diff --git a/acmebot/tasks/main.yml b/acmebot/tasks/main.yml
index 3ff71781c7dde05e576402569893d7b4af53d577..0dfae27f210b285d56e6fa46e1a8a44b2ff0b728 100644
--- a/acmebot/tasks/main.yml
+++ b/acmebot/tasks/main.yml
@@ -19,9 +19,16 @@
     repo: https://github.com/plinss/acmebot.git
     dest: /opt/acmebot
     version: "{{acmebot_version}}"
+    force: true
   environment:
     TMPDIR: /root/.ansible/tmp
 
+- name: fix over-specified requirements locally
+  lineinfile:
+    regexp: '^pyOpenSSL>=17\.5\.0'  # ,<20.0.0'
+    line: 'pyOpenSSL>=17.5.0'
+    path: /opt/acmebot/requirements.txt
+
 - name: add acmebot to path
   file:
     src: /opt/acmebot/acmebot
diff --git a/etherpad/defaults/main.yml b/etherpad/defaults/main.yml
index bc8f5b041605529c98c7cd941493ee86dcf59359..010877c05306df4013d21039644e51efb72cfd0f 100644
--- a/etherpad/defaults/main.yml
+++ b/etherpad/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 
 etherpad_web_root: "/opt/etherpad"
-etherpad_version: "HEAD"
+etherpad_version: "1.8.11"
 
 etherpads: []
 
diff --git a/etherpad/handlers/main.yml b/etherpad/handlers/main.yml
index 968e986a3b040a1fabbf0feb98be378ffe3d718a..6d44659b3b8fea684154132a687308dc46e319ab 100644
--- a/etherpad/handlers/main.yml
+++ b/etherpad/handlers/main.yml
@@ -8,7 +8,7 @@
     daemon_reload: true
 
 - name: restart etherpad
-  debug:
-    var: item
-  when: item.value.changed
+  systemd:
+    name: "etherpad@{{ item.item.name }}.service"
+    state: restarted
   with_items: "{{ etherpad_config.results }}"
diff --git a/etherpad/tasks/main.yml b/etherpad/tasks/main.yml
index d23bdf640088584412452f1b0e42e903025dd42b..cc221858df8f7fb359c56c6d72a614b2aac51677 100644
--- a/etherpad/tasks/main.yml
+++ b/etherpad/tasks/main.yml
@@ -36,8 +36,10 @@
     repo: https://github.com/ether/etherpad-lite.git
     dest: "{{etherpad_web_root}}/repository"
     version: "{{etherpad_version|default('HEAD')}}"
+    force: true
   become: true
   become_user: etherpad
+  notify: restart etherpad
 
 - name: ensure we have a directory for etherpad configuration files
   file:
diff --git a/uwsgi-python/tasks/app.yml b/uwsgi-python/tasks/app.yml
index d5285dd3f205fcbc6d9df565be58dee6ec9f41c4..c0ff9a56b3e9cf38b8d080ecf8f9e9f034245c16 100644
--- a/uwsgi-python/tasks/app.yml
+++ b/uwsgi-python/tasks/app.yml
@@ -202,6 +202,10 @@
     - "{{ app.app }}"
     - "{{ app.instance }}"
 
+- name: remount /tmp exec # noqa 303 503
+  command: mount -o rw,remount,exec /tmp
+  when: app_exectmp|default(false)
+
 - name: ensure we have a virtualenv  # noqa 403
   pip:
     requirements: "{{ app_path }}/{{ app_requirements_file }}"
@@ -238,6 +242,10 @@
     - "{{ app.app }}"
     - "{{ app.instance }}"
 
+- name: remount /tmp exec # noqa 303 503
+  command: mount -o rw,remount,noexec /tmp
+  when: app_exectmp|default(false)
+
 - name: Create bundler directories with user permissions
   file:
     path: "{{ item }}"
diff --git a/uwsgi-python/vars/pretix.yml b/uwsgi-python/vars/pretix.yml
index 9db49bd4ce9a7487ed634b6c97a7d04fdf19e081..292cb2d21151a69f82b5d6584b2cbf5162edbba0 100644
--- a/uwsgi-python/vars/pretix.yml
+++ b/uwsgi-python/vars/pretix.yml
@@ -42,6 +42,7 @@ app_git_version: 'stable'  # release/2.4.x
 app_git_pip: true
 app_git_pip_query: '#egg=pretix&subdirectory=src'
 app_requirements_file: ''
+app_exectmp: true
 
 app_config_file: 'pretix.cfg'
 app_secret_config: false