diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml
index dded8e4..aac13ab 100644
--- a/roles/consul/defaults/main.yml
+++ b/roles/consul/defaults/main.yml
@@ -113,6 +113,10 @@ consul_base_conf:
     internal_rpc:
       verify_server_hostname: True
 
+  # Limits
+  limits: {}
+    # http_max_conns_per_client: 200
+
 consul_extra_conf: {}
 consul_host_conf: {}
 consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}"
diff --git a/roles/consul/templates/consul.hcl.j2 b/roles/consul/templates/consul.hcl.j2
index f5bf046..9dd3d1a 100644
--- a/roles/consul/templates/consul.hcl.j2
+++ b/roles/consul/templates/consul.hcl.j2
@@ -142,3 +142,11 @@ auto_encrypt {
 }
 {% endif %}
 {% endif %}
+
+limits {
+{% for key in ['http_max_conns_per_client'] %}
+  {%- if consul_conf.limits[key] is defined %}
+  {{ key }} = {{ consul_conf.limits[key] }}
+  {%- endif %}
+{%- endfor %}
+}
diff --git a/roles/consul_bin/defaults/main.yml b/roles/consul_bin/defaults/main.yml
index f9c8f1f..1ef8a2b 100644
--- a/roles/consul_bin/defaults/main.yml
+++ b/roles/consul_bin/defaults/main.yml
@@ -1,8 +1,8 @@
 ---
 
 # Version of consul to deploy
-consul_version: 1.18.0
+consul_version: 1.18.1
 # URL from where the consul archive will be downloaded
 consul_archive_url: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-consul_archive_sha256: 5d1fdc852b35dc94efe73cf52ba60c775248c7c9362bb684c94fcdb4118ae508
+consul_archive_sha256: 5faa9cc3f2832e3ae454a3ec2dbc6799179d14e1e09463f220bb906c590f4b05
diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml
index 682340e..d3a46c1 100644
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version to install
-gitea_version: 1.21.8
+gitea_version: 1.21.10
 # URL to the binary
 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
 # sha256 of the binary
-gitea_bin_sha256: 01817c5730d50f5cf2470bbe2a35fceb7e0375903e36b6ebcd496f799a35b0de
+gitea_bin_sha256: 17eb858f3ef2b7cdb649286e6a9cc050f9d949606327a7d6f27aaba49fc3b492
 # Handle updates. If set to false, ansible will only install
 # Gitea and then won't touch an existing installation
 gitea_manage_upgrade: True
diff --git a/roles/repo_zabbix/tasks/RedHat.yml b/roles/repo_zabbix/tasks/RedHat.yml
index d196e11..5337f86 100644
--- a/roles/repo_zabbix/tasks/RedHat.yml
+++ b/roles/repo_zabbix/tasks/RedHat.yml
@@ -4,7 +4,7 @@
   yum_repository:
     name: zabbix
     description: Zabbix Repository
-    baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/
+    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/
     gpgcheck: True
     gpgkey: "{{ zabbix_repo_key }}"
     priority: 50
@@ -16,7 +16,7 @@
   yum_repository:
     name: zabbix-agent2-plugins
     description: Zabbix Agent2 plugins Repository
-    baseurl: http://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/$releasever/$basearch/
+    baseurl: https://repo.zabbix.com/zabbix-agent2-plugins/1/rhel/$releasever/$basearch/
     gpgcheck: True
     gpgkey: "{{ zabbix_plugin_key }}"
     priority: 50
@@ -29,7 +29,7 @@
     name: zabbix-frontend
     description: Zabbix web frontend repository
     file: zabbix
-    baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/frontend
+    baseurl: https://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/frontend
     gpgcheck: True
     gpgkey: "{{ zabbix_repo_key }}"
     priority: 50
diff --git a/roles/sssd_ad_auth/tasks/main.yml b/roles/sssd_ad_auth/tasks/main.yml
index 15c681b..c4942ca 100644
--- a/roles/sssd_ad_auth/tasks/main.yml
+++ b/roles/sssd_ad_auth/tasks/main.yml
@@ -27,6 +27,28 @@
   notify: restart sssd ad
   tags: auth
 
+- name: Create systemd snippet dir
+  file: path=/etc/systemd/system/sssd.service.d state=directory
+  tags: auth
+
+  # sssd can fail, especially when storage gets slow (which can happen during backups for example)
+- name: Configure sssd to restart on failure
+  copy:
+    content: |
+      [Service]
+      Restart=on-failure
+      StartLimitInterval=0
+      RestartSec=30
+    dest: /etc/systemd/system/sssd.service.d/ansible.conf
+  register: sssd_unit
+  notify: restart sssd ad
+  tags: auth
+
+- name: Reload systemd
+  systemd: daemon_reload=true
+  when: sssd_unit.changed
+  tags: auth
+
 - name: Deploy krb5 configuration
   template: src=krb5.conf.j2 dest=/etc/krb5.conf
   tags: auth
diff --git a/roles/vault_bin/defaults/main.yml b/roles/vault_bin/defaults/main.yml
index 20b84d0..e31a8fc 100644
--- a/roles/vault_bin/defaults/main.yml
+++ b/roles/vault_bin/defaults/main.yml
@@ -1,7 +1,7 @@
 # Version of Vault to install
-vault_version: 1.15.6
+vault_version: 1.16.1
 # URL of the archive
 vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-vault_archive_sha256: e5286f2f66a76972d1dd60a9cfb79e9e571c39a4531e89ac0b23a6a9147e6ee9.
+vault_archive_sha256: 315a1964d7003ef6de94c407a88972d45eb9b378946a53a1bbff34de1ae2d1e0