diff --git a/servers/containers/demo-tagai.container b/servers/containers/demo-tagai.container
new file mode 100644
index 00000000..b9f6f7fe
--- /dev/null
+++ b/servers/containers/demo-tagai.container
@@ -0,0 +1,47 @@
+
+
+[Unit]
+Description=demo-tagai
+Wants=network-online.target
+After=network-online.target
+
+[Container]
+ContainerName=demo-tagai
+NoNewPrivileges=true
+Image=localhost/demo-tagai:latest
+ReadOnly=true
+PodmanArgs=--stop-timeout=0
+# StopTimeout=1
+
+# Volume=/var/opt/thelounge:/var/opt/thelounge:z,U
+AutoUpdate=local
+Network=web.network
+
+Label="traefik.enable=true"
+Label="traefik.http.routers.demo-tagai.rule=Host(`demo-tagai.ellis.link`)"
+Label="traefik.http.routers.demo-tagai.entrypoints=https"
+
+Label="traefik.http.routers.demo-tagai.tls.certresolver=letsencrypt"
+
+
+Label="traefik.http.middlewares.compress.compress=true"
+
+Label="traefik.http.middlewares.hsts.headers.stsincludesubdomains=false"
+Label="traefik.http.middlewares.hsts.headers.stspreload=true"
+Label="traefik.http.middlewares.hsts.headers.stsseconds=31536000"
+Label="traefik.http.middlewares.hsts.headers.isdevelopment=false"
+
+Label="traefik.http.routers.demo-tagai.middlewares=hsts,compress"
+
+# Label="homepage.group=Public"
+# Label="homepage.name=Website"
+# Label="homepage.href=https://jade.ellis.link/"
+# Label="homepage.siteMonitor=https://jade.ellis.link/"
+# Label="homepage.description=My personal website!"
+
+[Service]
+Restart=on-failure
+TimeoutStartSec=900
+
+[Install]
+WantedBy=default.target
\ No newline at end of file
diff --git a/servers/containers/kanidm.container b/servers/containers/kanidm.container
index 30057ddd..d11a3c5e 100644
--- a/servers/containers/kanidm.container
+++ b/servers/containers/kanidm.container
@@ -30,6 +30,9 @@ Label="traefik.http.routers.kanidm.rule=Host(`idm.ellis.link`)"
 Label="traefik.http.routers.kanidm.entrypoints=https"
 Label="traefik.http.routers.kanidm.service=kanidm"
 
+# Label="traefik.tcp.routers.kanidm-tcp.rule=HostSNI(`idm.ellis.link`)"
+# Label="traefik.tcp.routers.kanidm-tcp.service=kanidm"
+
 Label="traefik.http.routers.kanidm.tls.certresolver=letsencrypt"
 
 # Kanidm is a bit odd here
diff --git a/servers/containers/pitch-tagai.container b/servers/containers/pitch-tagai.container
index d82cb5bb..56f7acb9 100644
--- a/servers/containers/pitch-tagai.container
+++ b/servers/containers/pitch-tagai.container
@@ -9,6 +9,7 @@ After=network-online.target
 ContainerName=pitch-tagai
 NoNewPrivileges=true
 Image=localhost/pitch-tagai:latest
+Exec=/slide-server/slide-server /slide-server/srv
 ReadOnly=true
 PodmanArgs=--stop-timeout=0
 # StopTimeout=1
@@ -31,7 +32,7 @@ Label="traefik.http.middlewares.hsts.headers.stspreload=true"
 Label="traefik.http.middlewares.hsts.headers.stsseconds=31536000"
 Label="traefik.http.middlewares.hsts.headers.isdevelopment=false"
 
-Label="traefik.http.routers.pitch-tagai.middlewares=hsts,compress"
+Label="traefik.http.routers.pitch-tagai.middlewares=hsts"
 
 # Label="homepage.group=Public"
 # Label="homepage.name=Website"