diff --git a/.gitignore b/.gitignore
index 2136b81..57dbed0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,6 @@
 .idea/
 *.iml
 terraform/.secrets
-terraform_ghost/.secrets
-terraform/.tunnel
 **/*.tfplan
 **/*.tfstate*
 **/.terraform.lock.hcl
diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index 87e2b56..694ecb9 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,10 +1,11 @@
 $ANSIBLE_VAULT;1.1;AES256
-66313862303134613964336532616465383364643134316563653537323236353132616161623730
-3763626335633066393138346662363334393735663231640a656137633834326237663162363339
-30343661373936646337653133623263346665383538643164653534646232613862346234373438
-3863653739373862350a383937623630303236376333373562656437663566623361653863623764
-62373931356462303138363634346663313665303162333533636265623166386637653434633636
-30646337373865323330363839346437643164376231613033643331633031643865356266383766
-64326536303762653839633431653831303637353235383033336337303437333264396138613835
-38633464373665666562616439646436373637373339393334346366336435366636663035653862
-3831
+64373166313661333439396231393635313637376338396133616439306261336132346266313661
+3565633934333833333632626664393362326139653466650a356433383231346135363931393432
+61373565366466316661333035633866333163616261383931356638303231363561386636623438
+6230653739643830380a323964383161643334353938646634613366393631633666333431636231
+66613264373739643439666530313736313864616331333234346161376534336337613234323466
+31633438363434316162663930366163336534303062386538313739666266373939656263373466
+62383863316563373331393762336563333838383231656634366137396637646630626662346262
+30653566303564356337653839643865656162323339663162386436343932373765333166646130
+36613261626238626130633834333762643333303138643934363566313665373634313634376239
+3037636237393031623932373765616564363235346234366630
diff --git a/hosts.yml b/hosts.yml
new file mode 100644
index 0000000..4b8ff5f
--- /dev/null
+++ b/hosts.yml
@@ -0,0 +1,9 @@
+---
+all:
+  hosts:
+    server1:
+      ansible_become_pass: "{{ server1_become_pass }}"
+    server2:
+      ansible_become_pass: "{{ server2_become_pass }}"
+  vars:
+    ansible_user: zoe
diff --git a/roles/flarum/files/composer_installer.sh b/roles/flarum/files/composer_installer.sh
index 5dc7420..76e8115 100644
--- a/roles/flarum/files/composer_installer.sh
+++ b/roles/flarum/files/composer_installer.sh
@@ -11,7 +11,7 @@ then
     exit 1
 fi
 
-php composer-setup.php --quiet  --install-dir /usr/bin
+php composer-setup.php --quiet  --install-dir=/usr/bin --filename=composer
 RESULT=$?
 rm composer-setup.php
 exit $RESULT
diff --git a/roles/flarum/files/nginx.conf b/roles/flarum/files/nginx.conf
index 8d558dc..7d322e2 100644
--- a/roles/flarum/files/nginx.conf
+++ b/roles/flarum/files/nginx.conf
@@ -15,9 +15,37 @@ server {
   ssl_certificate     /etc/nginx/flarum.bubblesthebunny.com/fullchain.pem;
   ssl_certificate_key /etc/nginx/flarum.bubblesthebunny.com/privkey.pem;
 
-  root /home/flarum/flarum/public
+  root /var/www/flarum/public;
+  index index.php index.html index.htm;
+
+  location ~ \.php$ {
+      include fastcgi_params;
+#       fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+#       fastcgi_param  SERVER_SOFTWARE    nginx;
+#       fastcgi_param  QUERY_STRING       $query_string;
+#       fastcgi_param  REQUEST_METHOD     $request_method;
+#       fastcgi_param  CONTENT_TYPE       $content_type;
+#       fastcgi_param  CONTENT_LENGTH     $content_length;
+#       fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+#       fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+#       fastcgi_param  REQUEST_URI        $request_uri;
+#       fastcgi_param  DOCUMENT_URI       $document_uri;
+#       fastcgi_param  DOCUMENT_ROOT      /home/flarum/flarum/public;
+#       fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+#       fastcgi_param  REMOTE_ADDR        $remote_addr;
+#       fastcgi_param  REMOTE_PORT        $remote_port;
+#       fastcgi_param  SERVER_ADDR        $server_addr;
+#       fastcgi_param  SERVER_PORT        $server_port;
+#       fastcgi_param  SERVER_NAME        $server_name;
+      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+      fastcgi_split_path_info ^(.+\.php)(/.+)$;
+      add_header x-debug $document_root$fastcgi_script_name always;
+      fastcgi_pass  127.0.0.1:9000;
+  }
+
   # Pass requests that don't refer directly to files in the filesystem to index.php
   location / {
+    index index.php;
     try_files $uri $uri/ /index.php?$query_string;
   }
 
diff --git a/roles/flarum/tasks/add_to_cloudflare_tunnel.yml b/roles/flarum/tasks/add_to_cloudflare_tunnel.yml
index 650bddd..62664c9 100644
--- a/roles/flarum/tasks/add_to_cloudflare_tunnel.yml
+++ b/roles/flarum/tasks/add_to_cloudflare_tunnel.yml
@@ -2,8 +2,8 @@
 - name: Add Cloudflare Tunnel route
   become: yes
   lineinfile:
-    path: /etc/cloudflared/config.yaml
-    regexp: "- hostname: flarum\.bubblesthebunny\.com[\W]*service: https:\/\/localhost:8544"
+    path: /etc/cloudflared/config.yml
+    regexp: "- hostname: flarum\\.bubblesthebunny\\.com[\\W]*service: https:\\/\\/localhost:8544"
     line: |-
       - hostname: flarum.bubblesthebunny.com
         service: https://localhost:8544
diff --git a/roles/flarum/tasks/main.yml b/roles/flarum/tasks/main.yml
index 732a132..fb494ec 100644
--- a/roles/flarum/tasks/main.yml
+++ b/roles/flarum/tasks/main.yml
@@ -16,27 +16,100 @@
 - name: Create Flarum install dir
   become: yes
   file:
-    path: /home/flarum/flarum
+    path: /var/www/flarum
     state: directory
     owner: flarum
     group: flarum
+    mode: 0750
 - name: Install PHP
   become: yes
   zypper:
     name: php81
     state: latest
+- name: Install PHP-FPM
+  become: yes
+  zypper:
+    name: php81-fpm
+    state: latest
+- name: Install PHP OpenSSL
+  become: yes
+  zypper:
+    name: php81-openssl
+    state: latest
+- name: Install PHP Phar
+  become: yes
+  zypper:
+    name: php81-phar
+    state: latest
+- name: Install PHP iconv
+  become: yes
+  zypper:
+    name: php81-iconv
+    state: latest
+- name: Install PHP mbstring
+  become: yes
+  zypper:
+    name: php81-mbstring
+    state: latest
+- name: Install PHP PDO
+  become: yes
+  zypper:
+    name: php81-pdo
+    state: latest
+- name: Install PHP FileInfo
+  become: yes
+  zypper:
+    name: php81-fileinfo
+    state: latest
+- name: Install PHP DOM
+  become: yes
+  zypper:
+    name: php81-dom
+    state: latest
+- name: Install PHP Curl
+  become: yes
+  zypper:
+    name: php81-curl
+    state: latest
+- name: Install PHP GD
+  become: yes
+  zypper:
+    name: php81-gd
+    state: latest
+- name: Install PHP pdo_mysql
+  become: yes
+  zypper:
+    name: php81-pdo-mysql
+    state: latest
+- name: Install PHP tokenizer
+  become: yes
+  zypper:
+    name: php81-tokenizer
+    state: latest
 - name: Install Composer
   become: yes
   script:
-    command: composer_installer.sh
-    creates: /usr/bin/composer
+    cmd: composer_installer.sh
+- name: Update sudoers
+  become: yes
+  community.general.sudoers:
+    name: zoe-do-as-flarum
+    state: present
+    user: zoe
+    runas: flarum
+    commands: ALL
 - name: Create Flarum project
   become: yes
   become_user: flarum
   community.general.composer:
     command: create-project
     arguments: flarum/flarum .
-    working-dir: /home/flarum/flarum
+    working_dir: /var/www/flarum
+- name: Start fpm
+  become: yes
+  systemd:
+    name: php-fpm
+    state: restarted
 - name: Setup Nginx
   import_tasks: setup_nginx.yml
 - name: Add to CloudflareD tunnel
diff --git a/roles/flarum/tasks/setup_mariadb.yml b/roles/flarum/tasks/setup_mariadb.yml
new file mode 100644
index 0000000..7f10077
--- /dev/null
+++ b/roles/flarum/tasks/setup_mariadb.yml
@@ -0,0 +1,37 @@
+---
+- name: Update sudoers
+  become: yes
+  community.general.sudoers:
+    name: zoe-do-as-mysql
+    state: present
+    user: zoe
+    runas: mysql
+    commands: ALL
+- name: Install MariaDB Server
+  become: yes
+  package:
+    name: mariadb
+    state: latest
+- name: Start MariaDB server
+  become: yes
+  systemd:
+    name: mariadb
+    enabled: yes
+    state: started
+- name: Update root password for MariaDB
+  become: yes
+  become_user: mysql
+  mysql_user:
+    name: flarum_user
+    login_user: mysql
+    #    login_password: "{{ mariadb_root_pass }}"
+    password: "{{ flarum_db_pass }}"
+    state: present
+    priv: "*.*:ALL"
+- name: Create flarum database
+  become: yes
+  become_user: mysql
+  mysql_db:
+    name: flarum
+    login_user: flarum_user
+    login_password: "{{ flarum_db_pass }}"
diff --git a/roles/flarum/tasks/setup_nginx.yml b/roles/flarum/tasks/setup_nginx.yml
index d513ab3..1a71185 100644
--- a/roles/flarum/tasks/setup_nginx.yml
+++ b/roles/flarum/tasks/setup_nginx.yml
@@ -20,6 +20,11 @@
     owner: nginx
     group: nginx
     mode: 0640
+- name: Add Nginx user to Flarum group
+  become: yes
+  user:
+    name: nginx
+    groups: flarum
 - name: Copy nginx.conf
   become: yes
   copy: