diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml
index 3dd13db9..89ae3297 100644
--- a/group_vars/certbot.yml
+++ b/group_vars/certbot.yml
@@ -1,6 +1,6 @@
 ---
 glob_certbot:
-  dns_rfc2136_server: '172.16.10.147'
+  dns_rfc2136_server: '185.230.79.9'
   dns_rfc2136_name: certbot_challenge.
   dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
   mail: root@crans.org
diff --git a/group_vars/horde.yml b/group_vars/horde.yml
index 11ea1957..1e5ba890 100644
--- a/group_vars/horde.yml
+++ b/group_vars/horde.yml
@@ -1,9 +1,9 @@
 glob_horde:
   secret: '{{ vault_horde_secret }}'
   imap: imap.adm.crans.org
-  smtp: smtp.crans.org
+  smtp: smtp.adm.crans.org
   maildomain: crans.org
-  db: thot.adm.crans.org
+  db: pgsql.adm.crans.org
   admins:
     - "'paulon'"
     - "'vulcain'"
@@ -16,5 +16,5 @@ glob_horde:
   dest_hostname : webmail.crans.org
   admin_src_hostname : horde.adm.crans.org
   admin_dest_hostname : webmail.adm.crans.org
-  zone_ipv4 : 10.231.136.0/24
-  zone_ipv6 : 2a0c:700:0:2::/64
+  zone_ipv4 : 172.16.10.0/24
+  zone_ipv6 : fd00:0:0:10::/64
diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index 11b54f65..15ba99aa 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -29,8 +29,6 @@ nginx:
     #    - {from: roundcube.crans.org, to: 10.231.136.105}
     #    - {from: phabricator.crans.org, to: 10.231.136.123}
     #    - {from: trackerusercontent.crans.org, to: 10.231.136.123}
-    #    - {from: webmail.crans.org, to: 10.231.136.107}
-    #    - {from: horde.crans.org, to: 10.231.136.107}
     #    - {from: owncloud.crans.org, to: 10.231.136.26}
     #    - {from: ftps.crans.org, to: 10.231.136.98}
     #    - {from: wiki.crans.org, to: 10.231.136.204}
@@ -44,6 +42,8 @@ nginx:
     #    - {from: autoconfig.crans.org, to: 10.231.136.46}
     #    - {from: grafana.crans.org, to: "10.231.136.102:3000"}
     #    - {from: webirc.crans.org, to: "10.231.136.1:9000"}
+    - {from: webmail.crans.org, to: 172.16.10.108}
+    - {from: horde.crans.org, to: 172.16.10.108}
     - {from: framadate.crans.org, to: 172.16.10.109}
     - {from: stream.crans.org, to: 172.16.10.118}
     - {from: cas.crans.org, to: 172.16.10.120}
@@ -55,7 +55,7 @@ nginx:
     - {from: pad.crans.org, to: "172.16.10.130:9001"}
     - {from: zero.crans.org, to: 172.16.10.130}
     - {from: ethercalc.crans.org, to: "172.16.10.133:8000"}
-    - {from: belenios.crans.org, to: 172.16.10.111}
+    # - {from: belenios.crans.org, to: 172.16.10.111}
     #    - {from: mailman.crans.org, to: 10.231.136.180}
     #
     #    # Zamok
diff --git a/host_vars/hodaur.adm.crans.org.yml b/host_vars/hodaur.adm.crans.org.yml
new file mode 100644
index 00000000..2aa4c194
--- /dev/null
+++ b/host_vars/hodaur.adm.crans.org.yml
@@ -0,0 +1,3 @@
+---
+loc_certbot:
+  domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
diff --git a/host_vars/horde-srv.adm.crans.org.yml b/host_vars/horde-srv.adm.crans.org.yml
deleted file mode 100644
index 54e2e5fc..00000000
--- a/host_vars/horde-srv.adm.crans.org.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-loc_horde:
-  ipv6: '[2a0c:700:0:2:5474:8dff:fe5d:e2be]'
diff --git a/host_vars/horde.adm.crans.org.yml b/host_vars/horde.adm.crans.org.yml
new file mode 100644
index 00000000..f0914f81
--- /dev/null
+++ b/host_vars/horde.adm.crans.org.yml
@@ -0,0 +1,3 @@
+loc_horde:
+  ipv6: 'fd00::10:400:ff:fe01:810'
+  ipv4: '172.16.10.108'
diff --git a/hosts b/hosts
index 33934acf..e0eaaaaf 100644
--- a/hosts
+++ b/hosts
@@ -28,13 +28,13 @@ gitzly.adm.crans.org
 
 [certbot:children]
 radius  # We use certbot to manage LE certificates
+reverseproxy
 
 [nginx_rtmp]
 fluxx.adm.crans.org
 
 [reverseproxy]
 hodaur.adm.crans.org
-frontdaur.adm.crans.org
 
 [roundcube]
 roundcube-srv.adm.crans.org
@@ -43,7 +43,7 @@ roundcube-srv.adm.crans.org
 ethercalc-srv.adm.crans.org
 
 [horde]
-horde-srv.adm.crans.org
+horde.adm.crans.org
 
 [radius]
 routeur-sam.adm.crans.org
@@ -107,6 +107,7 @@ tracker.adm.crans.org
 jitsi.adm.crans.org
 #ethercalc-srv.adm.crans.org
 kenobi.adm.crans.org
+horde.adm.crans.org
 
 [ovh_physical]
 sputnik.adm.crans.org
diff --git a/plays/horde.yml b/plays/horde.yml
index bc775369..f1b8aa8d 100755
--- a/plays/horde.yml
+++ b/plays/horde.yml
@@ -2,5 +2,7 @@
 ---
 # Moi j'aime le ocaml et lui il installe horde
 - hosts: horde
+  vars:
+    horde: '{{ glob_horde | default({}) | combine(loc_horde | default({})) }}'
   roles:
     - horde
diff --git a/plays/reverse-proxy.yml b/plays/reverse-proxy.yml
index b7a8d3ad..0e25fc50 100755
--- a/plays/reverse-proxy.yml
+++ b/plays/reverse-proxy.yml
@@ -1,6 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: reverseproxy
+  vars:
+    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
+    mirror: '{{ glob_mirror.name }}'
   roles:
     - certbot
     - nginx-reverseproxy
diff --git a/roles/horde/README.md b/roles/horde/README.md
index 874a42e6..133011b6 100644
--- a/roles/horde/README.md
+++ b/roles/horde/README.md
@@ -2,7 +2,7 @@
 Ce rôle ansible deploie une instance du webmail horde.
 
 ## Variables
-  - glob_horde. :
+  - horde. :
     - secret : le secret de horde
     - imap : le serveur imap
     - smtp : le serveur smtp (il doit juste être contactable depuis le serveur
diff --git a/roles/horde/tasks/main.yml b/roles/horde/tasks/main.yml
index f08addf0..aa7dd9ac 100644
--- a/roles/horde/tasks/main.yml
+++ b/roles/horde/tasks/main.yml
@@ -3,9 +3,13 @@
 - name: Install horde APT dependencies
   apt:
     update_cache: true
-    name:
-      - nginx
-      - php-horde-webmail
+    name: '{{ item }}'
+  loop:  # Install dependencies in the right order.
+    - nginx
+    - php7.3-fpm
+    - php-horde-webmail
+    - php-pgsql
+    - oidentd
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -21,6 +25,23 @@
     - horde/horde/conf.php
     - horde/imp/backends.php
 
+- name: Enable horde plugins
+  template:
+    src: 'horde/{{ item }}/conf.php.j2'
+    dest: '/etc/horde/{{ item }}/conf.php'
+    owner: www-data
+    group: www-data
+    mode: 0640
+  loop:
+    - gollem
+    - imp
+    - ingo
+    - kronolith
+    - mnemo
+    - nag
+    - trean
+    - turba
+
 - name: Configure nginx site
   template:
     src: '{{ item }}.j2'
diff --git a/roles/horde/templates/horde/gollem/conf.php.j2 b/roles/horde/templates/horde/gollem/conf.php.j2
new file mode 100644
index 00000000..abd03a53
--- /dev/null
+++ b/roles/horde/templates/horde/gollem/conf.php.j2
@@ -0,0 +1,8 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: c70cc328a58f2b69cb67558ab883380298313e1e $
+$conf['backend']['backend_list'] = 'none';
+$conf['foldercache']['use_cache'] = false;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/horde/conf.php.j2 b/roles/horde/templates/horde/horde/conf.php.j2
index 6da1cbab..1c6c5018 100644
--- a/roles/horde/templates/horde/horde/conf.php.j2
+++ b/roles/horde/templates/horde/horde/conf.php.j2
@@ -6,7 +6,7 @@ $conf['vhosts'] = false;
 $conf['debug_level'] = E_ALL & ~E_NOTICE;
 $conf['max_exec_time'] = 0;
 $conf['compress_pages'] = true;
-$conf['secret_key'] = '{{ glob_horde.secret }}';
+$conf['secret_key'] = '{{ horde.secret }}';
 $conf['umask'] = 077;
 $conf['testdisable'] = true;
 $conf['use_ssl'] = 1;
@@ -23,7 +23,7 @@ $conf['session']['max_time'] = 72000;
 $conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];
 $conf['cookie']['path'] = '/';
 $conf['sql']['username'] = 'www-data';
-$conf['sql']['hostspec'] = '{{ glob_horde.db }}';
+$conf['sql']['hostspec'] = '{{ horde.db }}';
 $conf['sql']['protocol'] = 'tcp';
 $conf['sql']['database'] = 'horde5';
 $conf['sql']['charset'] = 'utf-8';
@@ -32,14 +32,14 @@ $conf['sql']['logqueries'] = false;
 $conf['sql']['phptype'] = 'pgsql';
 $conf['nosql']['phptype'] = false;
 $conf['ldap']['useldap'] = false;
-$conf['auth']['admins'] = array({{ glob_horde.admins | join(', ')}});
+$conf['auth']['admins'] = array({{ horde.admins | join(', ')}});
 $conf['auth']['checkip'] = false;
 $conf['auth']['checkbrowser'] = true;
 $conf['auth']['resetpassword'] = false;
 $conf['auth']['alternate_login'] = false;
 $conf['auth']['redirect_on_logout'] = false;
 $conf['auth']['list_users'] = 'list';
-$conf['auth']['params']['hostspec'] = '{{ glob_horde.imap }}';
+$conf['auth']['params']['hostspec'] = '{{ horde.imap }}';
 $conf['auth']['params']['port'] = 143;
 $conf['auth']['params']['secure'] = 'tls';
 $conf['auth']['driver'] = 'imap';
diff --git a/roles/horde/templates/horde/imp/backends.php.j2 b/roles/horde/templates/horde/imp/backends.php.j2
index b03fc3de..cac5f915 100644
--- a/roles/horde/templates/horde/imp/backends.php.j2
+++ b/roles/horde/templates/horde/imp/backends.php.j2
@@ -4,14 +4,14 @@ $servers['imp'] = array(
     // Disabled by default
     'disabled' => false,
     'name' => 'IMAP Cr@ns',
-    'hostspec' => '{{ glob_horde.imap }}',
+    'hostspec' => '{{ horde.imap }}',
     'hordeauth' => true,
     'protocol' => 'imap',
     'port' => 143,
     'secure' => 'tls',
-    'maildomain' => '{{ glob_horde.maildomain }}',
+    'maildomain' => '{{ horde.maildomain }}',
     'smtp' => array(
-        'host' => '{{ glob_horde.smtp }}',
+        'host' => '{{ horde.smtp }}',
         'port' => 25,
     ),
     'cache' => false,
diff --git a/roles/horde/templates/horde/imp/conf.php.j2 b/roles/horde/templates/horde/imp/conf.php.j2
new file mode 100644
index 00000000..31ee99c4
--- /dev/null
+++ b/roles/horde/templates/horde/imp/conf.php.j2
@@ -0,0 +1,22 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 48bf0b4cc99e7941b4432a29e70e145b8d654cc7 $
+$conf['user']['allow_view_source'] = true;
+$conf['server']['server_list'] = 'none';
+$conf['compose']['use_vfs'] = false;
+$conf['compose']['link_attachments'] = false;
+$conf['compose']['attach_size_limit'] = 0;
+$conf['compose']['attach_count_limit'] = 0;
+$conf['compose']['reply_limit'] = 200000;
+$conf['compose']['ac_threshold'] = 3;
+$conf['compose']['htmlsig_img_size'] = 30000;
+$conf['pgp']['keylength'] = 0;
+$conf['maillog']['driver'] = 'history';
+$conf['sentmail']['driver'] = 'Null';
+$conf['contactsimage']['backends'] = array('IMP_Contacts_Avatar_Addressbook');
+$conf['tasklist']['use_tasklist'] = true;
+$conf['notepad']['use_notepad'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
+
diff --git a/roles/horde/templates/horde/ingo/conf.php.j2 b/roles/horde/templates/horde/ingo/conf.php.j2
new file mode 100644
index 00000000..99753a62
--- /dev/null
+++ b/roles/horde/templates/horde/ingo/conf.php.j2
@@ -0,0 +1,12 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 48142d13ef06c07f56427fe5b43981631bdbfdb0 $
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['rules']['userheader'] = true;
+$conf['spam']['header'] = 'X-Spam-Level';
+$conf['spam']['char'] = '*';
+$conf['spam']['compare'] = 'string';
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/kronolith/conf.php.j2 b/roles/horde/templates/horde/kronolith/conf.php.j2
new file mode 100644
index 00000000..a58b3340
--- /dev/null
+++ b/roles/horde/templates/horde/kronolith/conf.php.j2
@@ -0,0 +1,23 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 380230c774efc2661b03a58bd71824d28cdc6040 $
+$conf['calendar']['params']['table'] = 'kronolith_events';
+$conf['calendar']['params']['driverconfig'] = 'horde';
+$conf['calendar']['params']['utc'] = true;
+$conf['calendar']['driver'] = 'sql';
+$conf['storage']['params']['table'] = 'kronolith_storage';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['calendars']['driver'] = 'default';
+$conf['resource']['params']['table'] = 'kronolith_resources';
+$conf['resource']['params']['driverconfig'] = 'horde';
+$conf['resource']['params']['utc'] = true;
+$conf['resource']['driver'] = 'sql';
+$conf['autoshare']['shareperms'] = 'none';
+$conf['share']['notify'] = false;
+$conf['holidays']['enable'] = true;
+$conf['menu']['import_export'] = true;
+$conf['maps']['driver'] = false;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/mnemo/conf.php.j2 b/roles/horde/templates/horde/mnemo/conf.php.j2
new file mode 100644
index 00000000..31cbd097
--- /dev/null
+++ b/roles/horde/templates/horde/mnemo/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: d97e56b407852ff0a86c7d88c9a57c8f3089e82f $
+$conf['storage']['params']['table'] = 'mnemo_memos';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['notepads']['driver'] = 'default';
+$conf['menu']['import_export'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/nag/conf.php.j2 b/roles/horde/templates/horde/nag/conf.php.j2
new file mode 100644
index 00000000..ae4e5425
--- /dev/null
+++ b/roles/horde/templates/horde/nag/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 7a2eb8e9002cee73d99d618dfb6509a56ab639ec $
+$conf['storage']['params']['table'] = 'nag_tasks';
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['tasklists']['driver'] = 'default';
+$conf['menu']['import_export'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/trean/conf.php.j2 b/roles/horde/templates/horde/trean/conf.php.j2
new file mode 100644
index 00000000..b1e7d1a5
--- /dev/null
+++ b/roles/horde/templates/horde/trean/conf.php.j2
@@ -0,0 +1,10 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 5622bdf8096764a63c7e1039b09edb337bd46a0f $
+$conf['storage']['params']['driverconfig'] = 'horde';
+$conf['storage']['driver'] = 'sql';
+$conf['content_index']['enabled'] = false;
+$conf['favicons']['type'] = 'horde';
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/horde/turba/conf.php.j2 b/roles/horde/templates/horde/turba/conf.php.j2
new file mode 100644
index 00000000..aebb5b9c
--- /dev/null
+++ b/roles/horde/templates/horde/turba/conf.php.j2
@@ -0,0 +1,11 @@
+{{ ansible_header | comment(decoration='// ') }}
+
+<?php
+/* CONFIG START. DO NOT CHANGE ANYTHING IN OR AFTER THIS LINE. */
+// $Id: 4cd616848fb2e5c81200bf7c65930e9086ec2dcd $
+$conf['menu']['import_export'] = true;
+$conf['shares']['source'] = 'localsql';
+$conf['comments']['allow'] = true;
+$conf['documents']['type'] = 'horde';
+$conf['tags']['enabled'] = true;
+/* CONFIG END. DO NOT CHANGE ANYTHING IN OR BEFORE THIS LINE. */
diff --git a/roles/horde/templates/nginx/sites-available/horde.j2 b/roles/horde/templates/nginx/sites-available/horde.j2
index cbf84402..cc91c952 100644
--- a/roles/horde/templates/nginx/sites-available/horde.j2
+++ b/roles/horde/templates/nginx/sites-available/horde.j2
@@ -1,17 +1,16 @@
 {{ ansible_header | comment }}
 server {
-        listen {{ glob_horde.admin_src_hostname }}:80;
-        listen {{ loc_horde.ipv6 }}:80 ipv6only=on;
-        server_name {{ glob_horde.admin_src_hostname }} {{ glob_horde.src_hostname }};
+        listen [{{ horde.ipv6 }}]:80;
+        server_name {{ horde.admin_src_hostname }} {{ horde.src_hostname }};
 
         root /usr/share/;
         location / {
-            return 302 https://{{ glob_horde.dest_hostname }}/horde;
+            return 302 https://{{ horde.dest_hostname }}/horde;
         }
         include "snippets/php.conf";
 
-        set_real_ip_from {{ glob_horde.zone_ipv4 }};
-        set_real_ip_from {{ glob_horde.zone_ipv6 }};
+        set_real_ip_from {{ horde.zone_ipv4 }};
+        set_real_ip_from {{ horde.zone_ipv6 }};
         real_ip_header P-Real-Ip;
 }
 
diff --git a/roles/horde/templates/nginx/sites-available/webmail.j2 b/roles/horde/templates/nginx/sites-available/webmail.j2
index 71270f89..a8896e5b 100644
--- a/roles/horde/templates/nginx/sites-available/webmail.j2
+++ b/roles/horde/templates/nginx/sites-available/webmail.j2
@@ -1,12 +1,11 @@
 {{ ansible_header | comment }}
 server {
-        listen {{ glob_horde.admin_dest_hostname }}:80;
-        listen {{ loc_horde.ipv6 }}:80;
-        server_name {{ glob_horde.dest_hostname }} {{ glob_horde.admin_dest_hostname }};
+        listen {{ horde.ipv4 }}:80;
+        server_name {{ horde.dest_hostname }} {{ horde.admin_dest_hostname }};
 
         root /usr/share/;
         location / {
-            return 302 {{ glob_horde.redirection }};
+            return 302 {{ horde.redirection }};
         }
         location /horde {
                 try_files $uri $uri/ /horde/rampage.php?$args;
@@ -14,8 +13,8 @@ server {
         }
         include "snippets/php.conf";
 
-        set_real_ip_from {{ glob_horde.zone_ipv4 }};
-        set_real_ip_from {{ glob_horde.zone_ipv6 }};
+        set_real_ip_from {{ horde.zone_ipv4 }};
+        set_real_ip_from {{ horde.zone_ipv6 }};
         real_ip_header P-Real-Ip;
 }