diff --git a/config-joey.hs b/config-joey.hs
index f9f4eaa..d51b7c9 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -96,6 +96,10 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64"
 	& "/var/www/index.html" `File.hasContent` ["hello, world"]
 	& alias "helloworld.kitenet.net"
 	& Docker.docked oldusenetShellBox
+
+	& JoeySites.scrollBox
+	& alias "scroll.joeyh.name"
+	& alias "us.scroll.joeyh.name"
 	
 	-- ssh on some extra ports to deal with horrible networks
 	-- while travelling
@@ -272,10 +276,14 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
 	& Docker.docked jerryPlay
 	& Docker.garbageCollected `period` (Weekly (Just 1))
 	
+	& JoeySites.scrollBox
+	& alias "scroll.joeyh.name"
+	& alias "eu.scroll.joeyh.name"
+	
 	-- For https port 443, shellinabox with ssh login to
 	-- kitenet.net
 	& alias "shell.kitenet.net"
-	& JoeySites.kiteShellBox
+	& Docker.docked kiteShellBox
 	-- Nothing is using http port 80, so listen on
 	-- that port for ssh, for traveling on bad networks that
 	-- block 22.
@@ -348,6 +356,11 @@ jerryPlay = standardContainer "jerryplay" Unstable "amd64"
 	& Apt.installed ["ssh"]
 	& User.hasSomePassword "root"
 	& Ssh.permitRootLogin True
+	
+kiteShellBox :: Docker.Container
+kiteShellBox = standardStableContainer "kiteshellbox"
+	& JoeySites.kiteShellBox
+	& Docker.publish "443:443"
 
 type Motd = [String]
 
diff --git a/debian/changelog b/debian/changelog
index f15affb..9ac8c3f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+propellor (2.2.1) unstable; urgency=medium
+
+  * userScriptProperty now passes --shell /bin/sh, so it can be used
+    even for users with nonstandard shells.
+  * Fix bug in docker propellor shim setup introduced in last release,
+    which broke provisioning of new docker containers.
+
+ -- Joey Hess <id@joeyh.name>  Thu, 12 Mar 2015 20:08:34 -0400
+
 propellor (2.2.0) unstable; urgency=medium
 
   * When running shimmed (eg in a docker container),
diff --git a/propellor.cabal b/propellor.cabal
index ff37003..c8f093a 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -1,5 +1,5 @@
 Name: propellor
-Version: 2.2.0
+Version: 2.2.1
 Cabal-Version: >= 1.6
 License: BSD3
 Maintainer: Joey Hess <id@joeyh.name>
diff --git a/src/Propellor/Property/Cmd.hs b/src/Propellor/Property/Cmd.hs
index 7fd189d..ae8238f 100644
--- a/src/Propellor/Property/Cmd.hs
+++ b/src/Propellor/Property/Cmd.hs
@@ -40,6 +40,6 @@ scriptProperty script = cmdProperty "sh" ["-c", shellcmd]
 -- | A property that can satisfied by running a series of shell commands,
 -- as user (cd'd to their home directory).
 userScriptProperty :: UserName -> [String] -> Property NoInfo
-userScriptProperty user script = cmdProperty "su" ["-c", shellcmd, user]
+userScriptProperty user script = cmdProperty "su" ["--shell", "/bin/sh", "-c", shellcmd, user]
   where
 	shellcmd = intercalate " ; " ("set -e" : "cd" : script)
diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs
index 0abd783..8557f08 100644
--- a/src/Propellor/Property/Postfix.hs
+++ b/src/Propellor/Property/Postfix.hs
@@ -38,7 +38,7 @@ satellite = check (not <$> mainCfIsSet "relayhost") setup
 			[ Apt.reConfigure "postfix"
 				[ ("postfix/main_mailer_type", "select", "Satellite system")
 				, ("postfix/root_address", "string", "root")
-				, ("postfix/destinations", "string", " ")
+				, ("postfix/destinations", "string", "localhost")
 				, ("postfix/mailname", "string", hn)
 				]
 			, mainCf ("relayhost", domain)
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 303a693..1e0268b 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -22,6 +22,72 @@ import Data.List
 import System.Posix.Files
 import Data.String.Utils
 
+scrollBox :: Property HasInfo
+scrollBox = propertyList "scroll server" $ props
+	& User.accountFor "scroll"
+	& Git.cloned "scroll" "git://git.kitenet.net/scroll" (d </> "scroll") Nothing
+	& Apt.installed ["ghc", "make", "cabal-install", "libghc-vector-dev",
+		"libghc-bytestring-dev", "libghc-mtl-dev", "libghc-ncurses-dev",
+		"libghc-random-dev", "libghc-monad-loops-dev",
+		"libghc-ifelse-dev", "libghc-case-insensitive-dev",
+		"libghc-data-default-dev"]
+	& userScriptProperty "scroll"
+		[ "cd " ++ d </> "scroll"
+		, "git pull"
+		, "cabal configure"
+		, "make"
+		]
+	& s `File.hasContent`
+		[ "#!/bin/sh"
+		, "set -e"
+		, "echo Preparing to run scroll!"
+		, "cd " ++ d
+		, "mkdir -p tmp"
+		, "TMPDIR= t=$(tempfile -d tmp)"
+		, "export t"
+		, "rm -f \"$t\""
+		, "mkdir \"$t\""
+		, "cd \"$t\""
+		, "echo"
+		, "echo Press Enter to start the game."
+		, "read me"
+		, "SHELL=/bin/sh script --timing=timing -c " ++ g
+		] `onChange` (s `File.mode` (combineModes (ownerWriteMode:readModes ++ executeModes)))
+	& g `File.hasContent`
+		[ "#!/bin/sh"
+		, "if ! ../../scroll/scroll; then"
+		, "echo Scroll seems to have ended unexpectedly. Possibly a bug.."
+		, "else"
+		, "echo Thanks for playing scroll! https://joeyh.name/code/scroll/"
+		, "fi"
+		, "echo Your game was recorded, as ID:$(basename \"$t\")"
+		, "echo if you would like to talk about how it went, email scroll@joeyh.name"
+		, "echo 'or, type comments below (finish with a dot on its own line)'"
+		, "echo"
+		, "echo Your comments:"
+		, "mail -s \"scroll test $t\" joey@kitenet.net"
+		] `onChange` (g `File.mode` (combineModes (ownerWriteMode:readModes ++ executeModes)))
+	& Apt.installed ["bsd-mailx"]
+	-- prevent port forwarding etc by not letting scroll log in via ssh
+	& Ssh.sshdConfig `File.containsLine` ("DenyUsers scroll")
+		`onChange` Ssh.restarted
+	& cmdProperty "chsh" ["scroll", "-s", s]
+	& User.hasPassword "scroll"
+	& Apt.serviceInstalledRunning "telnetd"
+	& Apt.installed ["shellinabox"]
+	& File.hasContent "/etc/default/shellinabox"
+		[ "# Deployed by propellor"
+		, "SHELLINABOX_DAEMON_START=1"
+		, "SHELLINABOX_PORT=4242"
+		, "SHELLINABOX_ARGS=\"--disable-ssl --no-beep --service=:scroll:scroll:" ++ d ++ ":" ++ s ++ "\""
+		]
+		`onChange` Service.restarted "shellinabox"
+	& Service.running "shellinabox"
+  where
+	d = "/home/scroll"
+	s = d </> "login.sh"
+	g = d </> "game.sh"
+
 oldUseNetServer :: [Host] -> Property HasInfo
 oldUseNetServer hosts = propertyList "olduse.net server" $ props
 	& Apt.installed ["leafnode"]
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index f44688c..320136e 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -1,5 +1,6 @@
 module Propellor.Property.Ssh (
 	PubKeyText,
+	sshdConfig,
 	setSshdConfig,
 	permitRootLogin,
 	passwordAuthentication,
diff --git a/src/Propellor/Shim.hs b/src/Propellor/Shim.hs
index e1ea282..5fc1ea0 100644
--- a/src/Propellor/Shim.hs
+++ b/src/Propellor/Shim.hs
@@ -34,7 +34,7 @@ setup propellorbin propellorbinpath dest = checkAlreadyShimmed propellorbin $ do
 		fromMaybe (error "cannot find ld-linux linker") $
 			headMaybe $ filter ("ld-linux" `isInfixOf`) libs'
 	let linkersym = takeDirectory linker </> takeFileName propellorbin
-	createSymbolicLink linkersym (takeFileName linker)
+	createSymbolicLink (takeFileName linker) linkersym
 
 	let gconvdir = (dest ++) $ takeDirectory $
 		fromMaybe (error "cannot find gconv directory") $