diff --git a/roles/consul/tasks/conf.yml b/roles/consul/tasks/conf.yml
index 1970605..239d8de 100644
--- a/roles/consul/tasks/conf.yml
+++ b/roles/consul/tasks/conf.yml
@@ -8,7 +8,7 @@
     cert_path: "{{ consul_conf.tls.defaults.cert_file }}"
     cert_key_path: "{{ consul_conf.tls.defaults.key_file }}"
     cert_key_group: "{{ consul_user }}"
-    cert_key_mode: 640
+    cert_key_mode: 0640
   tags: consul
 
 - name: Check if CA exists
diff --git a/roles/documize/defaults/main.yml b/roles/documize/defaults/main.yml
index 1fad2bd..29fec9a 100644
--- a/roles/documize/defaults/main.yml
+++ b/roles/documize/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version of cocumize to deploy
-documize_version: 5.2.1
+documize_version: 5.2.2
 # URL of the binary to install
 documize_bin_url: https://github.com/documize/community/releases/download/v{{ documize_version }}/documize-community-linux-amd64
 # Expected sha1 of the binary
-documize_bin_sha256: 154fd2c23f8991482b42d2d15e4cb5c8b5c965c1283c0e114b7943276de1be07
+documize_bin_sha256: 86d635d804853f10bbe190ba40253293b692869ad0efff707005ec6a08f23163
 
 # Should documize handle upgrades or only initial install ?
 documize_manage_upgrade: True
diff --git a/roles/jitsi/tasks/install.yml b/roles/jitsi/tasks/install.yml
index 6e2473a..32e1615 100644
--- a/roles/jitsi/tasks/install.yml
+++ b/roles/jitsi/tasks/install.yml
@@ -174,7 +174,7 @@
       args:
         chdir: "{{ jitsi_root_dir }}/src/meet"
       environment:
-        NODE_OPTIONS: "--max_old_space_size=3072"
+        NODE_OPTIONS: "--max_old_space_size=4096"
       become_user: "{{ jitsi_user }}"
 
     #- name: Reset git (so next run won't detect a change)
diff --git a/roles/linstor_gateway/tasks/iptables.yml b/roles/linstor_gateway/tasks/iptables.yml
index 99f5cc4..1e7828f 100644
--- a/roles/linstor_gateway/tasks/iptables.yml
+++ b/roles/linstor_gateway/tasks/iptables.yml
@@ -5,15 +5,15 @@
     name: lingw_nfs_port
     state: "{{ (lingw_nfs_src_ip | length > 0) | ternary('present','absent') }}"
     rules: |
-      -A INPUT -m state --state NEW -p tcp --dport 2049 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
-      -A INPUT -m state --state NEW -p tcp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
-      -A INPUT -m state --state NEW -p udp --dport 111 -s {{ lingw_nfs_src_ip | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport 2049 -s {{ lingw_nfs_src_ip | flatten | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p tcp --dport 111 -s {{ lingw_nfs_src_ip | flatten | join(',') }} -j ACCEPT
+      -A INPUT -m state --state NEW -p udp --dport 111 -s {{ lingw_nfs_src_ip | flatten | join(',') }} -j ACCEPT
   tags: firewall,drbd
 
 - name: Handle iSCSI port
   iptables_raw:
     name: lingw_iscsi_port
     state: "{{ (lingw_iscsi_src_ip | length > 0) | ternary('present','absent') }}"
-    rules: "-A INPUT -m state --state NEW -p tcp --dport 3260 -s {{ lingw_iscsi_src_ip | join(',') }} -j ACCEPT"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport 3260 -s {{ lingw_iscsi_src_ip | flatten | join(',') }} -j ACCEPT"
   tags: firewall,drbd
 
diff --git a/roles/linstor_satellite/defaults/main.yml b/roles/linstor_satellite/defaults/main.yml
index 638e586..fcd22bc 100644
--- a/roles/linstor_satellite/defaults/main.yml
+++ b/roles/linstor_satellite/defaults/main.yml
@@ -10,10 +10,5 @@ linsat_controllers_url:
 # List of IP/CIDR which can reach the API of the satellite (only Linstor controller should reach it)
 linsat_api_src_ip: []
 
-# HA NFS Service
-linsat_nfs_src_ip: []
-# HA iSCSI Service
-linsat_iscsi_src_ip: []
-
 # List of resources to keep (and not delete/regenerate) on start. Usefull for the HA controller
 linsat_keep_res: [ "{{ linctl_ha_res | default('linstor_db') }}" ]
diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml
index 261f36b..09242f7 100644
--- a/roles/matrix_element/defaults/main.yml
+++ b/roles/matrix_element/defaults/main.yml
@@ -5,8 +5,8 @@
 element_id: element
 
 # Version to deploy, and expected sha256
-element_version: 1.11.4
-element_archive_sha256: 6a102e92f002db41d036071aac06d4f81d75636f6326e4874b1480012db59b46
+element_version: 1.11.5
+element_archive_sha256: 7d4575edaf7b28a8f0f16900a1287e44751ba26aeab3647e3d826e5f7e929a90
 
 # Where to install element
 element_root_dir: /opt/matrix/element
diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml
index d410f50..73542fd 100644
--- a/roles/matrix_synapse/defaults/main.yml
+++ b/roles/matrix_synapse/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 # Synapse version to deploy
-synapse_version: '1.66.0'
+synapse_version: '1.67.0'
 
 # Should ansible handle Synapse upgrades ? If false, only initial install will be done
 synapse_manage_upgrade: True
diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml
index a88d8b4..e54fe61 100644
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@@ -21,13 +21,21 @@ nginx_log_format: combined_virtual
 # Some special vhost names can be derived from it. Eg downtime.{{ nginx_primary_domain }}
 nginx_primary_domain: "{{ ansible_domain }}"
 
+
 nginx_cert_path: /etc/nginx/ssl/cert.pem
 nginx_key_path: /etc/nginx/ssl/key.pem
 # OR
 #
 # nginx_letsencrypt_cert:
 
-# Default nginx vhost
+# The root of the default_server vhost
+nginx_root: /usr/share/nginx/html
+# If autoindex should be enabled for the default_server vhost
+nginx_autoindex: False
+
+
+# Default nginx vhost. This is not the settings of the default_server
+# but settings which will be inherited by all the vhosts (unless overriden at the vhost level)
 # You can override it if you want to use a custom _ vhost
 nginx_default_vhost_name: _
 nginx_vhosts: []
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
index c1aa9c4..a8f81d8 100644
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -84,7 +84,7 @@ http {
     listen 443{% if nginx_default_vhost_name == '_' %} default_server{% endif %} ssl http2;
 
     server_name {{ nginx_default_vhost_name }};
-    root /usr/share/nginx/html;
+    root {{ nginx_root }};
 
     # Load location fragments in the default vhost
     include /etc/nginx/ansible_location.d/*.conf;
@@ -99,6 +99,9 @@ http {
     include /etc/nginx/ansible_conf.d/acme.inc;
 
     location / {
+{% if nginx_autoindex %}
+      autoindex on;
+{% endif %}
     }
 
     location ~ \.ht {
diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml
index b7e39f6..a87c851 100644
--- a/roles/seafile/defaults/main.yml
+++ b/roles/seafile/defaults/main.yml
@@ -11,7 +11,7 @@
 #   MaxUsers = "9"
 #   Mode = "subscription"
 #   etc...
-seafile_version: "{{ seafile_license is defined | ternary('9.0.7','9.0.8') }}"
+seafile_version: "{{ seafile_license is defined | ternary('9.0.8','9.0.8') }}"
 
 # Archive URL and sha256 are only used for the community version
 seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
diff --git a/roles/seafile/files/seafile-pro-server_9.0.7_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_9.0.7_x86-64_CentOS.tar.gz
deleted file mode 100644
index dd3e52d..0000000
--- a/roles/seafile/files/seafile-pro-server_9.0.7_x86-64_CentOS.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b8aa32d54300c7d920bff19110f1b0bba79c8ebc9c3e7628ada0ca05240c4cdf
-size 96811511
diff --git a/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz
new file mode 100644
index 0000000..d8f9bb9
--- /dev/null
+++ b/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7bc555a48a4f0ad47daf6b53a742b1e1e57b591f2bd3d97a602fb521bb920283
+size 97113976
diff --git a/roles/sftpgo/tasks/directories.yml b/roles/sftpgo/tasks/directories.yml
index b0818ba..47510ef 100644
--- a/roles/sftpgo/tasks/directories.yml
+++ b/roles/sftpgo/tasks/directories.yml
@@ -5,7 +5,8 @@
   loop:
     - dir: /
       owner: "{{ sftpgo_user }}"
-      mode: 700
+      group: "{{ sftpgo_user }}"
+      mode: 770
     - dir: meta
       mode: 700
     - dir: archives
@@ -22,7 +23,8 @@
     - dir: bin
     - dir: data
       owner: "{{ sftpgo_user }}"
-      mode: 700
+      group: "{{ sftpgo_user }}"
+      mode: 770
     - dir: data/home
       owner: "{{ sftpgo_user }}"
       mode: 700