diff --git a/README.rst b/README.rst
index 4411eb5ed0b147dce92b683341b9634725ac0731..cc6d6c69de67abeadd0e96186079a7ce0b072dd0 100644
--- a/README.rst
+++ b/README.rst
@@ -23,7 +23,7 @@ Getting started
 
     git clone --recursive https://www.shore.co.il/cgit/ansible-playbooks
     cd ansible-playbooks
-    ansible-galaxy install -r requirements.yml
+    ansible-galaxy install --role-file requirements.yml --roles-path roles/
     vagrant up
 
 License
@@ -43,14 +43,5 @@ at: https://www.shore.co.il/cgit/.
 TODO
 ----
 
-- CI test with ServerSpec/ Molecule.
-- Fast (like unit) testing with ansible-lint, maybe other linters (pre-commit).
-- Better documentation and handling of role dependencies.
-- Add example requirements.yml to roles README file.
-- For all roles:
-  - Add email alias to root.
-  - Log to syslog.
-  - Collect metrics using Collectd.
-  - Use TLS and random, high bit count dhparams.
-  - Use assertions at the start of the role.
-  - Wait for the service to be up at the end of the role.
+- CI with Molecule.
+- Sanity test with pre-commit.
diff --git a/Vagrantfile b/Vagrantfile
index 1bbe216449127b8d687a743df3e520b8a9fa7d71..08792c27555a3ff85992918f13080824c26fa457 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -20,8 +20,9 @@ Vagrant.configure(2) do |config|
     openbsd.vm.network "private_network", ip: "172.28.128.3"
     openbsd.landrush.guest_redirect_dns = false
     openbsd.landrush.host_ip_address = "172.28.128.3"
-    openbsd.vm.box = "tmatilai/openbsd-5.7"
-    #openbsd.vm.box = "twingly/openbsd-5.7-amd64"
+    #openbsd.vm.box = "tmatilai/openbsd-5.7"
+    #openbsd.vm.box = "twingly/openbsd-5.8-amd64"
+    openbsd.vm.box = "kaorimatz/openbsd-5.8-amd64"
   end
 
   config.vm.define "kodi" do |kodi|
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..e95fc3a06970dd016f5a8fd6057ca3082dd01654
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,20 @@
+[defaults]
+command_warnings = True
+deprecation_warnings = True
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = /tmp/ansible_fact_cache/
+fact_caching_timeout = 86400
+forks = 5
+retry_files_save_path = /tmp/
+roles_path = roles/
+
+[ssh_connection]
+pipelining = True
+control_path=/tmp/ssh-%%h
+
+[privilege_escalation]
+become = True
+become_method = sudo
+become_user = root
+become_ask_pass = False
diff --git a/host_vars/wordpress b/host_vars/wordpress
index 77bca6dc62897070ab6b08d7302b996b98193d1a..958384e6a03382f4a6a8be474e6c76e94d52c049 100644
--- a/host_vars/wordpress
+++ b/host_vars/wordpress
@@ -1,8 +1,9 @@
-mysql_root_password: root
+backports: True
+mysql_admin_password: root
 wordpress_mysql_server: localhost
 wordpress_force_https: True
 wordpress_password: wordpress
-wordpress_mysql_user: root
+wordpress_mysql_user: admin
 wordpress_mysql_password: root
 tls_cert: files/Ansible.vagrant/certs/wordpress
 tls_key: files/Ansible.vagrant/keys/wordpress
diff --git a/nspawn.yml b/nspawn.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8b9cdaa858adb043c2197cbec25ae89e9d43ec70
--- /dev/null
+++ b/nspawn.yml
@@ -0,0 +1,3 @@
+---
+- hosts: ns3
+  roles: [ nspawn ]
diff --git a/requirements.yml b/requirements.yml
index b1b05a1e4c7a4f6294b5fa4230a28b38b7a71523..279a07b1c170fc35bb10a0575ca405203ff1698a 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,101 +1,76 @@
 ---
-- src: https://www.shore.co.il/cgit/ansible-apache
+- src: https://www.shore.co.il/git/ansible-role-apache
   scm: git
-  path: roles/
   name: apache
-- src: https://www.shore.co.il/cgit/ansible-rutorrent
+- src: https://www.shore.co.il/git/ansible-role-rutorrent
   scm: git
-  path: roles/
   name: rutorrent
-- src: https://www.shore.co.il/cgit/ansible-kodi
+- src: https://www.shore.co.il/git/ansible-role-kodi
   scm: git
-  path: roles/
   name: kodi
-- src: https://www.shore.co.il/cgit/ansible-nspawn
+- src: https://www.shore.co.il/git/ansible-role-nspawn
   scm: git
-  path: roles/
   name: nspawn
-- src: https://www.shore.co.il/cgit/ansible-openbsd
+- src: https://www.shore.co.il/git/ansible-role-openbsd
   scm: git
-  path: roles/
   name: openbsd
-- src: https://www.shore.co.il/cgit/ansible-wordpress
+- src: https://www.shore.co.il/git/ansible-role-wordpress
   scm: git
-  path: roles/
   name: wordpress
-- src: https://www.shore.co.il/cgit/ansible-openldap
+- src: https://www.shore.co.il/git/ansible-role-openldap
   scm: git
-  path: roles/
   name: openldap
-- src: https://www.shore.co.il/cgit/ansible-common
+- src: https://www.shore.co.il/git/ansible-role-common
   scm: git
-  path: roles/
   name: common
-- src: https://www.shore.co.il/cgit/ansible-consul
+- src: https://www.shore.co.il/git/ansible-role-consul
   scm: git
-  path: roles/
   name: consul
-- src: https://www.shore.co.il/cgit/ansible-dovecot
+- src: https://www.shore.co.il/git/ansible-role-dovecot
   scm: git
-  path: roles/
   name: dovecot
-- src: https://www.shore.co.il/cgit/ansible-ejabberd
+- src: https://www.shore.co.il/git/ansible-role-ejabberd
   scm: git
-  path: roles/
   name: ejabberd
-- src: https://www.shore.co.il/cgit/ansible-elasticsearch
+- src: https://www.shore.co.il/git/ansible-role-elasticsearch
   scm: git
-  path: roles/
   name: elasticsearch
-- src: https://www.shore.co.il/cgit/ansible-exim
+- src: https://www.shore.co.il/git/ansible-role-exim
   scm: git
-  path: roles/
   name: exim
-- src: https://www.shore.co.il/cgit/ansible-freeradius
+- src: https://www.shore.co.il/git/ansible-role-freeradius
   scm: git
-  path: roles/
   name: freeradius
-- src: https://www.shore.co.il/cgit/ansible-grafana
+- src: https://www.shore.co.il/git/ansible-role-grafana
   scm: git
-  path: roles/
   name: grafana
-- src: https://www.shore.co.il/cgit/ansible-horde
+- src: https://www.shore.co.il/git/ansible-role-horde
   scm: git
-  path: roles/
   name: horde
-- src: https://www.shore.co.il/cgit/ansible-influxdb
+- src: https://www.shore.co.il/git/ansible-role-influxdb
   scm: git
-  path: roles/
   name: influxdb
-- src: https://www.shore.co.il/cgit/ansible-kibana
+- src: https://www.shore.co.il/git/ansible-role-kibana
   scm: git
-  path: roles/
   name: kibana
-- src: https://www.shore.co.il/cgit/ansible-logstash
+- src: https://www.shore.co.il/git/ansible-role-logstash
   scm: git
-  path: roles/
   name: logstash
-- src: https://www.shore.co.il/cgit/ansible-mysql
+- src: https://www.shore.co.il/git/ansible-role-mysql
   scm: git
-  path: roles/
   name: mysql
-- src: https://www.shore.co.il/cgit/ansible-openwrt
+- src: https://www.shore.co.il/git/ansible-role-openwrt
   scm: git
-  path: roles/
   name: openwrt
-- src: https://www.shore.co.il/cgit/ansible-owncloud
+- src: https://www.shore.co.il/git/ansible-role-owncloud
   scm: git
-  path: roles/
   name: owncloud
-- src: https://www.shore.co.il/cgit/ansible-riemann
+- src: https://www.shore.co.il/git/ansible-role-riemann
   scm: git
-  path: roles/
   name: riemann
-- src: https://www.shore.co.il/cgit/ansible-redis
+- src: https://www.shore.co.il/git/ansible-role-redis
   scm: git
-  path: roles/
   name: redis
-- src: https://www.shore.co.il/cgit/ansible-gitolite
+- src: https://www.shore.co.il/git/ansible-role-gitolite
   scm: git
-  path: roles/
   name: gitolite