diff --git a/hosts.yaml b/hosts.yaml
index 6bae61a..0dfe49b 100644
--- a/hosts.yaml
+++ b/hosts.yaml
@@ -38,6 +38,6 @@ all:
         services:
           hosts:
             service.bitlair.nl:
-        www:
+        wiki:
           hosts:
-            cyber.bitlair.nl:
+            wiki.bitlair.nl:
diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml
index 6e437c8..64f80c3 100644
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@@ -76,18 +76,18 @@
     insertafter: '^PATH'
     line: 'MAILTO={{ notify_email }}'
 
-- name: Turn off SSH password auth
+- name: Configure SSH
   lineinfile:
     path: /etc/ssh/sshd_config
-    regexp: '^#?PasswordAuthentication'
-    line: 'PasswordAuthentication no'
-  notify: reload sshd
-
-- name: Configure SSH port
-  lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: '^#?Port'
-    line: 'Port {{ ssh_port }}'
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - regexp: '^#?Port'
+      line: 'Port {{ ssh_port }}'
+    - regexp: '^#?PasswordAuthentication'
+      line: 'PasswordAuthentication no'
+    - regexp: '^#?DebianBanner'
+      line: 'DebianBanner no'
   notify: reload sshd
 
 - name: Allow SSH
diff --git a/roles/etherpad/templates/nginx-site.conf b/roles/etherpad/templates/nginx-site.conf
index 57a48b0..0bca61d 100644
--- a/roles/etherpad/templates/nginx-site.conf
+++ b/roles/etherpad/templates/nginx-site.conf
@@ -13,7 +13,6 @@ server {
 	{% endif %}
 
 	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
-	add_header X-Frame-Options DENY;
 	add_header X-Content-Type-Options nosniff;
 
 	location / {
diff --git a/roles/etherpad/templates/settings.json b/roles/etherpad/templates/settings.json
index e2e8818..8ff1889 100644
--- a/roles/etherpad/templates/settings.json
+++ b/roles/etherpad/templates/settings.json
@@ -69,7 +69,7 @@
   "allowUnknownFileEnds": true,
   "requireAuthentication": false,
   "requireAuthorization": false,
-  "trustProxy": false,
+  "trustProxy": true,
   "cookie": {
     "sameSite": "Lax"
   },
diff --git a/roles/www/tasks/main.yaml b/roles/www/tasks/main.yaml
index 32b52d1..f15f9e5 100644
--- a/roles/www/tasks/main.yaml
+++ b/roles/www/tasks/main.yaml
@@ -3,10 +3,10 @@
   import_tasks: calendar.yaml
 
 - tags: www_mediawiki
-  include_tasks: mediawiki.yaml
+  import_tasks: mediawiki.yaml
 
 - tags: www_mqtt
-  include_tasks: mqtt.yaml
+  import_tasks: mqtt.yaml
 
 - tags: www_spaceapi
-  include_tasks: spaceapi.yaml
+  import_tasks: spaceapi.yaml
diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml
index 85fa72f..c08ff73 100644
--- a/roles/www/tasks/spaceapi.yaml
+++ b/roles/www/tasks/spaceapi.yaml
@@ -2,7 +2,7 @@
 - name: Clone spaceapi source
   git:
     repo: https://github.com/bitlair/spaceapi.git
-    version: master
+    version: main
     dest: /opt/spaceapi
     accept_hostkey: yes
   notify: restart spaceapi