diff --git a/__swarm/gitlab/gitlab-swarm.yml b/__swarm/gitlab/gitlab-swarm.yml
index 599355f..ba7a799 100644
--- a/__swarm/gitlab/gitlab-swarm.yml
+++ b/__swarm/gitlab/gitlab-swarm.yml
@@ -1,24 +1,39 @@
 services:
-  web:
+  app:
     environment:
-      GITLAB_OMNIBUS_CONFIG: "external_url 'https://gitlab.sectorq.eu'\nnginx['listen_port']\
-        \ = 80\nnginx['listen_https'] = false\nweb_server['username'] = 'git'\ngitlab_rails['time_zone']\
-        \ = 'Europe/Bratislava'\ngitlab_rails['omniauth_enabled'] = true\ngitlab_rails['omniauth_allow_single_sign_on']\
-        \ = ['saml']\ngitlab_rails['omniauth_sync_email_from_provider'] = 'saml'\n\
-        gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']\ngitlab_rails['omniauth_sync_profile_attributes']\
-        \ = ['email']\ngitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'\n\
-        gitlab_rails['omniauth_block_auto_created_users'] = false\ngitlab_rails['omniauth_auto_link_saml_user']\
-        \ = true\ngitlab_rails['omniauth_providers'] = [\n  {\n    name: 'saml',\n\
-        \    args: {\n      assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',\n\
-        \      # Shown when navigating to certificates in authentik1\n      idp_cert_fingerprint:\
-        \ 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',\n      idp_sso_target_url:\
-        \ 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',\n\
-        \      issuer: 'https://gitlab.sectorq.eu',\n      name_identifier_format:\
-        \ 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',\n      attribute_statements:\
-        \ {\n        email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],\n\
-        \        first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],\n\
-        \        nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']\n\
-        \      }\n    },\n    label: 'authentik'\n  }\n]\n"
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://gitlab.sectorq.eu'
+        nginx['listen_port'] = 80
+        nginx['listen_https'] = false
+        web_server['username'] = 'git'
+        gitlab_rails['time_zone'] = 'Europe/Bratislava'
+        gitlab_rails['omniauth_enabled'] = true
+        gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
+        gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
+        gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
+        gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
+        gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
+        gitlab_rails['omniauth_block_auto_created_users'] = false
+        gitlab_rails['omniauth_auto_link_saml_user'] = true
+        gitlab_rails['omniauth_providers'] = [
+          {
+            name: 'saml',
+            args: {
+              assertion_consumer_service_url: 'https://gitlab.sectorq.eu/users/auth/saml/callback',
+              # Shown when navigating to certificates in authentik1
+              idp_cert_fingerprint: 'f7:fd:49:03:b3:38:52:b3:23:f5:43:c4:8d:08:65:32:e0:5a:7b:0e',
+              idp_sso_target_url: 'https://auth.sectorq.eu/application/saml/gitlab/sso/binding/redirect/',
+              issuer: 'https://gitlab.sectorq.eu',
+              name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
+              attribute_statements: {
+                email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],
+                first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],
+                nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']
+              }
+            },
+            label: 'authentik'
+          }
+        ]
       TZ: Europe/Bratislava
     hostname: gitlab.sectorq.eu
     image: ${DOCKER_REGISTRY:-}gitlab/gitlab-ce:latest
diff --git a/__swarm/influxdb/influxdb-swarm.yml b/__swarm/influxdb/influxdb-swarm.yml
index c87b426..7fcaa87 100644
--- a/__swarm/influxdb/influxdb-swarm.yml
+++ b/__swarm/influxdb/influxdb-swarm.yml
@@ -29,9 +29,6 @@ services:
         wud.watch: 'true'
         wud.watch.digest: 'true'
       replicas: 1
-      placement:
-        constraints:
-        - node.role == manager
 secrets:
   influxdb2-admin-token:
     external: true
diff --git a/__swarm/zabbix-server/zabbix-server-swarm.yml b/__swarm/zabbix-server/zabbix-server-swarm.yml
index cc8d7ca..9bb309a 100644
--- a/__swarm/zabbix-server/zabbix-server-swarm.yml
+++ b/__swarm/zabbix-server/zabbix-server-swarm.yml
@@ -24,7 +24,9 @@ services:
       labels:
         com.centurylinklabs.watchtower.enable: 'true'
       replicas: 1
-
+      placement:
+        constraints:
+        - node.role == manager
   zabbix-frontend:
     env_file:
     - stack.env
@@ -49,7 +51,9 @@ services:
         wud.watch: 'true'
         wud.watch.digest: 'true'
       replicas: 1
-
+      placement:
+        constraints:
+        - node.role == manager
   zabbix-server:
     env_file:
     - stack.env
@@ -81,7 +85,9 @@ services:
         wud.watch: 'true'
         wud.watch.digest: 'true'
       replicas: 1
-
+      placement:
+        constraints:
+        - node.role == manager
   webdriver:
     ports:
     - target: 4444
@@ -99,7 +105,9 @@ services:
         wud.watch: 'true'
         wud.watch.digest: 'true'
       replicas: 1
-
+      placement:
+        constraints:
+        - node.role == manager
   postinstall:
     image: debian:12-slim
     environment:
@@ -115,7 +123,9 @@ services:
     - /scripts/install-curl.sh
     deploy:
       replicas: 1
-
+      placement:
+        constraints:
+        - node.role == manager
 volumes:
   db:
   certs: