diff --git a/armbian/base_setup.md b/armbian/base_setup.md
index 8f90de7..32ed7ed 100644
--- a/armbian/base_setup.md
+++ b/armbian/base_setup.md
@@ -16,19 +16,31 @@ systemctl reboot
 
 ```
 
+## Install Useful Tools
+
+``` bash
+
+apt install htop nload iotop tmux screen vim nano links wget exfat-utils ntfs-3g gdisk lvm2 cryptsetup busybox
+
+```
+
+## ENABLE Automatic Update Download
+
+*Note: this is for more persistent/permanently online lollipops*
+
+### /etc/apt/apt.conf.d/02-armbian-periodic
+
+- Change ```APT::Periodic::Enable "0";``` to ```APT::Periodic::Enable "1";```
+- Change ```APT::Periodic::Update-Package-Lists "21";``` to ```APT::Periodic::Update-Package-Lists "1";```
+
 ## DISABLE Automatic Update Downloads
 
 *Note: this is to save bandwidth, time, etc when travelling*
 
-### /etc/apt/apt.conf.d/02periodic
-
-Change ```APT::Periodic::Enable "1";``` to ```APT::Periodic::Enable "0";```
-
 ### /etc/apt/apt.conf.d/20auto-upgrades
 
-Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
-
-Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
+- Change ```APT::Periodic::Update-Package-Lists "1";``` to ```APT::Periodic::Update-Package-Lists "0";```
+- Change ```APT::Periodic::Unattended-Upgrade "1";``` to ```APT::Periodic::Unattended-Upgrade "0";```
 
 ## Tweak OpenSSH Config
 
diff --git a/services/caddy.md b/armbian/caddy.md
similarity index 96%
rename from services/caddy.md
rename to armbian/caddy.md
index 6f74612..6b803c5 100644
--- a/services/caddy.md
+++ b/armbian/caddy.md
@@ -22,6 +22,10 @@ Please note the Docker plugin is for a *swarm* which is *not* setup in these doc
 mkdir /var/log/caddy
 mkdir -p /etc/caddy/services
 chown www-data /var/log/caddy /etc/caddy
+mkdir -p /var/www
+chown www-data /var/www
+mkdir /var/log/caddy
+chown www-data /var/log/caddy
 cat > /root/update_caddy.sh <<EOF
 curl https://getcaddy.com | bash -s personal http.cache,http.cgi,http.cors,http.expires,http.filemanager,http.ipfilter,http.locale,http.realip,http.upload,net
 EOF
diff --git a/armbian/chrony.md b/armbian/chrony.md
index 0a1df7e..e0f6083 100644
--- a/armbian/chrony.md
+++ b/armbian/chrony.md
@@ -15,9 +15,9 @@ Setup alternative ntp that does well with systems that may or may not always be
 apt update
 apt install chrony
 systemctl enable chrony # Enable service
+systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
 systemctl start chrony # Start service
 chronyc activity # Verify install successful
-systemctl disable ntp.service # Disable std ntpd (replaced by chrony)
 
 ```
 
@@ -34,11 +34,10 @@ allow 172.30.0.0/16
 # Allow large clock adjustments (you want this as there is no RTC on most SBCs)
 makestep 1 -1
 EOF
+systemctl restart chrony # Restart chrony to pickup config changes
 
 ```
 
-Run ```systemctl restart chrony``` to pickup the changes.
-
 ## Allow NTP access via internal/trusted networks
 
 ``` bash
diff --git a/armbian/cockpit.md b/armbian/cockpit.md
index a20ce1f..6cdcfe7 100644
--- a/armbian/cockpit.md
+++ b/armbian/cockpit.md
@@ -12,12 +12,12 @@ Further reading: [http://cockpit-project.org/running](http://cockpit-project.org
 
 #add-apt-repository ppa:cockpit-project/cockpit
 apt update
-apt install cockpit cockpit-doc \
-    cockpit-docker cockpit-networkmanager \
+apt install cockpit cockpit-doc cockpit-dashboard \
+    cockpit-docker cockpit-machines cockpit-networkmanager \
     cockpit-dashboard cockpit-system \
-    cockpit-storaged cockpit-packagekit
-systemctl enable cockpit
-systemctl start cockpit
+    cockpit-storaged cockpit-packagekit \
+    cockpit-system cockpit-ws \
+    packagekit-tools cracklib-runtime
 
 ```
 
diff --git a/armbian/docker.md b/armbian/docker.md
index c1284fa..ae1a363 100644
--- a/armbian/docker.md
+++ b/armbian/docker.md
@@ -5,7 +5,7 @@ Containerized services for easy deployment and updates.
 ## Inspiration / Further Reading
 
 - [https://docs.docker.com/install/](https://docs.docker.com/install/)
-- [https://docs.docker.com/install/linux/docker-ce/ubuntu/](https://docs.docker.com/install/linux/docker-ce/ubuntu/)
+- [https://docs.docker.com/install/linux/docker-ce/debian/](https://docs.docker.com/install/linux/docker-ce/debian/)
 - [https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/](https://blog.alexellis.io/get-started-with-docker-on-64-bit-arm/)
 
 ## Pre Flight Setup
@@ -17,10 +17,11 @@ Containerized services for easy deployment and updates.
 apt remove docker docker-engine docker.io
 apt install \
     apt-transport-https \
-    ca-certificates \
-    curl \
-    software-properties-common
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+     ca-certificates \
+     curl \
+     gnupg2 \
+     software-properties-common
+curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
 
 ```
 
@@ -29,7 +30,7 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
 ``` bash
 
 add-apt-repository \
-   "deb [arch=armhf] https://download.docker.com/linux/ubuntu \
+   "deb [arch=armhf] https://download.docker.com/linux/debian \
    $(lsb_release -cs) \
    stable"
 
@@ -40,7 +41,7 @@ add-apt-repository \
 ``` bash
 
 add-apt-repository \
-   "deb [arch=arm64] https://download.docker.com/linux/ubuntu \
+   "deb [arch=arm64] https://download.docker.com/linux/debian \
    $(lsb_release -cs) \
    stable"
 
@@ -62,12 +63,6 @@ systemctl enable docker
 
 If you have an external USB storage device always connected, you may want to move the contents of ```/var/lib/docker``` to somewhere on the external storage and use a symlink in place. This will help with churn on the internal micro-sd card and extend its life.
 
-## Create Container Script Dir
-
-For the containers detailed here, you'll want a dedicated directory for keeping the scripts/outputs.
-
-```mkdir /root/docker```
-
 ## Configure Docker Default Bridge
 
 Ensure the default Docker bridge doesn't conflict with existing networks.
diff --git a/armbian/firewalld.md b/armbian/firewalld.md
index 9ce49a1..d00440d 100644
--- a/armbian/firewalld.md
+++ b/armbian/firewalld.md
@@ -66,23 +66,6 @@ firewall-cmd --reload
 
 ```
 
-## Allow internal access to ssh
-
-``` bash
-
-# Remove ssh from public zone
-firewall-cmd --permanent --zone=public --remove-service=ssh
-# Add ssh to internal zone
-firewall-cmd --permanent --zone=internal --add-service ssh
-# Reload rules
-firewall-cmd --reload
-# Verify rules
-firewall-cmd --zone=public --list-all
-firewall-cmd --zone=internal --list-all
-
-```
-
-
 ## Useful Commands
 
 - ```firewall-cmd --state```
diff --git a/armbian/first_boot.md b/armbian/first_boot.md
index ff8dbfb..a038bc0 100644
--- a/armbian/first_boot.md
+++ b/armbian/first_boot.md
@@ -14,7 +14,7 @@ The rest of this guide assumes you'll be logged in as the admin user and will be
 
 Just in case you need reference material while offline or on a bad network link, mirror these docs to the root filesystem.
 
-```git clone https://gitlab.com/kemonine/lolipop_lan_cloud.git /root/lolipop_lan_cloud```
+```git clone https://git.lollipopcloud.solutions/lollipop-cloud/docs.git /root/docs```
 
 ## Disable root login
 
diff --git a/armbian/modem_manager.md b/armbian/modem_manager.md
index 9fd227a..b94191e 100644
--- a/armbian/modem_manager.md
+++ b/armbian/modem_manager.md
@@ -15,6 +15,7 @@ Setup an LTE/3G modem. You'll need to adapt this information to your specific mo
 - [https://forums.linuxmint.com/viewtopic.php?f=53&t=119342](https://forums.linuxmint.com/viewtopic.php?f=53&t=119342)
 - [https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/](https://bostonenginerd.com/posts/getting-the-t-mobile-jet-huawei-366-usb-modem-to-work-in-linux/)
 - [https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst](https://github.com/Robpol86/robpol86.com/blob/master/docs/raspberry_pi_project_fi.rst)
+- [https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/](https://blog.enchose.com/raspberry-pi-runs-ppp-dial-up-quectel-ec25-lte-modem/)
 
 ## On The Go Help
 
diff --git a/armbian/monitoring.md b/armbian/monitoring.md
index e46ef0c..45a2059 100644
--- a/armbian/monitoring.md
+++ b/armbian/monitoring.md
@@ -24,13 +24,8 @@ apt update
 apt install munin munin-node \
     munin-plugins-core munin-plugins-extra \
     libcgi-fast-perl
-vim /etc/munin/munin.conf
-vim /etc/munin/munin-node.conf
-vim /etc/munin/plugin-conf.d/*
-munin-node-configure --suggest 2>&1 | less
-munin-node-configure --shell 2>&1 | less
-systemcl restart munin-node
 systemctl enable munin-node
+systemcl restart munin-node
 
 ```
 
diff --git a/armbian/network_manager.md b/armbian/network_manager.md
index 9d9dddd..759bc0c 100644
--- a/armbian/network_manager.md
+++ b/armbian/network_manager.md
@@ -86,13 +86,13 @@ Some useful commands for adjusting connection/device status
 ``` bash
 
 apt update
-# Install additional deps
-apt install ebtables ipset
-# Install + add-ons
 apt install network-manager \
-    network-manager-openvpn network-manager-pptp
-systemctl enable NetworkManager # Enable the service
-systemctl start NetworkManager # Start the service
+    network-manager-openvpn network-manager-pptp \
+    ebtables ipset dnsmasq-base
+# Enable the service
+systemctl enable NetworkManager
+# Start the service
+systemctl start NetworkManager
 
 ```
 
@@ -100,7 +100,7 @@ systemctl start NetworkManager # Start the service
 
 By default Armbian sets up at least one network device "behind the scenes" and keeps it "outside" NetworkManager. Given we want to manage our Lollipop through NetworkManager, we need to make a small tweak.
 
-Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present.
+Edit ```/etc/network/interfaces``` and make sure eth0 directives aren't present. Also make sure the ```/etc/network/interfaces.d``` directory is empty.
 
 Reboot after above cleanup of interfaces file.
 
diff --git a/armbian/unbound.md b/armbian/unbound.md
index c6927a4..fab4270 100644
--- a/armbian/unbound.md
+++ b/armbian/unbound.md
@@ -18,7 +18,6 @@ curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache
 cat > /etc/unbound/root.key <<EOF
 . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
 EOF
-chown unbound /etc/unbound
 cat > /etc/unbound/unbound.conf <<EOF
 server:
     interface: 127.0.0.1
@@ -57,6 +56,7 @@ include: /etc/unbound/local_zone/*.conf
 
 EOF
 
+chown unbound /etc/unbound
 systemctl enable unbound
 systemctl start unbound
 
@@ -110,12 +110,6 @@ systemctl daemon-reload
 
 ```
 
-## Adjust NetworkManager Config
-
-Edit ```/etc/NetworkManager/NetworkManager.conf```
-
-Change the ```dns=``` line to be ```dns=127.0.0.1```
-
 ## Setup all WAN connections to use this for dns cache
 
 ### WiFi
diff --git a/armbian/vpn/pia.md b/armbian/vpn/pia.md
index 6ba4231..8a587cf 100644
--- a/armbian/vpn/pia.md
+++ b/armbian/vpn/pia.md
@@ -1,10 +1,8 @@
 # Private Internet Access (PIA)
 
-```TODO : INCOMPLETE```
-
 This is a **VERY** advanced topic with some creative tricks to simplify getting the config added to NetworkManager. You're on your own.
 
-The author *strongly* recommends reading through this and adapting to other services well ahead of any real need(s).
+The author *strongly* recommends reading through this and adapting/tuning well ahead of any real need(s).
 
 ## Inspiration / Sources
 
@@ -46,7 +44,7 @@ cd ..
 # OMIT Gnome item if you can get away with it...
 
 apt update
-apt install network-manager-openvpn network-manager-openvpn-gnome
+apt install network-manager-openvpn
 
 ```
 
@@ -89,6 +87,7 @@ nmcli con show
 vim /etc/NetworkManager/system-connections/[con_name]
 
 ```
+
 #### Adjustments/Necessary Verification
 
 ``` bash
diff --git a/armbian/vpn/vpn_autoconnect.md b/armbian/vpn/vpn_autoconnect.md
index 06588ab..9553cbe 100644
--- a/armbian/vpn/vpn_autoconnect.md
+++ b/armbian/vpn/vpn_autoconnect.md
@@ -29,7 +29,7 @@ echo "[uuid]" > /etc/autovpn/default
 
 # Get network names of ALL docker connections
 nmcli con show
-echo "[name1],[name2]" > /etc/autovpn/exclude
+echo "[uuid1],[uuid2]" > /etc/autovpn/exclude
 
 ```
 
diff --git a/hardware/rtc.md b/hardware/rtc.md
index a5bce0b..3b9e902 100644
--- a/hardware/rtc.md
+++ b/hardware/rtc.md
@@ -55,6 +55,7 @@ apt remove --purge fake-hwclock # purge the fake hwclock as we have a real one n
 cat > /etc/udev/rules.d/99-rtc1.rules <<EOF
 KERNEL=="rtc1", SUBSYSTEM=="rtc", DRIVER=="", ATTR{name}=="rtc-pcf8523 0-0068", SYMLINK="rtc", MODE="0666"
 EOF
+
 ```
 
 ## Internal RTC Adjustments
@@ -99,7 +100,6 @@ EOF
 systemctl daemon-reload
 systemctl enable rtc0-online
 
-
 ```
 
 ## External RTC On Boot
@@ -127,7 +127,7 @@ After=rtc0-online
 EOF
 
 systemctl daemon-reload
-systemctl
+systemctl enable rtc1-online
 
 ```
 
diff --git a/services/acme_sh.md b/services/acme_sh.md
index 0c93c8a..35d868b 100644
--- a/services/acme_sh.md
+++ b/services/acme_sh.md
@@ -38,8 +38,8 @@ Grab the acme.sh Dockerfile and update it to work with arm (32 or 64).
 
 ``` bash
 
-mkdir -p /root/docker/acme.sh
-cd /root/docker/acme.sh
+mkdir -p /scratch/docker/acme.sh
+cd /scratch/docker/acme.sh
 wget https://raw.githubusercontent.com/Neilpang/acme.sh/master/Dockerfile
 sed -i '1s/^/ARG ALPINE=alpine:3.6\n/' Dockerfile
 sed -i '/FROM/c\FROM $ALPINE' Dockerfile
@@ -54,7 +54,7 @@ Setup a basic update/run script with the adjusted upstream Dockerfile
 
 ``` bash
 
-cat > /root/docker/acme.sh/acme.sh <<EOF
+cat > /scratch/docker/acme.sh/acme.sh <<EOF
 #!/bin/bash
 
 LATEST=\`docker images --no-trunc acme.sh/acme.sh | awk '{print \$2}' | sort -r | head -n1\`
@@ -91,7 +91,7 @@ echo "Running build"
 docker build \\
     --network host \\
     --build-arg ALPINE=\$ALPINE \\
-    --file /root/docker/acme.sh/Dockerfile \\
+    --file /scratch/docker/acme.sh/Dockerfile \\
     --tag acme_sh/acme_sh:\$RELEASE \\
     .
 
@@ -112,13 +112,13 @@ docker run -itd  \\
 
 EOF
 
-chmod a+x /root/docker/acme.sh/acme.sh
+chmod a+x /scratch/docker/acme.sh/acme.sh
 
 ```
 
 ## First Run
 
-Run ```cd /root/docker/acme.sh && /root/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
+Run ```cd /scratch/docker/acme.sh && /scratch/docker/acme.sh/acme.sh``` to get the container online. The following commands will get your Let's Encrypt certificates created.
 
 *Note: The above script(s) setup the container to auto-run for auto-renew purposes. If you think you'll miss your renew window, force update the certs*
 
@@ -153,7 +153,7 @@ docker exec acme.sh \
 docker exec \
     -e CF_Email='[your cloudflare email]' \
     -e CF_Key='[your cloudflare api key]' \
-    acme.sh \
+    acme_sh \
     --issue \
     --cert-file /acme.sh/domain.tld/domain.tld.crt \
     --dns dns_cf \
@@ -172,7 +172,7 @@ docker exec \
 docker exec \
     -e CF_Email='[your cloudflare email]' \
     -e CF_Key='[your cloudflare api key]' \
-    acme.sh \
+    acme_sh \
     --renew-all \
     --force \
     --dns dns_cf \
@@ -184,7 +184,7 @@ docker exec \
 
 ``` bash
 
-docker exec acme.sh \
+docker exec acme_sh \
     --revoke \
     -d domain.tld \
     -d pi-hole-gui.domain.tld \
diff --git a/services/borg.md b/services/borg.md
index 9bb1224..2ef544e 100644
--- a/services/borg.md
+++ b/services/borg.md
@@ -10,29 +10,31 @@ The BETTER backup solution.
 
 ## Install
 
-Note this is built using sources (kinda). May take awhile on most arm boards.
+*Note: we are downloading pre-built borg images from the main lollipop cloud servers in this step instead of building it from scratch*
+
+### arm32v7 boards
 
 ``` bash
 
-# install build dependencies
-apt update
-apt install python-setuptools python3-setuptools \
-    python3 python3-dev python3-pip python-virtualenv \
-    libssl-dev openssl \
-    libacl1-dev libacl1 \
-    build-essential \
-    libfuse-dev fuse pkg-config
-pip3 install borgbackup[fuse]
+wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm32v7-debian-stretch
 
 ```
 
-## Upgrades
+### arm64v8 boards
 
-Per the docs
+``` bash
 
-> To upgrade Borg to a new version later, run the following after activating your virtual environment:
+wget -O /usr/local/bin/borg https://dl.lollipopcloud.solutions/api/download/borg/borg-1.1.7-arm64v8-debian-stretch
 
-```pip install -U borgbackup[fuse]```
+```
+
+### All boards
+
+``` bash
+
+chmod a+x /usr/local/bin/borg
+
+```
 
 ## Initialize Backup Repo
 
diff --git a/services/pi_hole.md b/services/pi_hole.md
index b4ffacb..f8977e1 100644
--- a/services/pi_hole.md
+++ b/services/pi_hole.md
@@ -32,7 +32,7 @@ Full docs on run time parms can be found in the Pi Hole [docs (link)](https://gi
 ``` bash
 
 mkdir /var/pihole /var/pihole/data /var/pihole/dnsmasq.d
-cat > /root/docker/pi-hole.sh <<EOF
+cat > /scratch/docker/pi-hole.sh <<EOF
 #!/bin/bash
 
 ARCH=\`arch\`
@@ -42,14 +42,13 @@ UPSTREAM=""
 if [ \$ARCH == "aarch64" ]
 then
     echo "64bit arm"
-    UPSTREAM="diginc/pi-hole-multiarch:debian_aarch64"
+    UPSTREAM="registry.lollipopcloud.solutions/arm64v8/pi-hole:v3.3"
 else
     echo "32bit arm"
-    UPSTREAM="diginc/pi-hole-multiarch:debian_armhf"
+    UPSTREAM="registry.lollipopcloud.solutions/arm32v7/pi-hole:v3.3"
 fi
 
 echo "Updating"
-
 docker pull \$UPSTREAM
 
 # Cleanup existing container
@@ -74,13 +73,13 @@ docker run \\
 
 EOF
 
-chmod a+x /root/docker/pi-hole.sh
+chmod a+x /scratch/docker/pi-hole.sh
 
 ```
 
 ## Run Pi Hole
 
-Simply execute ```/root/docker/pi-hole.sh``` to update/run Pi Hole.
+Simply execute ```/scratch/docker/pi-hole.sh``` to update/run Pi Hole.
 
 ## Update LAN(s) to Use Pi Hole
 
diff --git a/services/searx.md b/services/searx.md
index c76540f..493133f 100644
--- a/services/searx.md
+++ b/services/searx.md
@@ -16,34 +16,25 @@ Setup a generic script that'll auto update Searx, build a container and launch i
 
 mkdir -p /var/searx
 chown root:root /var/searx
-mkdir -p /root/docker/searx
-git clone https://github.com/asciimoo/searx.git /root/docker/searx/src
-
-cat > /root/docker/searx/searx.sh << EOF
+mkdir -p /scratch/docker/searx
+cat > /scratch/docker/searx/searx.sh << EOF
 #!/bin/bash
 
-cd /root/docker/searx/src
-git checkout Dockerfile
-git fetch
-LATESTTAG=\`git describe --abbrev=0 --tags\`
-git checkout \$LATESTTAG
-
 ARCH=\`arch\`
+UPSTREAM=""
 
 # Cleanup arch/container image here
 if [ \$ARCH == "aarch64" ]
 then
     echo "64bit arm"
-    sed -i 's_alpine:3.5_arm64v8/alpine:3.5_g' Dockerfile
+    UPSTREAM="registry.lollipopcloud.solutions/arm64v8/searx:v0.14.0"
 else
     echo "32bit arm"
-    sed -i 's_alpine:3.5_arm32v6/alpine:3.5_g' Dockerfile
+    UPSTREAM="registry.lollipopcloud.solutions/arm32v7/searx:v0.14.0"
 fi
 
-docker build \\
-    --file ./Dockerfile \\
-    --tag searx/searx:\$LATESTTAG \\
-    .
+echo "Updating"
+docker pull \$UPSTREAM
 
 # Cleanup existing container
 docker stop searx
@@ -58,16 +49,16 @@ docker run \\
     -e TZ=UTC \\
     -e DEBUG=1 \\
     -e BASE_URL=searx.domain.tld \\
-    searx/searx:\$LATESTTAG
+    \$UPSTREAM
 EOF
 
-chmod a+x /root/docker/searx/searx.sh
+chmod a+x /scratch/docker/searx/searx.sh
 
 ```
 
 ## Run Searx
 
-Simply execute ```/root/docker/searx/searx.sh``` to update/run Gogs.
+Simply execute ```/scratch/docker/searx/searx.sh``` to update/run Gogs.
 
 ## Serving Via Caddy