diff --git a/roles/docker/templates/mii/swag/site-confs/code-server.subdomain.conf b/roles/docker/templates/mii/swag/site-confs/code-server.subdomain.conf
deleted file mode 100644
index 3891db8..0000000
--- a/roles/docker/templates/mii/swag/site-confs/code-server.subdomain.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-## Version 2023/02/05
-# make sure that your code-server container is named code-server
-# make sure that your dns has a cname set for code-server
-
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-
-    server_name {{ code_host }}.{{ remote_domain }};
-
-    include /config/nginx/ssl.conf;
-
-    client_max_body_size 0;
-
-    location / {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{aya01_ip}}:{{ code_port }};
-        proxy_set_header   Upgrade $http_upgrade;
-        proxy_set_header   Connection "upgrade";
-    }
-}
diff --git a/roles/docker/templates/mii/swag/site-confs/homeassistant.subdomain.conf b/roles/docker/templates/mii/swag/site-confs/homeassistant.subdomain.conf
deleted file mode 100644
index 7758e7e..0000000
--- a/roles/docker/templates/mii/swag/site-confs/homeassistant.subdomain.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-
-    server_name {{ hass_host }}.{{ backup_domain }};
-
-    include /config/nginx/ssl.conf;
-
-    client_max_body_size 0;
-
-    location / {
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ hass_host }}.{{ pi_host }}.{{ local_domain }};
-    }
-
-    location ~ ^/(api|local|media)/ {
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ hass_host }}.{{ pi_host }}.{{ local_domain }};
-    }
-}
diff --git a/roles/docker/templates/mii/swag/site-confs/qbittorrent.subdomain.conf b/roles/docker/templates/mii/swag/site-confs/qbittorrent.subdomain.conf
deleted file mode 100644
index 04cec8a..0000000
--- a/roles/docker/templates/mii/swag/site-confs/qbittorrent.subdomain.conf
+++ /dev/null
@@ -1,84 +0,0 @@
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-
-    server_name {{ qbit_host }}.{{ backup_domain }};
-
-    include /config/nginx/ssl.conf;
-
-    client_max_body_size 0;
-
-    location / {
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }};
-
-        proxy_set_header Referer '';
-        proxy_set_header X-Forwarded-Host $host;
-    }
-
-    location ~ (/qbittorrent)?/api {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }};
-
-        rewrite /qbittorrent(.*) $1 break;
-
-        proxy_set_header Referer '';
-        proxy_set_header X-Forwarded-Host $host;
-    }
-
-    location ~ (/qbittorrent)?/command {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }};
-
-        rewrite /qbittorrent(.*) $1 break;
-
-        proxy_set_header Referer '';
-        proxy_set_header X-Forwarded-Host $host;
-    }
-
-    location ~ (/qbittorrent)?/query {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }};
-
-        rewrite /qbittorrent(.*) $1 break;
-
-        proxy_set_header Referer '';
-        proxy_set_header X-Forwarded-Host $host;
-    }
-
-    location ~ (/qbittorrent)?/login {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }};
-
-        rewrite /qbittorrent(.*) $1 break;
-
-        proxy_set_header Referer '';
-        proxy_set_header X-Forwarded-Host $host;
-    }
-
-    location ~ (/qbittorrent)?/sync {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }};
-
-        rewrite /qbittorrent(.*) $1 break;
-
-        proxy_set_header Referer '';
-        proxy_set_header X-Forwarded-Host $host;
-    }
-
-    location ~ (/qbittorrent)?/scripts {
-        include /config/nginx/proxy.conf;
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ qbit_host }}.{{ aya01_host }}.{{ local_domain }};
-
-        rewrite /qbittorrent(.*) $1 break;
-
-        proxy_set_header Referer '';
-        proxy_set_header X-Forwarded-Host $host;
-    }
-}
diff --git a/roles/docker/templates/mii/swag/site-confs/stub.subfolder.conf b/roles/docker/templates/mii/swag/site-confs/stub.subfolder.conf
new file mode 100644
index 0000000..860e3e9
--- /dev/null
+++ b/roles/docker/templates/mii/swag/site-confs/stub.subfolder.conf
@@ -0,0 +1,20 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name {{ stub_host }}.{{ local_domain }};
+
+    access_log off;
+    allow 192.168.20.12;
+    deny all;
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location /stub_status {
+        include /config/nginx/resolver.conf;
+        stub_status on;
+        proxy_pass http://{{ stub_host }}.{{ aya01_host }}.{{ local_domain }};
+    }
+}
diff --git a/roles/docker/templates/mii/swag/site-confs/zoneminder.subdomain.conf b/roles/docker/templates/mii/swag/site-confs/zoneminder.subdomain.conf
deleted file mode 100644
index 2706e70..0000000
--- a/roles/docker/templates/mii/swag/site-confs/zoneminder.subdomain.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-server {
-    listen 443 ssl;
-    listen [::]:443 ssl;
-
-    server_name {{ zoneminder_host }}.{{ backup_domain }};
-
-    include /config/nginx/ssl.conf;
-
-    client_max_body_size 0;
-    location / {
-        include /config/nginx/resolver.conf;
-        proxy_pass http://{{ zoneminder_host }}.{{ aya01_host }}.{{ local_domain }};
-
-    }
-}
diff --git a/roles/swag/tasks/docker.yml b/roles/swag/tasks/docker.yml
new file mode 100644
index 0000000..45aa268
--- /dev/null
+++ b/roles/swag/tasks/docker.yml
@@ -0,0 +1,31 @@
+---
+- name: Create swag container
+  docker_container:
+    image: lscr.io/linuxserver/swag:latest
+    name: "{{ swag_host }}"
+    restart_policy: "unless-stopped"
+    networks:
+      - name: "{{ docker_net_name }}"
+        ipv4_address: 172.16.69.2
+        aliases: "{{ swag_host }}"
+    dns_servers:
+      - "{{ aya01_ip }}"
+      - "{{ pi_ip }}"
+      - 1.1.1.1
+    capabilities:
+      - NET_ADMIN
+    env:
+      PUID: "{{ puid }}"
+      PGID: "{{ pgid }}"
+      TZ: "{{ timezone }}"
+      URL: "{{ remote_domain }}"
+      VALIDATION: "http"
+      SUBDOMAINS: "{{ swag_subdomains }}"
+      DNSPLUGIN: "cloudflare"
+      EMAIL: "{{ swag_email }}"
+      ONLY_SUBDOMAINS: "false"
+    volumes:
+      - "{{ swag_config }}:/config"
+    ports:
+      - "{{ swag_port }}:443"
+      - 80:80 #optional
diff --git a/roles/swag/tasks/main.yml b/roles/swag/tasks/main.yml
new file mode 100644
index 0000000..cb5272d
--- /dev/null
+++ b/roles/swag/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- include_tasks: setup.yml
+- include_tasks: docker.yml
diff --git a/roles/swag/tasks/setup.yml b/roles/swag/tasks/setup.yml
new file mode 100644
index 0000000..b43efb4
--- /dev/null
+++ b/roles/swag/tasks/setup.yml
@@ -0,0 +1,20 @@
+---
+
+- name: Create swag-config directory
+  file:
+    path: "{{ item }}"
+    owner: "{{ puid  }}"
+    group: "{{ pgid }}"
+    state: directory
+  loop:
+    - "{{ swag_config }}"
+
+- name: Copy site-confs
+  template:
+    owner: "{{ puid }}"
+    group: "{{ pgid }}"
+    src: "{{ item }}"
+    dest: "{{ swag_remote_site_confs }}"
+    mode: '664'
+  loop: "{{ swag_site_confs }}"
+  become: true
diff --git a/roles/swag/templates/grafana.subdomain.conf b/roles/swag/templates/grafana.subdomain.conf
new file mode 100644
index 0000000..cc86f06
--- /dev/null
+++ b/roles/swag/templates/grafana.subdomain.conf
@@ -0,0 +1,29 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name {{ grafana_host }}.{{ remote_domain }};
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+
+    location / {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app {{ aya01_ip }};
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+
+    location ~ (/grafana)?/api {
+        include /config/nginx/proxy.conf;
+        include /config/nginx/resolver.conf;
+        set $upstream_app {{ aya01_ip }};
+        set $upstream_port 3000;
+        set $upstream_proto http;
+        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
+    }
+}
diff --git a/roles/swag/templates/plex.subdomain.conf b/roles/swag/templates/plex.subdomain.conf
new file mode 100644
index 0000000..5a6ffc5
--- /dev/null
+++ b/roles/swag/templates/plex.subdomain.conf
@@ -0,0 +1,30 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name {{ plex_host }}.{{ remote_domain }};
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+    proxy_redirect off;
+    proxy_buffering off;
+
+    location / {
+        include /config/nginx/resolver.conf;
+        proxy_pass http://{{ plex_host }}.{{ aya01_host }}.{{ local_domain }};
+
+        proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
+        proxy_set_header X-Plex-Device $http_x_plex_device;
+        proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
+        proxy_set_header X-Plex-Platform $http_x_plex_platform;
+        proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
+        proxy_set_header X-Plex-Product $http_x_plex_product;
+        proxy_set_header X-Plex-Token $http_x_plex_token;
+        proxy_set_header X-Plex-Version $http_x_plex_version;
+        proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
+        proxy_set_header X-Plex-Provides $http_x_plex_provides;
+        proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
+        proxy_set_header X-Plex-Model $http_x_plex_model;
+    }
+}
diff --git a/roles/swag/templates/tautulli.subdomain.conf b/roles/swag/templates/tautulli.subdomain.conf
new file mode 100644
index 0000000..35b6912
--- /dev/null
+++ b/roles/swag/templates/tautulli.subdomain.conf
@@ -0,0 +1,34 @@
+## Version 2023/02/05
+# make sure that your tautulli container is named tautulli
+# make sure that your dns has a cname set for tautulli
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name {{ tautulli_host }}.{{ remote_domain }};
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/resolver.conf;
+        proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
+    }
+
+    location ~ (/tautulli)?/api {
+        include /config/nginx/resolver.conf;
+        proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
+    }
+
+    location ~ (/tautulli)?/newsletter {
+        include /config/nginx/resolver.conf;
+        proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
+    }
+
+    location ~ (/tautulli)?/image {
+        include /config/nginx/resolver.conf;
+        proxy_pass http://{{ tautulli_host }}.{{ aya01_host }}.{{ local_domain }};
+    }
+}
diff --git a/roles/swag/templates/uptime-kuma.subdomain.conf b/roles/swag/templates/uptime-kuma.subdomain.conf
new file mode 100644
index 0000000..1a7f2c8
--- /dev/null
+++ b/roles/swag/templates/uptime-kuma.subdomain.conf
@@ -0,0 +1,17 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name {{ kuma_host }}.{{ remote_domain }};
+
+    include /config/nginx/ssl.conf;
+
+    client_max_body_size 0;
+
+    location / {
+        include /config/nginx/resolver.conf;
+        proxy_pass http://{{ kuma_host }}.{{ aya01_host }}.{{ local_domain }};
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
+    }
+}