diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a8b42eb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.retry
diff --git a/README.md b/README.md
index a9ed12a..9a3441d 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,30 @@
 * [wordpress:apache in Docker, with host MySQL config and host nginx](wordpress/)
 * [securing  server](security/)
 
+## How to package Wordpress
+
+### Wordpress + PHP-FPM in Docker + nginx 
+
+* [Dockerise your PHP app with PHP-FPM and nginx](http://geekyplatypus.com/dockerise-your-php-application-with-nginx-and-php7-fpm/)
+
+nginx and PHP-FPM both need access to the files--at the same location. It's thus not easy to have a single nginx serving multiple PHP-FPM containers. You always need a webserver in the same container as PHP-FPM.
+
+### Alternatives
+
+* [WP multisite + Caddy](https://skippy.net/caddy-docker-php-wordpress): arguments against using the Wordpress Docker image, keeps the whole wp install outside the image, and instead focuses on properly configuring PHP-FPM. Has the advantage of being reusable for other PHP projects. Is well argumented.
+
+#### Which webserver?
+
+traefik does not support php-fpm, Caddy does. Not such a problem, we can keep Apache inside the container, who gives a shit.
+
+### Wordpress security
+
+* [File permissions](https://wordpress.org/support/article/changing-file-permissions/)
+* [Sécu Wordpress (fr)](http://wptheme.fr/guide-creation-site-blog/securiser-et-nettoyer-theme-wordpress-virus/)
+
 ## TODO
 
 * review synapse nginx conf - seems incomplete
-laaaaaalallala
+
+
+
diff --git a/wordpress/README.md b/ansible/README.md
similarity index 100%
rename from wordpress/README.md
rename to ansible/README.md
diff --git a/wordpress/ansible-playbook.yml b/ansible/ansible-playbook.yml
similarity index 100%
rename from wordpress/ansible-playbook.yml
rename to ansible/ansible-playbook.yml
diff --git a/wordpress/templates/docker-compose.yml.j2 b/ansible/templates/docker-compose.yml.j2
similarity index 100%
rename from wordpress/templates/docker-compose.yml.j2
rename to ansible/templates/docker-compose.yml.j2
diff --git a/wordpress/templates/nginx-site.conf.j2 b/ansible/templates/nginx-site.conf.j2
similarity index 100%
rename from wordpress/templates/nginx-site.conf.j2
rename to ansible/templates/nginx-site.conf.j2
diff --git a/sites/arvuhez/README.md b/sites/arvuhez/README.md
new file mode 100644
index 0000000..85cc72c
--- /dev/null
+++ b/sites/arvuhez/README.md
@@ -0,0 +1,13 @@
+## MySQL madness!
+
+Wordpress's IP is configured to 172.26.0.2
+
+Do the MySQL!
+
+```mysql
+select host, user, password from mysql.user order by user;
+create user 'arvuhez'@'172.26.0.2' identified by 'kjhs';
+grant all on arvuhez.* to 'arvuhez'@'172.26.0.2';
+show grants for 'arvuhez'@'172.26.0.2';
+```
+
diff --git a/sites/arvuhez/docker-compose.yml b/sites/arvuhez/docker-compose.yml
new file mode 100644
index 0000000..10b7268
--- /dev/null
+++ b/sites/arvuhez/docker-compose.yml
@@ -0,0 +1,24 @@
+version: '3'
+
+services:
+  wp:
+    image: wordpress:apache
+    # build: wp/
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: 172.26.0.1
+      WORDPRESS_DB_USER: arvuhez
+      WORDPRESS_DB_PASSWORD: "xMnCfZzBs8F3y5pEUY8HWAJFu4DGdBFGJqAcbgJN"
+      WORDPRESS_DB_NAME: arvuhez
+    volumes:
+      - "/vault/www/arvuhez_wp-content/:/var/www/html/wp-content"
+    networks:
+      arvuheznet:
+        ipv4_address: 172.26.0.2
+
+networks:
+  arvuheznet:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.26.0.0/16
diff --git a/sites/lexperimental/docker-compose.yml b/sites/lexperimental/docker-compose.yml
new file mode 100644
index 0000000..9cafa7b
--- /dev/null
+++ b/sites/lexperimental/docker-compose.yml
@@ -0,0 +1,27 @@
+version: '3'
+
+
+# Generated by ansible for site lexperimental.fr 
+# At 172.100.0.2 on 172.100.0.0/24
+
+services:
+  wp:
+    image: wordpress:apache
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: "172.100.0.1"
+      WORDPRESS_DB_USER: "lexperimental"
+      WORDPRESS_DB_PASSWORD: "c2nGCmaRfJfF3Ltw5hoVVXF63Gm2VsVGUTdr4eQT"
+      WORDPRESS_DB_NAME: "lexperimental"
+    volumes: ['/var/www/lexperimental/wp-content/:/var/www/html/wp-content']
+
+    networks:
+      net:
+        ipv4_address: "172.100.0.2"
+
+networks:
+  net:
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.100.0.0/24"
diff --git a/sites/lexperimental/lexperimental.fr b/sites/lexperimental/lexperimental.fr
new file mode 100644
index 0000000..0af3cde
--- /dev/null
+++ b/sites/lexperimental/lexperimental.fr
@@ -0,0 +1,44 @@
+# Generated by ansible for site lexperimental.fr 
+# At 172.100.0.2 on 172.100.0.0/24
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_name lexperimental.fr www.lexperimental.fr;
+
+  rewrite ^ https://lexperimental.fr$request_uri permanent;
+}
+
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name lexperimental.fr www.lexperimental.fr;
+
+  access_log  /var/log/nginx/lexperimental-access.log;
+  error_log   /var/log/nginx/error.log;
+
+  # Let's Encrypt
+  include snippets/letsencrypt.conf;
+
+  include snippets/ssl-params.conf;
+  ssl_certificate /etc/letsencrypt/live/lexperimental.fr/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/lexperimental.fr/privkey.pem;
+
+  if ($host = www.lexperimental.fr) {
+    rewrite ^ https://lexperimental.fr$request_uri permanent;
+  }
+
+  # Run by host
+  # root /var/www/lexperimental;
+  # include snippets/wordpress.conf;
+  
+  # Run in Docker
+  include snippets/header-params_server.conf;
+  location / {
+    include snippets/header-params_location.conf;
+  
+    proxy_pass http://172.100.0.2:80;
+  }
+}
+
+
diff --git a/sites/rennes-des-bois/README.md b/sites/rennes-des-bois/README.md
new file mode 100644
index 0000000..5cefe70
--- /dev/null
+++ b/sites/rennes-des-bois/README.md
@@ -0,0 +1,13 @@
+## MySQL madness!
+
+Wordpress's IP is configured to 172.26.0.2
+
+Do the MySQL!
+
+```mysql
+select host, user, password from mysql.user order by user;
+create user 'rdb'@'172.26.0.2' identified by 'kjhs';
+grant all on rdb.* to 'rdb'@'172.26.0.2';
+show grants for 'rdb'@'172.26.0.2';
+```
+
diff --git a/sites/rennes-des-bois/docker-compose.yml b/sites/rennes-des-bois/docker-compose.yml
new file mode 100644
index 0000000..62cc55f
--- /dev/null
+++ b/sites/rennes-des-bois/docker-compose.yml
@@ -0,0 +1,24 @@
+version: '3'
+
+services:
+  wp:
+    image: wordpress:apache
+    # build: wp/
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: 172.27.0.1
+      WORDPRESS_DB_USER: rdb
+      WORDPRESS_DB_PASSWORD: "brEuC8KGQEPh4L9rYiwFaDxDB7FVdWLMB3TbgAcz"
+      WORDPRESS_DB_NAME: rdb
+    volumes:
+      - "/vault/www/rennes-des-bois_wp-content/:/var/www/html/wp-content"
+    networks:
+      rdbnet:
+        ipv4_address: 172.27.0.2
+
+networks:
+  rdbnet:
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.27.0.0/24
diff --git a/wordpress/ansible-playbook.retry b/wordpress/ansible-playbook.retry
deleted file mode 100644
index 2fbb50c..0000000
--- a/wordpress/ansible-playbook.retry
+++ /dev/null
@@ -1 +0,0 @@
-localhost
diff --git a/wordpress/lexperimental/.gitignore b/wordpress/lexperimental/.gitignore
deleted file mode 100644
index 72e8ffc..0000000
--- a/wordpress/lexperimental/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-*