diff --git a/docker/app/frank.Dockerfile b/docker/app/frank.Dockerfile
index 1a41541..317be5e 100644
--- a/docker/app/frank.Dockerfile
+++ b/docker/app/frank.Dockerfile
@@ -1,15 +1,15 @@
 FROM python:latest
-RUN mkdir /app
-WORKDIR /app
-ADD https://git.tanshu.com/tanshu/barker/raw/branch/main/frank/pyproject.toml /app/pyproject.toml
 
 # Install Poetry
-RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | POETRY_HOME=/opt/poetry python && \
+RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | POETRY_HOME=/opt/poetry python && \
     cd /usr/local/bin && \
     ln -s /opt/poetry/bin/poetry && \
     poetry config virtualenvs.create false && \
-    cd /app && \
-    poetry install --no-root --no-dev
+    mkdir /app
+
+WORKDIR /app
+ADD https://git.tanshu.com/tanshu/barker/raw/branch/main/frank/pyproject.toml /app/pyproject.toml
+RUN poetry install --no-root --no-dev
 
 ADD https://git.tanshu.com/api/v1/repos/tanshu/barker/tags /tags.json
 RUN git clone --single-branch --depth 1 https://git.tanshu.com/tanshu/barker.git /repo
diff --git a/docker/bake-pies.yml b/docker/bake-pies.yml
new file mode 100755
index 0000000..7ce6576
--- /dev/null
+++ b/docker/bake-pies.yml
@@ -0,0 +1,153 @@
+#################################################
+# DO Community Playbooks: Docker
+#################################################
+---
+- hosts: all
+  become: true
+  vars_files:
+    - vars/pies.yml
+
+  tasks:
+    - name: Check if LCD Rotated
+      shell: grep -c "lcd_rotate=2" /boot/config.txt || true
+      register: lcd_rotate_test
+
+    - name: rotate the lcd
+      lineinfile:
+        dest: /boot/config.txt
+        line: lcd_rotate=2
+      when: lcd_rotate_test.stdout == "0"
+
+    - name: Update the hostname file
+      replace:
+        path: /etc/hostname
+        regexp: '(\s*)raspberrypi(\s+.*)?$'
+        replace: "\\1{{ hostname }}\\2"
+        backup: yes
+
+    - name: Update the hosts file
+      replace:
+        path: /etc/hosts
+        regexp: '(\s+)raspberrypi(\s+.*)?$'
+        replace: "\\1{{ hostname }}\\2"
+        backup: yes
+
+    - name: Ensure SSH Directory exists
+      file:
+          path: /home/pi/.ssh
+          state: directory
+          group: pi
+          owner: pi
+          mode: 0700
+
+    - name: Ensure authorized_keys file exists
+      copy:
+        content: ""
+        dest: /home/pi/.ssh/authorized_keys
+        force: no
+        group: pi
+        owner: pi
+        mode: 0644
+
+    - name: Check Peitho public key
+      shell: "grep -c \"{{ peitho_key }}\" /home/pi/.ssh/authorized_keys || true"
+      register: peithokey_test
+
+    - name: Add Peitho public key
+      lineinfile:
+        dest: /home/pi/.ssh/authorized_keys
+        line: "{{ peitho_key }}"
+      when: peithokey_test.stdout == "0"
+
+    - name: Check if .ssh config file exists
+      stat:
+        path: /home/pi/.ssh/config
+      register: config_status
+
+    - name: No need to upload the .ssh config
+      when: config_status.stat.exists == true
+      debug:
+        msg: No need to upload the .ssh config as it already exists.
+
+    - name: Upload the .ssh config file
+      when: config_status.stat.exists == false
+      template:
+        src: "files/config"
+        dest: "/home/pi/.ssh/config"
+        group: pi
+        owner: pi
+        mode: 0644
+
+    - name: Check if rsa key exists
+      stat:
+        path: /home/pi/.ssh/id_rsa
+      register: key_status
+
+    - name: No need to generate new rsa key
+      when: key_status.stat.exists == true
+      debug:
+        msg: No need to generate new rsa key as it already exists.
+
+    - name: Generate new rsa key
+      when: key_status.stat.exists == false
+      become: yes
+      become_user: pi
+      shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
+#      shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "$(whoami)@$(hostname) $(date '+%Y.%m.%d')" -N ""
+
+    - name: Install Docker
+      shell: curl -sSL https://get.docker.com | sh
+
+    - name: Install matchbox-keyboard
+      package:
+        name: matchbox-keyboard
+        state: latest
+
+    - name: Install python3-docker
+      package:
+        name: python3-docker
+        state: latest
+
+    - name: adding user pi to group docker
+      user:
+        name: pi
+        groups: docker
+        append: yes
+
+    - name: adding user pi to group lp (line printers)
+      user:
+        name: pi
+        groups: lp
+        append: yes
+
+    - name: install knox-redis-tunnel systemd unit file
+      template:
+        src: "files/knox-redis-tunnel.service"
+        dest: "/etc/systemd/system/knox-redis-tunnel.service"
+
+    - name: enable service knox-redis-tunnel and ensure it is not masked
+      systemd:
+        name: knox-redis-tunnel
+        enabled: yes
+        masked: no
+
+    - name: Make sure knox-redis-tunnel service is running
+      systemd:
+        state: started
+        name: knox-redis-tunnel
+
+    - name: install knox-redis-tunnel systemd unit file
+      template:
+        src: "files/gotthard.service"
+        dest: "/etc/systemd/system/gotthard.service"
+
+    - name: enable service gotthard and ensure it is not masked
+      systemd:
+        name: gotthard
+        enabled: yes
+        masked: no
+
+    - name: Make sure gotthard service is running
+      systemd:
+        state: started
+        name: gotthard
diff --git a/docker/files/config b/docker/files/config
new file mode 100644
index 0000000..217f924
--- /dev/null
+++ b/docker/files/config
@@ -0,0 +1,4 @@
+Host do knox knox.tanshu.com
+    HostName knox.tanshu.com
+    IdentityFile ~/.ssh/id_rsa
+    User tanshu
diff --git a/docker/files/frank.sh b/docker/files/frank.sh
index 5d81694..213b496 100644
--- a/docker/files/frank.sh
+++ b/docker/files/frank.sh
@@ -1 +1 @@
-docker run --detach --name frank --hostname=moh1 --env-file=/home/pi/frank.env --network=host --restart=no --device /dev/usb/lp0:/printer frank:latest
+docker run --detach --name frank --env-file=/home/pi/frank.env --network=host --restart=no --device /dev/usb/lp0:/printer frank:latest
diff --git a/docker/files/gotthard.service b/docker/files/gotthard.service
new file mode 100644
index 0000000..ef67dbe
--- /dev/null
+++ b/docker/files/gotthard.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Reverse SSH connection
+After=network.target
+
+[Service]
+Type=simple
+User=pi
+
+ExecStart=/usr/bin/ssh -NTg -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -R {{ ssh_port }}:localhost:22 tanshu@knox.tanshu.com
+
+# Restart every >2 seconds to avoid StartLimitInterval failure
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=default.target
diff --git a/docker/files/knox-redis-tunnel.service b/docker/files/knox-redis-tunnel.service
new file mode 100644
index 0000000..90d3402
--- /dev/null
+++ b/docker/files/knox-redis-tunnel.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Keep ssh tunnel to specified remote host open
+After=network.target
+
+[Service]
+User=pi
+
+ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/pi/.ssh/id_rsa -L 6379:localhost:6379 tanshu@knox.tanshu.com
+
+# Restart every >2 seconds to avoid StartLimitInterval failure
+RestartSec=5
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/docker/playbook-frank.yml b/docker/playbook-frank.yml
index f0902eb..30c30ed 100755
--- a/docker/playbook-frank.yml
+++ b/docker/playbook-frank.yml
@@ -31,8 +31,11 @@
     - name: Upload the frank .env file
       when: status.stat.exists == false
       template:
-        src: "files/frank.env"
-        dest: "/home/pi/frank.env"
+        src: files/frank.env
+        dest: /home/pi/frank.env
+        group: pi
+        owner: pi
+        mode: 0644
 
     - name: Create frank worker container
       docker_container:
@@ -46,10 +49,20 @@
           - "{{ printer_port }}:/printer"
 
     - name: Copy docker build script
-      synchronize: src=files/build-frank.sh dest=/home/pi/dockerfile/build-frank.sh
+      template:
+        src: files/build-frank.sh
+        dest: /home/pi/dockerfile/build-frank.sh
+        group: pi
+        owner: pi
+        mode: 0644
 
     - name: Copy docker run script
-      synchronize: src=files/frank.sh dest=/home/pi/dockerfile/frank.sh
+      template:
+        src: files/frank.sh
+        dest: /home/pi/dockerfile/frank.sh
+        group: pi
+        owner: pi
+        mode: 0644
 
     - name: install frank systemd unit file
       template:
diff --git a/docker/vars/pies.yml b/docker/vars/pies.yml
new file mode 100644
index 0000000..4d3b186
--- /dev/null
+++ b/docker/vars/pies.yml
@@ -0,0 +1,4 @@
+---
+hostname: "chd3"
+ssh_port: "22447"
+peitho_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrT4geK0hUTc/3NDVt0g3DZwdOg2dRq4MbNdVvmRVsJHXRXWkyehzDVTRmxxmUvPZgy20QgLcMVJWQ1128ksg7tYNcVRw7/8kV9xMmVFeHGc03H+8WltUuDrbcM5ejaIFvYgZvZpl1A7uuE8VOT6Z0LentV7VSKpmhrRsnYw3+parmjCLWSoW6HLj6L841OlF+4u07fPj92qXonqufeWvh5Fr2RF+uBkDv3Bk+Lk7ENa0GLt9zu/5zVZGynXpCIRwltxCFkLoFYEzXYxT4jGWSxZQmLizm08RFfQGlrbYx/3qUomF/A7cgpkPo8kOq4iXtc+1+1GZNKhg8356yeQonUdbZ9hUfEfgyHRGRx9x5cq588XKYy7VsYDp/08ZYB0RvvGvO4fVzmVUwrTwxQXJaKkqTMdkee11JAaDfJpfsyrAcLiD/jp2ezoJhGWJxZLZQSMLtZcyRWPw6bPT65a8MdyF3b1Mv2aOU78Gjagh7mH8DCa3ZtPglngiwjKMZTMvSavNtDEE5CUL6hE+Hsqo6RUGRnYy3VvqvBepx3+CyTwYNvg2+AuzacKjumhrxG5Ca0gyxFdHVSK0eFqsVotU7/m8yJUxSYzsyeEC/sELpj3H3JU1aaySCnW22T6b/8Fwe2Sj0YHIvNidN1K5/voxqd9WgNObdcvbOXNUfd4vAdQ== 2020.05.26 peitho"