diff --git a/.gitignore b/.gitignore
index acabf55..2728222 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,10 @@
+# Generated files
 roles/Node/files/*-vm.service
 roles/Nazara/files/dns
 roles/Nazara/files/dhcp
 roles/Node/files/vm-definitions/**
 roles/ShadowArch/files/mirrorlist
+roles/Sharingan/files/monit/checks/availability
 roles/Foundation/files/custom/public/img/**
 venv/**
 **/pkg/**
diff --git a/bin/deploy-role b/bin/deploy-role
index 72b3663..9fa52e3 100755
--- a/bin/deploy-role
+++ b/bin/deploy-role
@@ -33,8 +33,7 @@ done
 # Get the targetgroup
 targetgroup="$2"
 if [ -z "$targetgroup" ]; then
-    echo Need a group
-    exit 2
+    targetgroup="$role" # Deploy a role to the server named for that function
 fi
 
 # Allow an inventory override
diff --git a/bin/generate-mirrorlist b/bin/generate-mirrorlist
old mode 100644
new mode 100755
diff --git a/bin/generate-monitoring.py b/bin/generate-monitoring.py
new file mode 100755
index 0000000..1761e0f
--- /dev/null
+++ b/bin/generate-monitoring.py
@@ -0,0 +1,83 @@
+#!/usr/bin/env python3
+# File: generate-pihole-dns-dhcp.py
+#
+# Description: This file generates the DNS and DHCP files for pihole.
+#
+# Package: AniNIX/Ubiqtorate
+# Copyright: WTFPL
+#
+# Author: DarkFeather <darkfeather@aninix.net>
+
+import os
+import subprocess
+import sys
+import yaml
+
+rolepath='../roles/Sharingan/files'
+monfilepath=rolepath+"/monit/checks/availability"
+
+def WriteMonitoringEntry(content,hosttype,hostclass):
+    ### Create the ping-based monitoring entry
+    # param content: the yaml content to parse
+    # param hosttype: managed or unmanaged
+    # param hostclass: the type of host as classified in the yaml
+    global monfile
+
+    with open(monfilepath,'a') as monfile:
+
+        # Write host entries
+        for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
+            try:
+                hostname= host + '.' + content['all']['vars']['replica_domain']
+                monfile.write('check program ' + host + '_ping_mon with path "/usr/lib/monitoring-plugins/check_ping -H ' + hostname + ' -w 100,50% -c 1000,100% -p 3 -t 60 -4"\n')
+                monfile.write('    if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical ' + hostname + ' is not online."\n\n')
+            except:
+                print(host + ' is not complete for monitoring.')
+
+def WriteSSHMonitoringEntry(content,hosttype,hostclass):
+    ### Create the ping-based monitoring entry
+    # param content: the yaml content to parse
+    # param hosttype: managed or unmanaged
+    # param hostclass: the type of host as classified in the yaml
+    global monfile
+
+    with open(monfilepath,'a') as monfile:
+
+        # Write host entries
+        for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
+            try:
+                hostname= host + '.' + content['all']['vars']['replica_domain']
+                monfile.write('check program ' + host + '_ssh_mon with path "/usr/lib/monitoring-plugins/check_ssh -H ' + hostname + '"\n')
+                monfile.write('    if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical ' + hostname + ' is not responding to SSH."\n\n')
+            except:
+                print(host + ' is not complete for monitoring.')
+
+def GenerateFiles(file):
+    ### Open the file and parse it
+    # param file: the file to work on
+    global monfilepath
+
+    if not os.path.isdir(rolepath):
+        os.mkdir(rolepath)
+
+    # Parse the yaml
+    with open(file, 'r') as stream:
+        content = yaml.safe_load(stream)
+
+    if os.path.isfile(monfilepath): os.remove(monfilepath)
+
+    # Add DNS entries for each host
+    hosttype = 'managed'
+    for hostclass in ['physical','virtual','geth_hubs']:
+        WriteMonitoringEntry(content,hosttype,hostclass)
+        WriteSSHMonitoringEntry(content,hosttype,hostclass)
+    hosttype = 'unmanaged'
+    for hostclass in ['ovas','appliances']:
+        WriteMonitoringEntry(content,hosttype,hostclass)
+
+if __name__ == '__main__':
+    if len(sys.argv) != 2:
+        print("You need to supply an inventory file.")
+        sys.exit(1)
+    GenerateFiles(sys.argv[1])
+    sys.exit(0)
diff --git a/bin/generate-pihole-dns-dhcp.py b/bin/generate-pihole-dns-dhcp.py
index d8ebd1c..e215379 100755
--- a/bin/generate-pihole-dns-dhcp.py
+++ b/bin/generate-pihole-dns-dhcp.py
@@ -74,7 +74,7 @@ def GenerateFiles(file):
             WriteDNSEntry(content,hosttype,hostclass)
             WriteDHCPEntry(content,hosttype,hostclass)
         hosttype = 'unmanaged'
-        for hostclass in ['ovas','appliances','iot']:
+        for hostclass in ['ovas','test_ovas','appliances','adhoc_appliances','iot']:
             WriteDNSEntry(content,hosttype,hostclass)
             WriteDHCPEntry(content,hosttype,hostclass)
 
diff --git a/bin/generate-systemd-vms.py b/bin/generate-systemd-vms.py
index 370a897..f1ba1b6 100755
--- a/bin/generate-systemd-vms.py
+++ b/bin/generate-systemd-vms.py
@@ -84,8 +84,8 @@ def GenerateFiles(file):
 
         # Add service files for each host
         WriteVMFile(content,'managed','virtual')
-        WriteVMFile(content,'unmanaged','ovas')
-        #WriteVMFile(content,'unmanaged','appliances')
+        WriteVMFile(content,'unmanaged','ovas',
+        WriteVMFile(content,'unmanaged','test_ovas')
 
 if __name__ == '__main__':
     if len(sys.argv) != 2:
diff --git a/examples/msn0.yml b/examples/msn0.yml
index 9135aa4..14e3db6 100644
--- a/examples/msn0.yml
+++ b/examples/msn0.yml
@@ -71,6 +71,8 @@ all:
                             siem: true
                             disks:
                               - '-drive format=raw,index=0,media=disk,file=/dev/sdb'
+                            # On hold because of https://aninix.net/DarkFeather/MSN0/issues/6
+                            holdpkg: "elasticsearch graylog mongodb44-bin mongodb-tools-bin"
                         DarkNet:
                             ipinterface: ens3
                             ip: 10.0.1.17
@@ -110,17 +112,9 @@ all:
                             rotate: 90
         unmanaged:
             children:
+                # Both OVA groups are in the same subnet -- test_ovas aren't monitored
                 ovas: # 10.0.1.48/28
                     hosts:
-                        TDS-Jump:
-                            ip: 10.0.1.48
-                            mac: 00:15:5d:01:02:08
-                            cores: 2
-                            memory: 2
-                            vnc: 4
-                            bridge: br0
-                            disks:
-                              - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/TDSJump.qcow2'
                         Geth:
                             ip: 10.0.1.49
                             mac: DE:8B:9E:19:55:1E
@@ -131,6 +125,17 @@ all:
                             uefi: true
                             disks:
                               - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/hassos_ova-5.13.qcow2'
+                test_ovas: # 10.0.1.48/28
+                    hosts:
+                        TDS-Jump:
+                            ip: 10.0.1.48
+                            mac: 00:15:5d:01:02:08
+                            cores: 2
+                            memory: 2
+                            vnc: 4
+                            bridge: br0
+                            disks:
+                              - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/TDSJump.qcow2'
                         DedNet:
                             ip: 10.0.1.50
                             mac: 00:15:5d:01:02:09
@@ -181,11 +186,26 @@ all:
                             vnc: 12
                             disks:
                               - '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test3.qcow2'
+                # appliances are monitored -- adhoc_appliances are convenience only and not monitored.
                 appliances:
                     hosts: # 10.0.1.64/27
-                        Shadowfeed:
+                        Shadowfeed: # Router must be at root
                             ip: 10.0.1.1
                             mac: 2c:30:33:64:f4:03
+                        Print: # Print is excepted for legacy setup reasons before we laid out subnets.
+                            ip: 10.0.1.6
+                            mac: 00:80:92:77:CE:E4
+                        Geth-Eyes:
+                            ip: 10.0.1.68
+                            mac: 9C:A3:AA:33:A3:99
+                        "Core-Console":
+                            ip: 10.0.1.74
+                            mac: 00:25:90:0D:82:5B
+                        "Node0-Console":
+                            ip: 10.0.1.75
+                            mac: 00:25:90:3E:C6:8C
+                adhoc_appliances:
+                    hosts: # 10.0.1.64/27
                         DarkFeather:
                             ip: 10.0.1.64
                             mac: D0:40:EF:D4:14:CF
@@ -195,19 +215,13 @@ all:
                         Games:
                             ip: 10.0.1.66
                             mac: E0:BE:03:77:0E:88
-                        Print:
-                            ip: 10.0.1.67
-                            mac: 00:80:92:77:CE:E4
-                        Geth-Eyes:
-                            ip: 10.0.1.68
-                            mac: 9C:A3:AA:33:A3:99
                         LivingRoomTV:
                             ip: 10.0.1.69
                             mac: 80:D2:1D:17:63:0E
                         BedRoomTV:
                             ip: 10.0.1.70
                             mac: 80:D2:1D:17:63:0F
-                        TraingRoomTV:
+                        TrainingRoomTV:
                             ip: 10.0.1.71
                             mac: 80:D2:1D:17:63:10
                         Tachikoma:
@@ -216,12 +230,6 @@ all:
                         Dedsec:
                             ip: 10.0.1.73
                             mac: 34:F6:4B:36:12:8F
-                        "Core-Console":
-                            ip: 10.0.1.74
-                            mac: 00:25:90:0D:82:5B
-                        "Node0-Console":
-                            ip: 10.0.1.75
-                            mac: 00:25:90:3E:C6:8C
                # dhcp build space: 10.0.1.224/27
                 iot: # 10.0.2.0/24
                     hosts:
diff --git a/roles/Foundation/files/custom/templates/custom/footer.tmpl b/roles/Foundation/files/custom/templates/custom/footer.tmpl
index 4c7ba98..bd4f5f0 100644
--- a/roles/Foundation/files/custom/templates/custom/footer.tmpl
+++ b/roles/Foundation/files/custom/templates/custom/footer.tmpl
@@ -13,7 +13,7 @@ _gaq.push(['_trackPageview']);
 </script>
 <!-- Replace Gitea icon with AniNIX -->
 <script type="text/javascript">
-    document.getElementsByClassName('brand')[0].children[0].children[0].src="/assets/img/AniNIX.png";
+    document.getElementById('navbar').children[0].children[0].children[0].src="/assets/img/AniNIX.png";
     $('meta[property=og\\:image]').attr('content', '/assets/img/AniNIX.png');
     $('link[rel="mask-icon"]').attr('href', '/assets/img/AniNIX.png');
     $('link[rel="mask-icon"]').attr('color', '#000000');
diff --git a/roles/Foundation/files/hooks/gitea.hook b/roles/Foundation/files/hooks/gitea.hook
new file mode 100644
index 0000000..a137ff8
--- /dev/null
+++ b/roles/Foundation/files/hooks/gitea.hook
@@ -0,0 +1,10 @@
+[Trigger]
+Operation = Install
+Operation = Upgrade
+Type = Package
+Target = gitea
+
+[Action]
+Description = Updating Gitea Custom Pages
+When = PostTransaction
+Exec = /usr/bin/runuser -u gitea -- /usr/bin/bash /var/lib/gitea/custom/bin/gen-aninix-custom
diff --git a/roles/Foundation/templates/app.ini.j2 b/roles/Foundation/templates/app.ini.j2
index de444f2..28b6e40 100644
--- a/roles/Foundation/templates/app.ini.j2
+++ b/roles/Foundation/templates/app.ini.j2
@@ -20,10 +20,6 @@ FORCE_PRIVATE                                  = false
 DEFAULT_PRIVATE                                = last
 ; Global limit of repositories per user, applied at creation time. -1 means no limit
 MAX_CREATION_LIMIT                             = -1
-; Mirror sync queue length, increase if mirror syncing starts hanging
-MIRROR_QUEUE_LENGTH                            = 1000
-; Patch test queue length, increase if pull request patch testing starts hanging
-PULL_REQUEST_QUEUE_LENGTH                      = 1000
 ; Preferred Licenses to place at the top of the List
 ; The name here must match the filename in conf/license or custom/conf/license
 PREFERRED_LICENSES                             = AniNIX-WTFPL
@@ -233,12 +229,14 @@ LANDING_PAGE                    = home
 ; Enables git-lfs support. true or false, default is false.
 LFS_START_SERVER                = true
 ; Where your lfs files reside, default is data/lfs.
-LFS_CONTENT_PATH                = data/lfs
 ; LFS authentication secret, change this yourself
 LFS_JWT_SECRET                  = {{ secrets.Foundation.lfs_jwt_secret }}
 ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
 LFS_HTTP_AUTH_EXPIRY            = 20m
 
+[lfs]
+PATH = data/lfs
+
 ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 [ssh.minimum_key_sizes]
 ED25519 = 256
@@ -278,19 +276,10 @@ DB_RETRY_BACKOFF    = 3s
 ISSUE_INDEXER_TYPE               = bleve
 ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
 ISSUE_INDEXER_PATH               = indexers/issues.bleve
-; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
-ISSUE_INDEXER_QUEUE_TYPE         = levelqueue
-; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
-; default is indexers/issues.queue
-ISSUE_INDEXER_QUEUE_DIR          = indexers/issues.queue
 ; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
-ISSUE_INDEXER_QUEUE_CONN_STR     = addrs=127.0.0.1:6379 db=0
-; Batch queue number, default is 20
-ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
 ; repo indexer by default disabled, since it uses a lot of disk space
 REPO_INDEXER_ENABLED             = false
 REPO_INDEXER_PATH                = indexers/repos.bleve
-UPDATE_BUFFER_LEN                = 20
 MAX_FILE_SIZE                    = 1048576
 
 [admin]
@@ -361,7 +350,7 @@ RESET_PASSWD_CODE_LIVE_MINUTES                = 180
 REGISTER_EMAIL_CONFIRM                        = false
 ; List of domain names that are allowed to be used to register on a Gitea instance
 ; gitea.io,example.com
-EMAIL_DOMAIN_WHITELIST                        =
+EMAIL_DOMAIN_ALLOWLIST                        =
 ; Disallow registration, only allow admins to create accounts.
 DISABLE_REGISTRATION                          = true
 ; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
@@ -430,43 +419,9 @@ SKIP_TLS_VERIFY = false
 PAGING_NUM      = 10
 ALLOWED_HOST_LIST = ::1/128, 127.0.0.1/32
 
+; We don't use mail
 [mailer]
 ENABLED            = false
-; Buffer length of channel, keep it as it is if you don't know what it is.
-SEND_BUFFER_LEN    = 100
-; Prefix displayed before subject in mail
-SUBJECT_PREFIX     =
-; Mail server
-; Gmail: smtp.gmail.com:587
-; QQ: smtp.qq.com:465
-; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
-HOST               =
-; Disable HELO operation when hostnames are different.
-DISABLE_HELO       =
-; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
-HELO_HOSTNAME      =
-; Do not verify the certificate of the server. Only use this for self-signed certificates
-SKIP_VERIFY        =
-; Use client certificate
-USE_CERTIFICATE    = false
-CERT_FILE          = custom/mailer/cert.pem
-KEY_FILE           = custom/mailer/key.pem
-; Should SMTP connection use TLS
-IS_TLS_ENABLED     = false
-; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
-FROM               =
-; Mailer user name and password
-USER               =
-; Use PASSWD = `your password` for quoting if you use special characters in the password.
-PASSWD             =
-; Send mails as plain text
-SEND_AS_PLAIN_TEXT = false
-; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
-MAILER_TYPE        = smtp
-; Specify an alternative sendmail binary
-SENDMAIL_PATH      = sendmail
-; Specify any extra sendmail arguments
-SENDMAIL_ARGS      =
 
 [cache]
 ; Either "memory", "redis", or "memcache", default is "memory"
@@ -544,6 +499,13 @@ MAX_FILES     = 5
 FORMAT =
 
 [log]
+ROOT_PATH = %(GITEA_WORK_DIR)/log
+MODE = console
+LEVEL = Info
+STACKTRACE_LEVEL = None
+logger.router.MODE = ,
+logger.xorm.MODE = ,
+logger.access.MODE =
 ROOT_PATH            = /var/log/gitea/
 ; Either "console", "file", "conn", "smtp" or "database", default is "console"
 ; Use comma to separate multiple modes, e.g. "console, file"
@@ -551,11 +513,8 @@ MODE                 = console
 ; Buffer length of the channel, keep it as it is if you don't know what it is.
 BUFFER_LEN           = 10000
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
-ROUTER_LOG_LEVEL     = Critical
-ROUTER               = none
-ENABLE_ACCESS_LOG    = true
 ACCESS_LOG_TEMPLATE  = {{ '{{' }}.Ctx.RemoteAddr{{ '}}' }} - {{ '{{' }}.Identity{{ '}}' }} {{ '{{' }}.Start.Format "[02/Jan/2006:15:04:05 -0700]" {{ '}}' }} "{{ '{{' }}.Ctx.Req.Method{{ '}}' }} {{ '{{' }}.Ctx.Req.RequestURI{{ '}}' }} {{ '{{' }}.Ctx.Req.Proto{{ '}}' }}" {{ '{{' }}.ResponseWriter.Status{{ '}}' }} {{ '{{' }}.ResponseWriter.Size{{ '}}' }} "{{ '{{' }}.Ctx.Req.Referer{{ '}}' }}\" \"{{ '{{' }}.Ctx.Req.UserAgent{{ '}}' }}"
-ACCESS               = console
+logger.access.MODE   = console
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
 LEVEL                = Info
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
@@ -570,9 +529,10 @@ COLORIZE   = false
 
 ; For "console" mode only
 [log.console]
-LEVEL  =
-COLORIZE   = false
-STDERR = false
+MODE = console
+FLAGS = stdflags
+PREFIX =
+COLORIZE = true
 
 ; For "file" mode only
 [log.file]
diff --git a/roles/IRC/templates/inspircd/inspircd.conf.j2 b/roles/IRC/templates/inspircd/inspircd.conf.j2
index 489d4f3..08736fc 100644
--- a/roles/IRC/templates/inspircd/inspircd.conf.j2
+++ b/roles/IRC/templates/inspircd/inspircd.conf.j2
@@ -67,8 +67,9 @@
 <sslprofile
     name="clients"
     provider="openssl"
-    cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
-    certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/cert.pem" keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
+    cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/chain.pem"
+    certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
+    keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
     ciphers="{{ ssl['ciphersuite'] }}"
     hash="sha256"
     renegotiation="no"
diff --git a/roles/Maat/files/aur.list b/roles/Maat/files/aur.list
index 548f9af..36ce7d2 100644
--- a/roles/Maat/files/aur.list
+++ b/roles/Maat/files/aur.list
@@ -71,6 +71,7 @@ https://aur.archlinux.org/perl-php-serialization.git
 https://aur.archlinux.org/perl-sys-mmap.git
 https://aur.archlinux.org/perl-term-shellui.git
 https://aur.archlinux.org/php-pear.git
+https://aur.archlinux.org/php-zts.git
 https://aur.archlinux.org/pm-utils.git
 https://aur.archlinux.org/powerpanel.git
 https://aur.archlinux.org/python-aiohttp.git
diff --git a/roles/ShadowArch/tasks/main.yml b/roles/ShadowArch/tasks/main.yml
index 7258bb4..51dc3ae 100644
--- a/roles/ShadowArch/tasks/main.yml
+++ b/roles/ShadowArch/tasks/main.yml
@@ -84,9 +84,10 @@
   - name: Set up pacman.conf
     vars:
       ansible_become_password: "{{ passwords[inventory_hostname] }}"
+      ignorepkg: "{{ holdpackages | default('') }}"
     become: yes
-    copy:
-      src: pacman.conf
+    template:
+      src: pacman.conf.j2
       dest: /etc/pacman.conf
       owner: root
       group: root
diff --git a/roles/ShadowArch/files/pacman.conf b/roles/ShadowArch/templates/pacman.conf.j2
similarity index 99%
rename from roles/ShadowArch/files/pacman.conf
rename to roles/ShadowArch/templates/pacman.conf.j2
index 8405e03..6ce302b 100644
--- a/roles/ShadowArch/files/pacman.conf
+++ b/roles/ShadowArch/templates/pacman.conf.j2
@@ -23,7 +23,7 @@ CleanMethod = KeepCurrent
 Architecture = auto
 
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
-IgnorePkg = mediawiki
+IgnorePkg = {{ ignorepkg }}
 # IgnoreGroup =
 
 #NoUpgrade   =
diff --git a/roles/Sharingan/files/monit/checks/vips b/roles/Sharingan/files/monit/checks/vips
index 227c049..c2a0a67 100644
--- a/roles/Sharingan/files/monit/checks/vips
+++ b/roles/Sharingan/files/monit/checks/vips
@@ -25,5 +25,12 @@ check program https_singularity with path "/usr/lib/monitoring-plugins/check_htt
 check program https_wolfpack with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -H wolfpack.aninix.net"
     if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical wolfpack.aninix.net not reporting OK"
 
-#check program https_yggdrasil with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -u /web/index.html -H yggdrasil.aninix.net"
-#    if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical yggdrasil.aninix.net not reporting OK"
+check program https_yggdrasil with path "/usr/lib/monitoring-plugins/check_http --ssl -w 10 -c 10 -u /web/index.html -H yggdrasil.aninix.net"
+    every "* 6-23 * * *"
+    if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical yggdrasil.aninix.net not reporting OK"
+
+check program http_eyes with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H geth-eyes.msn0.aninix.net"
+    if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical geth-eyes HTTP not reporting OK"
+
+check program http_shadowfeed with path "/usr/lib/monitoring-plugins/check_http -w 10 -c 10 -u / -H shadowfeed.msn0.aninix.net"
+    if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical shadowfeed HTTP not reporting OK"
diff --git a/roles/Sharingan/files/monit/hostdefs/Sharingan b/roles/Sharingan/files/monit/hostdefs/Sharingan
index e81de7b..c3b9b60 100644
--- a/roles/Sharingan/files/monit/hostdefs/Sharingan
+++ b/roles/Sharingan/files/monit/hostdefs/Sharingan
@@ -1,3 +1,3 @@
 include "/etc/monit.d/checks/system"
 include "/etc/monit.d/checks/vips"
-
+include "/etc/monit.d/checks/availability"
diff --git a/roles/Sharingan/tasks/eval.yml b/roles/Sharingan/tasks/eval.yml
index 5541d76..72d2199 100644
--- a/roles/Sharingan/tasks/eval.yml
+++ b/roles/Sharingan/tasks/eval.yml
@@ -1,6 +1,11 @@
 ---
 
- - name: Sharingan-Eval service
+ - name: Generate monitoring from inventory
+   delegate_to: localhost
+   run_once: true
+   command: "python3 ../bin/generate-monitoring.py {{ inventory_file }}"
+
+ - name: Sharingan-Eval service copy
    become: yes
    register: eval_service
    copy:
@@ -55,5 +60,3 @@
      owner: root
      group: root
      mode: 0700
-
-
diff --git a/roles/Sharingan/tasks/heartbeat.yml b/roles/Sharingan/tasks/heartbeat.yml
index cac92b1..937f522 100644
--- a/roles/Sharingan/tasks/heartbeat.yml
+++ b/roles/Sharingan/tasks/heartbeat.yml
@@ -45,4 +45,3 @@
      name: syslog-ng@default.service
      state: stopped
      enabled: no
-
diff --git a/roles/Sharingan/tasks/main.yml b/roles/Sharingan/tasks/main.yml
index 2f9319b..8a1788b 100644
--- a/roles/Sharingan/tasks/main.yml
+++ b/roles/Sharingan/tasks/main.yml
@@ -12,4 +12,3 @@
 
  - import_tasks: ../roles/Sharingan/tasks/scans.yml
    when: ansible_os_family == "Archlinux"
-
diff --git a/roles/Sharingan/tasks/siem.yml b/roles/Sharingan/tasks/siem.yml
index 462b539..95cbb7a 100644
--- a/roles/Sharingan/tasks/siem.yml
+++ b/roles/Sharingan/tasks/siem.yml
@@ -5,7 +5,7 @@
    package:
      name:
        - elasticsearch
-       - mongodb
+       - mongodb44-bin # Temporarily pinned for extensions
        - graylog
      state: present
 
diff --git a/roles/WebServer/files/conf.d/Core/aaa_default.conf b/roles/WebServer/files/conf.d/Core/aaa_default.conf
index 0366743..c7a8297 100644
--- a/roles/WebServer/files/conf.d/Core/aaa_default.conf
+++ b/roles/WebServer/files/conf.d/Core/aaa_default.conf
@@ -27,7 +27,7 @@ server {
     location /martialarts/maqotw.xml {
         proxy_hide_header Content-Type;
         add_header content-type "application/atom+xml";
-        rewrite /martialarts/maqotw.xml /AniNIX/Wiki/raw/branch/main/rss/maqotw.xml;
+        rewrite /martialarts/maqotw.xml /MartialArts/Wiki/raw/branch/main/rss/maqotw.xml;
     }
 
     location /whatismyip {
diff --git a/roles/WebServer/files/conf.d/Core/cyberbrain.conf b/roles/WebServer/files/conf.d/Core/cyberbrain.conf
index bee3392..3d5179a 100755
--- a/roles/WebServer/files/conf.d/Core/cyberbrain.conf
+++ b/roles/WebServer/files/conf.d/Core/cyberbrain.conf
@@ -1,22 +1,46 @@
 server {
-    listen      443 ssl http2;
+    listen      443 ssl;
     server_name cyberbrain.aninix.net;
 
-    include sec.conf;
-    include default.csp.conf;
+    include local.conf;
 
-    location /
-    {
-      auth_basic "Cyberbrain";
-      auth_basic_user_file ../passwords/cyberbrain.htpasswd;
-      proxy_pass       http://127.0.0.1:8822;
-      proxy_http_version 1.1;
-      proxy_read_timeout 300;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection "upgrade";
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Real-PORT $remote_port;
+    root /usr/share/webapps/;
+
+    client_max_body_size 5m;
+    client_body_timeout 60;
+
+    include ../conf.d/fastcgi7.config;
+
+    location /mediawiki-gb/ {
+        try_files $uri $uri/ @rewrite;
+        rewrite ^/mediawiki-gb/(.*)$ /mediawiki/index.php?title=$1&$args;
+        rewrite ^$ /mediawiki-gb/Main_Page;
+        rewrite ^/$ /mediawiki-gb/Main_Page;
+        rewrite ^mediawiki-gb$ /mediawiki-gb/Main_Page;
+        rewrite ^mediawiki-gb/$ /mediawiki-gb/Main_Page;
+    }
+
+    location /mediawiki-ma/ {
+        try_files $uri $uri/ @rewrite;
+        rewrite ^/mediawiki-ma/(.*)$ /mediawiki/index.php?title=$1&$args;
+        rewrite ^$ /mediawiki-ma/Main_Page;
+        rewrite ^/$ /mediawiki-ma/Main_Page;
+        rewrite ^mediawiki-ma$ /mediawiki-ma/Main_Page;
+        rewrite ^mediawiki-ma/$ /mediawiki-ma/Main_Page;
+    }
+
+    location ^~ /maintenance/ {
+        return 403;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+        try_files $uri /mediawiki/index.php;
+        expires max;
+        log_not_found off;
+    }
+
+    location ^~ /cache/ {
+        deny all;
     }
 
     include letsencrypt.conf;
diff --git a/roles/WebServer/files/conf.d/Core/fastcgi7.config b/roles/WebServer/files/conf.d/Core/fastcgi7.config
deleted file mode 100644
index f989e96..0000000
--- a/roles/WebServer/files/conf.d/Core/fastcgi7.config
+++ /dev/null
@@ -1,13 +0,0 @@
-location ~ \.php$ {
-    try_files $fastcgi_script_name =404;
-
-    include fastcgi_params;
-
-    fastcgi_pass			unix:/run/php-fpm7/php-fpm.sock;
-    fastcgi_index			index.php;
-    fastcgi_buffers			8 16k;
-    fastcgi_buffer_size		32k;
-
-    fastcgi_param DOCUMENT_ROOT	$realpath_root;
-    fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
-}
diff --git a/roles/WebServer/files/conf.d/Core/lykos-wiki.conf b/roles/WebServer/files/conf.d/Core/lykos-wiki.conf
index 2c39edf..1b019ba 100644
--- a/roles/WebServer/files/conf.d/Core/lykos-wiki.conf
+++ b/roles/WebServer/files/conf.d/Core/lykos-wiki.conf
@@ -9,7 +9,7 @@ server {
     client_max_body_size 5m;
     client_body_timeout 60;
 
-    include ../conf.d/fastcgi7.config;
+    include ../conf.d/fastcgi.config;
 
     location / {
         try_files $uri $uri/ @rewrite;
diff --git a/roles/WebServer/files/conf/nginx.conf b/roles/WebServer/files/conf/nginx.conf
new file mode 100644
index 0000000..cde20d3
--- /dev/null
+++ b/roles/WebServer/files/conf/nginx.conf
@@ -0,0 +1,37 @@
+user  http;
+worker_processes  4;
+
+# Logs
+error_log              logs/error.log;
+error_log              logs/error.log notice;
+error_log              logs/error.log info;
+
+events {
+    worker_connections 1024;
+}
+
+
+http {
+
+    include            mime.types;
+    include            fastcgi.conf;
+    default_type       application/octet-stream;
+
+    server_tokens      off;
+    sendfile           on;
+    keepalive_timeout  65;
+    gzip               on;
+
+    # Redirect all HTTP to HTTPS
+    server {
+
+        listen 80      default_server;
+        listen [::]:80 default_server;
+        server_name    _;
+        location / {
+            return 301     https://$host$request_uri;
+        }
+    }
+
+    include            ../conf.d/*.conf;
+}
diff --git a/roles/WebServer/tasks/main.yml b/roles/WebServer/tasks/main.yml
index 8cea8af..2f9288c 100644
--- a/roles/WebServer/tasks/main.yml
+++ b/roles/WebServer/tasks/main.yml
@@ -35,12 +35,13 @@
  - name: Copy conf.d
    become: yes
    copy:
-     src: "conf.d/{{ inventory_hostname }}"
-     dest: /opt/openresty/nginx/conf.d
+     src: "conf.d/{{ inventory_hostname }}/"
+     dest: /opt/openresty/nginx/conf.d/
      owner: http
      group: http
      mode: 0660
      directory_mode: 0770
+     follow: true
    register: confd
 
  - name: Copy conf
@@ -51,17 +52,18 @@
      owner: http
      group: http
      mode: 0660
+     follow: true
    register: conf
 
  - name: Populate security config
    become: yes
    template:
-     src: sec.conf.j2
+     src: conf/sec.conf.j2
      dest: /opt/openresty/nginx/conf/sec.conf
      owner: http
      group: http
      mode: 0660
-  register: secconf
+   register: secconf
 
 
  - name: Ensure default openresty service file is off.