diff --git a/hosts.yaml b/hosts.yaml
index 0dfe49b..6bae61a 100644
--- a/hosts.yaml
+++ b/hosts.yaml
@@ -38,6 +38,6 @@ all:
         services:
           hosts:
             service.bitlair.nl:
-        wiki:
+        www:
           hosts:
-            wiki.bitlair.nl:
+            cyber.bitlair.nl:
diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml
index 64f80c3..6e437c8 100644
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@@ -76,18 +76,18 @@
     insertafter: '^PATH'
     line: 'MAILTO={{ notify_email }}'
 
-- name: Configure SSH
+- name: Turn off SSH password auth
   lineinfile:
     path: /etc/ssh/sshd_config
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  with_items:
-    - regexp: '^#?Port'
-      line: 'Port {{ ssh_port }}'
-    - regexp: '^#?PasswordAuthentication'
-      line: 'PasswordAuthentication no'
-    - regexp: '^#?DebianBanner'
-      line: 'DebianBanner no'
+    regexp: '^#?PasswordAuthentication'
+    line: 'PasswordAuthentication no'
+  notify: reload sshd
+
+- name: Configure SSH port
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?Port'
+    line: 'Port {{ ssh_port }}'
   notify: reload sshd
 
 - name: Allow SSH
diff --git a/roles/etherpad/templates/nginx-site.conf b/roles/etherpad/templates/nginx-site.conf
index 0bca61d..57a48b0 100644
--- a/roles/etherpad/templates/nginx-site.conf
+++ b/roles/etherpad/templates/nginx-site.conf
@@ -13,6 +13,7 @@ server {
 	{% endif %}
 
 	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+	add_header X-Frame-Options DENY;
 	add_header X-Content-Type-Options nosniff;
 
 	location / {
diff --git a/roles/etherpad/templates/settings.json b/roles/etherpad/templates/settings.json
index 8ff1889..e2e8818 100644
--- a/roles/etherpad/templates/settings.json
+++ b/roles/etherpad/templates/settings.json
@@ -69,7 +69,7 @@
   "allowUnknownFileEnds": true,
   "requireAuthentication": false,
   "requireAuthorization": false,
-  "trustProxy": true,
+  "trustProxy": false,
   "cookie": {
     "sameSite": "Lax"
   },
diff --git a/roles/www/tasks/main.yaml b/roles/www/tasks/main.yaml
index f15f9e5..32b52d1 100644
--- a/roles/www/tasks/main.yaml
+++ b/roles/www/tasks/main.yaml
@@ -3,10 +3,10 @@
   import_tasks: calendar.yaml
 
 - tags: www_mediawiki
-  import_tasks: mediawiki.yaml
+  include_tasks: mediawiki.yaml
 
 - tags: www_mqtt
-  import_tasks: mqtt.yaml
+  include_tasks: mqtt.yaml
 
 - tags: www_spaceapi
-  import_tasks: spaceapi.yaml
+  include_tasks: spaceapi.yaml
diff --git a/roles/www/tasks/spaceapi.yaml b/roles/www/tasks/spaceapi.yaml
index c08ff73..85fa72f 100644
--- a/roles/www/tasks/spaceapi.yaml
+++ b/roles/www/tasks/spaceapi.yaml
@@ -2,7 +2,7 @@
 - name: Clone spaceapi source
   git:
     repo: https://github.com/bitlair/spaceapi.git
-    version: main
+    version: master
     dest: /opt/spaceapi
     accept_hostkey: yes
   notify: restart spaceapi