diff --git a/README.rst b/README.rst
index c41da38c0f760ef472e663167ea379cb6ab4b116..e6fcc14a1f9ead2c65223a69b59366457db36ee8 100644
--- a/README.rst
+++ b/README.rst
@@ -10,14 +10,14 @@ Debian Jessie.
 
 Role Variables
 --------------
+::
 
-git_directory: The directory to be created and used for all git repositories
-served.
+    git_directory: /srv/git #The directory to be created and used for all git repositories served.
 
 Dependencies
 ------------
 
-None.
+The common role from https://www.shore.co.il/cgit/ansible-common/
 
 Example Playbook
 ----------------
@@ -49,6 +49,7 @@ Repository is located at: https://www.shore.co.il/cgit/ansible-cgit
 todo
 ----
 
-- File a bug in Debian for using the wrong location of rst2html.
 - Add pre-commit hooks.
 - Consider adding gitolite.
+- Output log (cgit?, apache) to syslog.
+- Collectd metrics.
diff --git a/meta/main.yml b/meta/main.yml
index 36fffcc73471095159d8b6c9e2c061e29d8607cb..a8e0051f4c2977a8bb88287d84cdff3f243c8496 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,138 +1,15 @@
 ---
 galaxy_info:
   author: Nimrod Adar
-  description: cgit
+  description: cgit provisioning for Debian Jessie.
   company: Shore technologies
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
   license: MIT
   min_ansible_version: 1.2
-  #
-  # Below are all platforms currently available. Just uncomment
-  # the ones that apply to your role. If you don't see your
-  # platform on this list, let us know and we'll get it added!
-  #
   platforms:
-  #- name: EL
-  #  versions:
-  #  - all
-  #  - 5
-  #  - 6
-  #  - 7
-  #- name: GenericUNIX
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Fedora
-  #  versions:
-  #  - all
-  #  - 16
-  #  - 17
-  #  - 18
-  #  - 19
-  #  - 20
-  #  - 21
-  #  - 22
-  #- name: Windows
-  #  versions:
-  #  - all
-  #  - 2012R2
-  #- name: SmartOS
-  #  versions:
-  #  - all
-  #  - any
-  #- name: opensuse
-  #  versions:
-  #  - all
-  #  - 12.1
-  #  - 12.2
-  #  - 12.3
-  #  - 13.1
-  #  - 13.2
-  #- name: Amazon
-  #  versions:
-  #  - all
-  #  - 2013.03
-  #  - 2013.09
-  #- name: GenericBSD
-  #  versions:
-  #  - all
-  #  - any
-  #- name: FreeBSD
-  #  versions:
-  #  - all
-  #  - 8.0
-  #  - 8.1
-  #  - 8.2
-  #  - 8.3
-  #  - 8.4
-  #  - 9.0
-  #  - 9.1
-  #  - 9.1
-  #  - 9.2
-  #- name: Ubuntu
-  #  versions:
-  #  - all
-  #  - lucid
-  #  - maverick
-  #  - natty
-  #  - oneiric
-  #  - precise
-  #  - quantal
-  #  - raring
-  #  - saucy
-  #  - trusty
-  #  - utopic
-  #  - vivid
-  #- name: SLES
-  #  versions:
-  #  - all
-  #  - 10SP3
-  #  - 10SP4
-  #  - 11
-  #  - 11SP1
-  #  - 11SP2
-  #  - 11SP3
-  #- name: GenericLinux
-  #  versions:
-  #  - all
-  #  - any
   - name: Debian
     versions:
-  #  - all
-  #  - etch
     - jessie
-  #  - lenny
-  #  - squeeze
-  #  - wheezy
-  #
-  # Below are all categories currently available. Just as with
-  # the platforms above, uncomment those that apply to your role.
-  #
-  #categories:
-  #- cloud
-  #- cloud:ec2
-  #- cloud:gce
-  #- cloud:rax
-  #- clustering
-  #- database
-  #- database:nosql
-  #- database:sql
-  #- development
-  #- monitoring
-  #- networking
-  #- packaging
-  #- system
-  #- web
+  categories:
+  - development
+  - system
 dependencies: []
-  # List your role dependencies here, one per line.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
diff --git a/requirements.txt b/requirements.txt
deleted file mode 100644
index 416634f5288f7f60a9b9f68eb63afd0bed3443a2..0000000000000000000000000000000000000000
--- a/requirements.txt
+++ /dev/null
@@ -1 +0,0 @@
-pre-commit
diff --git a/tasks/main.yml b/tasks/main.yml
index a57977587852e271fe12457541099efe840ffffc..3ffec812ed19a89ddcf00d8beff7fbb44c4e6cb2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 # tasks file for ansible-cgit
-- name: Install packages
+
+- name: apt install
   apt:
       name: '{{ item }}'
       state: present
@@ -11,21 +12,34 @@
       - git
       - apache2
       - python-docutils
+      - cron
 
-- name: Enable mod-cgi
-  notify:
-      - Restart Apache
+- name: Enable Apache modules
   apache2_module:
-      name: cgi
+      name: '{{ item }}'
       state: present
+  notify:
+      - Restart Apache
+  with_items:
+    - cgi
+    - ssl
+
+- name: Disable default Apache site
+  file:
+    path: /etc/apache2/sites-enabled/000-default.conf
+    state: absent
+  notify:
+    - Restart Apache
 
-- name: Add configuration for cgit css
+- name: Add cgit Apache site
   template:
-      src: cgit-css.conf.j2
-      dest: /etc/apache2/conf-enabled/cgit-css.conf
-      owner: root
-      group: root
-      mode: '0644'
+    src: cgit.conf.j2
+    dest: /etc/apache2/sites-enabled/cgit.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+    - Restart Apache
 
 - name: Create git repostories directory
   file:
@@ -35,7 +49,8 @@
       mode: '0777'
       state: directory
 
-- name: Add symlink for rst2html (hack)
+- name: Add symlink for rst2html (hack, fixed in Stretch)
+  when: ansible_distribution_major_version < 9
   file:
       src: /usr/share/docutils/scripts/python2/rst2html
       dest: /usr/local/bin/rst2html.py
@@ -91,3 +106,17 @@
       - line: 'readme=:install.txt'
       - line: 'readme=:INSTALL'
       - line: 'readme=:install'
+
+- name: Configure firewall
+  ufw:
+    rule: allow
+    port: 443
+    proto: tcp
+
+- name: Add daily backup job
+  template:
+    src: cgit.j2
+    dest: /etc/cron.daily/cgit
+    owner: root
+    group: root
+    mode: '0755'
diff --git a/templates/cgit-css.conf.j2 b/templates/cgit-css.conf.j2
deleted file mode 100644
index 32fa1665bb4666cae3f5124a3fa5ce0b7779bc4e..0000000000000000000000000000000000000000
--- a/templates/cgit-css.conf.j2
+++ /dev/null
@@ -1 +0,0 @@
-Alias /cgit/css "/usr/share/cgit/"
diff --git a/templates/cgit.conf.j2 b/templates/cgit.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..502ccc0b44acf0a7a934d418da15dd7392adc732
--- /dev/null
+++ b/templates/cgit.conf.j2
@@ -0,0 +1,13 @@
+<VirtualHost _default_:443>
+    DocumentRoot            /usr/share/cgit
+    Alias                   /css "/usr/share/cgit"
+    SSLEngine               on
+    SSLCertificateFile      {{ internal_tls_cert }}
+    SSLCertificateKeyFile   {{ internal_tls_key }}
+    SSLProtocol             all -SSLv2 -SSLv3
+    SSLCipherSuite          !kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1;
+    SSLHonorCipherOrder     on
+    SSLCompression          off
+    ErrorLog                ${APACHE_LOG_DIR}/error.log
+    CustomLog               ${APACHE_LOG_DIR}/access.log combined
+</virtualHost>
diff --git a/templates/cgit.j2 b/templates/cgit.j2
new file mode 100644
index 0000000000000000000000000000000000000000..aa8ef8a706b614800f7660972caea1525077a06d
--- /dev/null
+++ b/templates/cgit.j2
@@ -0,0 +1,3 @@
+#!/bin/sh -e
+cd {{ git_directory|dirname }}
+tar -cf /var/backups/git.tar.gz {{ git_directory|basename }}