diff --git a/nodes/barnard.kosmos.org.json b/nodes/barnard.kosmos.org.json
index efddfab..fea3485 100644
--- a/nodes/barnard.kosmos.org.json
+++ b/nodes/barnard.kosmos.org.json
@@ -107,7 +107,6 @@
     "recipe[kosmos-hubot::botka_freenode]",
     "recipe[kosmos-hubot::hal8000]",
     "recipe[kosmos-hubot::hal8000_xmpp]",
-    "recipe[kosmos-hubot::wormhole]",
     "recipe[sockethub]",
     "recipe[sockethub::proxy]",
     "recipe[kosmos-dirsrv]"
diff --git a/nodes/nodejs-2.json b/nodes/nodejs-2.json
index cc7861e..17fcf80 100644
--- a/nodes/nodejs-2.json
+++ b/nodes/nodejs-2.json
@@ -17,6 +17,7 @@
     "recipes": [
       "kosmos-base",
       "kosmos-base::default",
+      "kosmos-hubot::wormhole",
       "kredits-github",
       "kredits-github::default",
       "kredits-github::nginx",
@@ -37,6 +38,9 @@
       "kosmos-nodejs::default",
       "nodejs::nodejs_from_package",
       "nodejs::repo",
+      "kosmos-hubot::_user",
+      "git::default",
+      "git::package",
       "kosmos-nginx::default",
       "nginx::default",
       "nginx::package",
@@ -65,6 +69,7 @@
   },
   "run_list": [
     "recipe[kosmos-base]",
+    "recipe[kosmos-hubot::wormhole]",
     "role[kredits_github]"
   ]
 }
\ No newline at end of file
diff --git a/site-cookbooks/kosmos-hubot/attributes/default.rb b/site-cookbooks/kosmos-hubot/attributes/default.rb
index 49c7a2e..9172f36 100644
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@@ -6,6 +6,8 @@ node.default['botka_freenode']['domain'] = "freenode.botka.kosmos.org"
 node.default['hal8000_xmpp']['http_port'] = 8082
 node.default['hal8000_xmpp']['domain'] = "hal8000.chat.kosmos.org"
 
+node.default['wormhole']['http_port'] = 8083
+
 node.default['hal8000_xmpp']['hubot_scripts'] = [
   "hubot-help", "hubot-redis-brain", "hubot-rules", "hubot-shipit",
   "hubot-plusplus", "hubot-tell", "hubot-seen", "hubot-incoming-webhook",
@@ -16,7 +18,8 @@ node.default['hal8000_xmpp']['rooms'] = [
   'kosmos@kosmos.chat',
   'kosmos-dev@kosmos.chat',
   'kredits@kosmos.chat',
-  'info@kosmos.chat'
+  'info@kosmos.chat',
+  'ops@kosmos.chat',
 ]
 
 node.default['hal8000_xmpp']['auth_admins'] = []
diff --git a/site-cookbooks/kosmos-hubot/metadata.rb b/site-cookbooks/kosmos-hubot/metadata.rb
index d606c40..0bca208 100644
--- a/site-cookbooks/kosmos-hubot/metadata.rb
+++ b/site-cookbooks/kosmos-hubot/metadata.rb
@@ -11,3 +11,4 @@ depends 'kosmos-redis'
 depends 'firewall'
 depends 'application_javascript'
 depends 'kosmos-ipfs'
+depends 'git'
diff --git a/site-cookbooks/kosmos-hubot/recipes/wormhole.rb b/site-cookbooks/kosmos-hubot/recipes/wormhole.rb
index 40063a9..f502ee6 100644
--- a/site-cookbooks/kosmos-hubot/recipes/wormhole.rb
+++ b/site-cookbooks/kosmos-hubot/recipes/wormhole.rb
@@ -2,97 +2,85 @@
 # Cookbook Name:: kosmos-hubot
 # Recipe:: wormhole
 #
-# Copyright:: 2019, Kosmos Developers
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-#
+
 app_name  = "wormhole"
-app_path  = "/opt/#{app_name}"
 app_user  = "hubot"
 app_group = "hubot"
+app_path  = "/opt/#{app_name}"
+data_bag  = Chef::EncryptedDataBagItem.load('credentials', app_name)
 
-build_essential app_name do
-  compile_time true
+app_env = {
+  "HUBOT_LOG_LEVEL"              => node.chef_environment == "development" ? "debug" : "info",
+  "HUBOT_IRC_SERVER"             => "irc.freenode.net",
+  "HUBOT_IRC_ROOMS"              => "#kosmos,#kosmos-dev,#kosmos-random,#sockethub",
+  "HUBOT_IRC_NICK"               => app_name,
+  "HUBOT_IRC_NICKSERV_USERNAME"  => app_name,
+  "HUBOT_IRC_NICKSERV_PASSWORD"  => data_bag['nickserv_password'],
+  "HUBOT_IRC_UNFLOOD"            => "100",
+  "HUBOT_WORMHOLE_XMPP_JID"      => "wormhole@kosmos.org",
+  "HUBOT_WORMHOLE_XMPP_PASSWORD" => data_bag['xmpp_password'],
+  "HUBOT_WORMHOLE_XMPP_HOST"     => "xmpp.kosmos.org",
+  "HUBOT_WORMHOLE_XMPP_PORT"     => "5222",
+  "HUBOT_WORMHOLE_XMPP_NICKNAME" => "wormhole",
+  "HUBOT_WORMHOLE_XMPP_ROOMS"    => "kosmos@kosmos.chat,kosmos-dev@kosmos.chat,kosmos-random@kosmos.chat,sockethub@kosmos.chat",
+  "EXPRESS_PORT"                 => node['wormhole']['http_port']
+}
+
+build_essential
+include_recipe "kosmos-nodejs"
+include_recipe "kosmos-hubot::_user"
+include_recipe "git"
+
+git app_path do
+  user app_user
+  group app_group
+  repository "https://gitea.kosmos.org/kosmos/wormhole.git"
+  revision "master"
+  action :sync
+  notifies :run, "bash[npm_install_#{app_name}]", :immediately
+  notifies :restart, "systemd_unit[#{app_name}.service]", :delayed
 end
 
-include_recipe "kosmos-nodejs"
-
-application app_path do
-  data_bag = Chef::EncryptedDataBagItem.load('credentials', app_name)
+bash "npm_install_#{app_name}" do
+  user app_user
+  cwd app_path
+  code 'npm install'
+  action :nothing
+end
 
+file "#{app_path}/external-scripts.json" do
+  mode  "0640"
   owner app_user
   group app_group
-
-  git do
-    user       app_user
-    group      app_group
-    repository "https://gitea.kosmos.org/kosmos/wormhole.git"
-    revision   "master"
-  end
-
-  file "#{app_path}/external-scripts.json" do
-    mode  "0640"
-    owner app_user
-    group app_group
-    content [].to_json
-  end
-
-  npm_install do
-    user app_user
-  end
-
-  execute "systemctl daemon-reload" do
-    command "systemctl daemon-reload"
-    action :nothing
-  end
-
-  template "/lib/systemd/system/#{app_name}.service" do
-    source 'nodejs.systemd.service.erb'
-    owner 'root'
-    group 'root'
-    mode '0644'
-    variables(
-      user: app_user,
-      group: app_group,
-      app_dir: app_path,
-      entry: "#{app_path}/bin/hubot -a irc --name #{app_name}",
-      environment: {
-        "HUBOT_LOG_LEVEL"              => node.chef_environment == "development" ? "debug" : "info",
-        "HUBOT_IRC_SERVER"             => "irc.freenode.net",
-        "HUBOT_IRC_ROOMS"              => "#kosmos,#kosmos-dev,#kosmos-random,#sockethub",
-        "HUBOT_IRC_NICK"               => app_name,
-        "HUBOT_IRC_NICKSERV_USERNAME"  => app_name,
-        "HUBOT_IRC_NICKSERV_PASSWORD"  => data_bag['nickserv_password'],
-        "HUBOT_IRC_UNFLOOD"            => "100",
-        "HUBOT_WORMHOLE_XMPP_JID"      => "wormhole@kosmos.org",
-        "HUBOT_WORMHOLE_XMPP_PASSWORD" => data_bag['xmpp_password'],
-        "HUBOT_WORMHOLE_XMPP_HOST"     => "xmpp.kosmos.org",
-        "HUBOT_WORMHOLE_XMPP_PORT"     => "5222",
-        "HUBOT_WORMHOLE_XMPP_NICKNAME" => "wormhole",
-        "HUBOT_WORMHOLE_XMPP_ROOMS"    => "kosmos@kosmos.chat,kosmos-dev@kosmos.chat,kosmos-random@kosmos.chat,sockethub@kosmos.chat"
-      }
-    )
-    notifies :run, "execute[systemctl daemon-reload]", :delayed
-    notifies :restart, "service[#{app_name}]", :delayed
-  end
-
-  service app_name do
-    action [:enable, :start]
-  end
+  content [].to_json
+end
+
+systemd_unit "#{app_name}.service" do
+  content({
+    Unit: {
+      Description: "#{app_name} (node.js app)",
+      Documentation: ['https://gitea.kosmos.org/kosmos/wormhole'],
+    },
+    Service: {
+      User: app_user,
+      Group: app_group,
+      ExecStart: "#{app_path}/bin/hubot -a irc --name #{app_name}",
+      WorkingDirectory: app_path,
+      Environment: app_env.map{|k, v| "'#{k}=#{v}'"}.join(' '),
+      Type: 'simple',
+      Restart: 'always',
+      RestartSec: '2',
+      TimeoutSec: '10',
+      PrivateTmp: true,
+      ProtectSystem: 'full',
+      NoNewPrivileges: true,
+      PrivateDevices: true
+    },
+    Install: {
+      WantedBy: 'multi-user.target'
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create, :enable, :start]
 end
diff --git a/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb b/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb
index 8dc98a9..8e27347 100644
--- a/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb
+++ b/site-cookbooks/kosmos-hubot/templates/default/nodejs.systemd.service.erb
@@ -1,7 +1,9 @@
 [Unit]
 Description=Start nodejs app
+<% unless @without_redis %>
 Requires=redis-server.service
 After=redis-server.service
+<% end %>
 
 [Service]
 ExecStart=<%= @entry %>