diff --git a/provision-contest/ansible/hosts b/provision-contest/ansible/hosts
index 7286b888..c442eb63 100644
--- a/provision-contest/ansible/hosts
+++ b/provision-contest/ansible/hosts
@@ -9,6 +9,7 @@ ansible_python_interpreter=/usr/bin/python3
 domserver
 judgehost
 grafana
+scriptserver
 admin
 
 [online:children]
@@ -70,6 +71,11 @@ domjudge-ccsadmin5 ansible_host=10.3.3.228
 # Doesn't matter which (admin) machine but should not be 1 as that runs ansible
 domjudge-ccsadmin2 ansible_host=10.3.3.225
 
+[scriptserver]
+# During the WFs we use one of the ccsadmin machines
+# Doesn't matter which (admin) machine but in the past we used 1 as that runs ansible
+domjudge-ccsadmin1 ansible_host=10.3.3.224
+
 [analyst-domserver]
 # Discuss if we can have this host dualhomed in blue to make management easier.\
 # Looking at the IP sheet that would mean that our emergency laptop needs to move.
diff --git a/provision-contest/ansible/roles/script_server/defaults/main.yml b/provision-contest/ansible/roles/script_server/defaults/main.yml
index b229c1ba..f6d568c9 100644
--- a/provision-contest/ansible/roles/script_server/defaults/main.yml
+++ b/provision-contest/ansible/roles/script_server/defaults/main.yml
@@ -1,43 +1,55 @@
 ---
-script_server_url: https://github.com/bugy/script-server/releases/download/1.18.0/script-server.zip
-script_server_port: 5000
-
-script_server_admin_users: &admin_users
-  # hostnames or ips
-  - backup
-  - 127.0.0.1
-
-# ansible hostgroups to ignore
-script_server_ignored_groups:
-  - 'all'
-  - 'ungrouped'
-  - 'contestants'
-  - 'contestants_wf46'
-  - 'contestants_wf47'
-
+SCRIPT_SERVER_PORT: 5000
 
 script_server_commands:
-  - name: run-lastminute
-    description: Runs the ansible playbook lastminute.yml
-    group: ansible # for organization in script-server
-    allowed_users:
-      - backup # or 10.3.3.210 (the ansible template will resolve names to IPs)
+  - name: make-invocations
+    description: Run the make targets as last years
+    parameters:
+      - name: make_pattern
+        type: multiselect
+        separator: ' '
+        values: 
+          - admin
+          - domserver
+          - judgehost
+          - grafana
+          - cds
+    content: |
+      #!/bin/bash
+      set -euxo pipefail
+      if [ "$make_pattern" = "" ]; then
+        exit 1
+      fi
+      cd /home/domjudge/domjudge-scripts-checkout/provision-contest/ansible
+      for make_single in $make_pattern; do
+        make "$make_single"
+      done
+  - name: ansible-admin
+    description: (Re)configure the (other) admin machines
     content: |
-      #!/usr/bin/bash
-      echo "hello world $HOSTPATTERN"
+      #!/bin/bash
+      set -euxo pipefail
+      if [ "$host_pattern" = "" ]; then
+        exit 1
+      fi
+      if [ "$tag_pattern" != "" ]; then
+        tag="--tags $tag_pattern"
+      fi
+      cd /home/domjudge/domjudge-scripts-checkout/provision-contest/ansible
+      ansible-playbook --limit $host_pattern ${tag:-} admin.yml
     parameters:
       - name: host_pattern
         # pass_as: env_variable # this is default
         # env_var: host_pattern # default is same as name
-        type: list
-        values:
-          - all
-          - backup
-          - packages
-          - scoreboard
-          - cds
+        type: multiselect
+        values: "{{ groups['admin'] }}"
+        default: "{{ groups['admin'] | difference(['domjudge-ccsadmin2']) }}"
+      - name: tag_pattern
+        type: "multiselect"
+        values: ["reboot"]
+        default: []
 
 script_server_command_defaults:
   output_format: terminal
   # scheduling: # Don't allow scheduling, the ui for it is not good...
-    # enabled: false
+  # enabled: false
diff --git a/provision-contest/ansible/roles/script_server/files/.gitignore b/provision-contest/ansible/roles/script_server/files/.gitignore
new file mode 100644
index 00000000..c4c4ffc6
--- /dev/null
+++ b/provision-contest/ansible/roles/script_server/files/.gitignore
@@ -0,0 +1 @@
+*.zip
diff --git a/provision-contest/ansible/roles/script_server/files/script-server.zip b/provision-contest/ansible/roles/script_server/files/script-server.zip
deleted file mode 100644
index 8957f6b1..00000000
Binary files a/provision-contest/ansible/roles/script_server/files/script-server.zip and /dev/null differ
diff --git a/provision-contest/ansible/roles/script_server/tasks/main.yml b/provision-contest/ansible/roles/script_server/tasks/main.yml
index 5a9e9026..de770b7a 100644
--- a/provision-contest/ansible/roles/script_server/tasks/main.yml
+++ b/provision-contest/ansible/roles/script_server/tasks/main.yml
@@ -15,11 +15,6 @@
     state: directory
 
 - name: Install script-server
-  when: ICPC_IMAGE
-  unarchive:
-    src: "https://github.com/bugy/script-server/releases/download/1.18.0/script-server.zip"
- 
-  name: Install script-server
   when: ICPC_IMAGE
   unarchive:
     src: "script-server.zip"
@@ -82,7 +77,7 @@
 - name: Create script config definitions
   ansible.builtin.template:
     src: command_template.yml.j2
-    dest: /opt/script-server/conf/runners/{{ item.name }}.yml
+    dest: /opt/script-server/conf/runners/{{ item.name }}.yaml
     mode: "0644"
   with_items: "{{ script_server_commands }}"
 
diff --git a/provision-contest/ansible/roles/script_server/templates/command_template.yaml.j2 b/provision-contest/ansible/roles/script_server/templates/command_template.yml.j2
similarity index 76%
rename from provision-contest/ansible/roles/script_server/templates/command_template.yaml.j2
rename to provision-contest/ansible/roles/script_server/templates/command_template.yml.j2
index 06584bc9..367b3c0f 100644
--- a/provision-contest/ansible/roles/script_server/templates/command_template.yaml.j2
+++ b/provision-contest/ansible/roles/script_server/templates/command_template.yml.j2
@@ -1,8 +1,8 @@
 ---
 {% set _unused_content = item.pop('content') %}
-{% set parameters = item.pop('parameters') %}
-{% set admin_users = item.pop('admin_users', []) + script_server_admin_users %}
-{% set allowed_users = item.pop('allowed_users', []) %}
+{% set parameters = item.pop('parameters', []) %}
+{% set admin_users = groups['admin'] %}
+{% set allowed_users = groups['onprem'] %}
 {# set admin_users = (admin_users if ( admin_users | type_debug == "list" ) else [admin_users]) #}
 {# set allowed_users = (allowed_users if ( allowed_users | type_debug == "list" ) else [allowed_users]) #}
 {{
@@ -10,16 +10,19 @@
   combine(item) |
   to_nice_yaml
 }}
+
 {% if admin_users %}
 admin_users:
+  - 127.0.0.1
 {% for u in admin_users %}
-  - {{ lookup('ip', u) }}
+  - {{ hostvars[u].ansible_host }}
 {% endfor %}
 {% endif %}
 {% if allowed_users %}
-allowed_users:
-{% for u in (allowed_users + admin_users) %}
-  - {{ lookup('ip', u) }}
+skipped_allowed_users:
+  - 127.0.0.1
+{% for u in (allowed_users + admin_users)|unique %}
+  - {{ hostvars[u].ansible_host }}
 {% endfor %}
 {% endif %}
 
@@ -37,6 +40,5 @@ parameters:
 {% endfor %}
 {% endif %}
 
-
 # assume default path for the script file
 script_path: conf/scripts/{{ item.name }}
diff --git a/provision-contest/ansible/roles/script_server/templates/conf.json.j2 b/provision-contest/ansible/roles/script_server/templates/conf.json.j2
index bc6109ce..3fcfa8b4 100644
--- a/provision-contest/ansible/roles/script_server/templates/conf.json.j2
+++ b/provision-contest/ansible/roles/script_server/templates/conf.json.j2
@@ -1,40 +1,13 @@
 {
     "title": "sysops script server",
-    "port": {{ script_server_port }},
+    "port": {{ SCRIPT_SERVER_PORT }},
     "access": {
-        "trusted_ips": [
-            {% for group in groups if group not in script_server_ignored_groups %}
-            {%- for host in groups[group] -%}
-            "{{ hostvars[host].ansible_host}}",
+        "admin_users": [
+            {%- for host in groups['admin'] -%}
+                "{{ hostvars[host].ansible_host}}",
             {% endfor %}
-            {%- endfor -%}
-
-            {% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1"
-        ],
-        "allowed_users": [
-            {% for group in groups if group not in script_server_ignored_groups %}
-            {%- for host in groups[group] -%}
-            "{{ hostvars[host].ansible_host}}",
-            {% endfor -%}
-            {%- endfor -%}
             "127.0.0.1"
-        ],
-        "admin_users": [{% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1"],
-        "groups": {
-            {% for group in groups if group not in script_server_ignored_groups -%}
-            "{{group}}": [
-                {% for host in groups[group] -%}
-                "{{ hostvars[host].ansible_host}}" {{ ", " if not loop.last else "" }}
-                {% endfor -%}
-            ],
-            {% endfor -%}
-            "all": [
-                {% for group in groups if group not in script_server_ignored_groups -%}
-                "{{ group }}",
-                {% endfor -%}
-                "@admin_users"
-            ]
-        }
+	]
     },
     "logging": {
         "execution_file": "$DATE-$ID.log",
diff --git a/provision-contest/ansible/scriptserver.yml b/provision-contest/ansible/scriptserver.yml
new file mode 100644
index 00000000..cabbf334
--- /dev/null
+++ b/provision-contest/ansible/scriptserver.yml
@@ -0,0 +1,20 @@
+---
+
+- hosts: scriptserver
+  vars:
+    host_type: scriptserver
+  become: true
+  handlers:
+    - include: handlers.yml
+  roles:
+    - role: base_packages
+      tags: base_packages
+    - role: icpc_fixes
+      tags: icpc_fixes
+      when: ICPC_IMAGE
+    - role: system_fixes
+      tags: system_fixes
+    - role: hosts
+      tags: hosts
+    - role: script_server
+      tags: script_server