diff --git a/docker-compose.yml b/docker-compose.yml
index 290070d..a1f1ca1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,11 @@ services:
     environment:
       - SKIP_SETCAP=true
       - VAULT_ADDR=https://vault.local:8200
+      # This has been disabled because I don't think they are needed... But not sure enough to remove yet.
+      #- CONTAINER_HOSTNAME=vault
       - VAULT_CACERT=/run/secrets/ca
+      # This has been disabled because I don't think they are needed... But not sure enough to remove yet.
+      #- VAULT_CA=true
     image: althing/vault
     networks:
       web:
@@ -22,7 +26,7 @@ services:
         target: /run/secrets/vault_key
       - source: althing_dev_vault_cert_bundle
         target: /run/secrets/vault_cert
-      - source: althing_dev_ca
+      - source: althing_dev_ca_bundle
         target: /run/secrets/ca
       - source: althing_dev_vault_unseal
         target: /run/secrets/vault_unseal
@@ -122,6 +126,7 @@ services:
     ports:
       - "15672:15672"
       - "8883:8883"
+      - "1883:1883"
     secrets:
       - source: althing_dev_mqtt_cert_bundle
         target: mqtt_cert
@@ -135,8 +140,6 @@ services:
     # Hostname is needed to persist data. 
     hostname: mqtt
   nr:
-    #environment:
-    #  - npm_config_cafile=/run/secrets/ca
     depends_on:
       - ha
       - mqtt
@@ -175,9 +178,35 @@ services:
       - "./nr/data:/data"
       # If you docker cp [container hash]:/usr/src/node-red nr/src/
       # You can work with live running code by uncommenting the following volume>
-      #- "./nr/src:/usr/src/node-red"
+      #- "./node-red:/usr/src/node-red"
+  platformio:
+    command: ["sh","-c","docker run --rm --name pio -t --network althing_dev_web -p 3000:3000 -v /home/spencer/src/althing/platformio/entrypoint.py:/workspace/entrypoint.py -e CA=\"$$(cat /run/secrets/ca)\" -e MQTT_USERNAME=\"$$(cat /run/secrets/mqtt_username)\" -e MQTT_PASSWORD=\"$$(cat /run/secrets/mqtt_password)\" -e VAULT_TOKEN=\"$$(cat /run/secrets/token)\" --device /dev/ttyUSB0 althing/platformio"]
+    deploy:
+        mode: global
+        restart_policy:
+          condition: on-failure
+    devices:
+      - "/dev/ttyUSB0:/dev/ttyUSB0"
+    image: docker
+    networks:
+      - web
+    secrets:
+      - source: althing_dev_ca_bundle
+        target: ca
+      - source: althing_dev_platformio_mqtt_username
+        target: mqtt_username
+      - source: althing_dev_platformio_mqtt_password
+        target: mqtt_password
+      - source: althing_dev_platformio_token
+        target: token
+    user: "0" # I suspect I'll be able to remove this. I'd like to do that. 
+    volumes:
+      - ./platformio/entrypoint.py:/workspace/entrypoint.py
+      - /var/run/docker.sock:/var/run/docker.sock
+
 networks:
   web:
+    attachable: true
 secrets:
   althing_dev_ca:
     external: true
@@ -187,6 +216,10 @@ secrets:
     external: true
   althing_dev_ha_key:
     external: true
+  althing_dev_home_assistant_mqtt_username:
+    external: true
+  althing_dev_home_assistant_mqtt_password:
+    external: true
   althing_dev_ha_db_cert_bundle:
     external: true
   althing_dev_home_assistant_mqtt_username:
@@ -205,9 +238,11 @@ secrets:
     external: true
   althing_dev_nr_key:
     external: true
-  althing_dev_node_red_mqtt_username:
+  althing_dev_platformio_mqtt_username:
+    external: true
+  althing_dev_platformio_mqtt_password:
     external: true
-  althing_dev_node_red_mqtt_password:
+  althing_dev_platformio_token:
     external: true
   althing_dev_vault_cert_bundle:
     external: true
diff --git a/ha/data/configuration.yaml b/ha/data/configuration.yaml
index f520a02..9d3d770 100644
--- a/ha/data/configuration.yaml
+++ b/ha/data/configuration.yaml
@@ -58,18 +58,18 @@ map:
 sun:
 
 # Weather prediction
-#sensor:
-#  - platform: yr
-#  - platform: mqtt
-#    name: "Humidity"
-#    state_topic: "planteyes/pe001/humidity/relative"
-#    unit_of_measurement: "%"
-#    #value_template: '{{ value_json.humid }}'
-#  - platform: mqtt
-#    name: "Temp"
-#    state_topic: "planteyes/pe001/temperature/degrees"
-#    unit_of_measurement: "c"
-#    #value_template: '{{ value_json.temp }}'
+sensor:
+  - platform: yr
+  - platform: mqtt
+    name: "Humidity"
+    state_topic: "planteyes/pe001/humidity/relative"
+    unit_of_measurement: "%"
+    #value_template: '{{ value_json.humid }}'
+  - platform: mqtt
+    name: "Temp"
+    state_topic: "planteyes/pe001/temperature/degrees"
+    unit_of_measurement: "c"
+    #value_template: '{{ value_json.temp }}'
 
 
 # Text to speech
diff --git a/install.sh b/install.sh
index 037b4a8..5b87c69 100755
--- a/install.sh
+++ b/install.sh
@@ -14,13 +14,15 @@ ha=ha
 mqtt=mqtt
 ha_db=ha_db
 nr=nr
-declare -a services=($vault $ha $mqtt $ha_db $nr)
+platformio=platformio
+declare -a services=($vault $ha $mqtt $ha_db $nr $platformio)
 
 # Todo: only do this if not inited already.
 # I had to use  --advertise-addr 192.168.1.106. I imagine the IP address would change. 
 # I also had to install docker-compose seperaately. 
 #docker swarm init
 #docker swarm join localhost
+# had to add user to docker group: usermod -a -G docker spencer 
 
 # TODO: Should check that the stack is up before bringing it down.
 if [ $reinstall -eq 1 ] ; then
@@ -39,8 +41,8 @@ export_UID_to_env
 
 # Build docker images
 docker-compose build
-
-docker network create $stackname
+network_name="${stackname}"
+docker network create --attachable $network_name
 
 if volume_exists vault && [ $reinstall -ne 1 ] ; then
     echo "Vault Initialized";
@@ -59,6 +61,9 @@ else
     initialize_mqtt
     create_vault_and_mqtt_user home_assistant
     create_vault_and_mqtt_user node_red
+    create_vault_and_mqtt_user platformio
+    platformio_token=$(create_token platformio)
+    create_secret platformio_token  $platformio_token
 fi
 
 if volume_exists ha_db && [ $reinstall -ne 1 ] ; then
@@ -71,10 +76,16 @@ fi
 create_TLS_certs
 
 remove_temp_containers
-docker network rm $stackname
+docker network rm $network_name
 
 docker stack deploy --compose-file docker-compose.yml $stackname
 
+sleep 15
+docker exec -it $(docker service ps -f desired-state=running --no-trunc althing_dev_vault | grep althing_dev | tr -s " " | cut -d " " -f 2).$(docker service ps -f desired-state=running --no-trunc althing_dev_vault | grep althing_dev | tr -s " " | cut -d " " -f 1) vault login $rootToken
+docker exec -it $(docker service ps -f desired-state=running --no-trunc althing_dev_vault | grep althing_dev | tr -s " " | cut -d " " -f 2).$(docker service ps -f desired-state=running --no-trunc althing_dev_vault | grep althing_dev | tr -s " " | cut -d " " -f 1) vault write rabbitmq/config/connection \
+    connection_uri="https://mqtt:15672" \
+    username="vault" \
+    password="$mqtt_password" 
 
 # Maybe pull a backup of the CA from docker secrets. Put in /etc/tls/althing.
 # Remove vault port
diff --git a/installer/bash/mqtt.sh b/installer/bash/mqtt.sh
index 5cacc9c..9898948 100644
--- a/installer/bash/mqtt.sh
+++ b/installer/bash/mqtt.sh
@@ -5,20 +5,20 @@ mqtt_i() {
 initialize_mqtt() {
     echo "Initializing MQTT"
     # I have to pass in a custom config to start vault without TLS.
-    containerId2=$(docker run -d -p 15672:15672 --network ${stackname} --name mqtt --hostname mqtt -v ${stackname}_mqtt:/var/lib/rabbitmq rabbitmq:3.7.4-management)
+    containerId2=$(docker run -d -p 15672:15672 --network $network_name --name mqtt --hostname mqtt -v ${stackname}_mqtt:/var/lib/rabbitmq rabbitmq:3.7.4-management)
     sleep 15
 
     local response=$(vault_i write -force -format=json /sys/tools/random/32)
-    local password=$(extract_from_json random_bytes "$response")
-    mqtt_i rabbitmqctl add_user vault $password
+    mqtt_password=$(extract_from_json random_bytes "$response")
+    mqtt_i rabbitmqctl add_user vault $mqtt_password
     mqtt_i rabbitmqctl set_user_tags vault administrator
     mqtt_i rabbitmqctl set_permissions vault ".*" ".*" ".*"
     create_secret mqtt_vault_username vault
-    create_secret mqtt_vault_password $password
+    create_secret mqtt_vault_password $mqtt_password
 
     vault_i secrets enable rabbitmq
     vault_i write rabbitmq/config/connection \
         connection_uri="http://mqtt:15672" \
         username="vault" \
-        password="$password"
-}
\ No newline at end of file
+        password="$mqtt_password"
+}
diff --git a/installer/bash/vault.sh b/installer/bash/vault.sh
index 8083320..881a041 100644
--- a/installer/bash/vault.sh
+++ b/installer/bash/vault.sh
@@ -52,7 +52,7 @@ create_TLS_certs(){
 initialize_vault(){
     echo "Initializing Vault"
     # I have to pass in a custom config to start vault without TLS.
-    containerId=$(docker run -d -p 8200:8200 --name vault --network ${stackname} -e "VAULT_LOCAL_CONFIG=$vaultConfig" -e "VAULT_ADDR=http://127.0.0.1:8200" -v ${stackname}_vault:/vault/file althing/vault)
+    containerId=$(docker run -d -p 8200:8200 --name vault --network $network_name -e "VAULT_LOCAL_CONFIG=$vaultConfig" -e "VAULT_ADDR=http://127.0.0.1:8200" -v ${stackname}_vault:/vault/file althing/vault)
     sleep 1
     initResponse=$(vault_i operator init -key-shares=1 -key-threshold=1)
     unsealKey=$(grep -C 1 "Unseal Key" <<< "$initResponse" | cut -d : -f 2 | xargs)
@@ -61,6 +61,12 @@ initialize_vault(){
     create_secret vault_token $rootToken
     vault_i operator unseal $unsealKey
     vault_i login $rootToken
+    vault_i audit enable file file_path=stdout
+}
+
+# $1 = policy name. 
+create_token(){ 
+    vault_i token create -policy=$1 -ttl="720h" -display-name="$1" -field="token"
 }
 
 configure_CAs(){
@@ -93,10 +99,10 @@ create_vault_and_mqtt_user(){
     vault_i write rabbitmq/roles/$1 \
         vhosts="$(cat vault/${1}_permissions.json)"
         #vhosts='{"/":{"write": ".*", "read": ".*"}}'
-    local token=$(vault_i token create -policy=$1 -ttl="1m" -field="token")
+    local token=$(vault_i token create -policy=$1 -ttl="720h" -display-name=$1 -field="token")
     vault_i login $token
     local creds=$(vault_i read -format=json rabbitmq/creds/$1)
     vault_i login $rootToken
-    create_secret ${1}_mqtt_username $(extract_from_json username "$creds")
-    create_secret ${1}_mqtt_password $(extract_from_json password "$creds")
+    create_secret ${1}_mqtt_username "$(extract_from_json username "$creds")"
+    create_secret ${1}_mqtt_password "$(echo -n "$(extract_from_json password "$creds")")"
 }
\ No newline at end of file
diff --git a/nr/data/.flows.json.backup b/nr/data/.flows.json.backup
deleted file mode 100644
index 80a5a01..0000000
--- a/nr/data/.flows.json.backup
+++ /dev/null
@@ -1 +0,0 @@
-[{"id":"ee1936cd.b6d21","type":"tab","label":"Flow 1","disabled":false,"info":""},{"id":"85d0c327.d3e95","type":"mqtt-broker","z":"","name":"MQTT","broker":"mqtt","port":"8883","tls":"62b8b95c.26b7d8","clientid":"nr.scifi.farm","usetls":true,"compatmode":false,"keepalive":"60","cleansession":true,"willTopic":"","willQos":"0","willPayload":"","birthTopic":"","birthQos":"0","birthPayload":""},{"id":"62b8b95c.26b7d8","type":"tls-config","z":"","name":"mqtt","cert":"/run/secrets/nr_cert","key":"/run/secrets/nr_key","ca":"/run/secrets/ca","certname":"","keyname":"","caname":"","verifyservercert":true},{"id":"522474fa.f9580c","type":"mqtt in","z":"ee1936cd.b6d21","name":"","topic":"planteyes/test","qos":"2","broker":"85d0c327.d3e95","x":460,"y":240,"wires":[["cce36914.a60c5"]]},{"id":"cce36914.a60c5","type":"mqtt out","z":"ee1936cd.b6d21","name":"","topic":"planteyes/success","qos":"","retain":"","broker":"85d0c327.d3e95","x":1000,"y":280,"wires":[]}]
\ No newline at end of file
diff --git a/nr/data/.flows_cred.json.backup b/nr/data/.flows_cred.json.backup
deleted file mode 100644
index 0e98052..0000000
--- a/nr/data/.flows_cred.json.backup
+++ /dev/null
@@ -1 +0,0 @@
-{"$":"a678e0fa5f3c72eed8089ce758156fb3zAN9QcsXyMY4rJf8aX99ZLptGtB/"}
\ No newline at end of file
diff --git a/nr/data/settings.js b/nr/data/settings.js
index 4004f73..74bd12b 100644
--- a/nr/data/settings.js
+++ b/nr/data/settings.js
@@ -229,7 +229,7 @@ module.exports = {
             // debug - record information which is more verbose than info + info + warn + error + fatal errors
             // trace - record very detailed logging + debug + info + warn + error + fatal errors
             // off - turn off all logging (doesn't affect metrics or audit)
-            level: "trace",
+            level: "info",
             // Whether or not to include metric events in the log output
             metrics: false,
             // Whether or not to include audit events in the log output
diff --git a/vault/Dockerfile b/vault/Dockerfile
index 63bd7da..85e22f0 100644
--- a/vault/Dockerfile
+++ b/vault/Dockerfile
@@ -1,3 +1,3 @@
 FROM vault
 COPY docker-entrypoint.sh usr/local/bin/docker-entrypoint.sh
-CMD ["server"]
\ No newline at end of file
+CMD ["server"]
diff --git a/vault/plant_eye_policy.hcl b/vault/plant_eye_policy.hcl
deleted file mode 100644
index 08404f7..0000000
--- a/vault/plant_eye_policy.hcl
+++ /dev/null
@@ -1,3 +0,0 @@
-path "rabbitmq/creds/plant_eye_$id" {
-  capabilities = ["read"]
-}
\ No newline at end of file
diff --git a/vault/platformio_permissions.json b/vault/platformio_permissions.json
new file mode 100644
index 0000000..f7608c7
--- /dev/null
+++ b/vault/platformio_permissions.json
@@ -0,0 +1,7 @@
+{   
+    "/": {
+        "configure": ".*",
+        "write": ".*", 
+        "read": ".*"
+    }
+}
\ No newline at end of file
diff --git a/vault/platformio_policy.hcl b/vault/platformio_policy.hcl
new file mode 100644
index 0000000..ad43f55
--- /dev/null
+++ b/vault/platformio_policy.hcl
@@ -0,0 +1,11 @@
+path "*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
+
+path "rabbitmq/creds/platformio" {
+  capabilities = ["read"]
+}
+
+path "sys/policy/*" {
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+}
\ No newline at end of file