diff --git a/inventory/hosts.yml b/inventory/hosts.yml
index f560f43..1c926c4 100644
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@@ -9,9 +9,7 @@ all:
         lap-s76-lemp9-0.desu.ltd:
     db:
       hosts:
-        db1.test.desu.ltd:
-          ansible_host: 192.168.122.169
+        psql1.desu.ltd:
     web:
       hosts:
-        web1.test.desu.ltd:
-          ansible_host: 192.168.122.62
+        web1.desu.ltd:
diff --git a/site.yml b/site.yml
index 188bf20..01426ce 100755
--- a/site.yml
+++ b/site.yml
@@ -30,20 +30,19 @@
       become: yes
       tags: [ desktop, zerotier ]
   # Database servers
-- hosts: db1.test.desu.ltd
+- hosts: psql1.desu.ltd
   roles:
     - role: postgresql
       vars:
         postgresql_global_config_options:
           - option: listen_addresses
-            value: "*"
+            value: 192.168.164.156
         postgresql_hba_entries:
           - { type: local, database: all, user: postgres, auth_method: peer }
           - { type: local, database: all, user: all, auth_method: peer }
           - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
           - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
-          # Just allow all access on this block.
-          # When rolling out to our new env, I'll allow by particular IP alone
+            # Used for internal access from other nodes
           - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
         postgresql_users:
           - name: gitea
@@ -58,91 +57,110 @@
       become: yes
       tags: [ db, psql ]
   # Webservers
-- hosts: web1.test.desu.ltd
-  roles:
-    - role: apache
-      vars:
-        apache_remove_default_vhost: yes
-        apache_packages_state: latest
-        apache_mods_enabled:
-          - ssl.load
-          - proxy.load
-          - proxy_http.load
-          - rewrite.load
-        apache_vhosts:
-          - servername: git.test.desu.ltd
-            extra_parameters: |
-              ProxyPreserveHost On
-              ProxyRequests Off
-              ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
-          - servername: nc.test.desu.ltd
-            documentroot: /var/www/html/nextcloud
-          - servername: test.desu.ltd
-            documentroot: /var/www/html/desu.ltd
-      become: yes
-      tags: [ web, apache ]
-    - role: php
-      vars:
-        php_memory_limit: 512M
-        php_packages_extra:
-          - libapache2-mod-php
-          - php-zip # For Nextcloud
-          - php-intl
-          - php-imagick
-          - php-redis
-          - php-bcmath
-          - php-gmp
-          - php-pgsql # For general DB stuff
-        # Nextcloud recommended opcache settings
-        php_opcache_max_accelerated_files: 10000
-        php_opcache_memory_consumption: 128
-        php_opcache_revalidate_freq: 2
-      become: yes
-      tags: [ web, php ]
-    - role: git
-      vars:
-        git_repos:
-          - repo: https://git.9iron.club/salt/desultd
-            dest: /var/www/html/desu.ltd
-      become: yes
-      tags: [ web, git ]
-    - role: nextcloud
-      vars:
-        nextcloud_admin_user: admin
-        nextcloud_admin_pass: foobar
-        nextcloud_version: 19
-        nextcloud_urls:
-          - http://nc.test.desu.ltd:80
-        nextcloud_config:
-          system:
-            trusted_domains:
-              "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
-        nextcloud_database:
-          backend: pgsql
-          name: nextcloud
-          user: nextcloud
-          pass: "{{ secret_nextcloud_db_pass }}"
-          host: 192.168.122.169
-          port: 5432
-      become: yes
-      tags: [ web, nextcloud ]
-    - role: gitea
-      vars:
-        # Look and feel
-        gitea_app_name: "Git Desu"
-        # Core config
-        gitea_db_type: postgres
-        gitea_db_host: 192.168.122.169:5432
-        gitea_db_name: gitea
-        gitea_db_user: gitea
-        gitea_db_password: "{{ secret_gitea_db_pass }}"
-        gitea_http_domain: git.test.desu.ltd
-        gitea_oauth2_enabled: no
-        gitea_root_url: http://git.test.desu.ltd
-        gitea_shell: "/bin/bash"
-        gitea_ssh_domain: git.test.desu.ltd
-        gitea_ssh_port: 22
-        gitea_start_ssh: no
-        gitea_user: git
-      become: yes
-      tags: [ web, gitea ]
+
+# NOTE: This whole stanza has been commented out pending resolution of https://github.com/ansible/ansible/issues/71528
+# Currently, no release packages this fix. I NEED that fix out to work around this bug in 20.04
+
+#- hosts: web1.desu.ltd
+#  roles:
+#    - role: certbot
+#      vars:
+#        certbot_admin_email: rehashedsalt@cock.li
+#        certbot_create_if_missing: yes
+#        certbot_create_method: standalone
+#        certbot_create_standalone_stop_services:
+#          - apache2
+#        certbot_certs:
+#          - domains:
+#              - desu.ltd
+#              - git.desu.ltd
+#              - nc.desu.ltd
+#              - web1.desu.ltd
+#      become: yes
+#      tags: [ web, certbot ]
+#    - role: apache
+#      vars:
+#        apache_remove_default_vhost: yes
+#        apache_packages_state: latest
+#        apache_mods_enabled:
+#          - ssl.load
+#          - proxy.load
+#          - proxy_http.load
+#          - rewrite.load
+#        apache_vhosts:
+#          - servername: git.test.desu.ltd
+#            extra_parameters: |
+#              ProxyPreserveHost On
+#              ProxyRequests Off
+#              ProxyPass / http://127.0.0.1:3000/ nocanon retry=1
+#          - servername: nc.test.desu.ltd
+#            documentroot: /var/www/html/nextcloud
+#          - servername: test.desu.ltd
+#            documentroot: /var/www/html/desu.ltd
+#      become: yes
+#      tags: [ web, apache ]
+#    - role: php
+#      vars:
+#        php_memory_limit: 512M
+#        php_packages_extra:
+#          - libapache2-mod-php
+#          - php-zip # For Nextcloud
+#          - php-intl
+#          - php-imagick
+#          - php-redis
+#          - php-bcmath
+#          - php-gmp
+#          - php-pgsql # For general DB stuff
+#        # Nextcloud recommended opcache settings
+#        php_opcache_max_accelerated_files: 10000
+#        php_opcache_memory_consumption: 128
+#        php_opcache_revalidate_freq: 2
+#      become: yes
+#      tags: [ web, php ]
+#    - role: git
+#      vars:
+#        git_repos:
+#          - repo: https://git.9iron.club/salt/desultd
+#            dest: /var/www/html/desu.ltd
+#      become: yes
+#      tags: [ web, git ]
+#    - role: nextcloud
+#      vars:
+#        nextcloud_admin_user: admin
+#        nextcloud_admin_pass: foobar
+#        nextcloud_version: 19
+#        nextcloud_urls:
+#          - http://nc.test.desu.ltd:80
+#        nextcloud_config:
+#          system:
+#            trusted_domains:
+#              "{{ nextcloud_urls | map('urlsplit', 'hostname') | list }}"
+#        nextcloud_database:
+#          backend: pgsql
+#          name: nextcloud
+#          user: nextcloud
+#          pass: "{{ secret_nextcloud_db_pass }}"
+#          host: 192.168.122.169
+#          port: 5432
+#      become: yes
+#      tags: [ web, nextcloud ]
+#    - role: gitea
+#      vars:
+#        # Look and feel
+#        gitea_app_name: "Git Desu"
+#        # Core config
+#        gitea_db_type: postgres
+#        gitea_db_host: 192.168.122.169:5432
+#        gitea_db_name: gitea
+#        gitea_db_user: gitea
+#        gitea_db_password: "{{ secret_gitea_db_pass }}"
+#        gitea_http_domain: git.test.desu.ltd
+#        gitea_oauth2_enabled: no
+#        gitea_root_url: http://git.test.desu.ltd
+#        gitea_shell: "/bin/bash"
+#        gitea_ssh_domain: git.test.desu.ltd
+#        gitea_ssh_port: 22
+#        gitea_start_ssh: no
+#        gitea_user: git
+#      become: yes
+#      tags: [ web, gitea ]