diff --git a/TODO.md b/TODO.md
index 441e26f..8da1549 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,26 +1,5 @@
-## Install tarball
-
 ### clean known_host doesnt work
 
-### install from tarball example:
-
-```yaml
-- name: "If jdk not exists then only download and unarchive"
-  unarchive:
-    src: "https://download.oracle.com/java/17/latest/jdk-17_linux-aarch64_bin.tar.gz"
-    dest: /opt/
-    remote_src: yes
-    creates: /opt/jdk-17
-  register: foo
-- name: "Rename if download happens "
-  command: mv /opt/jdk-17_linux-arch64 /opt/jdk-17
-  when: foo.changed == True
-```
-
-### Cleanup release snapshot
-
-- remove pkg function from root .bashrc
-
 ## Add quota config and enable/configure rctl
 
-## Add MOTD
+## Add bsdnix manpage (into pub jail)
diff --git a/deploy.yaml b/deploy.yaml
index 7c87dd1..d19a22b 100644
--- a/deploy.yaml
+++ b/deploy.yaml
@@ -12,4 +12,5 @@
     - role: firewall
     - role: ssh
     - role: jails
-    - role: pub
+    - role: chat
+    #- role: pub
diff --git a/group_vars/all/all.yaml b/group_vars/all/all.yaml
index 0a4dd13..84d408c 100644
--- a/group_vars/all/all.yaml
+++ b/group_vars/all/all.yaml
@@ -12,6 +12,10 @@ packages:
   - go122
   - git
 
+versions:
+  - program: go122
+    link: go
+  
 # used by bastille to build a base
 release: 14.2-RELEASE
 
diff --git a/roles/chat/files/devzat b/roles/chat/files/devzat
index f713ab8..d96ad7e 100644
--- a/roles/chat/files/devzat
+++ b/roles/chat/files/devzat
@@ -1,20 +1,23 @@
 #!/bin/sh
 
+#
+# PROVIDE: devzat
+# REQUIRE: networking
+# KEYWORD:
+
 . /etc/rc.subr
 
-name=devzat
-rcvar=devzat_enable 
+name="devzat"
+rcvar="devzat_enable"
+devzat_user="nobody"
+devzat_command="/usr/local/sbin/devzat"
+pidfile="/tmp/${name}.pid"
+command="/usr/sbin/daemon"
+command_args="-P ${pidfile} ${devzat_command}"
+devzat_config="/usr/local/etc/devzat.yml"
 
-start_cmd="${name}_start"
-stop_cmd=":"
-
-load_rc_config $name 
-: ${devzat_enable:=no} 
-: ${devzat_config="/usr/local/etc/devzat.yml"}
-: ${devzat_daemon="/usr/local/sbin/devzat"}
-
-devzat_start() {
-    DEVZAT_CONFIG="${devzat_config}" ${devzat_daemon}
-}
+load_rc_config $name
+: ${devzat_enable:=no}
 
+export DEVZAT_CONFIG="${devzat_config}"
 run_rc_command "$1"
diff --git a/roles/chat/files/devzat.yml b/roles/chat/files/devzat.yml
index 5527a5b..a2cb3f4 100644
--- a/roles/chat/files/devzat.yml
+++ b/roles/chat/files/devzat.yml
@@ -1,14 +1,14 @@
 # what port to host a server on ($PORT overrides this)
-port: 22
+port: 2222
 
 # what port to host profiling on (unimportant)
 profile_port: 5555
 
 # where to store data such as bans and logs
-data_dir: /var/run/devzat-data
+data_dir: /home/devzat/devzat-data
 
 # where the SSH private key is stored
-key_file: /var/run/devzat-sshkey
+key_file: /home/devzat/devzat-sshkey
 
 # whether to censor messages (optional)
 censor: false
diff --git a/roles/chat/tasks/main.yaml b/roles/chat/tasks/main.yaml
index b272203..fecd91e 100644
--- a/roles/chat/tasks/main.yaml
+++ b/roles/chat/tasks/main.yaml
@@ -1,8 +1,12 @@
 ---
+# we do NOT use:
+# git clone https://github.com/quackduck/devzat
+# but our own fork where we patched the torlist stuff away.
+# see: https://github.com/quackduck/devzat/issues/246
 - name: build devzat
   shell: |
     cd /tmp
-    git clone https://github.com/quackduck/devzat
+    git clone https://github.com/tlinden/devzat
     cd /tmp/devzat
     go build
   
@@ -39,6 +43,7 @@
   copy:
     src: devzat
     dest: "/usr/local/bastille/templates/services/{{ role_name }}/usr/local/etc/rc.d/"
+    mode: '0755'
 
 - name: create jail
   shell: "bastille create -B {{ role_name }} {{ release }} {{ chatip.stdout }}/64 bridge0"
diff --git a/roles/chat/templates/Bastillefile.j2 b/roles/chat/templates/Bastillefile.j2
index 6d46e2f..85b4755 100644
--- a/roles/chat/templates/Bastillefile.j2
+++ b/roles/chat/templates/Bastillefile.j2
@@ -6,4 +6,10 @@ SYSRC tmpmfs=AUTO
 SYSRC clear_tmp_enable=YES
 SYSRC devzat_enable=YES
 
+CMD if test -l /home; then rm /home; fi
+CMD mkdir -p /home
+FSTAB /home home nullfs rw 0 0
+
+CMD install -d -o nobody -m 700 /home/devzat
+
 SERVICE devzat start
diff --git a/roles/pub/tasks/main.yaml b/roles/pub/tasks/main.yaml
index b74da96..14161c5 100644
--- a/roles/pub/tasks/main.yaml
+++ b/roles/pub/tasks/main.yaml
@@ -46,6 +46,11 @@
   template:
     src: resolv.conf.j2
     dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/resolv.conf"
+
+- name: copy hosts file
+  template:
+    src: hosts.j2
+    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/hosts"
     
 - name: create jail
   shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
diff --git a/roles/pub/templates/hosts.j2 b/roles/pub/templates/hosts.j2
new file mode 100644
index 0000000..6e3e5ee
--- /dev/null
+++ b/roles/pub/templates/hosts.j2
@@ -0,0 +1,13 @@
+::1                     localhost localhost.my.domain
+127.0.0.1               localhost localhost.my.domain
+
+# https://danwin1210.de/github-ipv6-proxy.php
+2a01:4f8:c010:d56::2 github.com
+2a01:4f8:c010:d56::3 api.github.com
+2a01:4f8:c010:d56::4 codeload.github.com
+2a01:4f8:c010:d56::5 objects.githubusercontent.com
+2a01:4f8:c010:d56::6 ghcr.io
+2a01:4f8:c010:d56::7 pkg.github.com npm.pkg.github.com maven.pkg.github.com nuget.pkg.github.com rubygems.pkg.github.com
+2a01:4f8:c010:d56::8 uploads.github.com
+
+{{ chatip.stdout }} chat chat.bsdnix.de kobayashi kobayashi.bsdnix.de
diff --git a/roles/server/files/hosts b/roles/server/files/hosts
new file mode 100644
index 0000000..1540ba8
--- /dev/null
+++ b/roles/server/files/hosts
@@ -0,0 +1,11 @@
+::1                     localhost localhost.my.domain
+127.0.0.1               localhost localhost.my.domain
+
+# https://danwin1210.de/github-ipv6-proxy.php
+2a01:4f8:c010:d56::2 github.com
+2a01:4f8:c010:d56::3 api.github.com
+2a01:4f8:c010:d56::4 codeload.github.com
+2a01:4f8:c010:d56::5 objects.githubusercontent.com
+2a01:4f8:c010:d56::6 ghcr.io
+2a01:4f8:c010:d56::7 pkg.github.com npm.pkg.github.com maven.pkg.github.com nuget.pkg.github.com rubygems.pkg.github.com
+2a01:4f8:c010:d56::8 uploads.github.com
diff --git a/roles/server/tasks/main.yaml b/roles/server/tasks/main.yaml
index d83cf84..050a3bf 100644
--- a/roles/server/tasks/main.yaml
+++ b/roles/server/tasks/main.yaml
@@ -4,6 +4,10 @@
     state: present
     name: "{{ packages }}"
 
+- name: Create program symlinks
+  shell: "ln -sf /usr/local/bin/{{ item.program }} /usr/local/bin/{{ item.link }}"
+  loop: "{{ versions }}"
+    
 # FIXME: remove the symlink in the next release snapshot
 - name: Remove old home sym link
   shell: |
@@ -90,6 +94,14 @@
     group: wheel
     mode: '0644'
 
+- name: Install /etc/hosts file
+  copy:
+    src: hosts
+    dest: /etc/hosts
+    owner: root
+    group: wheel
+    mode: '0644'
+    
 - name: Install jlogin
   copy:
     src: jlogin