diff --git a/manuscript/CHANGELOG.md b/manuscript/CHANGELOG.md
index 9405c12..c625ca3 100644
--- a/manuscript/CHANGELOG.md
+++ b/manuscript/CHANGELOG.md
@@ -2,25 +2,25 @@
 
 ## Subscribe to updates
 
-* Email : Sign up [here](http://eepurl.com/dfx95n) (double-opt-in) to receive email updates on new and improve recipes!
+<script src="https://f.convertkit.com/ckjs/ck.5.js"></script>
+<form action="https://app.convertkit.com/forms/1413027/subscriptions" class="seva-form formkit-form" method="post" data-sv-form="1413027" data-uid="20249aa846" data-format="inline" data-version="5" data-options="{&quot;settings&quot;:{&quot;after_subscribe&quot;:{&quot;action&quot;:&quot;message&quot;,&quot;success_message&quot;:&quot;Success! Now check your email to confirm your subscription.&quot;,&quot;redirect_url&quot;:&quot;&quot;},&quot;analytics&quot;:{&quot;google&quot;:null,&quot;facebook&quot;:null,&quot;segment&quot;:null,&quot;pinterest&quot;:null},&quot;modal&quot;:{&quot;trigger&quot;:&quot;timer&quot;,&quot;scroll_percentage&quot;:null,&quot;timer&quot;:5,&quot;devices&quot;:&quot;all&quot;,&quot;show_once_every&quot;:15},&quot;powered_by&quot;:{&quot;show&quot;:true,&quot;url&quot;:&quot;https://convertkit.com?utm_source=dynamic&amp;utm_medium=referral&amp;utm_campaign=poweredby&amp;utm_content=form&quot;},&quot;recaptcha&quot;:{&quot;enabled&quot;:true},&quot;return_visitor&quot;:{&quot;action&quot;:&quot;custom_content&quot;,&quot;custom_content&quot;:&quot;You're subscribed!&quot;},&quot;slide_in&quot;:{&quot;display_in&quot;:&quot;bottom_right&quot;,&quot;trigger&quot;:&quot;timer&quot;,&quot;scroll_percentage&quot;:null,&quot;timer&quot;:5,&quot;devices&quot;:&quot;all&quot;,&quot;show_once_every&quot;:15},&quot;sticky_bar&quot;:{&quot;display_in&quot;:&quot;top&quot;,&quot;trigger&quot;:&quot;timer&quot;,&quot;scroll_percentage&quot;:null,&quot;timer&quot;:5,&quot;devices&quot;:&quot;all&quot;,&quot;show_once_every&quot;:15}},&quot;version&quot;:&quot;5&quot;}" min-width="400 500 600 700 800" style="background-color: rgb(249, 250, 251); border-radius: 4px;"><div class="formkit-background" style="opacity: 0.2;"></div><div data-style="minimal"><div class="formkit-header" data-element="header" style="color: rgb(77, 77, 77); font-size: 27px; font-weight: 700;"><h1><span style="color:rgb(74, 74, 74)"><strong>Notify me 🔔</strong></span></h1></div><div class="formkit-subheader" data-element="subheader" style="color: rgb(104, 104, 104); font-size: 18px;"><p><span style="color:rgb(74, 74, 74)">Be the first to know when recipes are added / improved!</span></p></div><ul class="formkit-alert formkit-alert-error" data-element="errors" data-group="alert"></ul><div data-element="fields" data-stacked="true" class="seva-fields formkit-fields"><div class="formkit-field"><input class="formkit-input" aria-label="Your first name" name="fields[first_name]" placeholder="Your first name" type="text" style="color: rgb(0, 0, 0); border-color: rgb(227, 227, 227); border-radius: 4px; font-weight: 400;"></div><div class="formkit-field"><input class="formkit-input" name="email_address" placeholder="Your email address" required="" type="email" style="color: rgb(0, 0, 0); border-color: rgb(227, 227, 227); border-radius: 4px; font-weight: 400;"></div><button data-element="submit" class="formkit-submit formkit-submit" style="color: rgb(255, 255, 255); background-color: rgb(0, 0, 0); border-radius: 4px; font-weight: 400;"><div class="formkit-spinner"><div></div><div></div><div></div></div><span>Send me new recipes!</span></button></div><div class="formkit-guarantee" data-element="guarantee" style="color: rgb(77, 77, 77); font-size: 13px; font-weight: 400;"><p>We won't send you spam. Unsubscribe at any time. No monkey-business.</p></div><a href="https://convertkit.com?utm_source=dynamic&amp;utm_medium=referral&amp;utm_campaign=poweredby&amp;utm_content=form" class="formkit-powered-by" data-element="powered-by" target="_blank" rel="noopener noreferrer">Powered By ConvertKit</a></div><style>.formkit-form[data-uid="20249aa846"] *{box-sizing:border-box;}.formkit-form[data-uid="20249aa846"]{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;}.formkit-form[data-uid="20249aa846"] legend{border:none;font-size:inherit;margin-bottom:10px;padding:0;position:relative;display:table;}.formkit-form[data-uid="20249aa846"] fieldset{border:0;padding:0.01em 0 0 0;margin:0;min-width:0;}.formkit-form[data-uid="20249aa846"] body:not(:-moz-handler-blocked) fieldset{display:table-cell;}.formkit-form[data-uid="20249aa846"] h1,.formkit-form[data-uid="20249aa846"] h2,.formkit-form[data-uid="20249aa846"] h3,.formkit-form[data-uid="20249aa846"] h4,.formkit-form[data-uid="20249aa846"] h5,.formkit-form[data-uid="20249aa846"] h6{color:inherit;font-size:inherit;font-weight:inherit;}.formkit-form[data-uid="20249aa846"] p{color:inherit;font-size:inherit;font-weight:inherit;}.formkit-form[data-uid="20249aa846"] ol:not([template-default]),.formkit-form[data-uid="20249aa846"] ul:not([template-default]),.formkit-form[data-uid="20249aa846"] blockquote:not([template-default]){text-align:left;}.formkit-form[data-uid="20249aa846"] p:not([template-default]),.formkit-form[data-uid="20249aa846"] hr:not([template-default]),.formkit-form[data-uid="20249aa846"] blockquote:not([template-default]),.formkit-form[data-uid="20249aa846"] ol:not([template-default]),.formkit-form[data-uid="20249aa846"] ul:not([template-default]){color:inherit;font-style:initial;}.formkit-form[data-uid="20249aa846"][data-format="modal"]{display:none;}.formkit-form[data-uid="20249aa846"][data-format="slide in"]{display:none;}.formkit-form[data-uid="20249aa846"][data-format="sticky bar"]{display:none;}.formkit-sticky-bar .formkit-form[data-uid="20249aa846"][data-format="sticky bar"]{display:block;}.formkit-form[data-uid="20249aa846"] .formkit-input,.formkit-form[data-uid="20249aa846"] .formkit-select,.formkit-form[data-uid="20249aa846"] .formkit-checkboxes{width:100%;}.formkit-form[data-uid="20249aa846"] .formkit-button,.formkit-form[data-uid="20249aa846"] .formkit-submit{border:0;border-radius:5px;color:#ffffff;cursor:pointer;display:inline-block;text-align:center;font-size:15px;font-weight:500;cursor:pointer;margin-bottom:15px;overflow:hidden;padding:0;position:relative;vertical-align:middle;}.formkit-form[data-uid="20249aa846"] .formkit-button:hover,.formkit-form[data-uid="20249aa846"] .formkit-submit:hover,.formkit-form[data-uid="20249aa846"] .formkit-button:focus,.formkit-form[data-uid="20249aa846"] .formkit-submit:focus{outline:none;}.formkit-form[data-uid="20249aa846"] .formkit-button:hover > span,.formkit-form[data-uid="20249aa846"] .formkit-submit:hover > span,.formkit-form[data-uid="20249aa846"] .formkit-button:focus > span,.formkit-form[data-uid="20249aa846"] .formkit-submit:focus > span{background-color:rgba(0,0,0,0.1);}.formkit-form[data-uid="20249aa846"] .formkit-button > span,.formkit-form[data-uid="20249aa846"] .formkit-submit > span{display:block;-webkit-transition:all 300ms ease-in-out;transition:all 300ms ease-in-out;padding:12px 24px;}.formkit-form[data-uid="20249aa846"] .formkit-input{background:#ffffff;font-size:15px;padding:12px;border:1px solid #e3e3e3;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;line-height:1.4;margin:0;-webkit-transition:border-color ease-out 300ms;transition:border-color ease-out 300ms;}.formkit-form[data-uid="20249aa846"] .formkit-input:focus{outline:none;border-color:#1677be;-webkit-transition:border-color ease 300ms;transition:border-color ease 300ms;}.formkit-form[data-uid="20249aa846"] .formkit-input::-webkit-input-placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] .formkit-input::-moz-placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] .formkit-input:-ms-input-placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] .formkit-input::placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"]{position:relative;display:inline-block;width:100%;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"]::before{content:"";top:calc(50% - 2.5px);right:10px;position:absolute;pointer-events:none;border-color:#4f4f4f transparent transparent transparent;border-style:solid;border-width:6px 6px 0 6px;height:0;width:0;z-index:999;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"] select{height:auto;width:100%;cursor:pointer;color:#333333;line-height:1.4;margin-bottom:0;padding:0 6px;-webkit-appearance:none;-moz-appearance:none;appearance:none;font-size:15px;padding:12px;padding-right:25px;border:1px solid #e3e3e3;background:#ffffff;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"] select:focus{outline:none;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"]{text-align:left;margin:0;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"]{margin-bottom:10px;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] *{cursor:pointer;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"]:last-of-type{margin-bottom:0;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"]{display:none;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"] + label::after{content:none;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"]:checked + label::after{border-color:#ffffff;content:"";}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"]:checked + label::before{background:#10bf7a;border-color:#10bf7a;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label{position:relative;display:inline-block;padding-left:28px;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::before,.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::after{position:absolute;content:"";display:inline-block;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::before{height:16px;width:16px;border:1px solid #e3e3e3;background:#ffffff;left:0px;top:3px;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::after{height:4px;width:8px;border-left:2px solid #4d4d4d;border-bottom:2px solid #4d4d4d;-webkit-transform:rotate(-45deg);-ms-transform:rotate(-45deg);transform:rotate(-45deg);left:4px;top:8px;}.formkit-form[data-uid="20249aa846"] .formkit-alert{background:#f9fafb;border:1px solid #e3e3e3;border-radius:5px;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;list-style:none;margin:25px auto;padding:12px;text-align:center;width:100%;}.formkit-form[data-uid="20249aa846"] .formkit-alert:empty{display:none;}.formkit-form[data-uid="20249aa846"] .formkit-alert-success{background:#d3fbeb;border-color:#10bf7a;color:#0c905c;}.formkit-form[data-uid="20249aa846"] .formkit-alert-error{background:#fde8e2;border-color:#f2643b;color:#ea4110;}.formkit-form[data-uid="20249aa846"] .formkit-spinner{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:0px;width:0px;margin:0 auto;position:absolute;top:0;left:0;right:0;width:0px;overflow:hidden;text-align:center;-webkit-transition:all 300ms ease-in-out;transition:all 300ms ease-in-out;}.formkit-form[data-uid="20249aa846"] .formkit-spinner > div{margin:auto;width:12px;height:12px;background-color:#fff;opacity:0.3;border-radius:100%;display:inline-block;-webkit-animation:formkit-bouncedelay-formkit-form-data-uid-20249aa846- 1.4s infinite ease-in-out both;animation:formkit-bouncedelay-formkit-form-data-uid-20249aa846- 1.4s infinite ease-in-out both;}.formkit-form[data-uid="20249aa846"] .formkit-spinner > div:nth-child(1){-webkit-animation-delay:-0.32s;animation-delay:-0.32s;}.formkit-form[data-uid="20249aa846"] .formkit-spinner > div:nth-child(2){-webkit-animation-delay:-0.16s;animation-delay:-0.16s;}.formkit-form[data-uid="20249aa846"] .formkit-submit[data-active] .formkit-spinner{opacity:1;height:100%;width:50px;}.formkit-form[data-uid="20249aa846"] .formkit-submit[data-active] .formkit-spinner ~ span{opacity:0;}.formkit-form[data-uid="20249aa846"] .formkit-powered-by[data-active="false"]{opacity:0.35;}@-webkit-keyframes formkit-bouncedelay-formkit-form-data-uid-20249aa846-{0%,80%,100%{-webkit-transform:scale(0);-ms-transform:scale(0);transform:scale(0);}40%{-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1);}}@keyframes formkit-bouncedelay-formkit-form-data-uid-20249aa846-{0%,80%,100%{-webkit-transform:scale(0);-ms-transform:scale(0);transform:scale(0);}40%{-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1);}}.formkit-form[data-uid="20249aa846"] blockquote{padding:10px 20px;margin:0 0 20px;border-left:5px solid #e1e1e1;} .formkit-form[data-uid="20249aa846"]{border:1px solid #e3e3e3;max-width:700px;position:relative;overflow:hidden;}.formkit-form[data-uid="20249aa846"] .formkit-background{width:100%;height:100%;position:absolute;top:0;left:0;background-size:cover;background-position:center;opacity:0.3;}.formkit-form[data-uid="20249aa846"] [data-style="minimal"]{padding:20px;width:100%;position:relative;}.formkit-form[data-uid="20249aa846"] .formkit-header{margin:0 0 27px 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-subheader{margin:18px 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-guarantee{font-size:13px;margin:10px 0 15px 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-guarantee > p{margin:0;}.formkit-form[data-uid="20249aa846"] .formkit-powered-by{color:#7d7d7d;display:block;font-size:12px;margin:10px 0 0 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-fields{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;margin:25px auto 0 auto;}.formkit-form[data-uid="20249aa846"] .formkit-field{min-width:220px;}.formkit-form[data-uid="20249aa846"] .formkit-field,.formkit-form[data-uid="20249aa846"] .formkit-submit{margin:0 0 15px 0;-webkit-flex:1 0 100%;-ms-flex:1 0 100%;flex:1 0 100%;}.formkit-form[data-uid="20249aa846"][min-width~="600"] [data-style="minimal"]{padding:40px;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"]{margin-left:-5px;margin-right:-5px;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-field,.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-submit{margin:0 5px 15px 5px;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-field{-webkit-flex:100 1 auto;-ms-flex:100 1 auto;flex:100 1 auto;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-submit{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;} </style></form>
+
+Also available via:
+
 * Mastodon: https://mastodon.social/@geekcookbook_changes
 * RSS: https://mastodon.social/@geekcookbook_changes.rss
 * The #changelog channel in our [Discord server](http://chat.funkypenguin.co.nz)
 
-## Recent additions to work-in-progress
-
-* Kubernetes recipes for UniFi controller, Miniflux, Kanboard and PrivateBin coming in March! (_19 Mar 2019_)
-
 ## Recently added recipes
+
 * Overhauled [Ceph (Shared Storage)](https://geek-cookbook.funkypenguin.co.nz/ha-docker-swarm/shared-storage-ceph/) recipe for Ceph Octopus (v15) (_25 May 2020_) 
 * Added recipe for making your own [DIY Kubernetes Cluster](/kubernetes/diycluster/) (_14 December 2019_)
 * Added recipe for [authenticating Traefik Forward Auth against KeyCloak](/ha-docker-swarm/traefik-forward-auth/keycloak/) (_16 May 2019_)
 * Added [Bitwarden](/recipes/bitwarden/), an **awesome** open-source password manager, with great mobile sync support (_14 May 2019_)
-* Added [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/), replacing function of multiple [oauth_proxies](/reference/oauth_proxy/) with a single, 7MB Go application, which can authenticate against Google, [KeyCloak](/recipes/keycloak/), and other OIDC providers (_10 May 2019_)
 
 ## Recent improvements
 
+* Updated [Traefik Forward Auth](/ha-docker-swarm/traefik-forward-auth/) for latest @thomseddon image (_11 Jun 2020_)
 * Added recipe for [automated snapshots of Kubernetes Persistent Volumes](/kubernetes/snapshots/), instructions for using [Helm](/kubernetes/helm/), and recipe for deploying [Traefik](/kubernetes/traefik/), which completes the Kubernetes cluster design! (_9 Feb 2019_)
 * Added detailed description (_and diagram_) of our [Kubernetes design](/kubernetes/design/), plus a [simple load-balancer design](kubernetes/loadbalancer/) to avoid the complexities/costs of permitting ingress access to a cluster (_7 Feb 2019_)
-* Added an [introductory/explanatory page, including a children's story, on Kubernetes](/kubernetes/start/) (_29 Jan 2019_)
-* [NextCloud](/recipes/nextcloud/) updated to fix CalDAV/CardDAV service discovery behind Traefik reverse proxy (_12 Dec 2018_)
+* Added an [introductory/explanatory page, including a children's story, on Kubernetes](/kubernetes/start/) (_29 Jan 2019_)
\ No newline at end of file
diff --git a/manuscript/ha-docker-swarm/traefik-forward-auth.md b/manuscript/ha-docker-swarm/traefik-forward-auth.md
index dddd74e..88bbe69 100644
--- a/manuscript/ha-docker-swarm/traefik-forward-auth.md
+++ b/manuscript/ha-docker-swarm/traefik-forward-auth.md
@@ -29,16 +29,17 @@ Log into https://console.developers.google.com/, create a new project then searc
 
 Fill out the "OAuth Consent Screen" tab, and then click, "**Create Credentials**" > "**OAuth client ID**". Select "**Web Application**", fill in the name of your app, skip "**Authorized JavaScript origins**" and fill "**Authorized redirect URIs**" with either all the domains you will allow authentication from, appended with the url-path (*e.g. https://radarr.example.com/_oauth, https://radarr.example.com/_oauth, etc*), or if you don't like frustration, use a "auth host" URL instead, like "*https://auth.example.com/_oauth*" (*see below for details*)
 
-Store your client ID and secret safely - you'll need them for the next step.
+!!! tip
+    Store your client ID and secret safely - you'll need them for the next step.
 
 
 ### Prepare environment
 
-Create `/var/data/config/traefik/traefik-forward-auth.env` as follows:
+Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.env` as follows:
 
 ```
-CLIENT_ID=<your client id>
-CLIENT_SECRET=<your client secret>
+GOOGLE_CLIENT_ID=<your client id>
+GOOGLE_CLIENT_SECRET=<your client secret>
 OIDC_ISSUER=https://accounts.google.com
 SECRET=<a random string, make it up>
 # uncomment this to use a single auth host instead of individual redirect_uris (recommended but advanced)
@@ -48,12 +49,12 @@ COOKIE_DOMAINS=example.com
 
 ### Prepare the docker service config
 
-This is a small container, you can simply add the following content to the existing `traefik-app.yml` deployed in the previous [Traefik](/recipes/traefik/) recipe:
+Create `/var/data/config/traefik-forward-auth/traefik-forward-auth.yml` as follows:
 
 ```
   traefik-forward-auth:
-    image: funkypenguin/traefik-forward-auth
-    env_file: /var/data/config/traefik/traefik-forward-auth.env
+    image: thomseddon/traefik-forward-auth:2.1.0
+    env_file: /var/data/config/traefik-forward-auth/traefik-forward-auth.env
     networks:
       - traefik_public
     # Uncomment these lines if you're using auth host mode
@@ -65,7 +66,7 @@ This is a small container, you can simply add the following content to the exist
     #    - traefik.frontend.auth.forward.trustForwardHeader=true
 ```
 
-If you're not confident that forward authentication is working, add a simple "whoami" test container, to help debug traefik forward auth, before attempting to add it to a more complex container.
+If you're not confident that forward authentication is working, add a simple "whoami" test container to the above .yml, to help debug traefik forward auth, before attempting to add it to a more complex container.
 
 ```
   # This simply validates that traefik forward authentication is working
@@ -91,7 +92,7 @@ If you're not confident that forward authentication is working, add a simple "wh
 
 ### Launch
 
-Redeploy traefik with ```docker stack deploy traefik-app -c /var/data/traefik/traeifk-app.yml```, to launch the traefik-forward-auth container. 
+Redeploy traefik with ```docker stack deploy traefik-forward-auth -c /var/data/traefik-forward-auth/traefik-forward-auth.yml```, to launch the traefik-forward-auth stack. 
 
 ### Test
 
@@ -111,6 +112,4 @@ What have we achieved? By adding an additional three simple labels to any servic
 ## Chef's Notes 📓
 
 1. Traefik forward auth replaces the use of [oauth_proxy containers](/reference/oauth_proxy/) found in some of the existing recipes
-2. [@thomaseddon's original version](https://github.com/thomseddon/traefik-forward-auth) of traefik-forward-auth only works with Google currently, but I've created a [fork](https://www.github.com/funkypenguin/traefik-forward-auth) of a [fork](https://github.com/noelcatt/traefik-forward-auth), which implements generic OIDC providers.
-3. I reviewed several implementations of forward authenticators for Traefik, but found most to be rather heavy-handed, or specific to a single auth provider. @thomaseddon's go-based docker image is 7MB in size, and with the generic OIDC patch (above), it can be extended to work with any OIDC provider.
-4. No, not github natively, but you can ferderate GitHub into KeyCloak, and then use KeyCloak as the OIDC provider.
+2. I reviewed several implementations of forward authenticators for Traefik, but found most to be rather heavy-handed, or specific to a single auth provider. @thomaseddon's go-based docker image is 7MB in size, and can be extended to work with any OIDC provider.
\ No newline at end of file
diff --git a/manuscript/premix/ansible/operation.md b/manuscript/premix/ansible/operation.md
index fb6ff2c..14a77ac 100644
--- a/manuscript/premix/ansible/operation.md
+++ b/manuscript/premix/ansible/operation.md
@@ -25,7 +25,7 @@ k3s_masters
 k3s_workers
 
 [proxmox_servers]
-splinter    ansible_host=192.168.29.3   ansible_user=root
+splinter    ansible_host=192.168.29.3   ansible_user=root template_vm_id=201
 
 # Declare your desired proxmox VMs here. Note that the MAC address "lines up" with_
 # the IP address - this makes troubleshooting L2 issues easier under some circumstances,
@@ -33,12 +33,12 @@ splinter    ansible_host=192.168.29.3   ansible_user=root
 # when re-running the playbook.
 
 [proxmox_vms]
-raphael     ansible_host=192.168.38.101 mac=52:54:00:38:01:01
-donatello   ansible_host=192.168.38.102 mac=52:54:00:38:01:02
-leonardo    ansible_host=192.168.38.103 mac=52:54:00:38:01:03
-shredder    ansible_host=192.168.38.201 mac=52:54:00:38:02:01
-rocksteady  ansible_host=192.168.38.202 mac=52:54:00:38:02:02
-bebop       ansible_host=192.168.38.203 mac=52:54:00:38:02:03
+donatello   ansible_host=192.168.38.102 mac=52:54:00:38:01:02 proxmox_node=splinter
+leonardo    ansible_host=192.168.38.103 mac=52:54:00:38:01:03 proxmox_node=splinter
+shredder    ansible_host=192.168.38.201 mac=52:54:00:38:02:01 proxmox_node=splinter
+raphael     ansible_host=192.168.38.101 mac=52:54:00:38:01:01 proxmox_node=splinter
+rocksteady  ansible_host=192.168.38.202 mac=52:54:00:38:02:02 proxmox_node=splinter
+bebop       ansible_host=192.168.38.203 mac=52:54:00:38:02:03 proxmox_node=splinter
 
 [swarm_nodes]
 raphael     ansible_host=192.168.38.101 keepalived_priority=101 
@@ -60,12 +60,11 @@ bebop        ansible_host=192.168.38.203
 
 ### Config
 
-The variables used in the playbook are defined in `ansible/group_vars/all/main.yml`. **Your** variables are going to be defined in a group_vars file based on your username, so that they're [treated with a higher preference](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable) than the default values.
+The variables used in the playbook are defined in the `ansible/group_vars/all/main.yml`. **Your** variables are going to be defined in a group_vars file based on your username, so that they're [treated with a higher preference](https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable) than the default values.
 
-Create a folder under `ansible/group_vars/<your-username>` to match the group name you inserted in line \#1 of your hosts file, and copy `ansible/group_vars/all/main.yml` into this folder. Any values found in this file will override any values specified in `ansible/group_vars/all/main.yml`, but any values _not_ found in your file will be inherited from `ansible/group_vars/all/main.yml`.
+Create a folder under `ansible/group_vars/<your-username>` to match the group name you inserted in line \#1 of your hosts file, and copy `ansible/group_vars/all/main.yml` into this folder. Any variables found in this file will override any variables specified in `ansible/group_vars/all/main.yml`, but any variables _not_ found in your file will be inherited from `ansible/group_vars/all/main.yml`. 
 
-!!! tip "Go to town with your delete key"
-    To keep your version clean, edit `ansible/group_vars/<your-username>/main.yml` and delete anything you don't care to change. This will keep your "override" file nice and clean.
+To further streamline config, a "empty" dictionary variable named `recipe_config` is configured in `ansible/group_vars/all/main.yml`. In your own vars file (`ansible/group_vars/<your-username>/main.yml`), populate this variable with your own preferred values, copied from `recipe_default_config`. When the playbook runs, your values will be combined with the default values.
 
 !!! tip "Commit `ansible/group_vars/<your-username>/` to your own repo" 
     For extra geek-fu, you could commit the contents of ``ansible/group_vars/<your-username>/` to your own repo, so that you can version/track your own config!
diff --git a/scripts/recipe-footer.md b/scripts/recipe-footer.md
index 8afb830..eae6efe 100644
--- a/scripts/recipe-footer.md
+++ b/scripts/recipe-footer.md
@@ -6,7 +6,9 @@ Did you receive excellent service? Want to make your waiter happy? (_..and suppo
 
 Want to know now when this recipe gets updated, or when future recipes are added? Subscribe to the [RSS feed](https://mastodon.social/@geekcookbook_changes.atom), or leave your email address below, and we'll keep you updated. (*double-opt-in, no monkey business, no spam)
 
-<div class="rm-area-subscribe-to-recipe"></div>
+<form action="https://app.convertkit.com/forms/1413027/subscriptions" class="seva-form formkit-form" method="post" data-sv-form="1413027" data-uid="20249aa846" data-format="inline" data-version="5" data-options="{&quot;settings&quot;:{&quot;after_subscribe&quot;:{&quot;action&quot;:&quot;message&quot;,&quot;success_message&quot;:&quot;Success! Now check your email to confirm your subscription.&quot;,&quot;redirect_url&quot;:&quot;&quot;},&quot;analytics&quot;:{&quot;google&quot;:null,&quot;facebook&quot;:null,&quot;segment&quot;:null,&quot;pinterest&quot;:null},&quot;modal&quot;:{&quot;trigger&quot;:&quot;timer&quot;,&quot;scroll_percentage&quot;:null,&quot;timer&quot;:5,&quot;devices&quot;:&quot;all&quot;,&quot;show_once_every&quot;:15},&quot;powered_by&quot;:{&quot;show&quot;:true,&quot;url&quot;:&quot;https://convertkit.com?utm_source=dynamic&amp;utm_medium=referral&amp;utm_campaign=poweredby&amp;utm_content=form&quot;},&quot;recaptcha&quot;:{&quot;enabled&quot;:true},&quot;return_visitor&quot;:{&quot;action&quot;:&quot;custom_content&quot;,&quot;custom_content&quot;:&quot;You're subscribed!&quot;},&quot;slide_in&quot;:{&quot;display_in&quot;:&quot;bottom_right&quot;,&quot;trigger&quot;:&quot;timer&quot;,&quot;scroll_percentage&quot;:null,&quot;timer&quot;:5,&quot;devices&quot;:&quot;all&quot;,&quot;show_once_every&quot;:15},&quot;sticky_bar&quot;:{&quot;display_in&quot;:&quot;top&quot;,&quot;trigger&quot;:&quot;timer&quot;,&quot;scroll_percentage&quot;:null,&quot;timer&quot;:5,&quot;devices&quot;:&quot;all&quot;,&quot;show_once_every&quot;:15}},&quot;version&quot;:&quot;5&quot;}" min-width="400 500 600 700 800" style="background-color: rgb(249, 250, 251); border-radius: 4px;"><div class="formkit-background" style="opacity: 0.2;"></div><div data-style="minimal"><div class="formkit-header" data-element="header" style="color: rgb(77, 77, 77); font-size: 27px; font-weight: 700;"><h1><span style="color:rgb(74, 74, 74)"><strong>Notify me 🔔</strong></span></h1></div><div class="formkit-subheader" data-element="subheader" style="color: rgb(104, 104, 104); font-size: 18px;"><p><span style="color:rgb(74, 74, 74)">Be the first to know when recipes are added / improved!</span></p></div><ul class="formkit-alert formkit-alert-error" data-element="errors" data-group="alert"></ul><div data-element="fields" data-stacked="true" class="seva-fields formkit-fields"><div class="formkit-field"><input class="formkit-input" aria-label="Your first name" name="fields[first_name]" placeholder="Your first name" type="text" style="color: rgb(0, 0, 0); border-color: rgb(227, 227, 227); border-radius: 4px; font-weight: 400;"></div><div class="formkit-field"><input class="formkit-input" name="email_address" placeholder="Your email address" required="" type="email" style="color: rgb(0, 0, 0); border-color: rgb(227, 227, 227); border-radius: 4px; font-weight: 400;"></div><button data-element="submit" class="formkit-submit formkit-submit" style="color: rgb(255, 255, 255); background-color: rgb(0, 0, 0); border-radius: 4px; font-weight: 400;"><div class="formkit-spinner"><div></div><div></div><div></div></div><span>Send me new recipes!</span></button></div><div class="formkit-guarantee" data-element="guarantee" style="color: rgb(77, 77, 77); font-size: 13px; font-weight: 400;"><p>We won't send you spam. Unsubscribe at any time. No monkey-business.</p></div><a href="https://convertkit.com?utm_source=dynamic&amp;utm_medium=referral&amp;utm_campaign=poweredby&amp;utm_content=form" class="formkit-powered-by" data-element="powered-by" target="_blank" rel="noopener noreferrer">Powered By ConvertKit</a></div><style>.formkit-form[data-uid="20249aa846"] *{box-sizing:border-box;}.formkit-form[data-uid="20249aa846"]{-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;}.formkit-form[data-uid="20249aa846"] legend{border:none;font-size:inherit;margin-bottom:10px;padding:0;position:relative;display:table;}.formkit-form[data-uid="20249aa846"] fieldset{border:0;padding:0.01em 0 0 0;margin:0;min-width:0;}.formkit-form[data-uid="20249aa846"] body:not(:-moz-handler-blocked) fieldset{display:table-cell;}.formkit-form[data-uid="20249aa846"] h1,.formkit-form[data-uid="20249aa846"] h2,.formkit-form[data-uid="20249aa846"] h3,.formkit-form[data-uid="20249aa846"] h4,.formkit-form[data-uid="20249aa846"] h5,.formkit-form[data-uid="20249aa846"] h6{color:inherit;font-size:inherit;font-weight:inherit;}.formkit-form[data-uid="20249aa846"] p{color:inherit;font-size:inherit;font-weight:inherit;}.formkit-form[data-uid="20249aa846"] ol:not([template-default]),.formkit-form[data-uid="20249aa846"] ul:not([template-default]),.formkit-form[data-uid="20249aa846"] blockquote:not([template-default]){text-align:left;}.formkit-form[data-uid="20249aa846"] p:not([template-default]),.formkit-form[data-uid="20249aa846"] hr:not([template-default]),.formkit-form[data-uid="20249aa846"] blockquote:not([template-default]),.formkit-form[data-uid="20249aa846"] ol:not([template-default]),.formkit-form[data-uid="20249aa846"] ul:not([template-default]){color:inherit;font-style:initial;}.formkit-form[data-uid="20249aa846"][data-format="modal"]{display:none;}.formkit-form[data-uid="20249aa846"][data-format="slide in"]{display:none;}.formkit-form[data-uid="20249aa846"][data-format="sticky bar"]{display:none;}.formkit-sticky-bar .formkit-form[data-uid="20249aa846"][data-format="sticky bar"]{display:block;}.formkit-form[data-uid="20249aa846"] .formkit-input,.formkit-form[data-uid="20249aa846"] .formkit-select,.formkit-form[data-uid="20249aa846"] .formkit-checkboxes{width:100%;}.formkit-form[data-uid="20249aa846"] .formkit-button,.formkit-form[data-uid="20249aa846"] .formkit-submit{border:0;border-radius:5px;color:#ffffff;cursor:pointer;display:inline-block;text-align:center;font-size:15px;font-weight:500;cursor:pointer;margin-bottom:15px;overflow:hidden;padding:0;position:relative;vertical-align:middle;}.formkit-form[data-uid="20249aa846"] .formkit-button:hover,.formkit-form[data-uid="20249aa846"] .formkit-submit:hover,.formkit-form[data-uid="20249aa846"] .formkit-button:focus,.formkit-form[data-uid="20249aa846"] .formkit-submit:focus{outline:none;}.formkit-form[data-uid="20249aa846"] .formkit-button:hover > span,.formkit-form[data-uid="20249aa846"] .formkit-submit:hover > span,.formkit-form[data-uid="20249aa846"] .formkit-button:focus > span,.formkit-form[data-uid="20249aa846"] .formkit-submit:focus > span{background-color:rgba(0,0,0,0.1);}.formkit-form[data-uid="20249aa846"] .formkit-button > span,.formkit-form[data-uid="20249aa846"] .formkit-submit > span{display:block;-webkit-transition:all 300ms ease-in-out;transition:all 300ms ease-in-out;padding:12px 24px;}.formkit-form[data-uid="20249aa846"] .formkit-input{background:#ffffff;font-size:15px;padding:12px;border:1px solid #e3e3e3;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;line-height:1.4;margin:0;-webkit-transition:border-color ease-out 300ms;transition:border-color ease-out 300ms;}.formkit-form[data-uid="20249aa846"] .formkit-input:focus{outline:none;border-color:#1677be;-webkit-transition:border-color ease 300ms;transition:border-color ease 300ms;}.formkit-form[data-uid="20249aa846"] .formkit-input::-webkit-input-placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] .formkit-input::-moz-placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] .formkit-input:-ms-input-placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] .formkit-input::placeholder{color:inherit;opacity:0.8;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"]{position:relative;display:inline-block;width:100%;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"]::before{content:"";top:calc(50% - 2.5px);right:10px;position:absolute;pointer-events:none;border-color:#4f4f4f transparent transparent transparent;border-style:solid;border-width:6px 6px 0 6px;height:0;width:0;z-index:999;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"] select{height:auto;width:100%;cursor:pointer;color:#333333;line-height:1.4;margin-bottom:0;padding:0 6px;-webkit-appearance:none;-moz-appearance:none;appearance:none;font-size:15px;padding:12px;padding-right:25px;border:1px solid #e3e3e3;background:#ffffff;}.formkit-form[data-uid="20249aa846"] [data-group="dropdown"] select:focus{outline:none;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"]{text-align:left;margin:0;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"]{margin-bottom:10px;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] *{cursor:pointer;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"]:last-of-type{margin-bottom:0;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"]{display:none;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"] + label::after{content:none;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"]:checked + label::after{border-color:#ffffff;content:"";}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] input[type="checkbox"]:checked + label::before{background:#10bf7a;border-color:#10bf7a;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label{position:relative;display:inline-block;padding-left:28px;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::before,.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::after{position:absolute;content:"";display:inline-block;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::before{height:16px;width:16px;border:1px solid #e3e3e3;background:#ffffff;left:0px;top:3px;}.formkit-form[data-uid="20249aa846"] [data-group="checkboxes"] [data-group="checkbox"] label::after{height:4px;width:8px;border-left:2px solid #4d4d4d;border-bottom:2px solid #4d4d4d;-webkit-transform:rotate(-45deg);-ms-transform:rotate(-45deg);transform:rotate(-45deg);left:4px;top:8px;}.formkit-form[data-uid="20249aa846"] .formkit-alert{background:#f9fafb;border:1px solid #e3e3e3;border-radius:5px;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;list-style:none;margin:25px auto;padding:12px;text-align:center;width:100%;}.formkit-form[data-uid="20249aa846"] .formkit-alert:empty{display:none;}.formkit-form[data-uid="20249aa846"] .formkit-alert-success{background:#d3fbeb;border-color:#10bf7a;color:#0c905c;}.formkit-form[data-uid="20249aa846"] .formkit-alert-error{background:#fde8e2;border-color:#f2643b;color:#ea4110;}.formkit-form[data-uid="20249aa846"] .formkit-spinner{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;height:0px;width:0px;margin:0 auto;position:absolute;top:0;left:0;right:0;width:0px;overflow:hidden;text-align:center;-webkit-transition:all 300ms ease-in-out;transition:all 300ms ease-in-out;}.formkit-form[data-uid="20249aa846"] .formkit-spinner > div{margin:auto;width:12px;height:12px;background-color:#fff;opacity:0.3;border-radius:100%;display:inline-block;-webkit-animation:formkit-bouncedelay-formkit-form-data-uid-20249aa846- 1.4s infinite ease-in-out both;animation:formkit-bouncedelay-formkit-form-data-uid-20249aa846- 1.4s infinite ease-in-out both;}.formkit-form[data-uid="20249aa846"] .formkit-spinner > div:nth-child(1){-webkit-animation-delay:-0.32s;animation-delay:-0.32s;}.formkit-form[data-uid="20249aa846"] .formkit-spinner > div:nth-child(2){-webkit-animation-delay:-0.16s;animation-delay:-0.16s;}.formkit-form[data-uid="20249aa846"] .formkit-submit[data-active] .formkit-spinner{opacity:1;height:100%;width:50px;}.formkit-form[data-uid="20249aa846"] .formkit-submit[data-active] .formkit-spinner ~ span{opacity:0;}.formkit-form[data-uid="20249aa846"] .formkit-powered-by[data-active="false"]{opacity:0.35;}@-webkit-keyframes formkit-bouncedelay-formkit-form-data-uid-20249aa846-{0%,80%,100%{-webkit-transform:scale(0);-ms-transform:scale(0);transform:scale(0);}40%{-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1);}}@keyframes formkit-bouncedelay-formkit-form-data-uid-20249aa846-{0%,80%,100%{-webkit-transform:scale(0);-ms-transform:scale(0);transform:scale(0);}40%{-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1);}}.formkit-form[data-uid="20249aa846"] blockquote{padding:10px 20px;margin:0 0 20px;border-left:5px solid #e1e1e1;} .formkit-form[data-uid="20249aa846"]{border:1px solid #e3e3e3;max-width:700px;position:relative;overflow:hidden;}.formkit-form[data-uid="20249aa846"] .formkit-background{width:100%;height:100%;position:absolute;top:0;left:0;background-size:cover;background-position:center;opacity:0.3;}.formkit-form[data-uid="20249aa846"] [data-style="minimal"]{padding:20px;width:100%;position:relative;}.formkit-form[data-uid="20249aa846"] .formkit-header{margin:0 0 27px 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-subheader{margin:18px 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-guarantee{font-size:13px;margin:10px 0 15px 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-guarantee > p{margin:0;}.formkit-form[data-uid="20249aa846"] .formkit-powered-by{color:#7d7d7d;display:block;font-size:12px;margin:10px 0 0 0;text-align:center;}.formkit-form[data-uid="20249aa846"] .formkit-fields{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;margin:25px auto 0 auto;}.formkit-form[data-uid="20249aa846"] .formkit-field{min-width:220px;}.formkit-form[data-uid="20249aa846"] .formkit-field,.formkit-form[data-uid="20249aa846"] .formkit-submit{margin:0 0 15px 0;-webkit-flex:1 0 100%;-ms-flex:1 0 100%;flex:1 0 100%;}.formkit-form[data-uid="20249aa846"][min-width~="600"] [data-style="minimal"]{padding:40px;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"]{margin-left:-5px;margin-right:-5px;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-field,.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-submit{margin:0 5px 15px 5px;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-field{-webkit-flex:100 1 auto;-ms-flex:100 1 auto;flex:100 1 auto;}.formkit-form[data-uid="20249aa846"][min-width~="600"] .formkit-fields[data-stacked="false"] .formkit-submit{-webkit-flex:1 1 auto;-ms-flex:1 1 auto;flex:1 1 auto;} </style></form>
+
+
 
 ## Your comments? 💬