diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 5de4bd6..6b52596 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -13,7 +13,7 @@ backup_disk: no
 
 # where data goes
 # if you have external_disk on, you should probably set this to a path there
-dataroot: /var/www/data
+dataroot: /var/lib/serv_data
 
 # send dynamic DNS update for this domain
 dyndns_domain: null
diff --git a/roles/containers/defaults/main.yml b/roles/containers/defaults/main.yml
index d37b62e..71cfec0 100644
--- a/roles/containers/defaults/main.yml
+++ b/roles/containers/defaults/main.yml
@@ -4,3 +4,5 @@
 # change these in group/host vars
 
 docker_compose_dir: "/opt/services"
+
+gitea_domain: "git.{{ domain }}"
diff --git a/roles/containers/tasks/main.yml b/roles/containers/tasks/main.yml
index c4e620a..60854ed 100644
--- a/roles/containers/tasks/main.yml
+++ b/roles/containers/tasks/main.yml
@@ -22,22 +22,16 @@
   template:
     src: "docker-compose.yml.j2"
     dest: "{{ docker_compose_dir }}/docker-compose.yml"
-  register: docker-comp
+  register: generateComp
 
 - name: Create systemd unit file
   template:
     src: "docker-compose.service.j2"
     dest: "/etc/systemd/system/docker-compose.service"
 
-- name: Compose up
+- name: Compose up (update images if necessary)
   systemd:
     name: docker-compose
-    state: "{{ 'restarted' if docker-comp.changed else 'started' }}"
+    state: reloaded
     enabled: true
-
-# for some reason port mappings don't work without this?
-- name: Restart docker for good measure
-  systemd:
-    name: docker
-    state: restarted
-  when: docker-comp.changed
+  register: compUp
diff --git a/roles/containers/templates/docker-compose.service.j2 b/roles/containers/templates/docker-compose.service.j2
index 3396604..4e76923 100644
--- a/roles/containers/templates/docker-compose.service.j2
+++ b/roles/containers/templates/docker-compose.service.j2
@@ -11,7 +11,7 @@ ExecStartPre=-/usr/bin/docker compose pull
 ExecStart=/usr/bin/docker compose up --remove-orphans
 ExecStop=/usr/bin/docker compose down
 ExecReload=/usr/bin/docker compose pull
-ExecReload=/usr/bin/docker compose up --remove-orphans
+ExecReload=/usr/bin/docker compose up --remove-orphans --detach
 
 [Install]
 WantedBy=multi-user.target
diff --git a/roles/containers/templates/docker-compose.yml.j2 b/roles/containers/templates/docker-compose.yml.j2
index bccc685..045d6ce 100644
--- a/roles/containers/templates/docker-compose.yml.j2
+++ b/roles/containers/templates/docker-compose.yml.j2
@@ -3,26 +3,23 @@
 
 version: "3"
 
-networks:
-  gitea:
-    external: false
-
 services:
 {% if "gitea" in group_names %}
   gitea:
+    network_mode: host
     container_name: gitea
     image: gitea/gitea:latest
     environment:
       - USER=gitea
+      - GITEA__server__SSH_PORT=2499
+      - GITEA__server__SSH_LISTEN_PORT=2499
+      - GITEA__service__DISABLE_REGISTRATION=true
+      - GITEA__server__DOMAIN={{ gitea_domain }}
+      - GITEA__server__SSH_DOMAIN={{ gitea_domain }}
     restart: unless-stopped
-    networks:
-      - gitea
     volumes:
       - {{ dataroot }}/gitea:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-    ports:
-      - "3000:3000"
-      - "2499:22"
 
 {% endif %}
diff --git a/roles/system/tasks/essential.yml b/roles/system/tasks/essential.yml
index d361239..eba285b 100644
--- a/roles/system/tasks/essential.yml
+++ b/roles/system/tasks/essential.yml
@@ -53,3 +53,8 @@
     name: cronie
     state: started
     enabled: yes
+
+- name: Create data root dir
+  file:
+    path: "{{ dataroot }}"
+    state: directory