diff --git a/manifests/init.pp b/manifests/init.pp
index 2701948226c485cee50ef872c45dedf9ea7337d8..17586adc87a1f8797f67f0b58ed13f3872a27a9e 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -7,34 +7,49 @@ class ai4ca (
   include nginx
   include liurepo::postgres
 
+  yumrepo { 'pgdg-common':
+    name     => 'pgdg-common',
+    baseurl  => 'https://download.postgresql.org/pub/repos/yum/common/redhat/rhel-$releasever-$basearch',
+    enabled  => 1,
+    gpgkey   => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG',
+    gpgcheck => 1,
+    require  => Class['liurepo::postgres'],
+  }
+
+  package { 'postgresql':
+    ensure   => disabled,
+    provider => 'dnfmodule',
+  }
+
   package {
     [
-      'postgresql-server',
+      'postgresql11-server',
       'postgis31_11',
       'python3',
     ]:
       ensure => installed,
   }
 
-  nginx::resource::server { fact('networking.fqdn'):
-    ensure              => present,
-    www_root            => $www_root,
-    location_cfg_append => {
-      'rewrite' => '^ https://$server_name$request_uri? permanent',
-    },
-  }
+  if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
+    nginx::resource::server { fact('networking.fqdn'):
+      ensure              => present,
+      www_root            => $www_root,
+      location_cfg_append => {
+        'rewrite' => '^ https://$server_name$request_uri? permanent',
+      },
+    }
 
-  nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
-    ensure        => present,
-    listen_port   => 443,
-    www_root      => $www_root,
-    index_files   => $index_files,
-    ssl           => true,
-    ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
-    ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
-    ssl_protocols => 'TLSv1.3 TLSv1.2',
-    ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
-  }
+    nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
+      ensure        => present,
+      listen_port   => 443,
+      www_root      => $www_root,
+      index_files   => $index_files,
+      ssl           => true,
+      ssl_cert      => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
+      ssl_key       => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
+      ssl_protocols => 'TLSv1.3 TLSv1.2',
+      ssl_ciphers   => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', # lint:ignore:140chars
+    }
 
   nginx::resource::location { '/va/':
     ensure   => present,