-
-          # by default nginx times out connections in one minute
-          proxy_read_timeout 1d;
-        }
-
-group_nft_input:
-  - "tcp dport { http, https } accept # Allow web-traffic from world"
diff --git a/group_vars/music.yaml b/group_vars/music.yaml
index 85f4ce8..8f0cc7c 100644
--- a/group_vars/music.yaml
+++ b/group_vars/music.yaml
@@ -6,18 +6,12 @@ nft: false
 root_access:
   - ak
   - bob
+  - eightdot
   - foobar
   - polyfloyd
 
 nginx_client_max_body_size: 512M
-nginx_sites:
-  - server_name: "music.bitlair.nl"
-    snippets:
-      - "music-nginx.j2"
 
 music_domain: music.bitlair.nl
 acme_san_domains:
   - [ music.bitlair.nl ]
-
-music_bitpanel_host: bitpanel.bitlair.nl
-music_bitpanel_port: 1337
diff --git a/inventory b/inventory
index eca431d..c380b07 100644
--- a/inventory
+++ b/inventory
@@ -17,8 +17,7 @@ blockchain.bitlair.nl
 git.bitlair.nl
 
 [git-ci]
-git-ci01.bitlair.nl
-git-ci02.bitlair.nl
+git-ci.bitlair.nl
 
 [pad]
 pad.bitlair.nl
@@ -50,9 +49,6 @@ homeassistant.bitlair.nl
 [chat]
 chat.bitlair.nl
 
-[ldap]
-ldap-new.bitlair.nl
-
 [debian:children]
 bank
 fotos
diff --git a/lint.sh b/lint.sh
index bc0183d..296c955 100755
--- a/lint.sh
+++ b/lint.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 
 j2lint `find ./ -type f -name '*.j2'`
+yamllint -c .yamllint.yaml .
 ansible-lint bitlair.yaml
 
diff --git a/monitoring.yaml b/monitoring.yaml
index 202cb58..9e05df0 100644
--- a/monitoring.yaml
+++ b/monitoring.yaml
@@ -4,6 +4,5 @@
   roles:
     - { role: "common", tags: [ "common" ] }
     - { role: "acme", tags: [ "acme" ] }
-    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "nginx", tags: [ "nginx" ] }
     - { role: "monitoring", tags: [ "monitoring" ] }
diff --git a/music.yaml b/music.yaml
index cc04425..e4ea70b 100644
--- a/music.yaml
+++ b/music.yaml
@@ -4,6 +4,6 @@
   roles:
     - { role: "common", tags: [ "common" ] }
     - { role: "acme", tags: [ "acme" ] }
-    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
-    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "go", tags: [ "go" ] }
+#    - { role: "nginx", tags: [ "nginx" ] }
     - { role: "music", tags: [ "music" ] }
diff --git a/pad.yaml b/pad.yaml
index 1d35c0d..380e790 100644
--- a/pad.yaml
+++ b/pad.yaml
@@ -9,5 +9,4 @@
     - { role: "nft", tags: [ "nft" ] }
     - { role: "acme", tags: [ "acme" ] }
     - { role: "nginx", tags: [ "nginx" ] }
-    - { role: "nodesource", tags: [ "nodesource" ] }
     - { role: "etherpad", tags: [ "etherpad" ] }
diff --git a/roles/acme/handlers/main.yaml b/roles/acme/handlers/main.yaml
index 7ff2509..3b4b5d1 100644
--- a/roles/acme/handlers/main.yaml
+++ b/roles/acme/handlers/main.yaml
@@ -1,9 +1,5 @@
 ---
 
-- name: update_contact_info
-  ansible.builtin.command:
-    cmd: dehydrated --account
-
 - name: run dehydrated
   ansible.builtin.command:
     cmd: dehydrated --cron
diff --git a/roles/bank-terminal/tasks/main.yaml b/roles/bank-terminal/tasks/main.yaml
index 7a01ccb..d035da3 100644
--- a/roles/bank-terminal/tasks/main.yaml
+++ b/roles/bank-terminal/tasks/main.yaml
@@ -4,11 +4,11 @@
   block:
     - name: Add user
       ansible.builtin.user:
-        name: bank-terminal
-        home: /home/{{ bank_terminal_user }}
-        shell: /home/{{ bank_terminal_user }}/login
+        name: "bank-terminal"
+        home: "/home/{{ bank_terminal_user }}"
+        shell: "/home/{{ bank_terminal_user }}/login"
         generate_ssh_key: yes
-        ssh_key_type: ed25519
+        ssh_key_type: "ed25519"
 
     - name: Locate agetty
       ansible.builtin.command:
@@ -16,34 +16,35 @@
       register: agetty_location_cmd
 
     - name: Set agetty var
-      ansible.builtin.set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}"
+      ansible.builtin.set_fact:
+        agetty_location: "{{ agetty_location_cmd.stdout_lines | join }}"
 
     - name: Install login script
       ansible.builtin.template:
-        src: login
-        dest: /home/{{ bank_terminal_user }}/login
-        owner: bank-terminal
-        group: bank-terminal
-        mode: 0755
+        src: "login"
+        dest: "/home/{{ bank_terminal_user }}/login"
+        owner: "bank-terminal"
+        group: "bank-terminal"
+        mode: "0755"
 
     - name: Autologin User
       ansible.builtin.template:
-        src: tty_autologin.conf
-        dest: /etc/systemd/system/getty@tty1.service.d/override.conf
-        owner: root
-        group: root
-        mode: 0644
+        src: "tty_autologin.conf"
+        dest: "/etc/systemd/system/getty@tty1.service.d/override.conf"
+        owner: "root"
+        group: "root"
+        mode: "0644"
       notify: daemon_reload
 
     - name: Clear MOTD
       ansible.builtin.copy:
         content: ""
-        dest: /etc/motd
+        dest: "/etc/motd"
 
     # Set console font so the Revbank QR codes are rendered correctly.
     - name: Console setup
       ansible.builtin.lineinfile:
-        path: /etc/default/console-setup
+        path: "/etc/default/console-setup"
         line: '{{ item.k }}="{{ item.v }}"'
         regexp: "^#?{{ item.k }}"
       with_items:
@@ -56,8 +57,8 @@
 
     - name: Console Setup Management Note
       ansible.builtin.lineinfile:
-        path: /etc/default/console-setup
-        line: '# Managed by Ansible'
+        path: "/etc/default/console-setup"
+        line: "# Managed by Ansible"
         insertafter: "CONFIGURATION FILE"
 
     - name: Read pubkey
diff --git a/roles/bank/defaults/main.yaml b/roles/bank/defaults/main.yaml
index 922bb73..b0fea92 100644
--- a/roles/bank/defaults/main.yaml
+++ b/roles/bank/defaults/main.yaml
@@ -1,3 +1,3 @@
 bank_user: bank
+bank_revbank_git: https://git.bitlair.nl/bitlair/revbank.git
 bank_local_tty: no
-bank_revbank_version: "10.5.1"
diff --git a/roles/bank/tasks/login.yaml b/roles/bank/tasks/login.yaml
index f54bbfd..029f826 100644
--- a/roles/bank/tasks/login.yaml
+++ b/roles/bank/tasks/login.yaml
@@ -4,7 +4,7 @@
     name: bank
     password: $6$idklol$QrOE/21LDR0vhZBAXwgA7AvnmR6Ju4ZqzAzgeazC08i2yw9kyQjgwu.uuV692iL/cyE7AteDYUxCpcorONXom. # "bank"
     home: /home/{{ bank_user }}
-    shell: /usr/local/share/revbank/revbank
+    shell: /home/{{ bank_user }}/revbank.git/revbank
     update_password: always
 
 - name: Allow password auth for bank user
@@ -13,7 +13,7 @@
     insertafter: EOF
     validate: "/usr/sbin/sshd -t -f %s"
     block: |-
-      Match User {{ bank_user }}
+      Match User bank
           PasswordAuthentication yes
   notify: reload sshd
 
@@ -41,14 +41,14 @@
 
     - name: Create getty dir
       ansible.builtin.file:
-        path: /etc/systemd/system/getty@tty1.service.d
+        path: "/etc/systemd/system/getty@tty1.service.d"
         state: directory
 
     - name: Autologin User
       ansible.builtin.template:
-        src: tty_autologin.conf
-        dest: /etc/systemd/system/getty@tty1.service.d/override.conf
-        owner: root
-        group: root
-        mode: 0644
+        src: "tty_autologin.conf"
+        dest: "/etc/systemd/system/getty@tty1.service.d/override.conf"
+        owner: "root"
+        group: "root"
+        mode: "0644"
       notify: daemon reload
diff --git a/roles/bank/tasks/revbank-deposit.yaml b/roles/bank/tasks/revbank-deposit.yaml
index 1190a53..97c3593 100644
--- a/roles/bank/tasks/revbank-deposit.yaml
+++ b/roles/bank/tasks/revbank-deposit.yaml
@@ -23,18 +23,18 @@
   ansible.builtin.template:
     src: revbank-deposit.conf
     dest: /etc/revbank-deposit.conf
-    owner: root
-    group: root
-    mode: 0600
+    owner: "root"
+    group: "root"
+    mode: "0600"
   notify: Restart revbank-deposit
 
 - name: Install revbank-deposit service
   ansible.builtin.template:
     src: revbank-deposit.service
     dest: /etc/systemd/system/revbank-deposit.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Restart revbank-deposit
 
 - name: Start revbank-deposit
@@ -44,4 +44,4 @@
     state: started
     enabled: true
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
diff --git a/roles/bank/tasks/revbank.yaml b/roles/bank/tasks/revbank.yaml
index 3b2ec65..9ffb91c 100644
--- a/roles/bank/tasks/revbank.yaml
+++ b/roles/bank/tasks/revbank.yaml
@@ -1,22 +1,50 @@
 ---
 - name: Install dependencies
   ansible.builtin.apt:
-    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl ]
+    name: [ git, libterm-readline-gnu-perl, libcurses-ui-perl, qrencode ]
     state: present
 
 - name: Clone revbank source
   ansible.builtin.git:
-    repo: https://github.com/revspace/revbank.git
-    version: "v{{ bank_revbank_version }}"
-    dest: /usr/local/share/revbank
+    repo: "{{ bank_revbank_git }}"
+    version: master
+    dest: /home/{{ bank_user }}/revbank.git
     accept_hostkey: yes
 
-- name: Clone revbank-plugin source
-  ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/revbank-plugins.git
-    version: main
-    dest: /usr/local/share/revbank-plugins
-    accept_hostkey: yes
+- name: Create data files
+  ansible.builtin.command: cp /home/{{ bank_user }}/revbank.git/{{ item }} /home/{{ bank_user }}/{{ item }}
+  args:
+    creates: /home/{{ bank_user }}/{{ item }}
+  with_items:
+    - revbank.accounts
+    - revbank.market
+    - revbank.products
+
+- name: Ensure data file permissions
+  ansible.builtin.file:
+    path: /home/{{ bank_user }}/{{ item }}
+    state: touch
+    owner: "{{ bank_user }}"
+    group: "{{ bank_user }}"
+    mode: "0644"
+  with_items:
+    - revbank.accounts
+    - revbank.market
+    - revbank.products
+
+- name: Link plugins
+  ansible.builtin.file:
+    state: link
+    path: /home/{{ bank_user }}/{{ item }}
+    src: /home/{{ bank_user }}/revbank.git/{{ item }}
+  with_items:
+    - plugins
+    - revbank.plugins
+
+- name: Create git data dir
+  ansible.builtin.file:
+    path: /home/{{ bank_user }}/data.git
+    state: directory
 
 - name: Install git cronjob
   ansible.builtin.template:
diff --git a/roles/bank/templates/git.cron b/roles/bank/templates/git.cron
index b5ad03c..b703657 100644
--- a/roles/bank/templates/git.cron
+++ b/roles/bank/templates/git.cron
@@ -1,4 +1,4 @@
 SHELL=/bin/bash
 
-#m    h  dom mon dow user             command
- */10 *  *   *   *   {{ bank_user }}  git -C ~/.revbank pull -r && git -C ~/.revbank push && git -C ~/.revbank gc
+#m   h  dom mon dow user             command
+ 0   *  *   *   *   {{ bank_user }} (cd /home/{{ bank_user }}/data.git && git pull -r && git push && git gc --auto && cp revbank.products ../revbank.products)
diff --git a/roles/chat/defaults/main.yaml b/roles/chat/defaults/main.yaml
deleted file mode 100644
index 4e52991..0000000
--- a/roles/chat/defaults/main.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-chat_user: thelounge
-chat_group: thelounge
-chat_configdir: "/etc/thelounge"
diff --git a/roles/chat/handlers/main.yaml b/roles/chat/handlers/main.yaml
deleted file mode 100644
index e03963e..0000000
--- a/roles/chat/handlers/main.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: Reload systemd
-  ansible.builtin.systemd:
-    daemon_reload: yes
-
-- name: Restart thelounge
-  ansible.builtin.systemd:
-    name: thelounge
-    state: restarted
-    enabled: true
diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml
deleted file mode 100644
index cad172f..0000000
--- a/roles/chat/tasks/main.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
----
-
-- name: Install dependencies
-  ansible.builtin.apt:
-    state: present
-    pkg:
-      - build-essential
-      - nodejs
-
-- name: Ensure directories are present
-  ansible.builtin.file:
-    path: "{{ item.path }}"
-    owner: "{{ chat_user }}"
-    group: "{{ chat_group }}"
-    state: "{{ item.state | default('directory') }}"
-    mode: "{{ item.mode | default('0770') }}"
-  with_items:
-    - { path: "{{ chat_configdir }}" }
-    - { path: "/var/local/thelounge/users" }
-    - { path: "/var/local/thelounge/storage" }
-  notify:
-    - Restart thelounge
-
-- name: Install nodejs
-  ansible.builtin.apt:
-
-- name: Install yarn
-  ansible.builtin.shell:
-    cmd: npm install --global yarn
-
-- ansible.builtin.stat:
-    path: /opt/thelounge
-  register: src_path
-
-- name: Retreive thelounge source
-  block:
-    - name: Checkout source
-      ansible.builtin.git:
-        repo: 'https://github.com/revspace/thelounge.git'
-        dest: /opt/thelounge
-        version: 9d6dc83
-        force: true
-
-    - name: Copy patch
-      ansible.builtin.template:
-        src: thelounge-bitlair.patch
-        dest: /tmp/thelounge-bitlair.patch
-
-    - name: Apply patch
-      ansible.builtin.shell:
-        chdir: /opt/thelounge
-        cmd: git apply /tmp/thelounge-bitlair.patch
-  when: not src_path.stat.exists
-
-- name: Build and install thelounge
-  ansible.builtin.shell:
-    chdir: /opt/thelounge
-    cmd: yarn add sharp --ignore-engines && yarn install --include-optional sharp && NODE_ENV=production yarn build && ln -sf $(pwd)/index.js /usr/local/bin/thelounge
-  notify:
-    - Restart thelounge
-
-- name: Ensure user thelounge is present
-  ansible.builtin.user:
-    name: thelounge
-    createhome: no
-    comment: The Lounge (IRC client)
-    system: yes
-    state: present
-
-- name: Ensure JS and JSON syntax checking packages are installed
-  community.general.yarn:
-    name: "{{ item }}"
-    global: yes
-    # state: latest # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
-  with_items:
-    - esprima
-    - jsonlint
-      # changed_when: no # FIXME: Remove when https://github.com/ansible/ansible/pull/39557 makes it in
-
-- name: Configure templates
-  ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "{{ item.owner | default( chat_user ) }}"
-    group: "{{ item.group | default( chat_group ) }}"
-    mode: "{{ item.mode | default('0640') }}"
-    validate: "{{ item.validate | default([]) }}"
-  with_items:
-    - { src: "config.js.j2", dest: "/etc/thelounge/config.js", validate: 'esvalidate %s' }
-    - { src: "thelounge.service", dest: "/etc/systemd/system/thelounge.service", owner: root, group: root, notify: "Reload systemd" }
-  notify: "{{ item.notify | default('Restart thelounge') }}"
-
diff --git a/roles/chat/templates/config.js.j2 b/roles/chat/templates/config.js.j2
deleted file mode 100644
index 69b1727..0000000
--- a/roles/chat/templates/config.js.j2
+++ /dev/null
@@ -1,59 +0,0 @@
-"use strict";
-
-module.exports = {
-    public: false,
-    port: 9000,
-    bind: "0.0.0.0",
-    host: "127.0.0.1",
-    reverseProxy: true,
-    lockNetwork: true,
-    maxHistory: 10000,
-    leaveMessage: "Doei!",
-    defaults: {
-        name: "Smurfnet",
-        password: "",
-        rejectUnauthorized: true,
-        nick: "",
-        username: "",
-        realname: "",
-        join: "#bitlair",
-    },
-    messageStorage: ["sqlite", "text"],
-    fileUpload: {
-        enable: true,
-    },
-    networks: {
-        Smurfnet: {
-            host: "irc.smurfnet.ch",
-            port: 6697,
-            tls: true,
-            rejectUnauthorized: false,
-        },
-        "Libera.Chat": {
-            host: "irc.libera.chat",
-            port: 6697,
-            tls: true,
-            rejectUnauthorized: true,
-        },
-        OFTC: {
-            host: "irc.oftc.net",
-            port: 6697,
-            tls: true,
-            rejectUnauthorized: true,
-        },
-    },
-    identd: {
-        enable: false,
-    },
-    ldap: {
-        enable: true,
-        url: "{{ thelounge_ldap_url }}",
-        primaryKey: "uid",
-        searchDN: {
-            rootDN: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN subkey=binddn') }}",
-            rootPassword: "{{ lookup('passwordstore', 'chat/thelounge/ldap_rootDN') }}",
-            filter: "{{ thelounge_ldap_filter }}",
-            base: "{{ thelounge_ldap_base }}",
-        },
-    },
-};
diff --git a/roles/chat/templates/thelounge-bitlair.patch b/roles/chat/templates/thelounge-bitlair.patch
deleted file mode 100644
index fdfb795..0000000
--- a/roles/chat/templates/thelounge-bitlair.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff --git a/package.json b/package.json
-index 2991a6ec..dac43f16 100644
---- a/package.json
-+++ b/package.json
-@@ -84,9 +84,7 @@
-     "ua-parser-js": "1.0.33",
-     "uuid": "8.3.2",
-     "web-push": "3.4.5",
--    "yarn": "1.22.17"
--  },
--  "optionalDependencies": {
-+    "yarn": "1.22.17",
-     "sqlite3": "5.1.7"
-   },
-   "devDependencies": {
-diff --git a/server/plugins/auth/ldap.ts b/server/plugins/auth/ldap.ts
-index e6093b0f..d30b9a1c 100644
---- a/server/plugins/auth/ldap.ts
-+++ b/server/plugins/auth/ldap.ts
-@@ -134,7 +134,7 @@ const ldapAuth: AuthHandler = (manager, client, user, password, callback) => {
- 	// auth plugin API
- 	function callbackWrapper(valid: boolean) {
- 		if (valid && !client) {
--			manager.addUser(user, null, false);
-+			manager.addUser(user, null, true);
- 		}
- 
- 		callback(valid);
diff --git a/roles/chat/templates/thelounge.service b/roles/chat/templates/thelounge.service
deleted file mode 100644
index 26a11ea..0000000
--- a/roles/chat/templates/thelounge.service
+++ /dev/null
@@ -1,17 +0,0 @@
-[Unit]
-Description=The Lounge (IRC client)
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-User={{ chat_user }}
-Group={{ chat_group }}
-Type=simple
-Environment=THELOUNGE_HOME=/var/local/thelounge
-ExecStart=/usr/local/bin/thelounge start
-ProtectSystem=yes
-ProtectHome=yes
-PrivateTmp=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/common/handlers/main.yaml b/roles/common/handlers/main.yaml
index b35b8d8..3f6d5b8 100644
--- a/roles/common/handlers/main.yaml
+++ b/roles/common/handlers/main.yaml
@@ -3,7 +3,7 @@
   ansible.builtin.command:
     cmd: update-grub
 
-- name: apt update
+- name: Apt update
   ansible.builtin.apt:
     update_cache: true
 
diff --git a/roles/common/tasks/debian-upgrade.yaml b/roles/common/tasks/debian-upgrade.yaml
index f986713..b480bea 100644
--- a/roles/common/tasks/debian-upgrade.yaml
+++ b/roles/common/tasks/debian-upgrade.yaml
@@ -4,9 +4,9 @@
   ansible.builtin.template:
     src: stable-sources.list
     dest: /etc/apt/sources.list
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
 
 - name: Remove backports
   ansible.builtin.file:
diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml
index 29f7744..4f82e2f 100644
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@@ -30,7 +30,7 @@
   ansible.builtin.template:
     src: authorized_keys.j2
     dest: /root/.ssh/authorized_keys
-    mode: 0600
+    mode: "0600"
   when: root_access is defined and root_access
   tags: authorized_keys
 
diff --git a/roles/common/tasks/network.yaml b/roles/common/tasks/network.yaml
index 7e2a75b..fae4ed5 100644
--- a/roles/common/tasks/network.yaml
+++ b/roles/common/tasks/network.yaml
@@ -28,9 +28,9 @@
   ansible.builtin.template:
     src: network-interfaces
     dest: /etc/network/interfaces
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   when: network_br or network_dhcp or network_static
 
 - ansible.builtin.meta: flush_handlers
diff --git a/roles/deb_forgejo/defaults/main.yaml b/roles/deb_forgejo/defaults/main.yaml
deleted file mode 100644
index 21082e1..0000000
--- a/roles/deb_forgejo/defaults/main.yaml
+++ /dev/null
@@ -1 +0,0 @@
-deb_private_host: git.polyfloyd.net
diff --git a/roles/deb_forgejo/handlers/default.yaml b/roles/deb_forgejo/handlers/default.yaml
deleted file mode 100644
index e7a11ce..0000000
--- a/roles/deb_forgejo/handlers/default.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- ansible.builtin.import_tasks:
-    file: ../../common/handlers/main.yaml
diff --git a/roles/deb_forgejo/tasks/main.yaml b/roles/deb_forgejo/tasks/main.yaml
deleted file mode 100644
index 68c3c44..0000000
--- a/roles/deb_forgejo/tasks/main.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-- tags: deb_forgejo
-  block:
-    - name: Install dependencies
-      apt:
-        name: apt-transport-https
-        state: present
-
-    - name: Install packaging key
-      get_url:
-        url: https://{{ item.host }}/api/packages/{{ item.owner }}/debian/repository.key
-        dest: /etc/apt/keyrings/{{ item.host }}-{{ item.owner }}.asc
-        mode: "0644"
-      with_items: "{{ deb_forgejo_repos }}"
-      notify: apt update
-
-    - name: Install sources.list
-      template:
-        src: sources.list
-        dest: /etc/apt/sources.list.d/deb-forgejo.list
-        owner: root
-        group: root
-        mode: "0644"
-      notify: apt update
-
-    - meta: flush_handlers
diff --git a/roles/deb_forgejo/templates/sources.list b/roles/deb_forgejo/templates/sources.list
deleted file mode 100644
index 9400fd3..0000000
--- a/roles/deb_forgejo/templates/sources.list
+++ /dev/null
@@ -1,5 +0,0 @@
-# {{ ansible_managed }}
-
-{% for repo in deb_forgejo_repos %}
-deb [signed-by=/etc/apt/keyrings/{{ repo.host }}-{{ repo.owner }}.asc] https://{{ repo.host }}/api/packages/{{ repo.owner }}/debian {{ repo.distro | default('stable') }} {{ repo.component | default('main') }}
-{% endfor %}
diff --git a/roles/etherpad/defaults/main.yaml b/roles/etherpad/defaults/main.yaml
index 4a05b97..7e1952a 100644
--- a/roles/etherpad/defaults/main.yaml
+++ b/roles/etherpad/defaults/main.yaml
@@ -1,3 +1,4 @@
+nodejs_version: 22.x
 etherpad_db_user: etherpad
 etherpad_db_password: "{{ lookup('password', '/tmp/etherpad_db_password length=32') }}"
 etherpad_db_name: etherpad
diff --git a/roles/etherpad/tasks/main.yaml b/roles/etherpad/tasks/main.yaml
index e19835c..c7b1521 100644
--- a/roles/etherpad/tasks/main.yaml
+++ b/roles/etherpad/tasks/main.yaml
@@ -3,10 +3,36 @@
 - name: Install dependencies
   ansible.builtin.apt:
     state: present
-    pkg:
-      - nodejs
+    pkg: 
+      - gpg
       - postgresql
       - python3-psycopg2
+      - apt-transport-https
+
+- name: Import nodesource signing key
+  ansible.builtin.shell:
+    cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
+      -o /usr/share/keyrings/nodesource.gpg
+  args:
+    creates: /usr/share/keyrings/nodesource.gpg
+  notify: Apt update
+
+- name: Install nodesource source list
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+  with_items:
+    - { src: "nodesource.list", dest: "/etc/apt/sources.list.d/nodesource.list" }
+    - { src: "nodejs-apt-pref", dest: "/etc/apt/preferences.d/nodejs" }
+  notify: Apt update
+
+- ansible.builtin.meta: flush_handlers
+
+- name: Install nodejs
+  ansible.builtin.apt:
+    name: nodejs
 
 - name: Add database user
   become: true
@@ -34,17 +60,17 @@
   ansible.builtin.file:
     path: /var/log/etherpad.log
     state: touch
-    owner: etherpad
-    group: etherpad
-    mode: 0644
+    owner: "etherpad"
+    group: "etherpad"
+    mode: "0644"
 
 - name: Create source directory
   ansible.builtin.file:
     path: /opt/etherpad
     state: directory
-    owner: etherpad
-    group: etherpad
-    mode: 0755
+    owner: "etherpad"
+    group: "etherpad"
+    mode: "0755"
 
 - name: Clone etherpad source
   become: yes
@@ -61,18 +87,18 @@
   ansible.builtin.template:
     src: settings.json
     dest: /opt/etherpad/settings.json
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Restart etherpad
 
 - name: Install etherpad service
   ansible.builtin.template:
     src: etherpad.service
     dest: /etc/systemd/system/etherpad.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Restart etherpad
 
 - name: Start etherpad
@@ -86,8 +112,8 @@
   ansible.builtin.template:
     src: nginx-site.conf
     dest: /etc/nginx/sites-enabled/etherpad
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Reload nginx
 
diff --git a/roles/nodesource/templates/nodejs-apt-pref b/roles/etherpad/templates/nodejs-apt-pref
similarity index 100%
rename from roles/nodesource/templates/nodejs-apt-pref
rename to roles/etherpad/templates/nodejs-apt-pref
diff --git a/roles/nodesource/templates/nodesource.list b/roles/etherpad/templates/nodesource.list
similarity index 56%
rename from roles/nodesource/templates/nodesource.list
rename to roles/etherpad/templates/nodesource.list
index 3600170..43defab 100644
--- a/roles/nodesource/templates/nodesource.list
+++ b/roles/etherpad/templates/nodesource.list
@@ -1,3 +1,3 @@
 # {{ ansible_managed }}
 
-deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodesource_version }} nodistro main
+deb [arch=$arch signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_{{ nodejs_version }} nodistro main
diff --git a/roles/git-ci/defaults/main.yaml b/roles/git-ci/defaults/main.yaml
new file mode 100644
index 0000000..2e805ee
--- /dev/null
+++ b/roles/git-ci/defaults/main.yaml
@@ -0,0 +1,2 @@
+runner_wd: /var/lib/forgejo-runner
+runner_version: 6.3.0
diff --git a/roles/git_ci/handlers/main.yaml b/roles/git-ci/handlers/main.yaml
similarity index 85%
rename from roles/git_ci/handlers/main.yaml
rename to roles/git-ci/handlers/main.yaml
index 05f3913..361ba38 100644
--- a/roles/git_ci/handlers/main.yaml
+++ b/roles/git-ci/handlers/main.yaml
@@ -3,6 +3,6 @@
     file: ../../common/handlers/main.yaml
 
 - name: restart forgejo-runner
-  systemd:
+  ansible.builtin.systemd:
     name: forgejo-runner
     state: restarted
diff --git a/roles/git-ci/tasks/main.yaml b/roles/git-ci/tasks/main.yaml
new file mode 100644
index 0000000..ea688fa
--- /dev/null
+++ b/roles/git-ci/tasks/main.yaml
@@ -0,0 +1,50 @@
+---
+
+- name: Install dependencies
+  ansible.builtin.apt:
+    name: docker.io
+
+- name: Download forgejo-runner
+  ansible.builtin.get_url:
+    url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ runner_version }}/forgejo-runner-{{ runner_version }}-linux-amd64"
+    dest: /usr/local/bin/forgejo-runner
+    mode: "0755"
+  notify: restart forgejo-runner
+
+- name: Create runner dir
+  ansible.builtin.file:
+    state: directory
+    path: "{{ runner_wd }}"
+    owner: "root"
+    group: "root"
+    mode: "0755"
+
+- name: Register runner
+  ansible.builtin.command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
+  args:
+    chdir: "{{ runner_wd }}"
+    creates: "{{ runner_wd }}/.runner"
+
+- name: Install service file
+  ansible.builtin.template:
+    src: forgejo-runner.service
+    dest: /etc/systemd/system/forgejo-runner.service
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: restart forgejo-runner
+
+- name: Enable service
+  ansible.builtin.systemd:
+    name: forgejo-runner
+    enabled: true
+    daemon_reload: true
+
+- name: Start service
+  ansible.builtin.systemd:
+    name: forgejo-runner
+    state: started
+    daemon_reload: true
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
diff --git a/roles/git_ci/templates/forgejo-runner.service b/roles/git-ci/templates/forgejo-runner.service
similarity index 84%
rename from roles/git_ci/templates/forgejo-runner.service
rename to roles/git-ci/templates/forgejo-runner.service
index 9cd5b5b..c9550d2 100644
--- a/roles/git_ci/templates/forgejo-runner.service
+++ b/roles/git-ci/templates/forgejo-runner.service
@@ -6,7 +6,7 @@ After=network.target
 
 [Service]
 ExecStart=/usr/local/bin/forgejo-runner daemon
-WorkingDirectory={{ git_ci_runner_wd }}
+WorkingDirectory={{ runner_wd }}
 Restart=on-failure
 RestartSec=10s
 
diff --git a/roles/git-server/tasks/main.yaml b/roles/git-server/tasks/main.yaml
index 5104ef5..847d850 100644
--- a/roles/git-server/tasks/main.yaml
+++ b/roles/git-server/tasks/main.yaml
@@ -11,9 +11,9 @@
   ansible.builtin.template:
     src: nginx-site.conf
     dest: /etc/nginx/sites-available/forgejo
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Reload nginx
 
 - name: Enable nginx site
@@ -36,7 +36,7 @@
     path: /var/log/forgejo
     owner: "{{ git_server_user }}"
     group: "{{ git_server_user }}"
-    mode: 0755
+    mode: "0755"
 
 # TODO: Install initial config
 
@@ -44,9 +44,9 @@
   ansible.builtin.template:
     src: forgejo.service
     dest: /etc/systemd/system/forgejo.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Reload forgejo
 
 - name: Install update script
@@ -55,7 +55,7 @@
     dest: "{{ git_server_working_dir }}/update.sh"
     owner: "{{ git_server_user }}"
     group: "{{ git_server_user }}"
-    mode: 0755
+    mode: "0755"
 
 - name: Perform initial update
   ansible.builtin.command: "{{ git_server_working_dir }}/update.sh"
diff --git a/roles/git-server/templates/cronjob b/roles/git-server/templates/cronjob
index 659b668..9a71799 100644
--- a/roles/git-server/templates/cronjob
+++ b/roles/git-server/templates/cronjob
@@ -1,4 +1,4 @@
 # {{ ansible_managed }}
 
-#m   h  dom mon dow user command
- 0   2  *   *   1   root {{ git_server_working_dir }}/update.sh
+#m   h  dom mon dow user             command
+ 0   2  *   *   1   {{ git_server_user }} {{ git_server_working_dir }}/update.sh
diff --git a/roles/git_ci/defaults/main.yaml b/roles/git_ci/defaults/main.yaml
deleted file mode 100644
index 2c54fd9..0000000
--- a/roles/git_ci/defaults/main.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-git_ci_runner_wd: /var/lib/forgejo-runner
diff --git a/roles/git_ci/tasks/main.yaml b/roles/git_ci/tasks/main.yaml
deleted file mode 100644
index c2c4002..0000000
--- a/roles/git_ci/tasks/main.yaml
+++ /dev/null
@@ -1,83 +0,0 @@
----
-- tags: git_ci
-  block:
-    - name: Install dependencies
-      apt:
-        name: docker.io
-
-    - name: Query latest forgejo-runner version
-      uri:
-        url: https://code.forgejo.org/api/v1/repos/forgejo/runner/tags
-        return_content: true
-      register: response
-      changed_when: false
-      check_mode: false
-      failed_when: "response is failed or 'json' not in response"
-
-    - name: Format forgejo-runner latest version
-      set_fact:
-        forgejo_runner_version: "{{ response['json'][0]['name'] | trim('v') }}"
-
-    - name: Detect installed forgejo-runner version
-      shell:
-        cmd: |
-          set -o pipefail
-          forgejo-runner --version | grep --color=never -Po '\d\.\d+(\.\d+)?' || echo none
-        executable: /bin/bash
-      register: forgejo_runner_installed_version_shell
-      changed_when: false
-      check_mode: false
-
-    - name: Format installed forgejo-runner version
-      set_fact:
-        forgejo_runner_installed_version: "{{ forgejo_runner_installed_version_shell.stdout }}"
-
-    - debug:
-        msg:
-          - "Forgejo Runner latest version: {{ forgejo_runner_version }}"
-          - "Forgejo Runner installed version: {{ forgejo_runner_installed_version }}"
-
-    - name: Download forgejo-runner
-      get_url:
-        url: "https://code.forgejo.org/forgejo/runner/releases/download/v{{ forgejo_runner_version }}/forgejo-runner-{{ forgejo_runner_version }}-linux-amd64"
-        dest: /usr/local/bin/forgejo-runner
-        mode: "0755"
-      notify: restart forgejo-runner
-      when: forgejo_runner_installed_version != forgejo_runner_version
-
-    - name: Create runner dir
-      file:
-        state: directory
-        path: "{{ git_ci_runner_wd }}"
-        owner: root
-        group: root
-        mode: "0755"
-
-    - name: Register runner
-      command: "forgejo-runner register --no-interactive --instance={{ forgejo_url }} --token={{ lookup('passwordstore', 'git/ci subkey=runner_token') }}"
-      args:
-        chdir: "{{ git_ci_runner_wd }}"
-        creates: "{{ git_ci_runner_wd }}/.runner"
-
-    - name: Install service file
-      template:
-        src: forgejo-runner.service
-        dest: /etc/systemd/system/forgejo-runner.service
-        owner: root
-        group: root
-        mode: "0644"
-      notify: restart forgejo-runner
-
-    - name: Enable service
-      systemd:
-        name: forgejo-runner
-        enabled: true
-        daemon_reload: true
-
-    - name: Start service
-      systemd:
-        name: forgejo-runner
-        state: started
-        daemon_reload: true
-
-    - meta: flush_handlers
diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml
index ab16901..ebd93c7 100644
--- a/roles/go/tasks/main.yaml
+++ b/roles/go/tasks/main.yaml
@@ -48,17 +48,17 @@
         src: https://go.dev/dl/go{{ go_latest_version }}.linux-{{ go_arch }}.tar.gz
         dest: /usr/local
         remote_src: yes
-        owner: root
-        group: root
+        owner: "root"
+        group: "root"
       when: go_installed_version != go_latest_version
 
     - name: Configure Go environment
       ansible.builtin.template:
         src: go.profile
         dest: /etc/profile.d/go.sh
-        owner: root
-        group: root
-        mode: 0644
+        owner: "root"
+        group: "root"
+        mode: "0644"
 
     - name: Link go binary
       ansible.builtin.file:
diff --git a/roles/monitoring/tasks/grafana.yaml b/roles/monitoring/tasks/grafana.yaml
index 3e09b8f..974551b 100644
--- a/roles/monitoring/tasks/grafana.yaml
+++ b/roles/monitoring/tasks/grafana.yaml
@@ -21,9 +21,9 @@
   ansible.builtin.template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: restart grafana
   with_items:
     - { src: grafana.ini, dest: /etc/grafana/grafana.ini }
@@ -33,9 +33,9 @@
   ansible.builtin.template:
     src: grafana-data-source.yml
     dest: "/etc/grafana/provisioning/datasources/{{ item.name | lower }}.yaml"
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: restart grafana
   with_items:
     - name: Prometheus
diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml
index 2017d5b..a2878a7 100644
--- a/roles/monitoring/tasks/main.yaml
+++ b/roles/monitoring/tasks/main.yaml
@@ -4,9 +4,9 @@
   ansible.builtin.template:
     src: nginx-site.conf
     dest: /etc/nginx/sites-available/monitoring
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Reload nginx
 
 - name: Enable nginx site
diff --git a/roles/monitoring/tasks/mqtt_exporter.yaml b/roles/monitoring/tasks/mqtt_exporter.yaml
index 481d2c1..b0350f4 100644
--- a/roles/monitoring/tasks/mqtt_exporter.yaml
+++ b/roles/monitoring/tasks/mqtt_exporter.yaml
@@ -1,22 +1,47 @@
 ---
+- name: Clone source
+  ansible.builtin.git:
+    repo: https://github.com/polyfloyd/mqtt-exporter.git
+    version: main
+    dest: /opt/mqtt_exporter
+    accept_hostkey: yes
+  notify: restart mqtt_exporter
+
 - name: Install apt dependencies
   ansible.builtin.apt:
-    name: mqtt-exporter
+    name:
+      - jq
+      - python3-paho-mqtt
+      - python3-prometheus-client
+      - python3-yaml
     state: present
 
+- name: Install service
+  ansible.builtin.template:
+    src: mqtt_exporter.service
+    dest: /etc/systemd/system/mqtt_exporter.service
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify:
+    - Daemon reload
+    - restart mqtt_exporter
+
 - name: Install config file
   ansible.builtin.template:
     src: mqtt_exporter_config.yaml
-    dest: /etc/mqtt-exporter.yaml
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart mqtt_exporter
+    dest: /etc/mqtt_exporter.yaml
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify:
+    - Daemon reload
+    - restart mqtt_exporter
 
 - ansible.builtin.meta: flush_handlers
 
 - name: Start service
   ansible.builtin.systemd:
-    name: mqtt-exporter
+    name: mqtt_exporter
     state: started
     enabled: true
diff --git a/roles/monitoring/tasks/prometheus.yaml b/roles/monitoring/tasks/prometheus.yaml
index 30522b5..3c86a0f 100644
--- a/roles/monitoring/tasks/prometheus.yaml
+++ b/roles/monitoring/tasks/prometheus.yaml
@@ -7,9 +7,9 @@
   ansible.builtin.template:
     src: prometheus.yml
     dest: "{{ prometheus_config_dir }}/prometheus.yml"
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: restart prometheus
 
 - name: Configure Prometheus args
diff --git a/roles/mqtt/defaults/main.yaml b/roles/mqtt/defaults/main.yaml
new file mode 100644
index 0000000..8cf4403
--- /dev/null
+++ b/roles/mqtt/defaults/main.yaml
@@ -0,0 +1 @@
+mqtt_bambulab_cafile: /etc/mosquitto/ca_certificates/bambulab.pem
diff --git a/roles/mqtt/tasks/main.yaml b/roles/mqtt/tasks/main.yaml
index c2e46ab..727cca3 100644
--- a/roles/mqtt/tasks/main.yaml
+++ b/roles/mqtt/tasks/main.yaml
@@ -9,18 +9,16 @@
 - name: Install bambulab cafile
   # openssl s_client -showcerts -connect <ip>:8883 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p'
   ansible.builtin.copy:
-    dest: "/etc/mosquitto/ca_certificates/bambu_{{ item.name }}.pem"
-    content: "{{ item.cafile }}"
-  notify: restart mosquitto
-  with_items: "{{ lookup('passwordstore', 'bambulab subkey=printers') }}"
+    dest: "{{ mqtt_bambulab_cafile }}"
+    content: "{{ lookup('passwordstore', 'bambulab subkey=cafile') }}"
 
 - name: Configure Mosquitto
   ansible.builtin.template:
     src: "{{ item }}"
     dest: "/etc/mosquitto/conf.d/{{ item }}"
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: restart mosquitto
   with_items:
     - bambulab.conf
diff --git a/roles/mqtt/templates/bambulab.conf b/roles/mqtt/templates/bambulab.conf
index 6d81641..c475585 100644
--- a/roles/mqtt/templates/bambulab.conf
+++ b/roles/mqtt/templates/bambulab.conf
@@ -1,11 +1,10 @@
 # {{ ansible_managed }}
-{% for bambu in lookup('passwordstore', 'bambulab subkey=printers') %}
 
-connection bambulab_{{ bambu.name }}
-address {{ bambu.host }}:8883
-bridge_cafile /etc/mosquitto/ca_certificates/bambu_{{ bambu.name }}.pem
+connection bambulab
+address {{ lookup('passwordstore', 'bambulab subkey=host') }}:8883
+bridge_cafile {{ mqtt_bambulab_cafile }}
 bridge_insecure true
 remote_username bblp
-remote_password {{ bambu.key }}
-topic # in 2 bambulab/{{ bambu.name }}/ ""
-{% endfor %}
+remote_password {{ lookup('passwordstore', 'bambulab subkey=key') }}
+
+topic # in 2 bambulab/ ""
diff --git a/roles/music/defaults/main.yaml b/roles/music/defaults/main.yaml
index 91ebc45..fa95b47 100644
--- a/roles/music/defaults/main.yaml
+++ b/roles/music/defaults/main.yaml
@@ -1,10 +1,2 @@
 music_audio_user: audio
-music_audio_user_id: 998
-music_audio_group: audio
-music_bitvis_user: bitvis
-music_librespot_user: librespot
-music_trollibox_user: trollibox
-
-music_pulse_server: /tmp/pipewire-pulse-socket
-
 music_mqtt_mpd_volume: bitlair/music/space/volume
diff --git a/roles/music/handlers/main.yaml b/roles/music/handlers/main.yaml
index f6507f0..2d77dbb 100644
--- a/roles/music/handlers/main.yaml
+++ b/roles/music/handlers/main.yaml
@@ -2,65 +2,27 @@
 - ansible.builtin.import_tasks:
     file: ../../common/handlers/main.yaml
 
-- name: restart pipewire
-  become: true
-  become_user: "{{ music_audio_user }}"
-  become_method: machinectl
-  ansible.builtin.systemd:
-    name: pipewire
-    state: restarted
-    daemon_reload: true
-    scope: user
-
-- name: restart filter-chain
-  become: true
-  become_user: "{{ music_audio_user }}"
-  become_method: machinectl
-  ansible.builtin.systemd:
-    name: filter-chain
-    state: restarted
-    daemon_reload: true
-    scope: user
-
-- name: restart bitvis
-  ansible.builtin.systemd:
-    name: bitvis
-    state: restarted
-    daemon_reload: true
-
-- name: restart bitvis-tee
-  ansible.builtin.systemd:
-    name: bitvis-tee
-    state: restarted
-    daemon_reload: true
-
-- name: restart mpd
-  ansible.builtin.systemd:
-    name: mpd
-    state: restarted
-    daemon_reload: true
-
-- name: restart trollibox
+- name: Restart trollibox
   ansible.builtin.systemd:
     name: trollibox
     state: restarted
     daemon_reload: true
 
-- name: rebuild librespot
+- name: Rebuild librespot
   ansible.builtin.command:
-    cmd: /root/.cargo/bin/cargo build --release --features pulseaudio-backend,jackaudio-backend
+    cmd: /root/.cargo/bin/cargo build --release --features jackaudio-backend
   args:
     chdir: /opt/librespot
 
-- name: restart librespot
+- name: Restart librespot
   ansible.builtin.systemd:
     name: librespot
     state: restarted
     daemon_reload: true
 
-- name: restart mqtt-soundboard
+- name: Restart soundboard
   ansible.builtin.systemd:
-    name: mqtt-soundboard
+    name: soundboard
     state: restarted
     daemon_reload: true
 
@@ -75,12 +37,3 @@
     name: skipbutton
     state: restarted
     daemon_reload: true
-
-- name: restart ampswitch
-  ansible.builtin.systemd:
-    name: "ampswitch-{{ item }}"
-    state: restarted
-    daemon_reload: true
-  with_items:
-    - librespot
-    - mpd
diff --git a/roles/music/tasks/ampswitch.yaml b/roles/music/tasks/ampswitch.yaml
deleted file mode 100644
index 5ee9649..0000000
--- a/roles/music/tasks/ampswitch.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-- name: Install ampswitch
-  apt:
-    name: ampswitch
-
-- name: Install ampswitch service file
-  template:
-    src: ampswitch.service
-    dest: /etc/systemd/system/ampswitch-{{ item.instance }}.service
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - instance: mpd
-      pw_inputs:
-        - "Music Player Daemon:output_FL"
-        - "Music Player Daemon:output_FR"
-    - instance: librespot
-      pw_inputs:
-        - "librespot:out_0"
-        - "librespot:out_1"
-  notify: restart ampswitch
-
-- name: Enable ampswitch
-  ansible.builtin.systemd:
-    name: "ampswitch-{{ item }}"
-    state: started
-    enabled: true
-  with_items:
-    - librespot
-    - mpd
diff --git a/roles/music/tasks/base.yaml b/roles/music/tasks/base.yaml
deleted file mode 100644
index bd51428..0000000
--- a/roles/music/tasks/base.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
----
-- name: Install pipewire
-  apt:
-    name:
-      - systemd-container
-      - pipewire
-      - pipewire-jack
-      - pipewire-pulse
-      - pulseaudio-utils
-      - pulsemixer
-      - wireplumber
-    state: present
-
-- name: Add audio group
-  group:
-    name: audio
-    system: true
-
-- name: Add {{ music_audio_user }} user
-  user:
-    name: "{{ music_audio_user }}"
-    uid: "{{ music_audio_user_id }}"
-    system: true
-    groups:
-      - audio
-
-- name: Enable linger for {{ music_audio_user }}
-  copy:
-    dest: "/var/lib/systemd/linger/{{ music_audio_user }}"
-    content: ""
-
-- name: Enable pipewire
-  become: true
-  become_user: "{{ music_audio_user }}"
-  become_method: machinectl
-  ansible.builtin.systemd:
-    name: pipewire
-    state: started
-    enabled: true
-    scope: user
-
-- name: Set PULSE_SERVER env var for all shells
-  copy:
-    dest: /etc/profile.d/pulse-server.sh
-    content: |+
-      # Ansible managed
-      export PULSE_SERVER={{ music_pulse_server }}
-
-- name: Create pipewire-pulse config dir
-  file:
-    path: /etc/pipewire/pipewire-pulse.conf.d/
-    state: directory
-
-- name: Configure system socket
-  ansible.builtin.copy:
-    dest: /etc/pipewire/pipewire-pulse.conf.d/system-socket.conf
-    content: |+
-      # Ansible managed
-      context.exec = [
-        { path = "/bin/chgrp"  args = "{{ music_audio_group }} {{ music_pulse_server }}" }
-        { path = "/bin/chmod"  args = "g+rwx,o-rwx {{ music_pulse_server }}" }
-      ]
-      pulse.properties = {
-        server.address = [
-          "unix:{{ music_pulse_server }}"
-        ]
-      }
-  notify: restart pipewire
diff --git a/roles/music/tasks/bitvis.yaml b/roles/music/tasks/bitvis.yaml
deleted file mode 100644
index 81688b4..0000000
--- a/roles/music/tasks/bitvis.yaml
+++ /dev/null
@@ -1,72 +0,0 @@
----
-- name: Install bitvis dependencies
-  apt:
-    name:
-      - bitvis
-      - bitvis-http
-      - swh-plugins
-
-- name: Create bitvis user
-  user:
-    name: "{{ music_bitvis_user }}"
-    system: true
-    home: /var/lib/bitvis
-    groups:
-      - "{{ music_audio_group }}"
-
-- name: Install bitvis-tee
-  ansible.builtin.template:
-    src: bitvis-tee.sh
-    dest: /opt/bitvis-tee.sh
-    owner: root
-    group: root
-    mode: 0755
-  notify: restart {{ item }}
-  with_items:
-    - bitvis
-    - bitvis-tee
-
-- name: Install service file
-  ansible.builtin.template:
-    src: "{{ item }}.service"
-    dest: /etc/systemd/system/{{ item }}.service
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart {{ item }}
-  with_items:
-    - bitvis
-    - bitvis-tee
-
-- name: Enable service
-  ansible.builtin.systemd:
-    name: "{{ item }}"
-    state: started
-    enabled: true
-    daemon_reload: true
-  with_items:
-    - bitvis
-    - bitvis-tee
-
-- name: Install bitvis gain filter
-  ansible.builtin.template:
-    src: pw-bitvis-mixer.conf
-    dest: /etc/pipewire/filter-chain.conf.d/bitvis-mixer.conf
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - restart filter-chain
-    - restart bitvis
-
-- name: Enable filter-chain
-  become: true
-  become_user: "{{ music_audio_user }}"
-  become_method: machinectl
-  ansible.builtin.systemd:
-    name: filter-chain
-    state: started
-    enabled: true
-    scope: user
-
-- meta: flush_handlers
diff --git a/roles/music/tasks/librespot.yaml b/roles/music/tasks/librespot.yaml
index 0857eaa..8b7ea51 100644
--- a/roles/music/tasks/librespot.yaml
+++ b/roles/music/tasks/librespot.yaml
@@ -1,18 +1,8 @@
 ---
-- name: Install apt dependencies
-  apt:
-    name:
-      - libasound2-dev
-      - libjack-dev
-      - pkg-config
-
-- name: Create librespot user
-  user:
-    name: "{{ music_librespot_user }}"
-    system: true
-    home: /var/lib/librespot
-    groups:
-      - "{{ music_audio_group }}"
+- name: Install dependencies
+  ansible.builtin.apt:
+    name: libjack-jackd2-dev
+    state: present
 
 - name: Clone librespot source
   ansible.builtin.git:
@@ -21,17 +11,17 @@
     dest: /opt/librespot
     accept_hostkey: yes
   notify:
-    - rebuild librespot
-    - restart librespot
+    - Rebuild librespot
+    - Restart librespot
 
 - name: Install service file
   ansible.builtin.template:
     src: librespot.service
     dest: /etc/systemd/system/librespot.service
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart librespot
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: Restart librespot
 
 - name: Enable Librespot
   ansible.builtin.systemd:
@@ -39,5 +29,3 @@
     state: started
     enabled: true
     daemon_reload: true
-
-- meta: flush_handlers
diff --git a/roles/music/tasks/main.yaml b/roles/music/tasks/main.yaml
index c9a2c9f..c57393f 100644
--- a/roles/music/tasks/main.yaml
+++ b/roles/music/tasks/main.yaml
@@ -1,9 +1,4 @@
 ---
-- name: Import base
-  ansible.builtin.import_tasks:
-    file: base.yaml
-  tags:
-    - music_base
 
 - name: Import mpd
   ansible.builtin.import_tasks:
@@ -11,18 +6,6 @@
   tags:
     - music_mpd
 
-- name: Bitvis
-  ansible.builtin.import_tasks:
-    file: bitvis.yaml
-  tags:
-    - music_bitvis
-
-- name: Import airplay
-  ansible.builtin.import_tasks:
-    file: airplay.yaml
-  tags:
-    - music_airplay
-
 - name: Import trollibox
   ansible.builtin.import_tasks:
     file: trollibox.yaml
@@ -41,8 +24,11 @@
   tags:
     - music_soundboard
 
-- name: Ampswitch
-  ansible.builtin.import_tasks:
-    file: ampswitch.yaml
-  tags:
-    - music_ampswitch
+- name: Install nginx config
+  ansible.builtin.template:
+    src: nginx-site.conf
+    dest: /etc/nginx/sites-enabled/trollibox
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: Reload nginx
diff --git a/roles/music/tasks/mpd.yaml b/roles/music/tasks/mpd.yaml
index ebf2406..3e7abeb 100644
--- a/roles/music/tasks/mpd.yaml
+++ b/roles/music/tasks/mpd.yaml
@@ -1,48 +1,30 @@
 ---
+
 - name: Install MPD
   ansible.builtin.apt:
-    name: mpd
+    name:
+      - jackd
+      - mpd
+      - python3-mpd
+      - python3-serial
     state: present
 
-- name: Add mpd user to the {{ music_audio_group }} group
-  user:
-    name: mpd
-    groups:
-      - "{{ music_audio_group }}"
-  notify: restart mpd
-
-- name: Install mpd file
-  ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart mpd
-  with_items:
-    - src: mpd.conf
-      dest: /etc/mpd.conf
-    - src: mpd.service
-      dest: /etc/systemd/system/mpd.service
-    - src: mpd_state
-      dest: /var/lib/mpd/state.default
-
 - name: Install mpd-volume-to-mqtt script
   ansible.builtin.template:
     src: mpd-volume-to-mqtt.sh
     dest: /opt/mpd-volume-to-mqtt.sh
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Restart mpd-volume-to-mqtt
 
 - name: Install mpd-volume-to-mqtt service
   ansible.builtin.template:
     src: mpd-volume-to-mqtt.service
     dest: /etc/systemd/system/mpd-volume-to-mqtt.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Restart mpd-volume-to-mqtt
 
 - name: Enable mpd-volume-to-mqtt
@@ -51,3 +33,27 @@
     state: started
     enabled: true
     daemon_reload: true
+
+- name: Clone skipbutton source
+  ansible.builtin.git:
+    repo: https://github.com/bitlair/skipbutton.git
+    version: master
+    dest: /opt/skipbutton
+    accept_hostkey: yes
+  notify: Restart skipbutton
+
+- name: Install skipbutton service
+  ansible.builtin.template:
+    src: skipbutton.service
+    dest: /etc/systemd/system/skipbutton.service
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: Restart skipbutton
+
+- name: Enable skipbutton
+  ansible.builtin.systemd:
+    name: skipbutton
+    state: started
+    enabled: true
+    daemon_reload: true
diff --git a/roles/music/tasks/soundboard.yaml b/roles/music/tasks/soundboard.yaml
index 92619b1..fa5ace0 100644
--- a/roles/music/tasks/soundboard.yaml
+++ b/roles/music/tasks/soundboard.yaml
@@ -1,28 +1,50 @@
 ---
 - name: Install dependencies
   ansible.builtin.apt:
-    name:
-      - mqtt-soundboard
-      - mplayer
+    name: virtualenv
     state: present
 
+- name: Clone soundboard source
+  ansible.builtin.git:
+    repo: https://github.com/polyfloyd/mqtt-soundboard.git
+    version: main
+    dest: /opt/soundboard
+    accept_hostkey: yes
+  notify: Restart soundboard
+
+- name: Create virtualenv
+  ansible.builtin.command:
+    cmd: virtualenv /opt/soundboard/.venv
+  args:
+    creates: /opt/soundboard/.venv
+
+- name: Install Python dependencies
+  ansible.builtin.shell:
+    cmd: . .venv/bin/activate && pip install -r requirements.txt
+  args:
+    chdir: /opt/soundboard
+
 - name: Install soundboard config file
   ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    mode: 0644
-  notify: restart mqtt-soundboard
-  with_items:
-    - src: mqtt-soundboard.service
-      dest: /etc/systemd/system/mqtt-soundboard.service
-    - src: mqtt-soundboard.yaml
-      dest: /etc/mqtt-soundboard.yaml
+    src: soundboard.yaml
+    dest: /etc/soundboard.yaml
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: Restart soundboard
+
+- name: Install soundboard service file
+  ansible.builtin.template:
+    src: soundboard.service
+    dest: /etc/systemd/system/soundboard.service
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: Restart soundboard
 
 - name: Enable soundboard
   ansible.builtin.systemd:
-    name: mqtt-soundboard
+    name: soundboard
     state: started
     enabled: true
     daemon_reload: true
diff --git a/roles/music/tasks/trollibox.yaml b/roles/music/tasks/trollibox.yaml
index 34b3df2..717c235 100644
--- a/roles/music/tasks/trollibox.yaml
+++ b/roles/music/tasks/trollibox.yaml
@@ -1,49 +1,41 @@
 ---
-- name: Create trollibox user
-  user:
-    name: "{{ music_trollibox_user }}"
-    system: true
-    home: /var/lib/trollibox
-
 - name: Install Trollibox config
   ansible.builtin.template:
     src: trollibox.yaml
     dest: /etc/trollibox.yaml
-    owner: root
-    group: root
+    owner: "root"
+    group: "root"
     mode: "0644"
-  notify: restart trollibox
+  notify: Restart trollibox
 
 - name: Get latest Trollibox version from Github API
-  uri:
+  ansible.builtin.get_url:
     url: "https://api.github.com/repos/polyfloyd/trollibox/releases/latest"
-    return_content: true
-  register: response
-  changed_when: false
-  check_mode: false
-  failed_when: "response is failed or 'json' not in response"
+    dest: "/tmp/_ansible_trollibox_latest_release.json"
 
-- name: Format trollibox latest version
-  set_fact:
-    trollibox_version: "{{ response['json']['tag_name'] | trim('v') }}"
+- name: Get download url
+  ansible.builtin.shell:
+    cmd: cat /tmp/_ansible_trollibox_latest_release.json | jq .assets[] | select(.name
+      | contains("linux-amd64")) | .browser_download_url -r
+  register: "trollibox_download_url"
 
 - name: Download Trollibox
   ansible.builtin.unarchive:
-    src: "https://github.com/polyfloyd/trollibox/releases/download/v{{ trollibox_version }}/trollibox-x86_64-unknown-linux-gnu.tar.gz"
+    src: "{{ trollibox_download_url.stdout }}"
     remote_src: yes
     dest: /usr/local/bin
     include: [ trollibox ]
     mode: "0755"
-  notify: restart trollibox
+  notify: Restart trollibox
 
 - name: Install service file
   ansible.builtin.template:
     src: trollibox.service
     dest: /etc/systemd/system/trollibox.service
-    owner: root
-    group: root
+    owner: "root"
+    group: "root"
     mode: "0644"
-  notify: restart trollibox
+  notify: Restart trollibox
 
 - name: Enable Trollibox
   ansible.builtin.systemd:
diff --git a/roles/music/templates/ampswitch.service b/roles/music/templates/ampswitch.service
deleted file mode 100644
index c374ca1..0000000
--- a/roles/music/templates/ampswitch.service
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=Script hook for {{ item }} playback
-After=network.target {{ item.instance }}.service
-Requires={{ item.instance }}.service
-StopPropagatedFrom={{ item.instance }}.service
-
-[Service]
-Type=simple
-Restart=always
-RestartSec=10s
-ExecStart=/usr/bin/pw-jack ampswitch --jack-name ampswitch-{{ item.instance }} --on-command /opt/on-{{ item.instance }}-start.sh --switch-time 10 --trigger-level 0.001
-ExecStartPost=/usr/bin/sleep 4
-{% for pw_input in item.pw_inputs %}
-ExecStartPost=-/usr/bin/pw-link "{{ pw_input }}" ampswitch-{{ item.instance }}:Input
-{% endfor %}
-User=root
-Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/music/templates/bitvis-tee.service b/roles/music/templates/bitvis-tee.service
deleted file mode 100644
index 6516b58..0000000
--- a/roles/music/templates/bitvis-tee.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Multiplexer for bitvis
-Before=bitvis.service
-After=bitvis-http.service
-Requires=bitvis-http.service
-PropagatesStopTo=bitvis.service
-StopPropagatedFrom=bitvis.service
-
-[Service]
-Type=forking
-ExecStart=/usr/bin/screen -dmS bitvis-tee /opt/bitvis-tee.sh
-User={{ music_bitvis_user }}
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/music/templates/bitvis-tee.sh b/roles/music/templates/bitvis-tee.sh
deleted file mode 100644
index 275dc25..0000000
--- a/roles/music/templates/bitvis-tee.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-# {{ ansible_managed }}
-
-loop=`mktemp --suffix -bitvis`
-mkfifo -f "$loop"
-trap "rm -f $loop" EXIT TERM
-
-cat "$loop" | while true; do nc -4 -w 2 localhost 1338; done &
-nc -klp 1337 | tee "$loop" | while true; do nc -w 2 {{ music_bitpanel_host }} {{ music_bitpanel_port }}; done
diff --git a/roles/music/templates/bitvis.service b/roles/music/templates/bitvis.service
deleted file mode 100644
index 6d5efd8..0000000
--- a/roles/music/templates/bitvis.service
+++ /dev/null
@@ -1,19 +0,0 @@
-[Unit]
-Description=Audio visualizer for the bitpanel
-After=network.target
-
-[Service]
-Type=simple
-Restart=always
-RestartSec=10s
-ExecStart=/usr/bin/pw-jack bitvis -a localhost -p 1337 -m localhost -o 6600
-ExecStartPost=/usr/bin/sleep 4
-ExecStartPost=-/usr/bin/pw-link bitvis-mixer:output_FL bitvis:input
-ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FL bitvis-mixer:playback_FL
-ExecStartPost=-/usr/bin/pw-link alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:monitor_FR bitvis-mixer:playback_FR
-
-User={{ music_audio_user }}
-Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/music/templates/librespot.service b/roles/music/templates/librespot.service
index 419d52b..8d3b683 100644
--- a/roles/music/templates/librespot.service
+++ b/roles/music/templates/librespot.service
@@ -3,18 +3,16 @@
 [Unit]
 Description=Spotify through Librespot
 After=network.target
+Requires=jackd.service
 
 [Service]
 Type=simple
 Restart=always
-RestartSec=10s
-ExecStart=/usr/bin/pw-jack -s 44100 /opt/librespot/target/release/librespot --name Trollibox --backend jackaudio
-ExecStartPost=/usr/bin/sleep 4
-ExecStartPost=-/usr/bin/pw-link librespot:out_0 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FL
-ExecStartPost=-/usr/bin/pw-link librespot:out_1 alsa_output.usb-ASUS_Xonar_U7_MKII-00.analog-stereo:playback_FR
-# User={{ music_librespot_user }}
-User=root
-Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
+RestartSec=2s
+ExecStart=/opt/librespot/target/release/librespot --name Trollibox --backend jackaudio
+User={{ music_audio_user }}
+Group={{ music_audio_user }}
+AmbientCapabilities=CAP_IPC_LOCK,CAP_SYS_NICE
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/music/templates/mpd-volume-to-mqtt.sh b/roles/music/templates/mpd-volume-to-mqtt.sh
index 5f89374..ac3230b 100644
--- a/roles/music/templates/mpd-volume-to-mqtt.sh
+++ b/roles/music/templates/mpd-volume-to-mqtt.sh
@@ -14,7 +14,7 @@ prev_volume=x
     if [ $event = "mixer" ]; then
         volume=`mpc volume | sed -nr 's/^volume: ([0-9]+)%$/\1/p'`
         if [ "$prev_volume" != "$volume" ]; then
-            mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }}' -r -m "$volume"
+            mqtt-simple -h {{ mqtt_internal_host }} -p '{{ music_mqtt_mpd_volume }} -r' -m "$volume"
         fi
         prev_volume=$volume
     fi
diff --git a/roles/music/templates/mpd.conf b/roles/music/templates/mpd.conf
deleted file mode 100644
index 6906e54..0000000
--- a/roles/music/templates/mpd.conf
+++ /dev/null
@@ -1,40 +0,0 @@
-# {{ ansible_managed }}
-
-user "mpd"
-group "{{ music_audio_group }}"
-
-bind_to_address "any"
-port "6600"
-max_connections "20"
-
-zeroconf_enabled "yes"
-zeroconf_name "MPD @ %h"
-
-music_directory "/srv/media/music"
-auto_update "yes"
-filesystem_charset "UTF-8"
-
-playlist_directory "/var/lib/mpd/playlists"
-db_file "/var/lib/mpd/tag_cache"
-state_file "/var/lib/mpd/state"
-sticker_file "/var/lib/mpd/sticker.sql"
-
-input {
-        plugin "curl" # Required for web streams.
-}
-
-decoder {
-        plugin  "hybrid_dsd"
-        enabled "no"
-}
-
-decoder {
-        plugin  "wildmidi"
-        enabled "no"
-}
-
-audio_output {
-       type     "pulse"
-       name     "Pulse"
-       server   "{{ music_pulse_server }}"
-}
diff --git a/roles/music/templates/mpd.service b/roles/music/templates/mpd.service
deleted file mode 100644
index fb9808d..0000000
--- a/roles/music/templates/mpd.service
+++ /dev/null
@@ -1,21 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description=Music Player Daemon
-After=network.target
-
-[Service]
-Type=simple
-ExecStartPre=/bin/mkdir -p /run/mpd
-ExecStartPre=/bin/chown -R mpd:nogroup /run/mpd
-ExecStartPre=/bin/touch /var/log/mpd.log
-ExecStartPre=/bin/chown mpd:nogroup /var/log/mpd.log
-ExecStartPre=/usr/bin/cp /var/lib/mpd/state.default /var/lib/mpd/state
-ExecStart=/usr/bin/mpd --no-daemon /etc/mpd.conf
-# MDP will fork itself to the user defined in its config
-User=root
-LimitMEMLOCK=infinity
-LimitRTPRIO=99
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/music/templates/mpd_state b/roles/music/templates/mpd_state
deleted file mode 100644
index 27b059b..0000000
--- a/roles/music/templates/mpd_state
+++ /dev/null
@@ -1,17 +0,0 @@
-sw_volume: 20
-audio_device_state:1:Pulse
-state: play
-current: 0
-time: 0
-random: 0
-repeat: 0
-single: 0
-consume: 0
-crossfade: 0
-mixrampdb: 0.000000
-mixrampdelay: -1.000000
-playlist_begin
-song_begin: http://ice4.somafm.com/groovesalad-256-mp3
-Name: SomaFM Groove Salad
-song_end
-playlist_end
diff --git a/roles/music/templates/nginx-site.conf b/roles/music/templates/nginx-site.conf
new file mode 100644
index 0000000..185d689
--- /dev/null
+++ b/roles/music/templates/nginx-site.conf
@@ -0,0 +1,70 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+
+    server_name {{ music_domain }};
+
+    {% if acme_bootstrap_certs %}
+    include "snippets/snakeoil.conf";
+    {% else %}
+    ssl_certificate     "/var/lib/dehydrated/certs/{{ music_domain }}/fullchain.pem";
+    ssl_certificate_key "/var/lib/dehydrated/certs/{{ music_domain }}/privkey.pem";
+    {% endif %}
+
+    {% for range in trusted_ranges %}
+    allow {{ range.cidr }};
+    {% endfor %}
+    deny all;
+
+    location / {
+        rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
+    }
+
+    location /trollibox/ {
+        proxy_pass http://[::1]:3000/;
+        client_max_body_size 512M;
+        include proxy_params;
+    }
+
+    location ~ ^/trollibox/(.+/events)$ {
+        proxy_pass http://[::1]:3000/$1;
+        include proxy_params;
+        proxy_http_version 1.1;
+        chunked_transfer_encoding off;
+        add_header X-Test "123";
+        proxy_set_header Connection '';
+        proxy_buffering off;
+        proxy_read_timeout 7d;
+    }
+
+    location ~ ^/trollibox/(.+/listen)$ {
+        proxy_pass http://[::1]:3000/$1;
+        include proxy_params;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 7d;
+    }
+
+    location /bobdsp/ {
+        proxy_pass http://[::1]:8081/;
+        include proxy_params;
+    }
+
+    location /vis/ {
+        allow all;
+        proxy_pass http://[::1]:13378/;
+        include proxy_params;
+    }
+
+    location = /vis/ {
+        rewrite ^(.*)$ /vis/index.html;
+        include proxy_params;
+    }
+
+    include "snippets/acme.conf";
+}
diff --git a/roles/music/templates/pw-bitvis-mixer.conf b/roles/music/templates/pw-bitvis-mixer.conf
deleted file mode 100644
index c2a98b1..0000000
--- a/roles/music/templates/pw-bitvis-mixer.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-# {{ ansible_managed }}
-
-context.modules = [
-    {
-        name = libpipewire-module-filter-chain
-        args = {
-            node.description = "bitvis-mixer"
-            media.name       = "bitvis-mixer"
-            filter.graph = {
-                nodes = [
-                    {
-                        name    = normalize
-                        type    = ladspa
-                        plugin  = fast_lookahead_limiter_1913
-                        label   = fastLookaheadLimiter
-                        control = {
-                            "Input gain (dB)" = 40
-                            "Limit (dB)" = 0
-                            "Release time (s)" = 1
-                        }
-                    }
-                    {
-                        name  = mono
-                        type  = builtin
-                        label = mixer
-                    }
-                ]
-                links = [
-                    { output = "normalize:Output 1", input = "mono:In 1" }
-                    { output = "normalize:Output 2", input = "mono:In 2" }
-                ]
-                inputs  = [ "normalize:Input 1" "normalize:Input 2" ]
-                outputs = [ "mono:Out" ]
-            }
-            capture.props = {
-                node.name         = "mix_input.bitvis"
-                audio.position    = [ FL FR ]
-                media.class       = "Audio/Sink"
-            }
-            playback.props = {
-                node.name         = "mix_output.bitvis"
-                audio.position    = [ FL ]
-                stream.dont-remix = true
-                node.passive      = true
-                node.autoconnect  = false
-            }
-        }
-    }
-]
diff --git a/roles/music/templates/skipbutton.service b/roles/music/templates/skipbutton.service
new file mode 100644
index 0000000..f2a5d6f
--- /dev/null
+++ b/roles/music/templates/skipbutton.service
@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=MPD Skipbutton
+After=network.target
+Requires=mpd.service
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=10s
+ExecStart=/opt/skipbutton/skipbutton.py /dev/ttyS0
+DynamicUser=true
+Group=dialout
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/music/templates/mqtt-soundboard.service b/roles/music/templates/soundboard.service
similarity index 51%
rename from roles/music/templates/mqtt-soundboard.service
rename to roles/music/templates/soundboard.service
index 4429bfa..38b31ab 100644
--- a/roles/music/templates/mqtt-soundboard.service
+++ b/roles/music/templates/soundboard.service
@@ -6,11 +6,12 @@ After=network.target
 
 [Service]
 Type=simple
-ExecStart=/lib/python3/dist-packages/mqtt-soundboard.py /etc/mqtt-soundboard.yaml
+ExecStart=/opt/soundboard/.venv/bin/python /opt/soundboard/soundboard.py /etc/soundboard.yaml
 Restart=always
 RestartSec=10
-User=root
-Environment="XDG_RUNTIME_DIR=/run/user/{{ music_audio_user_id }}"
+User=audio
+LimitMEMLOCK=infinity
+LimitRTPRIO=99
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/music/templates/mqtt-soundboard.yaml b/roles/music/templates/soundboard.yaml
similarity index 81%
rename from roles/music/templates/mqtt-soundboard.yaml
rename to roles/music/templates/soundboard.yaml
index 9056002..106dc30 100644
--- a/roles/music/templates/mqtt-soundboard.yaml
+++ b/roles/music/templates/soundboard.yaml
@@ -1,13 +1,13 @@
 # {{ ansible_managed }}
 
-loglevel: DEBUG
+loglevel: INFO
 
 mqtt:
   host: {{ mqtt_internal_host }}
 
 sounds:
   directory: /opt/sounds
-  play_cmd: "pw-jack mplayer -volume 20 -ao jack:name=MPlayer %s"
+  play_cmd: "mplayer -volume 10 -ao jack:name=MPlayer %s"
   topic: bitlair/soundboard
 
 aliases:
diff --git a/roles/music/templates/trollibox.service b/roles/music/templates/trollibox.service
index 66d581d..ddddd2f 100644
--- a/roles/music/templates/trollibox.service
+++ b/roles/music/templates/trollibox.service
@@ -10,7 +10,8 @@ Type=simple
 Restart=always
 RestartSec=2s
 ExecStart=/usr/local/bin/trollibox -conf /etc/trollibox.yaml
-User={{ music_trollibox_user }}
+User={{ music_audio_user }}
+Group={{ music_audio_user }}
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/nodesource/defaults/main.yaml b/roles/nodesource/defaults/main.yaml
deleted file mode 100644
index 6ab2293..0000000
--- a/roles/nodesource/defaults/main.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-nodesource_version: 22.x
diff --git a/roles/nodesource/handlers/main.yaml b/roles/nodesource/handlers/main.yaml
deleted file mode 100644
index e7a11ce..0000000
--- a/roles/nodesource/handlers/main.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- ansible.builtin.import_tasks:
-    file: ../../common/handlers/main.yaml
diff --git a/roles/nodesource/tasks/main.yaml b/roles/nodesource/tasks/main.yaml
deleted file mode 100644
index f35afde..0000000
--- a/roles/nodesource/tasks/main.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-- name: Install dependencies
-  ansible.builtin.apt:
-    state: present
-    pkg:
-      - apt-transport-https
-      - gpg
-
-- name: Import nodesource signing key
-  ansible.builtin.shell:
-    cmd: |
-      set -o pipefail
-      curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /usr/share/keyrings/nodesource.gpg
-    executable: /bin/bash
-  args:
-    creates: /usr/share/keyrings/nodesource.gpg
-  notify: apt update
-
-- name: Install nodesource apt files
-  ansible.builtin.template:
-    src: nodesource.list
-    dest: /etc/apt/sources.list.d/nodesource.list
-    owner: root
-    group: root
-    mode: 0644
-  notify: apt update
-  with_items:
-    - src: nodesource.list
-      dest: /etc/apt/sources.list.d/nodesource.list
-    - src: nodejs-apt-pref
-      dest: /etc/apt/preferences.d/nodejs
-
-- ansible.builtin.meta: flush_handlers
diff --git a/roles/photos/tasks/bambulab-fetch.yaml b/roles/photos/tasks/bambulab-fetch.yaml
index b050af9..dfcf3b5 100644
--- a/roles/photos/tasks/bambulab-fetch.yaml
+++ b/roles/photos/tasks/bambulab-fetch.yaml
@@ -5,28 +5,16 @@
 
 - name: Install fetch script
   ansible.builtin.template:
-    src: bambulab-fetch.sh
-    dest: /opt/bambulab-fetch.sh
-    owner: root
-    group: root
-    mode: 0755
-
-- name: Install service
-  ansible.builtin.template:
-    src: bambulab-fetch.service
-    dest: /etc/systemd/system/bambulab-fetch.service
-    owner: root
-    group: root
-    mode: 0644
-  notify: daemon reload
-
-- name: Install timer
-  ansible.builtin.template:
-    src: bambulab-fetch.timer
-    dest: /etc/systemd/system/bambulab-fetch.timer
-    owner: root
-    group: root
-    mode: 0644
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0644') }}"
+    force: "{{ item.force | default('yes') }}"
+  with_items:
+    - { src: "bambulab-fetch.sh", dest: "/opt/bambulab-fetch.sh", mode: "0755" }
+    - { src: "bambulab-fetch.service", dest: "/etc/systemd/system/bambulab-fetch.service" }
+    - { src: "bambulab-fetch.timer", dest: "/etc/systemd/system/bambulab-fetch.timer" }
   notify: daemon reload
 
 - name: Enable timer
diff --git a/roles/photos/tasks/photo-gallery.yaml b/roles/photos/tasks/photo-gallery.yaml
index 5a6cfff..95eb800 100644
--- a/roles/photos/tasks/photo-gallery.yaml
+++ b/roles/photos/tasks/photo-gallery.yaml
@@ -15,18 +15,18 @@
   ansible.builtin.template:
     src: photo-gallery-config.json
     dest: /opt/photo-gallery/config.json
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: restart photo-gallery
 
 - name: Install photo-gallery service file
   ansible.builtin.template:
     src: photo-gallery.service
     dest: /etc/systemd/system/photo-gallery.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: restart photo-gallery
 
 - name: Start photo-gallery
diff --git a/roles/photos/tasks/photos2mqtt.yaml b/roles/photos/tasks/photos2mqtt.yaml
index d9f2e05..1fedc06 100644
--- a/roles/photos/tasks/photos2mqtt.yaml
+++ b/roles/photos/tasks/photos2mqtt.yaml
@@ -14,18 +14,18 @@
   ansible.builtin.template:
     src: photos2mqtt.pl
     dest: /opt/photos2mqtt.pl
-    owner: root
-    group: root
-    mode: 0755
+    owner: "root"
+    group: "root"
+    mode: "0755"
   notify: restart photos2mqtt
 
 - name: Install photos2mqtt service file
   ansible.builtin.template:
     src: photos2mqtt.service
     dest: /etc/systemd/system/photos2mqtt.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: restart photos2mqtt
 
 - name: Start photos2mqtt
diff --git a/roles/services/handlers/main.yaml b/roles/services/handlers/main.yaml
index d8675bf..ed04c9f 100644
--- a/roles/services/handlers/main.yaml
+++ b/roles/services/handlers/main.yaml
@@ -2,24 +2,30 @@
 - ansible.builtin.import_tasks:
     file: ../../common/handlers/main.yaml
 
-- name: Restart ircbot
-  ansible.builtin.systemd:
-    name: ircbot
-    state: restarted
-    daemon_reload: true
-
-- name: restart discord-bot
-  ansible.builtin.systemd:
-    name: discord-bot
-    state: restarted
-    daemon_reload: true
-
-- name: restart irc-bot
+- name: Restart irc-bot
   ansible.builtin.systemd:
     name: irc-bot
     state: restarted
     daemon_reload: true
 
+- name: Restart irc-photos
+  ansible.builtin.systemd:
+    name: irc-photos
+    state: restarted
+    daemon_reload: true
+
+- name: Restart irc-doorduino
+  ansible.builtin.systemd:
+    name: irc-doorduino
+    state: restarted
+    daemon_reload: true
+
+- name: Restart discord-bot
+  ansible.builtin.systemd:
+    name: discord-bot
+    state: restarted
+    daemon_reload: true
+
 - name: Restart siahsd
   ansible.builtin.systemd:
     name: siahsd
diff --git a/roles/services/tasks/discord_bot.yaml b/roles/services/tasks/discord_bot.yaml
index a0f394b..7f64a01 100644
--- a/roles/services/tasks/discord_bot.yaml
+++ b/roles/services/tasks/discord_bot.yaml
@@ -3,58 +3,39 @@
 - name: Install dependencies
   ansible.builtin.apt:
     name:
-      - openscad
+      - python3-paho-mqtt
+      - python3-tz
       - virtualenv
 
 - name: Create virtualenv
   ansible.builtin.command:
-    cmd: virtualenv /var/lib/discord-bot/.venv
+    cmd: virtualenv /opt/miflora_exporter/.venv
   args:
     creates: /var/lib/discord-bot/.venv
 
-- name: Clone bottleclip source
-  ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/bottle-clip.git
-    version: main
-    dest: /var/lib/bottle-clip
-    accept_hostkey: yes
+- name: Install Python dependencies
+  ansible.builtin.shell:
+    cmd: . .venv/bin/activate && pip install -r requirements.txt
+  args:
+    chdir: /var/lib/discord-bot
 
-- name: Clone discord-bot source
+- name: Clone source
   ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/discord-bot.git
+    repo: https://github.com/bitlair/discord-bot.git
     version: main
     dest: /var/lib/discord-bot
     accept_hostkey: yes
-  notify:
-    - restart discord-bot
-    - restart irc-bot
+  notify: Restart discord-bot
+  ignore_errors: true
 
-- name: Install Python dependencies
-  ansible.builtin.shell:
-    cmd: . .venv/bin/activate && pip install -e .
-  args:
-    chdir: /var/lib/discord-bot
-  notify:
-    - restart discord-bot
-    - restart irc-bot
-
-- name: Install discord-bot service file
+- name: Install service file
   ansible.builtin.template:
     src: discord-bot.service
     dest: /etc/systemd/system/discord-bot.service
-    owner: root
-    group: root
+    owner: "root"
+    group: "root"
     mode: "0644"
-  notify: restart discord-bot
-
-- name: Install irc-bot service file
-  ansible.builtin.template:
-    src: irc-bot.service
-    dest: /etc/systemd/system/irc-bot.service
-    owner: root
-    group: root
-    mode: "0644"
-  notify: restart irc-bot
+  notify: Restart discord-bot
 
 - name: Start discord-bot
   ansible.builtin.systemd:
@@ -62,10 +43,3 @@
     state: started
     enabled: true
     daemon_reload: true
-
-- name: Start irc-bot
-  ansible.builtin.systemd:
-    name: irc-bot
-    state: started
-    enabled: true
-    daemon_reload: true
diff --git a/roles/services/tasks/ircbot.yaml b/roles/services/tasks/ircbot.yaml
index 9be8246..83a8f72 100644
--- a/roles/services/tasks/ircbot.yaml
+++ b/roles/services/tasks/ircbot.yaml
@@ -1,12 +1,12 @@
 ---
 - name: Clone source
   ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/irc-bot.git
-    version: main
+    repo: https://github.com/bitlair/irc-bot.git
+    version: master
     dest: /var/lib/irc-bot
     accept_hostkey: yes
   ignore_errors: true
-  notify: Restart ircbot
+  notify: Restart irc-bot
 
 - name: Link irc-say
   ansible.builtin.file:
@@ -17,18 +17,81 @@
 - name: Install service file
   ansible.builtin.template:
     src: generic.service
-    dest: /etc/systemd/system/ircbot.service
-    owner: root
-    group: root
-    mode: 0644
+    dest: /etc/systemd/system/irc-bot.service
+    owner: "root"
+    group: "root"
+    mode: "0644"
   vars:
     description: Bitlair IRC bot
     exec: /bin/bash /var/lib/irc-bot/irc-bot
-  notify: Restart ircbot
+  notify: Restart irc-bot
 
-- name: Start ircbot
+- name: Start irc-bot
   ansible.builtin.systemd:
-    name: ircbot
+    name: irc-bot
+    state: started
+    enabled: true
+    daemon_reload: true
+
+- name: Create helpers dir
+  ansible.builtin.file:
+    path: /var/lib/irc-helpers
+    state: directory
+
+- name: Install photos notification
+  ansible.builtin.template:
+    src: irc-photos.sh
+    dest: /var/lib/irc-helpers/photos.sh
+    owner: "root"
+    group: "root"
+    mode: "0755"
+  notify: Restart irc-photos
+
+- name: Install photos notification service
+  ansible.builtin.template:
+    src: generic.service
+    dest: /etc/systemd/system/irc-photos.service
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  vars:
+    description: Bitlair IRC photos notification
+    requires: irc-bot.service
+    exec: /bin/bash /var/lib/irc-helpers/photos.sh
+  notify: Restart irc-photos
+
+- name: Start irc-photos
+  ansible.builtin.systemd:
+    name: irc-photos
+    state: started
+    enabled: true
+    daemon_reload: true
+
+- name: Install doorduino notification
+  ansible.builtin.template:
+    src: irc-doorduino.sh
+    dest: /var/lib/irc-helpers/doorduino.sh
+    owner: "root"
+    group: "root"
+    mode: "0755"
+  notify: Restart irc-doorduino
+
+- name: Install doorduino notification service
+  ansible.builtin.template:
+    src: generic.service
+    dest: /etc/systemd/system/irc-doorduino.service
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  vars:
+    description: Bitlair IRC doorduino notification
+    requires: irc-bot.service
+    exec: /bin/bash /var/lib/irc-helpers/doorduino.sh
+  notify: Restart irc-doorduino
+
+- name: Start irc-doorduino
+  ansible.builtin.systemd:
+    name: irc-doorduino
     state: started
     enabled: true
     daemon_reload: true
diff --git a/roles/services/tasks/mastodon_spacestate.yaml b/roles/services/tasks/mastodon_spacestate.yaml
index 9babbbd..8d2175a 100644
--- a/roles/services/tasks/mastodon_spacestate.yaml
+++ b/roles/services/tasks/mastodon_spacestate.yaml
@@ -7,7 +7,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/mastodon-spacestate.git
+    repo: https://github.com/bitlair/mastodon-spacestate.git
     version: main
     dest: /var/lib/mastodon-spacestate
     accept_hostkey: yes
@@ -18,18 +18,18 @@
   ansible.builtin.template:
     src: mastodon-spacestate-config.py
     dest: /var/lib/mastodon-spacestate/config.py
-    owner: root
-    group: root
-    mode: 0655
+    owner: "root"
+    group: "root"
+    mode: "0655"
   notify: Restart mastodon-spacestate
 
 - name: Install service file
   ansible.builtin.template:
     src: mastodon-spacestate.service
     dest: /etc/systemd/system/mastodon-spacestate.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Restart mastodon-spacestate
 
 - name: Start mastodon-spacestate
diff --git a/roles/services/tasks/power_mqtt.yaml b/roles/services/tasks/power_mqtt.yaml
index 5c18589..1ca1e7f 100644
--- a/roles/services/tasks/power_mqtt.yaml
+++ b/roles/services/tasks/power_mqtt.yaml
@@ -7,9 +7,9 @@
   ansible.builtin.template:
     src: power-mqtt.py
     dest: /var/lib/power-mqtt.py
-    owner: root
-    group: root
-    mode: 0755
+    owner: "root"
+    group: "root"
+    mode: "0755"
   notify: Restart power-mqtt
 
 - name: Remove old service
@@ -21,9 +21,9 @@
   ansible.builtin.template:
     src: generic.service
     dest: /etc/systemd/system/power-mqtt@.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   vars:
     description: "SMD630 to MQTT Probe"
     exec: "/var/lib/power-mqtt.py %i"
diff --git a/roles/services/tasks/siahsd.yaml b/roles/services/tasks/siahsd.yaml
index f887b71..a1e59a9 100644
--- a/roles/services/tasks/siahsd.yaml
+++ b/roles/services/tasks/siahsd.yaml
@@ -1,31 +1,32 @@
 ---
-- name: Install siahsd
-  apt:
-    name:
-      - debianutils
-      - siahsd
+# TODO: Install and build
 
-- name: Clone alarm-handlers
-  ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/alarm-handlers.git
-    version: main
-    dest: /opt/alarm
-    accept_hostkey: yes
-
-- name: Create log directory
+- name: Create directories
   ansible.builtin.file:
-    path: /var/log/siahsd
+    path: "{{ item }}"
     state: directory
     owner: siahsd
     group: nogroup
     mode: "0750"
+  with_items:
+    - /var/log/siahsd
+    - /var/lib/siahsd
 
 - name: Install config file
   ansible.builtin.template:
     src: siahsd.conf
     dest: /etc/siahsd.conf
-    owner: root
-    group: root
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: Restart siahsd
+
+- name: Install service file
+  ansible.builtin.template:
+    src: siahsd.service
+    dest: /etc/systemd/system/siahsd.service
+    owner: "root"
+    group: "root"
     mode: "0644"
   notify: Restart siahsd
 
@@ -35,3 +36,4 @@
     state: started
     enabled: true
     daemon_reload: true
+
diff --git a/roles/services/tasks/spacestated.yaml b/roles/services/tasks/spacestated.yaml
index e35851e..8f22309 100644
--- a/roles/services/tasks/spacestated.yaml
+++ b/roles/services/tasks/spacestated.yaml
@@ -21,7 +21,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/spacestated.git
+    repo: https://github.com/bitlair/spacestated.git
     version: main
     dest: /var/lib/spacestated/spacestated
     accept_hostkey: yes
@@ -32,9 +32,9 @@
   ansible.builtin.template:
     src: spacestated.service
     dest: /etc/systemd/system/spacestated.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify: Restart spacestated
 
 - name: Start spacestated
diff --git a/roles/services/tasks/wifi_mqtt.yaml b/roles/services/tasks/wifi_mqtt.yaml
index d69aa34..1f10c64 100644
--- a/roles/services/tasks/wifi_mqtt.yaml
+++ b/roles/services/tasks/wifi_mqtt.yaml
@@ -8,7 +8,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/wifi-mqtt.git
+    repo: https://github.com/bitlair/wifi-mqtt.git
     version: main
     dest: /var/lib/wifi-mqtt
     accept_hostkey: yes
@@ -19,8 +19,8 @@
   ansible.builtin.template:
     src: wifi-mqtt.service
     dest: /etc/systemd/system/wifi-mqtt.service
-    owner: root
-    group: root
+    owner: "root"
+    group: "root"
     mode: "0644"
   notify: Restart wifi-mqtt
 
diff --git a/roles/services/templates/discord-bot.service b/roles/services/templates/discord-bot.service
index 5358bd5..2c73d05 100644
--- a/roles/services/templates/discord-bot.service
+++ b/roles/services/templates/discord-bot.service
@@ -1,17 +1,16 @@
-# {{ ansible_managed }}
+# Managed by Ansible
 
 [Unit]
-Description=Bitlair Discord Bot
+Description=HobbyBot
 After=network.target
 
 [Service]
 Type=simple
-Restart=always
+Restart=on-failure
 RestartSec=10s
-ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/discordbot.py
+ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/main.py
 DynamicUser=true
 Environment="MQTT_HOST={{ mqtt_internal_host }}"
-Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
 Environment="DISCORD_WEBHOOK_URL={{ lookup('passwordstore', 'services/discord', subkey='webhook_url') }}"
 Environment="DISCORD_TOKEN={{ lookup('passwordstore', 'services/discord', subkey='token') }}"
 
diff --git a/roles/services/templates/irc-bot.service b/roles/services/templates/irc-bot.service
deleted file mode 100644
index 1ea843b..0000000
--- a/roles/services/templates/irc-bot.service
+++ /dev/null
@@ -1,20 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description=Bitlair IRC Bot
-After=network.target
-
-[Service]
-Type=simple
-Restart=always
-RestartSec=10s
-ExecStart=/var/lib/discord-bot/.venv/bin/python /var/lib/discord-bot/ircbot.py
-DynamicUser=true
-Environment="MQTT_HOST={{ mqtt_internal_host }}"
-Environment="BOTTLECLIP_RESOURCES=/var/lib/bottle-clip"
-Environment="IRC_SERVER=irc.smurfnet.ch"
-Environment="IRC_CHANNEL=#bitlair"
-Environment="IRC_NICK=bitlair"
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/services/templates/irc-doorduino.sh b/roles/services/templates/irc-doorduino.sh
new file mode 100644
index 0000000..29e0eea
--- /dev/null
+++ b/roles/services/templates/irc-doorduino.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Managed by Ansible
+
+set -eu
+set -o pipefail
+
+initial=1
+
+mqtt-simple -h {{ mqtt_internal_host }} -t "bitlair/doorduino/+" |
+  while read line; do
+      topic=$(echo "$line" | cut -d' ' -f1 | sed "s/bitlair\/doorduino\///")
+      value=$(echo "$line" | cut -s -d' ' -f2-)
+
+      if [ $initial == 0 ] && [ $value != 0 ]; then
+         if [ $topic == "doorbell" ]; then
+            irc-say "DEURBEL! Open de deur beneden!"
+         elif [ $topic != "dooropen" ]; then
+            irc-say "Doorduino: $topic $value"
+         fi
+      fi
+      initial=0
+  done
+
diff --git a/roles/services/templates/irc-photos.sh b/roles/services/templates/irc-photos.sh
new file mode 100644
index 0000000..acd505c
--- /dev/null
+++ b/roles/services/templates/irc-photos.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# Managed by Ansible
+
+set -eu
+set -o pipefail
+
+mqtt-simple -h {{ mqtt_internal_host }} -s "bitlair/photos" |
+    while read event; do
+        path=$(echo $event | cut -d ' ' -f 2)
+        url="https://bitlair.nl/fotos/view/$path"
+        irc-say "WIP: $url"
+    done
diff --git a/roles/services/templates/siahsd.conf b/roles/services/templates/siahsd.conf
index ee18220..5d8e94f 100644
--- a/roles/services/templates/siahsd.conf
+++ b/roles/services/templates/siahsd.conf
@@ -1,5 +1,3 @@
-# {{ ansible_managed }}
-
 [siahsd]
 pid file = /var/lib/siahsd/siahsd.pid
 log file = /var/log/siahsd/siahsd.log
@@ -7,6 +5,13 @@ log level = 3
 foreground = 0
 event handlers = script
 
+#[database]
+#driver = mysql
+#host = localhost
+#name = siahsd
+#username = siahsd
+#password = MysbJxAaawmwKPqD
+
 [siahs]
 port = 4000
 
@@ -14,5 +19,21 @@ port = 4000
 port = 9000
 rsa key file = something.sexp
 
+#[jsonbot]
+#address = 192.168.88.15
+#port = 5500
+#aes key = blablablablablaz
+#password = mekker
+#privmsg to = #bitlair
+
+#[spacestate]
+#driver = mysql
+#host = localhost
+#name = bitwifi
+#username = bitwifi
+#password = aGWERQpLEQPUaXJV
+#open script = /opt/alarm/disarmed.sh
+#close script = /opt/alarm/armed.sh
+
 [script]
 path = /opt/alarm/siahsd_handler.sh
diff --git a/roles/services/templates/siahsd.service b/roles/services/templates/siahsd.service
new file mode 100644
index 0000000..479324c
--- /dev/null
+++ b/roles/services/templates/siahsd.service
@@ -0,0 +1,17 @@
+# Managed by Ansible
+
+[Unit]
+Description=Siahsd
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/var/lib/siahsd/siahsd.pid
+Restart=always
+RestartSec=10s
+ExecStartPre=-/bin/rm /var/lib/siahsd/siahsd.pid
+ExecStart=/usr/local/src/siahsd/build/siahsd
+User=siahsd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/www/tasks/calendar.yaml b/roles/www/tasks/calendar.yaml
index 16c027e..8f42b06 100644
--- a/roles/www/tasks/calendar.yaml
+++ b/roles/www/tasks/calendar.yaml
@@ -5,7 +5,7 @@
 
 - name: Clone source
   ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/wiki-calendar-exporter.git
+    repo: https://github.com/bitlair/calendar-parser.git
     version: main
     dest: /usr/local/src/bitlair-calendar
     accept_hostkey: yes
@@ -19,6 +19,6 @@
   ansible.builtin.template:
     src: calendar.cron
     dest: /etc/cron.d/bitlair-calendar
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
diff --git a/roles/www/tasks/mediawiki.yaml b/roles/www/tasks/mediawiki.yaml
index 2eb69f4..0508e32 100644
--- a/roles/www/tasks/mediawiki.yaml
+++ b/roles/www/tasks/mediawiki.yaml
@@ -9,7 +9,7 @@
   ansible.builtin.template:
     src: security.txt
     dest: /opt/security.txt
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
 
diff --git a/roles/www/tasks/mqtt.yaml b/roles/www/tasks/mqtt.yaml
index 63d1dee..ed097d6 100644
--- a/roles/www/tasks/mqtt.yaml
+++ b/roles/www/tasks/mqtt.yaml
@@ -24,9 +24,9 @@
   ansible.builtin.template:
     src: mqtt2web.service
     dest: /etc/systemd/system/mqtt2web.service
-    owner: root
-    group: root
-    mode: 0644
+    owner: "root"
+    group: "root"
+    mode: "0644"
   notify:
     - Daemon reload
     - Restart mqtt2web
diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml
index e6b7954..1c5c3ec 100644
--- a/roles/www/tasks/spaceapi.yaml
+++ b/roles/www/tasks/spaceapi.yaml
@@ -1,7 +1,7 @@
 ---
 - name: Clone spaceapi source
   ansible.builtin.git:
-    repo: https://git.bitlair.nl/bitlair/spaceapi.git
+    repo: https://github.com/bitlair/spaceapi.git
     version: main
     dest: /opt/spaceapi
     accept_hostkey: true
@@ -11,8 +11,8 @@
   ansible.builtin.template:
     src: spaceapi.service
     dest: /etc/systemd/system/spaceapi.service
-    owner: root
-    group: root
+    owner: "root"
+    group: "root"
     mode: "0644"
   notify: Restart spaceapi
 
diff --git a/roles/www/templates/matrix-delegation.json b/roles/www/templates/matrix-delegation.json
new file mode 100644
index 0000000..9a49cc7
--- /dev/null
+++ b/roles/www/templates/matrix-delegation.json
@@ -0,0 +1,3 @@
+{
+    "m.server": "matrix.bitlair.nl"
+}
diff --git a/roles/www/templates/nginx-site.conf b/roles/www/templates/nginx-site.conf
index 8a5255a..f34edee 100644
--- a/roles/www/templates/nginx-site.conf
+++ b/roles/www/templates/nginx-site.conf
@@ -119,6 +119,13 @@ server {
         rewrite ^/Pages/(.*) https://$server_name/$1$args redirect;
     }
 
+    # Matrix realm delegation
+    location = /.well-known/matrix/server {
+        add_header "Content-Type" "application/json";
+        add_header "Access-Control-Allow-Origin" "*";
+        alias /opt/matrix-delegation.json;
+    }
+
     location = /.well-known/security.txt {
         alias /opt/security.txt;
     }
diff --git a/services.yaml b/services.yaml
index 52103e0..e66fc11 100644
--- a/services.yaml
+++ b/services.yaml
@@ -3,5 +3,4 @@
 - hosts: services
   roles:
     - { role: "common", tags: [ "common" ] }
-    - { role: "deb_forgejo", tags: [ "deb_forgejo" ] }
     - { role: "services", tags: [ "services" ] }
diff --git a/snippets/music-nginx.j2 b/snippets/music-nginx.j2
deleted file mode 100644
index 8ef1c12..0000000
--- a/snippets/music-nginx.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-{% for range in trusted_ranges %}
-allow {{ range.cidr }};
-{% endfor %}
-deny all;
-
-location / {
-    rewrite ^/(.*) https://{{ music_domain }}/trollibox/player/space?;
-}
-
-location /trollibox/ {
-    proxy_pass http://[::1]:3000/;
-    include proxy_params;
-}
-
-location ~ ^/trollibox/(.+/events)$ {
-    proxy_pass http://[::1]:3000/$1;
-    include proxy_params;
-    proxy_http_version 1.1;
-    chunked_transfer_encoding off;
-    add_header X-Test "123";
-    proxy_set_header Connection '';
-    proxy_buffering off;
-    proxy_read_timeout 7d;
-}
-
-location ~ ^/trollibox/(.+/listen)$ {
-    proxy_pass http://[::1]:3000/$1;
-    include proxy_params;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_read_timeout 7d;
-}
-
-location /vis/ {
-    allow all;
-    proxy_pass http://[::1]:13378/;
-    include proxy_params;
-}
-
-location = /vis/ {
-    rewrite ^(.*)$ /vis/index.html;
-    include proxy_params;
-}
diff --git a/snippets/www-nginx.j2 b/snippets/www-nginx.j2
index 1dd1a88..a831121 100644
--- a/snippets/www-nginx.j2
+++ b/snippets/www-nginx.j2
@@ -1,4 +1,4 @@
-root /opt/mediawiki-1.43.0/;
+root /opt/mediawiki-1.41.1/;
 index index.php index.html index.htm;
 
 # Photo gallery
@@ -78,6 +78,13 @@ location /Pages/ {
     rewrite ^/Pages/(.*) https://$server_name/$1$args redirect;
 }
 
+# Matrix realm delegation
+location = /.well-known/matrix/server {
+    add_header "Content-Type" "application/json";
+    add_header "Access-Control-Allow-Origin" "*";
+    alias /opt/matrix-delegation.json;
+}
+
 location = /.well-known/security.txt {
     alias /opt/security.txt;
 }