diff --git a/roles/ansible-gentoo_install/tasks/bootloader.yml b/roles/ansible-gentoo_install/tasks/bootloader.yml
index 6e904a1..7dbb18c 100644
--- a/roles/ansible-gentoo_install/tasks/bootloader.yml
+++ b/roles/ansible-gentoo_install/tasks/bootloader.yml
@@ -116,19 +116,19 @@
       - from: GRUB_DISABLE_LINUX_UUID
         to: true
 
-    - name: grub.cfg from roles/ansible-gentoo_install/tasks/
-      shell: |
-        LINE="{{' '.join(AGI_install_syslinux_kernel_line)}}"
-        # LINE="$LINE pti=on doscsi iommu=pt  amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
-        grep  /boot /etc/fstab || exit 1
-        df | grep /boot || mount /boot || exit 2
-        [ -d /boot/grub ] || exit 3
-        [ -f /boot/grub/grub.cfg ] || exit 4
-        [ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst
-        sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg
-      ignore_errors: true
+  - name: grub.cfg from roles/ansible-gentoo_install/tasks/
+    shell: |
+      LINE="{{' '.join(AGI_install_syslinux_kernel_line)}}"
+      # LINE="$LINE pti=on doscsi iommu=pt  amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
+      grep  /boot /etc/fstab || exit 1
+      df | grep /boot || mount /boot || exit 2
+      [ -d /boot/grub ] || exit 3
+      [ -f /boot/grub/grub.cfg ] || exit 4
+      [ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst
+      sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg
+    ignore_errors: true
     
-    when: AGI_install_bootloader == 'grub:2'
+  when: AGI_install_bootloader == 'grub:2'
   
 - name: fstab root
   lineinfile:
diff --git a/roles/ansible-gentoo_install/tasks/main.yml b/roles/ansible-gentoo_install/tasks/main.yml
index 4c36cd5..b540750 100644
--- a/roles/ansible-gentoo_install/tasks/main.yml
+++ b/roles/ansible-gentoo_install/tasks/main.yml
@@ -129,8 +129,7 @@
     debug:
       verbosity: 0
       var: ansible_gentooimgr_out
-
-  check_mode: false
+    check_mode: false
 
   - name: include_tasks local.yml
     include_tasks: local.yml
diff --git a/roles/toxcore/Makefile b/roles/toxcore/Makefile
index 5090244..88d323d 100644
--- a/roles/toxcore/Makefile
+++ b/roles/toxcore/Makefile
@@ -12,6 +12,7 @@ DOCTEST=$(LOCAL_DOCTEST)
 
 default:: local
 
+update::
 test:: local # hourly
 	sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
 
diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/ansible_get_inventory.bash b/roles/toxcore/overlay/Linux/usr/local/bin/ansible_get_inventory.bash
index 681e24d..5760b23 100755
--- a/roles/toxcore/overlay/Linux/usr/local/bin/ansible_get_inventory.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/bin/ansible_get_inventory.bash
@@ -18,6 +18,7 @@ shift
 [ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
 
 [ -n "$PLAY_ANSIBLE_SRC" ] || PLAY_ANSIBLE_SRC=$BASE_ANSIBLE_SRC
+[ -n "$PLAY_ANSIBLE_SRC" ] || PLAY_ANSIBLE_SRC=/mnt/o/data/TestForge/src/ansible
 [ -z "$PLAY_ANSIBLE_SRC" ] && ERROR  export "PLAY_ANSIBLE_SRC" >&2 && exit 3
 [ ! -d "$PLAY_ANSIBLE_SRC" ] && ERROR  ! -d "PLAY_ANSIBLE_SRC" >&2 && exit 4
 [ ! -f "$PLAY_ANSIBLE_SRC"/hosts.yml ] && ERROR  ! -f "PLAY_ANSIBLE_SRC"/hosts.yml >&2  && exit 4
diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash
index c78d666..c4b6cf2 100755
--- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash
@@ -29,7 +29,8 @@ LONGOPTS="help,version,checksum,snapshot,dedupe,moniker:,dest:"
 dedupe=
 DIRS=
 
-. /usr/local/bin/usr_local_base.bash || exit 2
+# . /usr/local/bin/usr_local_base.bash
+. /usr/local/bin/usr_local_tput.bash || exit 2
 error () { retval=$1 ; shift; echo "ERROR: $prog" $* ; exit $retval ; }
 
 ARGS=$(getopt --options $SHORTOPTS  --longoptions $LONGOPTS -- "$@")
diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash
index e968bbc..4439ea9 100755
--- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash
@@ -4,7 +4,8 @@
 prog=$( basename $0 .bash )
 PREFIX=/usr/local
 ROLE=base
-. /usr/local/bin/usr_local_base.bash || exit 2
+# . /usr/local/bin/usr_local_base.bash
+. /usr/local/bin/usr_local_tput.bash || exit 2
 
 umask 0022
 [ "$#" -gt 0 ] && inidir=$1 || inidir=/usr/local/etc/testforge
diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash
index 89177af..00ecfef 100755
--- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash
@@ -25,7 +25,7 @@ fi
 cd /usr/local/src || exit 1
 
 if [ ! -d $DIR ] ; then
-    grep -q "^wlan[1-9][ 	]00000000" /proc/net/route || { echo INFO: not connected ; exit 0 ; }
+    grep -q "^wlan[1-9][0-9]*[ 	]00000000" /proc/net/route || { echo INFO: not connected ; exit 0 ; }
     [ -f /usr/local/net/Http/$URL ] || \
       wget -xcP /usr/local/net/Http/ http://$URL || exit 1
     tar xvfJ /usr/local/net/Http/$URL
@@ -45,7 +45,7 @@ for file in $BASE/*.crt ; do
 
 [ -f blacklist.txt ] || { echo ERROR: missing blacklist.txt ; exit 4 ; }
 
-if [ ! -f certdata.txt.mozilla ] && grep -q "^wlan[1-9][ 	]00000000" /proc/net/route ; then
+if [ ! -f certdata.txt.mozilla ] && grep -q "^wlan[1-9][0-9]*[ 	]00000000" /proc/net/route ; then
     [ -f /usr/local/net/Http/$URL_CERTDATA ] || \
       wget -xcP /usr/local/net/Http/ http://$URL_CERTDATA
 fi
diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash
index 89decad..cd0221e 100755
--- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
 
 # The idea here is to run ansible_local.bash --tags daily
@@ -11,9 +11,9 @@ prog=`basename $0 .bash`
 PREFIX=/usr/local
 ROLE=toxcore
 [ -f /usr/local/etc/testforge/testforge.bash ] && \
-    . /usr/local/etc/testforge/testforge.bash
+    . /usr/local/etc/testforge/testforge.bash && \
+    export PLAY_ANSIBLE_SRC=$BASE_ANSIBLE_SRC
 TOXCORE_LOG_DIR=$PREFIX/var/log
-[ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR
 . /usr/local/src/usr_local_src.bash
 
 TOHOST=files.pythonhosted.org
@@ -35,6 +35,7 @@ errs=0
 warns=0
 WLOG="$TOXCORE_LOG_DIR"/$ly/W$prog$$.log
 ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
+[ -d $TOXCORE_LOG_DIR/$ly ] || mkdir -p $TOXCORE_LOG_DIR/$ly
 
 [ -d /usr/local/share/doc ] || mkdir -p /usr/local/share/doc
 [ -d /var/local/share/doc/txt ] && [ ! -d /usr/local/share/doc/txt ] && \
@@ -72,13 +73,15 @@ if [ -d /etc/libvirt/qemu ] ; then
     fi
 
     if /etc/init.d/libvirtd status ; then
-if [ "$MODE" = whonix ] ; then
-    elt=toxcore_libvirt_test_ga
-    DBUG $elt
-    if virsh net-list | grep -q External ; then
-	/usr/local/bin/toxcore_libvirt_test_ga.bash
+	if [ "$MODE" = whonix ] ; then
+	    elt=toxcore_libvirt_test_ga
+	    DBUG $elt
+	    if virsh net-list | grep -q External ; then
+		/usr/local/bin/toxcore_libvirt_test_ga.bash
+	    fi
+	fi
     fi
-fi
+    if /etc/init.d/libvirtd status >/dev/null ; then
 	virsh list | grep '^ [0-9]' | while read id elt rest ; do
 	    [ $rest = running ] || continue
 	    virsh dumpxml $elt | grep -q org.qemu.guest_agent.0.*connected || \
@@ -94,24 +97,22 @@ export SSLTEST_TESTS="testssl nmap"
 if route | grep -q def ; then
     elt=testforge_ssl_test
     DBUG $elt
-    $PREFIX/bin/testforge_ssl_test.bash -v 3 $TOHOST
+    $PREFIX/bin/toxcore_ssl_test.bash -v 3 $TOHOST
     retval=$?
     if [ $retval -ne 0 ] ; then
-	ERROR retval=$retval testforge_ssl_test.bash -v 3 $TOHOST|tee -a $ELOG
+	ERROR retval=$retval toxcore_ssl_test.bash -v 3 $TOHOST|tee -a $ELOG
     else
-	INFO testforge_ssl_test.bash -v 3 $TOHOST
+	INFO toxcore_ssl_test.bash -v 3 $TOHOST
     fi
-fi
 
-elt=testforge_dirmngr_test
-if route | grep -q default ; then
+    elt=testforge_dirmngr_test
     DBUG $elt
-    $PREFIX/bin/testforge_dirmngr_test.bash
+    $PREFIX/bin/toxcore_dirmngr_test.bash
     retval=$?
     if [ $retval -ne 0 ] ; then
-	ERROR retval=$retval testforge_dirmngr_test.bash | tee -a $ELOG
+	ERROR retval=$retval toxcore_dirmngr_test.bash | tee -a $ELOG
     else
-	INFO testforge_dirmngr_test.bash
+	INFO toxcore_dirmngr_test.bash
     fi
 fi
 
diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_ssl_test.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_ssl_test.bash
index fdc1c44..245875f 100755
--- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_ssl_test.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_ssl_test.bash
@@ -181,7 +181,7 @@ SSLTEST_TESTS="$tests"
 declare -a tests_ran
 tests_ran=()
 
-grep -q "^wlan[1-9][ 	]00000000" /proc/net/route || { WARN "not connected" ; exit 0 ; }
+grep -q "^wlan[1-9][0-9]*[ 	]00000000" /proc/net/route || { WARN "not connected" ; exit 0 ; }
 
 IF=`route | grep ^def |sed -e 's/.* //'`
 [ -n "$IF" ] || { ERROR "no IF" ; exit 10 ; }
@@ -232,7 +232,7 @@ ssltest_proxies $onion
 rm -f $TMPDIR/${LOGP}.*.*
 OUTF=$TMPDIR/${LOGP}.out
 for CAFILE in $SSLTEST_CERTS ; do
-    grep -q "^wlan[1-9][ 	]00000000" /proc/net/route || {
+    grep -q "^wlan[1-9][0-9]*[ 	]00000000" /proc/net/route || {
 	WARN $prog we are not connected >&2
 	exit `expr 256 - 1`
     }
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055.bash b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055.bash
index 2eb1f81..2441d5d 100644
--- a/roles/toxcore/overlay/Linux/usr/local/src/dracut-055.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/src/dracut-055.bash
@@ -8,7 +8,7 @@ PREFIX=/usr/local
 ROLE=toxcore
 
 PKG=dracut
-VER=050
+VER=055
 DIR=${PKG}-$VER
 URL=distfiles.gentoo.org/distfiles/$DIR.tar.xz
 URI="https://www.kernel.org/pub/linux/utils/boot/${VER}/${DIR}.tar.xz"
@@ -21,18 +21,20 @@ gpg --recv-keys 9BAD8B9BBD1CBDEDE3443292900F3C4971086004
 cd $PREFIX/src || exit 2
 WD=$PWD
 
-if [ -d /etc/apt -a $USER = root ] ; then
-    # old_debian_requires asciidoc libkmod-dev libkmod-dev xsltproc
-    which xsltproc 2>/dev/null || apt-get install xsltproc || exit 2
-    which asciidoc 2>/dev/null || apt-get install asciidoc || exit 2
-  elif [ -d /etc/portage -a $USER = root ] ; then
-    which cpio >/dev/null || emerge -fp app-arch/cpio || exit 2
-    [ -f /usr/lib64/libkmod.so ] || emerge -fp '>=sys-apps/kmod-23[tools]' || exit 2
-  fi
+if [  $USER = root ] ; then
+    if [ -d /etc/apt ] ; then
+	# old_debian_requires asciidoc libkmod-dev libkmod-dev xsltproc
+	which xsltproc 2>/dev/null || apt-get install xsltproc || exit 2
+	which asciidoc 2>/dev/null || apt-get install asciidoc || exit 2
+    elif [ -d /etc/portage -a $USER = root ] ; then
+	which cpio >/dev/null || emerge -fp app-arch/cpio || exit 2
+	[ -f /usr/lib64/libkmod.so ] || emerge -fp '>=sys-apps/kmod-23[tools]' || exit 2
+    fi
+fi
 
 if [ ! -f $DIR/dracut-initramfs-restore ] ; then
     if [ -e $PREFIX/net/Http/$URL ] ; then
-      ip route|grep -q ^default || { echo "DEBUG: $0 not connected" ; exit 0 ; }
+      route|grep -q ^default || { echo "DEBUG: $0 not connected" ; exit 0 ; }
       wget -xc -P $PREFIX/net/Http https://$URL
     fi
     tar xvfJ $PREFIX/net/Http/$URL
@@ -48,23 +50,23 @@ grep -q ^prefix=$PREFIX configure || \
 
 
 src_configure() {
-        local PV=$VER
+    local PV=$VER
 
 #	tc-export CC PKG_CONFIG
-        sed -e "s@^prefix=/usr\$@prefix=$PREFIX@" -i configure
-	./configure \
-		--disable-documentation \
-		--prefix="${PREFIX}" \
-		--sysconfdir="${PREFIX}/etc" \
-	    || return 1
+    sed -e "s@^prefix=/usr\$@prefix=$PREFIX@" -i configure
+    ./configure \
+	--disable-documentation \
+	--prefix="${PREFIX}" \
+	--sysconfdir="${PREFIX}/etc" \
+	|| return 1
 #		--bashcompletiondir="$(get_bashcompdir)"
 #		--systemdsystemunitdir="$(systemd_get_systemunitdir)"
 
-	if [ ! -f dracut-version.sh ] ; then
-		# Source tarball from github doesn't include this file
-		echo "DRACUT_VERSION=${PV}" > dracut-version.sh
-	fi
-	return 0
+    if [ ! -f dracut-version.sh ] ; then
+	# Source tarball from github doesn't include this file
+	echo "DRACUT_VERSION=${PV}" > dracut-version.sh
+    fi
+    return 0
 }
 
 if [ "$#" -eq 0 ] ; then
@@ -110,7 +112,16 @@ EOF
     [ -x $PREFIX/lib/dracut/dracut-install -a \
 	 $PREFIX/lib/dracut/dracut-install -nt install/dracut-install ] || \
 	make install >> install.log  2>&1 || exit 8
+    [ -x $PREFIX/bin/${ROLE}_dracut.bash ] || cat >$PREFIX/bin/${ROLE}_dracut.bash <<EOF
+ROLE=$ROLE
+PREFIX=/usr/local
+VER=055
 
+cd $PREFIX/src/dracut-$VER || exit 1
+
+exec dracut.sh "\$@"
+EOF
+    
 elif [ "$1" = 'test' ] ; then
     $PREFIX/bin/$PKG --help || exit 30
     # Has tests
@@ -126,7 +137,6 @@ elif [ "$1" = 'refresh' ] ; then # 6*
 	tar xfBv - -C ../../patches/gpgkey/usr/local/src/dracut-050/
 fi
 
-
 exit 0
 
 cp -p  install/dracut-install $PREFIX/bin
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/kernelexpect.bash b/roles/toxcore/overlay/Linux/usr/local/src/kernelexpect.bash
index 0dac0cd..8124db8 100755
--- a/roles/toxcore/overlay/Linux/usr/local/src/kernelexpect.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/src/kernelexpect.bash
@@ -2,13 +2,13 @@
 # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
 
 prog=`basename $0 .bash`
-PREFIX=/var/local
+PREFIX=/usr/local
 [ -f /usr/local/etc/testforge/testforge.bash ] && \
   . /usr/local/etc/testforge/testforge.bash
 ROLE=toxcore
 
-. /var/local/src/var_local_src.bash || exit 2
-
+. /usr/local/src/usr_local_src.bash || exit 2
+x
 PKG="kernel-expect"
 
 GIT_HUB=github.com
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash b/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash
index aab6acd..7f5b5e7 100755
--- a/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash
@@ -12,7 +12,7 @@ P="BASE_PYTHON${PYVER}_MINOR"
 [ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
 PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh
 PYTHON_EXE=$PYTHON_EXE_MSYS
-PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh
+PIP_EXE_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh
 
 MOD="pyassuan"
 DIR="${MOD}"
diff --git a/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash b/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash
index 4cf3f3c..ac11a72 100755
--- a/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash
+++ b/roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash
@@ -28,11 +28,14 @@ if [ "$#" -eq 0 ] ; then
 #	[ -f $PREFIX/bin/sdwdate.bash ] || \
 #	sh sdwdate.bash
 
+    bash analyze-ssl.bash
     bash gridfire.bash # || exit 16$?
     bash pyassuan.bash #|| exit 17$?
     bash tinfoilhat.shmoo.com.bash
     #    sh negotiator.bash
     bash kernelexpect.bash
+    bash kernel-hardening-checker.bash
+    
     # bash dracut-055.bash
     bash toxygen_wrapper.bash
     
diff --git a/roles/toxcore/tasks/Gentoo/main.yml b/roles/toxcore/tasks/Gentoo/main.yml
new file mode 100644
index 0000000..09c08cb
--- /dev/null
+++ b/roles/toxcore/tasks/Gentoo/main.yml
@@ -0,0 +1,2 @@
+- include_tasks: Gentoo//use.yml
+- include_tasks: Gentoo//mask.yml
diff --git a/roles/toxcore/tasks/Gentoo/mask.yml b/roles/toxcore/tasks/Gentoo/mask.yml
new file mode 100644
index 0000000..5c95c56
--- /dev/null
+++ b/roles/toxcore/tasks/Gentoo/mask.yml
@@ -0,0 +1,47 @@
+# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
+# This is an automatically generated file: do not edit
+
+---
+
+
+
+- name: "/etc/portage/package.mask/2023_BROKEN.txt"
+  blockinfile:
+    dest: /etc/portage/package.mask/2023_BROKEN.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore qemu"
+    block: |
+      =app-emulation/qemu-guest-agent-8.0.2
+
+- name: "/etc/portage/package.mask/2023_BROKEN.txt"
+  blockinfile:
+    dest: /etc/portage/package.mask/2023_BROKEN.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore qemu"
+    block: |
+      =app-emulation/qemu-guest-agent-8.0.0
+
+- name: "/etc/portage/package.mask/2023_BROKEN.txt"
+  blockinfile:
+    dest: /etc/portage/package.mask/2023_BROKEN.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore qemu"
+    block: |
+      =app-emulation/qemu-guest-agent-8.0.3
+
+- name: "/etc/portage/package.mask/2023_BROKEN.txt"
+  blockinfile:
+    dest: /etc/portage/package.mask/2023_BROKEN.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvirt"
+    block: |
+      =app-emulation/libvirt-9.4.0-r1
+
+- name: "/etc/portage/package.mask/2022_BLOCKED.txt"
+  blockinfile:
+    dest: /etc/portage/package.mask/2022_BLOCKED.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore docker"
+    block: |
+      app-containers/docker-compose
+
diff --git a/roles/toxcore/tasks/Gentoo/use.yml b/roles/toxcore/tasks/Gentoo/use.yml
new file mode 100644
index 0000000..1b87c71
--- /dev/null
+++ b/roles/toxcore/tasks/Gentoo/use.yml
@@ -0,0 +1,367 @@
+# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
+# This is an automatically generated file: do not edit
+
+---
+
+
+
+- name: "/etc/portage/package.use/2020-03_jq.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-03_jq.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore jq"
+    block: |
+      app-misc/jq oniguruma
+
+- name: "/etc/portage/package.use/2017-01_git.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2017-01_git.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore git"
+    block: |
+      dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
+
+- name: "/etc/portage/package.use/2017-01-01_libguestfs.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2017-01-01_libguestfs.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore iptables"
+    block: |
+      net-firewall/iptables nftables ipv6
+
+- name: "/etc/portage/package.use/2017-01_git.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2017-01_git.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore git"
+    block: |
+      dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
+
+- name: "/etc/portage/package.use/2015-05_pylint.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2015-05_pylint.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore pylint"
+    block: |
+      dev-python/pylint tk
+
+- name: "/etc/portage/package.use/2017-08_testdisk.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2017-08_testdisk.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore testdisk"
+    block: |
+      app-admin/testdisk ntfs qt5 -ewf
+
+- name: "/etc/portage/package.use/2020-01_static-libs.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_static-libs.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore zstd"
+    block: |
+      app-arch/zstd static-libs
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libsodium"
+    block: |
+      dev-libs/libsodium verify-sig
+
+- name: "/etc/portage/package.use/2016-11_world.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2016-11_world.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvpx"
+    block: |
+      media-libs/libvpx svc
+
+- name: "/etc/portage/package.use/2019-02_electron.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2019-02_electron.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvpx"
+    block: |
+      media-libs/libvpx postproc svc
+
+- name: "/etc/portage/package.use/2013-07-cryptsetup.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2013-07-cryptsetup.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore argon2"
+    block: |
+      app-crypt/argon2 static-libs
+
+- name: "/etc/portage/package.use/2020-01_static-libs.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_static-libs.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore argon2"
+    block: |
+      app-crypt/argon2 static-libs
+
+- name: "/etc/portage/package.use/2016-11_world.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2016-11_world.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvpx"
+    block: |
+      media-libs/libvpx svc
+
+- name: "/etc/portage/package.use/2019-02_electron.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2019-02_electron.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvpx"
+    block: |
+      media-libs/libvpx postproc svc
+
+- name: "/etc/portage/package.use/2021-04_world.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-04_world.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libxcb"
+    block: |
+      x11-libs/libxcb xkb
+
+- name: "/etc/portage/package.use/2018-01_qt.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2018-01_qt.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libxkbcommon"
+    block: |
+      x11-libs/libxkbcommon X tools
+
+- name: "/etc/portage/package.use/2020-01_readline.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_readline.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libxml2"
+    block: |
+      dev-libs/libxml2 -readline
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libxml2"
+    block: |
+      dev-libs/libxml2:2 verify-sig
+
+- name: "/etc/portage/package.use/2021-04_world.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-04_world.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libxml2"
+    block: |
+      dev-libs/libxml2  python icu ipv6 lzma
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvirt-python"
+    block: |
+      dev-python/libvirt-python verify-sig
+
+- name: "/etc/portage/package.use/2021-08_wafw00f.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-08_wafw00f.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore requests"
+    block: |
+      dev-python/requests socks5
+
+- name: "/etc/portage/package.use/2020-00_dbus.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-00_dbus.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore dbus"
+    block: |
+      sys-apps/dbus X elogind -systemd
+
+- name: "/etc/portage/package.use/2020-01_dbus.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_dbus.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore dbus"
+    block: |
+      sys-apps/dbus X elogind -systemd
+
+- name: "/etc/portage/package.use/2021-01_wayland.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-01_wayland.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore gtk+"
+    block: |
+      x11-libs/gtk+ X -wayland
+
+- name: "/etc/portage/package.use/2021-04_world.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-04_world.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore vte"
+    block: |
+      x11-libs/vte crypt -icu introspection vala -debug -gtk-doc -systemd -vanilla
+
+- name: "/etc/portage/package.use/2022-01_xterms.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2022-01_xterms.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore vte"
+    block: |
+      x11-libs/vte vanilla
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore zfs-kmod"
+    block: |
+      sys-fs/zfs-kmod verify-sig
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore zfs"
+    block: |
+      sys-fs/zfs verify-sig
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore zfs"
+    block: |
+      sys-fs/zfs-kmod verify-sig
+
+- name: "/etc/portage/package.use/2020-01_nls.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_nls.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore qemu"
+    block: |
+      app-emulation/qemu -nls
+
+- name: "/etc/portage/package.use/2021-04_qemu.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-04_qemu.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore qemu"
+    block: |
+      app-emulation/qemu -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd #
+
+- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2023-00_python-3.11.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore qemu"
+    block: |
+      app-emulation/qemu  python_single_target_python3_11 -python_single_target_python3_10
+
+- name: "/etc/portage/package.use/2019-09_spice-gtk.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2019-09_spice-gtk.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore spice-gtk"
+    block: |
+      >=net-misc/spice-gtk-0.35 usbredir
+
+- name: "/etc/portage/package.use/2020-01_polkit.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_polkit.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore spice-gtk"
+    block: |
+      net-misc/spice-gtk policykit
+
+- name: "/etc/portage/package.use/2020-01_polkit.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_polkit.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvirt"
+    block: |
+      app-emulation/libvirt apparmor audit -bash-completion caps -dbus -dtrace -firewalld fuse -glusterfs -iscsi -iscsi-direct libssh libvirtd lvm lxc -macvtap -nfs -nls numa -openvz parted pcap -policykit qemu -rbd -sasl -selinux udev vepa verify-sig virt-network virtualbox -wireshark-plugins -xen -zfs
+
+- name: "/etc/portage/package.use/2020-10_nfs.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-10_nfs.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvirt"
+    block: |
+      app-emulation/libvirt -nfs
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvirt"
+    block: |
+      app-emulation/libvirt verify-sig
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvirt"
+    block: |
+      dev-python/libvirt-python verify-sig
+
+- name: "/etc/portage/package.use/2020-01_polkit.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2020-01_polkit.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore virt-manager"
+    block: |
+      app-emulation/virt-manager gtk -policykit virtualbox libvirtd caps dbus fuse libssh lxc macvtap numa parted pcap policykit qemu vepa virt-network
+
+- name: "/etc/portage/package.use/2019-11_qxl.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2019-11_qxl.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore xf86-video-qxl"
+    block: |
+      x11-drivers/xf86-video-qxl xspice
+
+- name: "/etc/portage/package.use/2019-11_libguestfs.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2019-11_libguestfs.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libguestfs"
+    block: |
+      app-emulation/libguestfs parted virtualbox libvirt -erlang -lua perl fuse gtk inspect-icons introspection -ocaml python -ruby
+
+- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2023-00_python-3.11.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libguestfs"
+    block: |
+      app-emulation/libguestfs python_single_target_python3_11
+
+- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2021-00_verify-sig.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore libvirt-python"
+    block: |
+      dev-python/libvirt-python verify-sig
+
+- name: "/etc/portage/package.use/2017-02_docker.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2017-02_docker.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore tini"
+    block: |
+      sys-process/tini static args
+
+- name: "/etc/portage/package.use/2017-02_docker.txt"
+  blockinfile:
+    dest: /etc/portage/package.use/2017-02_docker.txt
+    create: true
+    marker: "# {mark} Ansible Managed Block toxcore docker"
+    block: |
+      app-containers/docker btrfs
+
diff --git a/roles/toxcore/tasks/libvirt.yml b/roles/toxcore/tasks/libvirt.yml
index 2f8d3c3..0d13ea8 100644
--- a/roles/toxcore/tasks/libvirt.yml
+++ b/roles/toxcore/tasks/libvirt.yml
@@ -120,3 +120,13 @@
     - "'libvirt' in BOX_TOXCORE_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
     - "ansible_virtualization_role|replace('NA', 'host') == 'host'"
 
+- block:
+      
+  - name: usr/local/etc/supervisor/conf.d/socat9050.conf
+    template:
+      src: usr/local/etc/supervisor/conf.d/socat9050.conf
+      dest: /usr/local/etc/supervisor/conf.d/socat9050.conf
+  
+  when:
+    - "'libvirt' in BOX_TOXCORE_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
+    - "ansible_virtualization_role|replace('NA', 'host') == 'host'"
diff --git a/roles/toxcore/tasks/users.yml b/roles/toxcore/tasks/users.yml
index 8961e0f..3a41f9c 100644
--- a/roles/toxcore/tasks/users.yml
+++ b/roles/toxcore/tasks/users.yml
@@ -16,35 +16,35 @@
     - "~/.gpg"
 
 - block:
-
-# https://stackoverflow.com/questions/13114268/passing-ciphers-to-libcurl-through-git
-# https://git-scm.com/docs/git-config#git-config-httpsslCipherList
-- name: ~/.gitconfig TEST_SSL_GIT_CIPHERLIST
-  ini_file:
-    path: "{{ item.dest }}"
-    create: yes
-    section: "http"
-    option: "sslCipherList"
-    value: "{{ TEST_SSL_GIT_CIPHERLIST|join(' ') }}"
-  when:
-    - TEST_SSL_GIT_CIPHERLIST|default([])|length > 0
-  with_items:
-    - {dest: "{{USER_HOME}}/.gitconfig", owner: "{{ LOOP_USER }}", group: "{{ BOX_ALSO_GROUP }}" }
-
-# https://stackoverflow.com/questions/48938019/git-pull-push-unable-to-access-https-ssl-routines-seem-to-be-down
-# git config http.sslVersion tlsv1.2
-- name: ~/.gitconfig TEST_SSL_GIT_SSLVERSION
-  ini_file:
-    path: "{{ item.dest }}"
-    create: yes
-    section: "http"
-    option: "sslVersion"
-    value: "{{ TEST_SSL_GIT_SSLVERSION }}"
-  when:
-    - TEST_SSL_GIT_SSLVERSION|default('') != ''
-  with_items:
-    - { dest: "{{USER_HOME}}/.gitconfig", owner: "{{ LOOP_USER }}", group: "{{ BOX_ALSO_GROUP }}" }
-
+  
+  # https://stackoverflow.com/questions/13114268/passing-ciphers-to-libcurl-through-git
+  # https://git-scm.com/docs/git-config#git-config-httpsslCipherList
+  - name: ~/.gitconfig TEST_SSL_GIT_CIPHERLIST
+    ini_file:
+      path: "{{ item.dest }}"
+      create: yes
+      section: "http"
+      option: "sslCipherList"
+      value: "{{ TEST_SSL_GIT_CIPHERLIST|join(' ') }}"
+    when:
+      - TEST_SSL_GIT_CIPHERLIST|default([])|length > 0
+    with_items:
+      - {dest: "{{USER_HOME}}/.gitconfig", owner: "{{ LOOP_USER }}", group: "{{ BOX_ALSO_GROUP }}" }
+  
+  # https://stackoverflow.com/questions/48938019/git-pull-push-unable-to-access-https-ssl-routines-seem-to-be-down
+  # git config http.sslVersion tlsv1.2
+  - name: ~/.gitconfig TEST_SSL_GIT_SSLVERSION
+    ini_file:
+      path: "{{ item.dest }}"
+      create: yes
+      section: "http"
+      option: "sslVersion"
+      value: "{{ TEST_SSL_GIT_SSLVERSION }}"
+    when:
+      - TEST_SSL_GIT_SSLVERSION|default('') != ''
+    with_items:
+      - { dest: "{{USER_HOME}}/.gitconfig", owner: "{{ LOOP_USER }}", group: "{{ BOX_ALSO_GROUP }}" }
+  
   # https://stackoverflow.com/questions/21181231/server-certificate-verification-failed-cafile-etc-ssl-certs-ca-certificates-c
   - name: ~/.gitconfig with proxy http
     blockinfile:
@@ -133,8 +133,6 @@
       block: |
         [socks]
           proxy = {{SOCKS_PROXYTYPE}}://{{SOCKS_PROXYHOST}}:{{SOCKS_PROXYPORT}}
-    when:
-      - true
     with_items:
       - dest: "~{{LOOP_USER}}/.gitconfig"
         owner: "{{ LOOP_USER }}"
diff --git a/roles/toxcore/vars/Devuan5.yml b/roles/toxcore/vars/Devuan5.yml
index 4c27207..a89d310 100644
--- a/roles/toxcore/vars/Devuan5.yml
+++ b/roles/toxcore/vars/Devuan5.yml
@@ -109,6 +109,8 @@ toxcore_debs_inst:
   - virtinst
   - python3-hacking
 #  - cloud-init
+  - libfile-which-perl
+  - libexpect-perl
 
 toxcore_qemu_debs_inst:
   - qemu-kvm
diff --git a/roles/toxcore/vars/Gentoo2.yml b/roles/toxcore/vars/Gentoo2.yml
index fc0dcea..992b23f 100644
--- a/roles/toxcore/vars/Gentoo2.yml
+++ b/roles/toxcore/vars/Gentoo2.yml
@@ -73,6 +73,8 @@ toxcore_pkgs_inst:
   - x11-libs/gtk+
   - x11-libs/gtksourceview
   - x11-libs/vte
+  - dev-perl/Expect
+  - dev-perl/File-Which
 
 toxcore_pkgs_masked:
   - x11-drivers/xf86-video-amdgpu
diff --git a/roles/toxcore/vars/use.txt b/roles/toxcore/vars/use.txt
index 430c8df..2f519d5 100644
--- a/roles/toxcore/vars/use.txt
+++ b/roles/toxcore/vars/use.txt
@@ -11,6 +11,9 @@
 # /etc/portage/package.use/2017-01_git.txt git
       dev-vcs/git% -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
 
+# /etc/portage/package.use/2015-05_pylint.txt pylint
+      dev-python/pylint% tk
+
 # /etc/portage/package.use/2017-08_testdisk.txt testdisk
       app-admin/testdisk% ntfs qt5 -ewf
 
@@ -90,7 +93,7 @@
       app-emulation/qemu% -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd #
 
 # /etc/portage/package.use/2023-00_python-3.11.txt qemu
-      app-emulation/qemu%   python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10
+      app-emulation/qemu%  python_single_target_python3_11 -python_single_target_python3_10
 
 # /etc/portage/package.use/2019-09_spice-gtk.txt spice-gtk
       >=net-misc/spice-gtk-0.35% usbredir