diff --git a/.editorconfig b/.editorconfig
index 750bddeb..1a74260d 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -14,6 +14,9 @@ insert_final_newline = unset
 indent_style = space
 indent_size = 2
 
+[*.md]
+indent_style = space
+
 [*.py]
 indent_style = space
 indent_size = 4
diff --git a/.vale.ini b/.vale.ini
index 283850b8..fcd2acef 100644
--- a/.vale.ini
+++ b/.vale.ini
@@ -4,7 +4,7 @@ MinAlertLevel = suggestion
 Vocab = EPNix
 
 # External packages
-Packages = alex, Google, Microsoft, proselint, Readability, RedHat, write-good
+Packages = alex, Google, Microsoft, proselint, RedHat, write-good
 # Only Markdown and .txt files; change to whatever you're using.
 [*.md]
 # List of styles to load.
@@ -20,7 +20,30 @@ RedHat.Contractions = NO
 # Already done by Microsoft.We
 Google.We = NO
 
-# ??? corresponds to 7th grade -> 12-13 years old
-Readability.AutomatedReadability = YES
+# Already done by Vale.Spelling
+RedHat.Spelling = NO
+
+# Already done by RedHat.PassiveVoice
+Google.Passive = NO
+Microsoft.Passive = NO
+write-good.Passive = NO
+
+# Already done by RedHat.Definitions
+Microsoft.Acronyms = NO
+Google.Acronyms = NO
+
+# Already done by RedHat.Headings
+Google.Headings = NO
+Microsoft.Headings = NO
+
+# Already done by Microsoft.SentenceLength, which is shorter
+RedHat.SentenceLength = NO
+
+# Already done by RedHat.Ellipses
+Google.Ellipses = NO
+Microsoft.Ellipses = NO
+
+# Already done by Microsoft.Quotes
+Google.Quotes = NO
 
 write-good.E-Prime = NO
diff --git a/doc/_quarto.yml b/doc/_quarto.yml
index 60082153..fb69e66a 100644
--- a/doc/_quarto.yml
+++ b/doc/_quarto.yml
@@ -70,6 +70,8 @@ website:
         - title: NixOS
           file: ./nixos/introduction.md
         - section: Tutorials
+          contents:
+            - ./nixos/tutorials/archiver-appliance.md
         - section: User Guides
         - section: Explanations
         - section: References
diff --git a/doc/nixos/tutorials/archiver-appliance.md b/doc/nixos/tutorials/archiver-appliance.md
new file mode 100644
index 00000000..13e01ed8
--- /dev/null
+++ b/doc/nixos/tutorials/archiver-appliance.md
@@ -0,0 +1,363 @@
+---
+title: Creating an Archiver Appliance instance
+---
+
+In this tutorial,
+we're going to see how to create a virtual machine that runs Archiver Appliance,
+under the NixOS Linux distribution.
+
+Installing Archiver Appliance on a physical machine is definitely possible,
+but this tutorial focuses on virtual machines for simplicity's sake.
+
+You will need:
+
+-   A virtual machine,
+-   and the [NixOS ISO file].
+    Select the "Graphical ISO image."
+
+  [NixOS ISO file]: https://nixos.org/download#download-nixos
+
+# Installing NixOS
+
+First things first,
+create your virtual machine,
+and select the ISO image that you downloaded.
+
+Then, start the virtual machine.
+
+From the booted virtual machine,
+you can follow the graphical installation process,
+and reboot once finished.
+
+You can select any desktop environment,
+or no desktop.
+This tutorial only uses the command-line.
+
+# Making your configuration a flake
+
+The installation process created the `/etc/nixos` directory in your VM.
+This directory describes the complete configuration of your machine.
+
+EPNix is a "Nix flake",
+which a way of managing Nix projects.
+Using Nix flakes also enables you to use Nix code outside of your repository,
+in a controlled manner.
+For more information,
+see the [Nix flake command manual] and the [Flake wiki page].
+
+To be able to import EPNix into you NixOS configuration,
+you first need to turn your NixOS configuration into a Nix flake.
+
+As root, place yourself in the `/etc/nixos` directory in your virtual machine.
+Create a `flake.nix` file under it,
+by running `nano flake.nix`.
+Fill the file with these lines:
+
+``` {.nix filename="flake.nix" code-line-numbers="true"}
+{
+  description = "Configuration for running Archiver Appliance in a VM";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+  inputs.epnix.url = "github:epics-extensions/EPNix";
+
+  outputs = { self, nixpkgs, epnix }: {
+    nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+      modules = [
+        epnix.nixosModules.nixos
+
+        ./configuration.nix
+      ];
+    };
+  };
+}
+```
+
+```{=html}
+<!-- TODO: replace raw html with the kbd shortcode once we are using Quarto 1.3 -->
+<!-- https://quarto.org/docs/authoring/markdown-basics.html#keyboard-shortcuts -->
+```
+Save and quit by typing `<kbd>`{=html}Ctrl-x`</kbd>`{=html}, `<kbd>`{=html}y`</kbd>`{=html}, and `<kbd>`{=html}Enter`</kbd>`{=html},
+and run `nixos-rebuild test` to test your changes.
+
+Some explanations:
+
+You can see in the `flake.nix` file that the flake has 2 inputs:
+`nixpkgs` and `epnix`,
+lines 4--5.
+
+Having the `nixpkgs` input enables you to use code from [Nixpkgs].
+This is what enables you to use all those NixOS options,
+and every package installed on your machine now.
+For more information,
+you can read the [Nixpkgs preface]
+With the current configuration,
+we are only using code from Nixpkgs.
+
+Having the `epnix` input is what's going to enable you to use [packages from EPNix],
+such as Archiver Appliance.
+It also enables you to use [EPNix' extra NixOS options],
+such as the options configuring Tomcat, the systemd service, the `archappl` user and group, MariaDB, and so on.
+
+  [Nix flake command manual]: https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html
+  [Flake wiki page]: https://nixos.wiki/wiki/Flakes
+  [Nixpkgs]: https://github.com/NixOS/nixpkgs
+  [Nixpkgs preface]: https://nixos.org/manual/nixpkgs/stable/#preface
+  [packages from EPNix]: ../../pkgs/packages.md
+  [EPNix' extra NixOS options]: ../options.md
+
+# Configuring Archiver Appliance
+
+Now for the fun part,
+actually using those EPNix options to install and configure Archiver Appliance,
+and all its dependencies.
+
+Create and edit the file `archiver-appliance.nix` under `/etc/nixos`.
+For now, here are the contents:
+
+``` {.nix filename="archiver-appliance.nix"}
+{
+  services.archiver-appliance.enable = true;
+}
+```
+
+In your `flake.nix`,
+import the newly created file by adding `./archiver-appliance.nix`,
+under `./configuration.nix`:
+
+``` diff
+       modules = [
+         epnix.nixosModules.nixos
+
+         ./configuration.nix
++        ./archiver-appliance.nix
+       ];
+```
+
+If you try to test your changes by running `nixos-rebuild test`,
+you will see a helpful error message:
+
+::: sourceCode
+``` sourcecode
+error: The option `services.archiver-appliance.stores.lts.location'
+  is used but not defined.
+(use '--show-trace' to show detailed location information)
+```
+:::
+
+This tells you that the `services.archiver-appliance.stores.lts.location` is mandatory,
+but we didn't set any value.
+
+To figure out what this option is about,
+you can examine the [options reference].
+
+The options reference gives a description for this option:
+
+> Backing directory containing the LTS.
+
+and an example:
+
+``` nix
+"/data/lts"
+```
+
+It tells us that you need to choose where the Long Term Store (LTS) is.
+See the "Architecture" section of the [Archiver Appliance Details] page for what the various stores are.
+
+Because this is a test VM,
+let's configure the LTS to a test location,
+like `/tmp/lts`.
+You will also need to configure the location of the Medium Term Store (MTS).
+
+Here's how to change `archiver-appliance.nix`:
+
+``` {.nix filename="archiver-appliance.nix"}
+{
+  services.archiver-appliance.enable = true;
+  services.archiver-appliance.stores.lts.location = "/tmp/lts";
+  services.archiver-appliance.stores.mts.location = "/tmp/mts";
+}
+```
+
+If you don't want to repeat yourself,
+you can also change it like so:
+
+``` {.nix filename="archiver-appliance.nix"}
+{
+  services.archiver-appliance = {
+    enable = true;
+    stores.lts.location = "/tmp/lts";
+    stores.mts.location = "/tmp/mts";
+  };
+}
+```
+
+And now,
+`nixos-rebuild test` should succeed:
+
+::: sourceCode
+``` sourcecode
+building the system configuration...
+activating the configuration...
+setting up /etc...
+reloading user units for admin...
+setting up tmpfiles
+reloading the following units: dbus.service
+the following new units were started: arch-lts-ArchiverStore.mount,
+  arch-mts-ArchiverStore.mount, arch-sts-ArchiverStore.mount,
+  mysql.service, tomcat.service
+```
+:::
+
+From the message,
+we can guess it started the Tomcat server running Archiver Appliance,
+the MySQL (in fact, MariaDB) server,
+and some mounted some partitions.
+Fantastic!
+
+You can run the `systemctl list-units` command to see if any systemd unit failed.
+
+In the default configuration,
+Archiver Appliance and Tomcat are configured to output logs to journald.
+You can see those logs by running:
+
+``` bash
+journalctl -xeu tomcat.service
+```
+
+You can also see the MariaDB logs by running:
+
+``` bash
+journalctl -xeu mysql.service
+```
+
+::: callout-note
+Here are some details on what was done by EPNix' `services.archiver-appliance` NixOS module:
+
+-   Creation of the Linux user and group `archappl`
+-   Installation and configuration of MariaDB:
+    -   Creation of the `archappl` user,
+        with UNIX socket authentication
+    -   Creation of the Archiver Appliance database
+    -   Creation of the [various tables] in that database
+    -   Giving access rights to this database for the `archappl` user
+-   Installation and configuration of Tomcat:
+    -   Installation of the WAR files of Archiver Appliance
+    -   Installation of the MariaDB connector and its dependencies
+    -   Configuring the MariaDB connector to authenticate to the database
+    -   Logging configuration to `journald`
+-   Configuring mounts so that:
+    -   `/arch/lts` and `/arch/mts` are bind mounts to the configured locations,
+        with some added security options,
+        such as `nodev` and `noexec`
+    -   Mounting `/arch/sts` as a new `tmpfs`
+:::
+
+Tomcat runs by default under port 8080,
+and NixOS has a firewall enabled by default.
+
+Change your `archiver-appliance.nix`:
+
+``` {.nix filename="archiver-appliance.nix"}
+{
+  services.archiver-appliance = {
+    enable = true;
+    stores.lts.location = "/tmp/lts";
+    stores.mts.location = "/tmp/mts";
+
+    # New option:
+    openFirewall = true;
+  };
+}
+```
+
+and run `nixos-rebuild test`.
+It will restart `firewall.service`,
+but configured to allow incoming connection on port 8080.
+
+Check the IP address of your VM with `ip a`,
+and open a browser to `http://<YOUR_VM_IP>:8080/mgmt/ui/index.html`.
+
+Finally,
+run `nixos-rebuild switch` to confirm your changes.
+This will apply your changes for the next reboot,
+by adding a new boot entry,
+enabling you to go back to a previous configuration.
+
+You have now configured Archiver Appliance on NixOS.
+
+  [options reference]: ../options.md
+  [Archiver Appliance Details]: https://slacmshankar.github.io/epicsarchiver_docs/details.html
+  [various tables]: https://github.com/slacmshankar/epicsarchiverap/blob/master/src/main/org/epics/archiverappliance/config/persistence/archappl_mysql.sql
+
+# Next steps
+
+This VM configuration has some problems:
+
+-   It stores the LTS and MTS in `/tmp`,
+    which by default is cleaned on reboot
+-   The size of the Short Term Store (STS) isn't configured
+-   Both "management" and "retrieval" URLs are accessible without authentication
+
+The following sections are some pointers to fix these issues.
+
+## Configuring partitions
+
+If you want to change the location of the LST or MTS,
+you can change the value of the corresponding options:
+
+-   `services.archiver-appliance.stores.lts.location`
+-   `services.archiver-appliance.stores.mts.location`
+
+But these values won't mean much if the configured directories are not backed by the appropriate hardware.
+
+As an example given by the [Archiver Appliance Details] page,
+section "Architecture",
+we can have the LTS backed by a NAS or SAN,
+and the MTS backed by SSD or SAS storage.
+
+The way to do that is to configure the `fileSystems` NixOS option.
+See the [File Systems NixOS documentation] for more information.
+
+  [Archiver Appliance Details]: https://slacmshankar.github.io/epicsarchiver_docs/details.html
+  [File Systems NixOS documentation]: https://nixos.org/manual/nixos/stable/#ch-file-systems
+
+## Size of the short term store
+
+To configure the size of the short term store,
+use the `services.archiver-appliance.stores.sts.size` option.
+
+For example:
+
+``` {.nix filename="archiver-appliance.nix"}
+{
+  services.archiver-appliance = {
+    enable = true;
+    stores.lts.location = "/tmp/lts";
+    stores.mts.location = "/tmp/mts";
+
+    openFirewall = true;
+
+    # New option:
+    stores.sts.size = "20g";
+  };
+}
+```
+
+See the [`sts.size` option] in the reference for a more in-depth description.
+
+  [`sts.size` option]: ../options.md#services.archiver-appliance.stores.sts.size
+
+## Restricting access
+
+Allowing access to `mgmt` URLs to anyone can be dangerous,
+because it allows anyone to delete and archive PVs.
+
+To restrict access,
+you can close the firewall and put an nginx server in front.
+
+You can configure the nginx server to disallow access to the URLs you want.
+You can also configure nginx to require authentication.
+
+```{=html}
+<!-- TODO: make a guide including HTTPS setup -->
+```
diff --git a/doc/vale/Readability/AutomatedReadability.yml b/doc/vale/Readability/AutomatedReadability.yml
deleted file mode 100644
index dd9fe669..00000000
--- a/doc/vale/Readability/AutomatedReadability.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-extends: metric
-message: "Try to keep the Automated Readability Index (%s) below 8."
-link: https://en.wikipedia.org/wiki/Automated_readability_index
-
-formula: |
-  (4.71 * (characters / words)) + (0.5 * (words / sentences)) - 21.43
-
-condition: "> 8"
diff --git a/doc/vale/Readability/ColemanLiau.yml b/doc/vale/Readability/ColemanLiau.yml
deleted file mode 100644
index d478303c..00000000
--- a/doc/vale/Readability/ColemanLiau.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-extends: metric
-message: "Try to keep the Coleman–Liau Index grade (%s) below 9."
-link: https://en.wikipedia.org/wiki/Coleman%E2%80%93Liau_index
-
-formula: |
-  (0.0588 * (characters / words) * 100) - (0.296 * (sentences / words) * 100) - 15.8
-
-condition: "> 9"
diff --git a/doc/vale/Readability/FleschKincaid.yml b/doc/vale/Readability/FleschKincaid.yml
deleted file mode 100644
index 3f60f205..00000000
--- a/doc/vale/Readability/FleschKincaid.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-extends: metric
-message: "Try to keep the Flesch–Kincaid grade level (%s) below 8."
-link: https://en.wikipedia.org/wiki/Flesch%E2%80%93Kincaid_readability_tests
-
-formula: |
-  (0.39 * (words / sentences)) + (11.8 * (syllables / words)) - 15.59
-
-condition: "> 8"
diff --git a/doc/vale/Readability/FleschReadingEase.yml b/doc/vale/Readability/FleschReadingEase.yml
deleted file mode 100644
index 61797667..00000000
--- a/doc/vale/Readability/FleschReadingEase.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-extends: metric
-message: "Try to keep the Flesch reading ease score (%s) above 70."
-link: https://en.wikipedia.org/wiki/Flesch%E2%80%93Kincaid_readability_tests
-
-formula: |
-  206.835 - (1.015 * (words / sentences)) - (84.6 * (syllables / words))
-
-condition: "< 70"
diff --git a/doc/vale/Readability/GunningFog.yml b/doc/vale/Readability/GunningFog.yml
deleted file mode 100644
index 302c0eeb..00000000
--- a/doc/vale/Readability/GunningFog.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-extends: metric
-message: "Try to keep the Gunning-Fog index (%s) below 10."
-link: https://en.wikipedia.org/wiki/Gunning_fog_index
-
-formula: |
-  0.4 * ((words / sentences) + 100 * (complex_words / words))
-
-condition: "> 10"
diff --git a/doc/vale/Readability/LIX.yml b/doc/vale/Readability/LIX.yml
deleted file mode 100644
index f5b0f4e8..00000000
--- a/doc/vale/Readability/LIX.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-extends: metric
-message: "Try to keep the LIX score (%s) below 35."
-
-link: https://en.wikipedia.org/wiki/Lix_(readability_test)
-# Very Easy: 20 - 25
-#
-# Easy: 30 - 35
-#
-# Medium: 40 - 45
-#
-# Difficult: 50 - 55
-#
-# Very Difficult: 60+
-formula: |
-  (words / sentences) + ((long_words * 100) / words)
-
-condition: "> 35"
diff --git a/doc/vale/Readability/SMOG.yml b/doc/vale/Readability/SMOG.yml
deleted file mode 100644
index e7f5913b..00000000
--- a/doc/vale/Readability/SMOG.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-extends: metric
-message: "Try to keep the SMOG grade (%s) below 10."
-link: https://en.wikipedia.org/wiki/SMOG
-
-formula: |
-  1.0430 * math.sqrt((polysyllabic_words * 30.0) / sentences) + 3.1291
-
-condition: "> 10"
diff --git a/doc/vale/Readability/meta.json b/doc/vale/Readability/meta.json
deleted file mode 100644
index 0ff71c30..00000000
--- a/doc/vale/Readability/meta.json
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "feed": "https://github.com/errata-ai/Readability/releases.atom",
-  "vale_version": ">=2.13.0"
-}
\ No newline at end of file
diff --git a/doc/vale/RedHat/CaseSensitiveTerms.yml b/doc/vale/RedHat/CaseSensitiveTerms.yml
index 5039ef07..ae2659c9 100644
--- a/doc/vale/RedHat/CaseSensitiveTerms.yml
+++ b/doc/vale/RedHat/CaseSensitiveTerms.yml
@@ -9,18 +9,27 @@ action:
   name: replace
 swap:
   "(?<!/)var": VAR
-  # Bind: BIND
-  '(?<!\.)yaml|Yaml': YAML
   "(?<!Business )Resource Planner|(?<!Business Resource )Planner": Business Resource Planner
-  '(?<!JBoss )EAP|(?<!Red Hat )JBoss(?!\sCommunity|\sBroker|\sClients|\sConsole|\sAMQ|\sData\sGrid|\sBRMS|\sBPMS|\sEnterprise\sApplication\sPlatform|\.org|\sInterconnect|\sEAP|\sBPM\sSuite)': JBoss EAP
   "(?<!Microsoft )Azure": Microsoft Azure
   "(?<!Microsoft Azure )On-Demand Marketplace": Microsoft Azure On-Demand Marketplace
-  '(?<!Realtime )Decision\sServer': Realtime Decision Server
   "(?<!Red Hat )Customer Portal": Red Hat Customer Portal
   "(?<!Red Hat )JBoss Enterprise Application Platform": Red Hat JBoss Enterprise Application Platform
   "(?<!Red Hat )OpenStack Platform|RHOS|RH-OSP": Red Hat OpenStack Platform
   "(?<!Red Hat JBoss )BRMS(?! engine)": inference engine
   "(?<!Red Hat JBoss )BRMS|BRM|(?<!Red Hat )JBoss BRMS": Red Hat JBoss BRMS
+  "[dD]ay-0|day 0": Day 0
+  "[dD]ay-1|day 1": Day 1
+  "[dD]ay-2|day 2": Day 2
+  "BPMS|(?<!Red Hat )JBoss BPMS|(?<!Red Hat JBoss )BPM(?! Suite)": Red Hat JBoss BPM Suite
+  "DM(?![ -]Multipath)|directory manager": Directory Manager
+  "JBoss Broker|Red Hat Broker|The AMQ Broker": AMQ Broker
+  "JBoss Console|Red Hat Console": AMQ Console
+  "Kernel(?!-based Virtual Machine)": kernel
+  "OCM|(?<!Red Hat OpenShift )Cluster Manager|(?<!Red Hat )OpenShift Cluster Manager|the OpenShift Cluster Manager": Red Hat OpenShift Cluster Manager
+  "OD": Red Hat OpenShift Dedicated
+  '(?<!\.)yaml|Yaml': YAML
+  '(?<!JBoss )EAP|(?<!Red Hat )JBoss(?!\sCommunity|\sBroker|\sClients|\sConsole|\sAMQ|\sData\sGrid|\sBRMS|\sBPMS|\sEnterprise\sApplication\sPlatform|\.org|\sInterconnect|\sEAP|\sBPM\sSuite)': JBoss EAP
+  '(?<!Realtime )Decision\sServer': Realtime Decision Server
   '[nN]odejs|[nN]ode\.JS|node\.js': Node.js
   '\s\.Net Core|\s\.Net|\s\.NET\sCore|dotNet': .NET
   'A-MQ(?!\sBroker|\sClient|\sConsole|\sInterconnect)': AMQ
@@ -31,24 +40,14 @@ swap:
   'ack\spacket|ACK(?!\sflag)|ack': ACK flag
   'ActiveMQ\sArtemis|ActiveMQ(?!\sArtemis)': built-in messaging|JBoss EAP built-in messaging|JBoss EAP messaging
   'Admin\sPortal|webadmin\sportal|webadmin|Administrator\sPortal|Administration\sportal': Administration Portal
-  "BPMS|(?<!Red Hat )JBoss BPMS|(?<!Red Hat JBoss )BPM(?! Suite)": Red Hat JBoss BPM Suite
   'BRMS\sengine': inference engine
-  "[dD]ay-0|day 0": Day 0
-  "[dD]ay-1|day 1": Day 1
-  "[dD]ay-2|day 2": Day 2
-  "DM(?![ -]Multipath)|directory manager": Directory Manager
   'GUI\seditor|Business\sCentral\seditor': guided editor
-  "JBoss Broker|Red Hat Broker|The AMQ Broker": AMQ Broker
-  "JBoss Console|Red Hat Console": AMQ Console
   'JBoss\.org': JBoss Community
   'JBoss\sAMQ': AMQ
   'JBoss\sInterconnect': AMQ Interconnect
-  "Kernel(?!-based Virtual Machine)": kernel
   'Kie(?!\sServer)': KIE
   'Kie\sServer': Intelligent Process Server
   'O\.K\.D|okd|OpenShift Kubernetes Distribution|OpenShift\sOrigin': OKD
-  "OCM|(?<!Red Hat OpenShift )Cluster Manager|(?<!Red Hat )OpenShift Cluster Manager|the OpenShift Cluster Manager": Red Hat OpenShift Cluster Manager
-  "OD": Red Hat OpenShift Dedicated
   'Red\sHat\sInterconnect': AMQ Interconnect
   'Red\sHat\sVirtualization\sHypervisor|RHV\sHost|RHV-H': Red Hat Virtualization Host
   'RHVM|RHV-M|RHV\sManager': Red Hat Virtualization Manager
@@ -126,6 +125,7 @@ swap:
   Gnu|gnu: GNU
   Gpl|gpl: GPL
   Graalvm|graalVM: GraalVM
+  grpc|GRPC: gRPC
   Greenboot|green boots: greenboot
   Grub: GRUB
   GTK|Gtk|gtk: GTK+
@@ -139,6 +139,7 @@ swap:
   Ignite|Fuse Ignite: Fuse Online|Red Hat Fuse Online|Syndesis
   ignition config: Ignition config
   Image Builder: image builder
+  Istio Service Mesh : Istio service mesh
   INSTALL_DIR|installDir: FUSE_HOME
   Iops|IOPs: IOPS
   Ip: IP
@@ -199,6 +200,7 @@ swap:
   Operating Environment: operating environment
   Operator Hub|Operator hub|Operatorhub|operatorhub: OperatorHub
   Opex|Opex|OPEX|opEx: OpEx
+  ORAN: O-RAN
   Organization administrator|Org Admin|org admin: Organization Administrator
   OS|Operating System: operating system
   Overcloud: overcloud
diff --git a/doc/vale/RedHat/Definitions.yml b/doc/vale/RedHat/Definitions.yml
index 47007659..c476a050 100644
--- a/doc/vale/RedHat/Definitions.yml
+++ b/doc/vale/RedHat/Definitions.yml
@@ -48,6 +48,7 @@ exceptions:
   - DRL
   - DSL
   - EIP
+  - ELB
   - ERROR
   - FAQ
   - FQDN
@@ -121,12 +122,14 @@ exceptions:
   - POST
   - PPP
   - PROM
+  - PTP
   - PXE
   - QCOW2
   - QEMU
   - RADOS
   - RAID
   - RAM
+  - RAN
   - RBAC
   - RBD
   - REPL
diff --git a/doc/vale/RedHat/HeadingPunctuation.yml b/doc/vale/RedHat/HeadingPunctuation.yml
index 9a4c083e..04646ad3 100644
--- a/doc/vale/RedHat/HeadingPunctuation.yml
+++ b/doc/vale/RedHat/HeadingPunctuation.yml
@@ -1,15 +1,11 @@
 ---
-extends: existence
+extends: substitution
 level: warning
 link: https://redhat-documentation.github.io/vale-at-red-hat/docs/main/reference-guide/headingpunctuation/
 message: "Do not use end punctuation in headings."
 nonword: true
 scope: heading
-# source: "IBM - Periods in headings and titles, p. 61"
 action:
-  name: edit
-  params:
-    - remove
-    - ".?!"
-tokens:
-  - '[a-z0-9][.?!](?:\s|$)'
+  name: replace
+swap:
+  '[.?!]$': ''
diff --git a/doc/vale/RedHat/Headings.yml b/doc/vale/RedHat/Headings.yml
index 9e96c777..ea5544c0 100644
--- a/doc/vale/RedHat/Headings.yml
+++ b/doc/vale/RedHat/Headings.yml
@@ -79,6 +79,8 @@ exceptions:
   - Flathub
   - Flatpak
   - Flatpak Builder
+  - Fluentd
+  - Flyway
   - Fortran
   - Funqy
   - GCC
@@ -93,6 +95,7 @@ exceptions:
   - GraalVM
   - Gradle
   - GraphQL
+  - Graylog
   - Grayscale
   - GTK
   - HTTP
@@ -114,9 +117,12 @@ exceptions:
   - Infinispan
   - Intelephense
   - IntelliJ
+  - Istio
   - Itanium
   - JAR file
   - JBang
+  - JBoss Log Manager
+  - JBoss Logging
   - JUnit
   - JVM
   - Jakarta
@@ -136,6 +142,7 @@ exceptions:
   - Kubespray
   - Kylin
   - Laravel
+  - Logstash
   - Lombok
   - Makefile
   - Mandrel
@@ -226,6 +233,7 @@ exceptions:
   - WebSocket
   - Webview
   - Webviews
+  - WebView
   - Wildfly
   - Window Maker
   - Windows
@@ -238,10 +246,12 @@ exceptions:
   - Zowe
   - cgroup
   - eServer
+  - gRPC
   - mutual TLS
   - mTLS
   - qeth
   - startx
   - vNIC
   - vNUMA
+  - xDS
   - xterm
diff --git a/doc/vale/RedHat/OxfordComma.yml b/doc/vale/RedHat/OxfordComma.yml
index 7595d80c..2f9d1080 100644
--- a/doc/vale/RedHat/OxfordComma.yml
+++ b/doc/vale/RedHat/OxfordComma.yml
@@ -3,6 +3,7 @@ extends: existence
 level: suggestion
 link: https://redhat-documentation.github.io/vale-at-red-hat/docs/main/reference-guide/oxfordcomma/
 message: "Use the Oxford comma in '%s'."
-# source: "IBM - Commas between clauses, p.45"
+scope: sentence
+nonword: true
 tokens:
-  - '(?:[^,]+,){1,}\s\w+\sand'
+  - '(?:[^\s,]+,){1,} \w+ (?:and|or) \w+[.?!]'
diff --git a/doc/vale/RedHat/PascalCamelCase.yml b/doc/vale/RedHat/PascalCamelCase.yml
index ad73734d..fc8a8778 100644
--- a/doc/vale/RedHat/PascalCamelCase.yml
+++ b/doc/vale/RedHat/PascalCamelCase.yml
@@ -120,11 +120,13 @@ exceptions:
   - OpenIPMI
   - OpenJDK
   - OpenRewrite
+  - OpenRAN
   - OpenSCAP
   - OpenShift
   - OpenSSH
   - OpenSSL
   - OpenStack
+  - OpenTelemetry
   - OpenTracing
   - OperatorHub
   - OpEx
diff --git a/doc/vale/RedHat/SimpleWords.yml b/doc/vale/RedHat/SimpleWords.yml
index f5b650b4..b8fcd316 100644
--- a/doc/vale/RedHat/SimpleWords.yml
+++ b/doc/vale/RedHat/SimpleWords.yml
@@ -4,7 +4,8 @@ ignorecase: true
 level: suggestion
 link: https://redhat-documentation.github.io/vale-at-red-hat/docs/main/reference-guide/simplewords/
 message: "Use simple language. Consider using '%s' rather than '%s'."
-# source: "IBM - Conversational style; http://www.plainlanguage.gov/howto/wordsuggestions/simplewords.cfm"
+action:
+  name: replace
 swap:
   "approximate(?:ly)?": about
   "objective(?! C?)": aim|goal
diff --git a/doc/vale/RedHat/Slash.yml b/doc/vale/RedHat/Slash.yml
index f69f41d5..69fd9757 100644
--- a/doc/vale/RedHat/Slash.yml
+++ b/doc/vale/RedHat/Slash.yml
@@ -18,3 +18,5 @@ exceptions:
   - "z/OSMF"
   - "0/"
   - "C/C"
+  - "TCP/IP"
+  - '\d{1,4}\/\d{1,4}'
diff --git a/doc/vale/RedHat/Spelling.yml b/doc/vale/RedHat/Spelling.yml
index f3cd8b3d..ba839880 100644
--- a/doc/vale/RedHat/Spelling.yml
+++ b/doc/vale/RedHat/Spelling.yml
@@ -8,28 +8,34 @@ message: "Use correct American English spelling. Did you really mean '%s'?"
 # A "filter" is a case-sensitive regular expression specifying words to ignore during spell checking.
 # Spelling rule applies to individual words
 filters:
-  - '\.NET'
-  - 'I/O'
-  - 'Node\.js'
   - "[aA]ccessor"
   - "[aA]llowlist"
+  - "[aA]utomount"
   - "[aA]utostart"
   - "[bB]ackfilling"
   - "[bB]ackported"
   - "[bB]acktrace"
   - "[bB]indable"
   - "[bB]oolean"
+  - "[bB]ootable"
   - "[bB]reakpoint"
   - "[bB]reakpoints"
   - "[cC]he"
+  - "[cC]hrony"
   - "[cC]lassloading"
+  - "[cC]lasspath"
   - "[cC]olocate"
+  - "[cC]olocation"
   - "[cC]onfig"
+  - "[cC]ustomizer"
+  - "[dD]atasource"
   - "[dD]eclaratively"
   - "[dD]ecompiler"
   - "[dD]eserialization"
+  - "[dD]eserialized"
   - "[dD]esynchronize"
   - "[dD]esynchronized"
+  - "[dD]ev"
   - "[dD]ev[wW]orkspace"
   - "[dD]evfile"
   - "[dD]evfiles"
@@ -40,8 +46,11 @@ filters:
   - "[Ff]actory"
   - "[fF]ailback"
   - "[fF]ailover"
+  - "[fF]indability"
   - "[gG]bps"
   - "[gG]it"
+  - "[gG]locks?"
+  - "[gG]radle"
   - "[gG]rafana"
   - "[hH]ardcoding"
   - "[hH]eatmap"
@@ -52,26 +61,32 @@ filters:
   - "[jJ]et[bB]rains"
   - "[jJ]ournald"
   - "[jJ]ournaling"
+  - "[kK]dump"
   - "[kK]eycloak"
   - "[kK]eylime"
   - "[kK]eyring"
   - "[kK]eyrings"
+  - "[kK]eytabs?"
   - "[lL]ibvirt"
   - "[lL]icensor"
+  - "[lL]iquibase"
   - "[lL]iveness"
   - "[lL]oopback"
   - "[mM]atrixes"
   - "[mM]ebibytes"
+  - "[mM]etamodel"
   - "[mM]iddleware"
   - "[mM]illicores"
   - "[mM]ixin"
   - "[mM]ixins"
   - "[mM]odularization"
+  - "[Mm]onospace"
   - "[mM]ulticluster"
   - "[mM]ultihost"
   - "[mM]ultinode"
-  - "[mM]ultithread"
+  - "[mM]ultipath"
   - "[mM]ultitenant"
+  - "[mM]ultithread"
   - "[mM]ultiuser"
   - "[mM]ultizone"
   - "[nN]amespace"
@@ -80,12 +95,13 @@ filters:
   - "[oO]perator"
   - "[oO]verridable"
   - "[pP]reconfigured"
+  - "[pP]reconfigured"
   - "[pP]regenerated"
-  - "[pP]ulldown"
   - "[pP]repend"
   - "[pP]repended"
   - "[pP]roductize"
   - "[pP]roductized"
+  - "[pP]ulldown"
   - "[rR]eadonly"
   - "[rR]ebalance"
   - "[rR]ebalances"
@@ -108,13 +124,14 @@ filters:
   - "[rR]untime"
   - "[rR]untimes"
   - "[sS]crollbar"
-  - "[sS]erializer"
-  - "[sS]erialization"
+  - "[sS]earchability"
   - "[sS]erializable"
+  - "[sS]erialization"
+  - "[sS]erializer"
   - "[sS]erverless"
   - "[sS]ervlet"
+  - "[sS]etter"
   - "[sS]harding"
-  - "[sS]ysctl"
   - "[Ss]u"
   - "[sS]ubcommand"
   - "[sS]ubcommands"
@@ -134,12 +151,15 @@ filters:
   - "[sS]ubusers"
   - "[sS]ubvolume"
   - "[sS]ubvolumes"
+  - "[sS]ysctl"
+  - "[sS]yslog"
   - "[sS]ystemd"
   - "[tT]emplated"
   - "[tT]heia"
   - "[tT]olerations"
   - "[tT]raceback"
   - "[tT]ruststore"
+  - "[uU]mask"
   - "[uU]ncomment"
   - "[uU]ndercloud"
   - "[uU]ninstallation"
@@ -151,7 +171,11 @@ filters:
   - "[uU]psell"
   - "[uU]pselling"
   - "[vV]alidator"
+  - '\.NET'
+  - 'I/O'
+  - 'Node\.js'
   - "Let\\'s Encrypt"
+  - ACLs
   - adoc
   - AGPLv
   - Agroal
@@ -171,9 +195,11 @@ filters:
   - BOM
   - Bonjour
   - Bouncy Castle
+  - bcrypt
   - btn
   - Btrfs
   - Bugzilla
+  - Buildah
   - camelCase
   - CentOS
   - Ceph
@@ -183,7 +209,6 @@ filters:
   - Ciphertext
   - Civetweb
   - classloader
-  - classpath
   - Cloudbursting
   - Cloudwashing
   - CodeReady
@@ -229,8 +254,11 @@ filters:
   - firewalld
   - Flathub
   - Flatpak
+  - Fluentd
+  - Flyway
   - Fortran
   - Funqy
+  - Galera
   - GCC
   - GIDs
   - GitHub
@@ -238,10 +266,11 @@ filters:
   - Gluster
   - GNUPro
   - GraalVM
-  - Gradle
   - GraphQL
-  - greenboot
   - Grayscale
+  - Graylog
+  - greenboot
+  - gRPC
   - GTIDs?
   - GUI
   - Hashicorp
@@ -261,6 +290,7 @@ filters:
   - IntelliJ
   - IPsec
   - ISeries
+  - Istio
   - IPPool
   - IPsec
   - IPv
@@ -280,6 +310,7 @@ filters:
   - JVM
   - Kafka
   - kbd
+  - Kerberos
   - keystore
   - Kibana
   - Knative
@@ -288,13 +319,17 @@ filters:
   - Kompose
   - kubelet
   - Kubespray
+  - Kubernetes
   - Kylin
   - Laravel
   - LGPLv
   - librados
   - librbd
+  - Libreswan
   - libOSMesa
+  - Logstash
   - Lombok
+  - Liquibase
   - Makefile
   - Mattermost
   - Maven
@@ -305,7 +340,6 @@ filters:
   - Mirantis
   - Mockito
   - MongoDB
-  - Multipath
   - MySQL
   - Nagios
   - Narayana
@@ -332,8 +366,10 @@ filters:
   - OSBuild
   - osd
   - OSs
+  - OSTree
   - PCIe
   - PDFs?
+  - Petitboot
   - PHP
   - PIDs
   - Podman
@@ -354,8 +390,8 @@ filters:
   - Redis
   - Redistributions
   - relaxngDatatype
-  - RESTEasy
   - Restic
+  - RESTEasy
   - Rolfe
   - Rollup
   - ROMs
@@ -367,12 +403,14 @@ filters:
   - SCM
   - SELinux
   - Semeru
+  - Skopeo
   - Shadowman
   - SLAs
   - SmallRye
   - Spotify
   - startx
   - STMicroelectronics
+  - Stratis
   - Suchow
   - SVG
   - Symfony
@@ -400,6 +438,7 @@ filters:
   - vSphere
   - WebAuthn
   - Webpack
+  - WebView
   - WebSocket
   - Wildfly
   - Woopra
diff --git a/doc/vale/RedHat/Symbols.yml b/doc/vale/RedHat/Symbols.yml
new file mode 100644
index 00000000..ab9570ce
--- /dev/null
+++ b/doc/vale/RedHat/Symbols.yml
@@ -0,0 +1,9 @@
+---
+extends: existence
+level: suggestion
+link: https://redhat-documentation.github.io/supplementary-style-guide/#_symbols
+message: "Do not use the '%s' symbol."
+nonword: true
+tokens:
+  - '(?<![":])\!(?![":])'
+  - '(?<!")\&(?!")'
diff --git a/doc/vale/RedHat/TermsErrors.yml b/doc/vale/RedHat/TermsErrors.yml
index 40ab4134..4a51f7a4 100644
--- a/doc/vale/RedHat/TermsErrors.yml
+++ b/doc/vale/RedHat/TermsErrors.yml
@@ -15,9 +15,10 @@ swap:
   "(?<!mobile |cell )phone": "telephone|cell phone|mobile phone"
   "(?<!Mozilla )Firefox": Mozilla Firefox
   "(?<!Mozilla )Thunderbird": Mozilla Thunderbird
-  "[bB]asic [aA]uth": Basic HTTP authentication (first instance)|Basic authentication
+  "[bB]asic [aA]uth": Basic HTTP authentication|Basic authentication
   "a lot(?: of)?": many|much
   "AI": Assisted Installer
+  "(?<!as well )as per": according to|as|as in
   "backward(?:-)?compatible": compatible with earlier versions
   "bottle neck|bottle-neck": bottleneck
   "bottom(?:-)?left": lower left|lower-left
@@ -54,8 +55,8 @@ swap:
   alright|all right: "correct|as expected"
   analyse: analyze
   and/or: a or b|a, b, or both
+  appendices: appendixes
   as long as: if|provided that
-  as per: according to|as|as in
   autodetect: auto-detect
   back-level: earlier|previous|not at the latest level
   bi-monthly: bimonthly
@@ -134,6 +135,7 @@ swap:
   dualboot|dual boot: dual-boot
   e-fix: fix|interim fix
   eFix: fix|interim fix
+  Elastic Load Balancer: Elastic Load Balancing
   emphasise: emphasize
   end user: user
   end-user interface: graphical interface|interface
@@ -181,7 +183,6 @@ swap:
   keep in mind: remember
   kernelspace: kernel-space
   labour: labor
-  laptop: notebook
   large page|super page: huge page
   launch: start|open
   learnt: learned
@@ -244,6 +245,8 @@ swap:
   pseudo ops|pseudoops: pseudo-ops
   pull-down: pulldown
   recognise: recognize
+  Red Hat OpenJDK|RHOJDK|Red Hat Open Java Development Kit: Red Hat build of OpenJDK
+  Red Hat Java: Red Hat build of OpenJDK
   regex: regular expression
   remote-access server: remote access server
   remote-access: remote access
@@ -327,3 +330,6 @@ swap:
   xsite: cross-site replication
   zero out: zero
   zonegroup|zone-group: zone group
+  kilobytes?: KB|kB
+  'w/(?!o) ': "with "
+  'w/o': without
\ No newline at end of file
diff --git a/doc/vale/RedHat/TermsSuggestions.yml b/doc/vale/RedHat/TermsSuggestions.yml
index ebe1025a..38b741f4 100644
--- a/doc/vale/RedHat/TermsSuggestions.yml
+++ b/doc/vale/RedHat/TermsSuggestions.yml
@@ -4,37 +4,18 @@ ignorecase: false
 level: suggestion
 link: https://redhat-documentation.github.io/vale-at-red-hat/docs/main/reference-guide/termssuggestions/
 message: "Depending on the context, consider using '%s' rather than '%s'."
-# source: "https://redhat-documentation.github.io/supplementary-style-guide/#glossary-terms-conventions; IBM - Appendix C. Word usage, p. 300"
 action:
   name: replace
 swap:
-  "(?<!,) which": ", which (non restrictive clause preceded by a comma)|that (restrictive clause without a comma)"
-  "(?<!by) using": by using|that uses
+  "(?<!,) which": ", which| that"
+  "(?<!by) using": " by using| that uses"
   "(?<!such )as": because|while
-  ", that": ", which (non restrictive clause preceded by a comma)|that (restrictive clause without a comma)"
-  "[Bb]are metal|[Bb]are-metal(?! clusters?| compute| configuration| controls?| environments?| equipment| events?| hardware| hosts?| infrastructure| installations?| installers?| machines?| media| nodes?| provisioning| servers?| workers?)": bare metal (noun)|bare-metal (adjective)
+  ", that": ", which| that"
+  "[Bb]are metal(?= clusters?| compute| configuration| controls?| environments?| equipment| events?| hardware| hosts?| infrastructure| installations?| installers?| machines?| media| nodes?| provisioning| servers?| workers?)": bare-metal
+  "[Bb]are-metal(?! clusters?| compute| configuration| controls?| environments?| equipment| events?| hardware| hosts?| infrastructure| installations?| installers?| machines?| media| nodes?| provisioning| servers?| workers?)": bare metal
+  "[Nn]avigate": click|select|browse|go to
   "shell(?! prompt| script)": shell prompt
-  and so on: "appropriate descriptive wording, unless you list a clear sequence of elements"
-  between: " - ' to indicate a 'range of numbers"
-  Bps|bps: Bps (bytes per second)|bps (bits per second)
-  CD|cd: cd (change directory command)|CD (compact disc)
-  channel: repository
-  client side|client-side: client-side (adjective)| client side (noun)
-  code: write
-  crash: fail|lock up|stop|stop responding
-  functionality: functions # IBM
-  Hammer|x86_64|x86-64|x64|64-bit x86: AMD64
-  input|type: enter (followed by the text to enter in monospace) # https://redhat-documentation.github.io/supplementary-style-guide/#text-entry
-  jar: compress|archive (verb)
-  Navigate|navigate: '"click", "select", "browse", or "go to"'
-  recommend: direct users to take the recommended action
+  information on: information about
   refer to: see
-  roll-out|roll out|rollout: roll out (verb)|rollout (noun)
-  Router: AMQ Interconnect
   segfault: segmentation fault
-  tar: compress|archive
-  thru|through: "' - ' (range)|by using|finished|completed"
-  unjar: extract (verb)
-  user space|userspace|user-space: user space (noun)| user-space (modifier)
-  zip: compress
-  information on: information about
+  via: through|by|from|on|by using
diff --git a/doc/vale/RedHat/TermsWarnings.yml b/doc/vale/RedHat/TermsWarnings.yml
index 9ba2600e..81642a09 100644
--- a/doc/vale/RedHat/TermsWarnings.yml
+++ b/doc/vale/RedHat/TermsWarnings.yml
@@ -4,19 +4,16 @@ ignorecase: true
 level: warning
 link: https://redhat-documentation.github.io/vale-at-red-hat/docs/main/reference-guide/termswarnings/
 message: "Consider using '%s' rather than '%s' unless updating existing content that uses the term."
-# source: "https://redhat-documentation.github.io/supplementary-style-guide/#glossary-terms-conventions; IBM - Appendix C. Word usage, p. 300"
 action:
   name: replace
 swap:
-  CRUD: create, retrieve, update, and delete (CRUD)
-  "I(?!/O)": you
+  'I(?!/O)': you
   he|she: you
   host name: hostname
-  may: might (for possiblity)|can (for ability)
+  may: might|can
   on-premises|on-prem|on premise: on-premise|on-site|in-house
   entitlement: repository|subscription
   plug-in: plugin
   sane: accurate|valid|verified
   tooling: tool|tools
-  via: through|by|from|on|by using
   BIOS: firmware
diff --git a/doc/vale/Vocab/EPNix/accept.txt b/doc/vale/Vocab/EPNix/accept.txt
index d8d6e0f8..d9465938 100644
--- a/doc/vale/Vocab/EPNix/accept.txt
+++ b/doc/vale/Vocab/EPNix/accept.txt
@@ -1,10 +1,12 @@
 and so on
+Archiver Appliance
 colmena
 disnix
 EPICS
 epics-base
 EPNix
 IOCs?
+nginx
 Nix
 NixOS
 NixOps
diff --git a/flake.nix b/flake.nix
index 84778236..47ed831b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -21,7 +21,7 @@
         inherit system;
         overlays = [overlay inputs.bash-lib.overlay];
       };
-    in rec {
+    in {
       packages = flake-utils.lib.flattenTree (pkgs.recurseIntoAttrs pkgs.epnix);
 
       checks =
diff --git a/lib/licenses.nix b/lib/licenses.nix
index 20281423..ec8b078f 100644
--- a/lib/licenses.nix
+++ b/lib/licenses.nix
@@ -2,7 +2,7 @@
 # Taken from:
 # https://github.com/NixOS/nixpkgs/blob/55ad138e5cd97c6415abb45fae653fd413bef869/lib/licenses.nix
 lib.mapAttrs (lname: lset: let
-  defaultLicense = rec {
+  defaultLicense = {
     shortName = lname;
     free = true; # Most of our licenses are Free, explicitly declare unfree additions as such!
     deprecated = false;
diff --git a/pkgs/epnix/support/seq/default.nix b/pkgs/epnix/support/seq/default.nix
index 5c35f801..af700b77 100644
--- a/pkgs/epnix/support/seq/default.nix
+++ b/pkgs/epnix/support/seq/default.nix
@@ -6,7 +6,7 @@
   local_config_site ? {},
   local_release ? {},
 }:
-mkEpicsPackage rec {
+mkEpicsPackage {
   pname = "seq";
   version = "2.2.9";
   varname = "SNCSEQ";