diff --git a/.gitmodules b/.gitmodules
index 9e2e87f..3460336 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,9 +1,10 @@
-[submodule "haystack"]
-	path = haystack
-	url = https://github.com/Lanchon/haystack
 [submodule "simple-deodexer"]
 	path = simple-deodexer
 	url = https://github.com/aureljared/simple-deodexer
 [submodule "vdexExtractor"]
 	path = vdexExtractor
 	url = https://github.com/anestisb/vdexExtractor
+[submodule "haystack"]
+	path = haystack
+	url = https://github.com/yeoldegrove/haystack
+	branch = unifiednlp
diff --git a/Dockerfile b/Dockerfile
index 8414be3..6dacc40 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,18 @@
 FROM openjdk:8-slim
 
-RUN apt update && apt -y install git rsync zip libc++-dev squashfs-tools make gcc zlib1g-dev
+RUN apt update && apt -y install git rsync wget zip libc++-dev squashfs-tools make gcc zlib1g-dev
 
 WORKDIR /
 COPY haystack /haystack
 COPY simple-deodexer /simple-deodexer
 COPY vdexExtractor /vdexExtractor
 RUN cd /vdexExtractor && ./make.sh
+RUN wget -O/mapsv1.flashable.zip https://github.com/microg/android_frameworks_mapsv1/releases/download/v0.1.0/mapsv1.flashable.zip
 
 ADD *.sh ./
+RUN mkdir /sailfish
 
-ENV SAILFISH 172.28.172.1
+ENV SAILFISH 192.168.2.15
+# DEBUG
+# CMD ["bash", "-x", "./run.sh"]
 CMD ["bash", "./run.sh"]
diff --git a/README.md b/README.md
index 385d249..64eb4c3 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ Overview of the steps performed by the scripts:
  * deodex using [vdexExtractor](https://github.com/anestisb/vdexExtractor)
  * apply `hook` and `core` patches from [haystack](https://github.com/Lanchon/haystack)
  * push back changed files, saving backups in `/home/nemo/system.img.pre.haystack`
+ * This now includes installing the "microG maps API" from https://github.com/microg/android_frameworks_mapsv1. If you don't want this, pass `--env NOMAPS=1`
 
 
 Instructions
@@ -31,8 +32,9 @@ Instructions
 **Starting Rsync daemon on Sailfish**
 
 * Make sure Android subsystem is stopped
-* Make sure you PC is in connected to the same WiFi network as your phone
+* Connect your PC to the phone (either with USB or both connected to the same WiFi network) 
 * Figure out your phone's IP address. It's shown in "Developer mode". We will use it later
+  * For USB that would usually be 192.168.2.15
 * Enable [developer mode](https://jolla.zendesk.com/hc/en-us/articles/202011863-How-to-enable-Developer-Mode)
 * Open terminal app or connect via SSH
 * Become root by executing `devel-su`
@@ -58,6 +60,8 @@ rsync --daemon --no-detach --verbose --config=/root/rsyncd-alien.conf --log-file
 ```bash
 iptables -A connman-INPUT -i wlan0 -p tcp -m tcp --dport 873 -j ACCEPT
 ```
+* OR use an `ssh` firewall (see `--env SSH=1` parameter below)
+
 
 **Execute docker image**
 
@@ -73,17 +77,33 @@ Make sure you checked out all the code from the gut submodules, e.g.:
 git submodule update --init --recursive
 ```
 
-Make sure to pass `--env SAILFISH=` with the IP of the phone
+Make sure to pass `--env SAILFISH=` with the IP of the phone. `192.168.2.15` aka the USB device IP is set as a default.
+You can pass `--env SSH=1` to use the ssh tunnel mode (no firewall exception needed in SailfishOS)
+`--privileged` is passed so that we can mount the squashfs image as a loop device for the repack.
 
 ```bash
-docker run --rm -ti --env SAILFISH=<PHONE_IP_ADDRESS> yeoldegrove/sailfish-signature-spoofing-lxc
+docker run --rm -ti --privileged --env SAILFISH=<PHONE_IP_ADDRESS> yeoldegrove/sailfish-signature-spoofing-lxc
+
+or
+
+docker run --rm -ti --privileged --env SAILFISH=<PHONE_IP_ADDRESS> --env SSH=1 yeoldegrove/sailfish-signature-spoofing-lxc
+
 ```
 
 **Final steps**
 * kill running rsync by pressing Ctrl-C
 * start Android subsystem (or just run some app). *This will take time, depending on number of apps you have*
-* From that point you can install [microG](https://microg.org/download.html) (nightly) [F-Droid](https://f-droid.org). 
-Don't forget to enable "Unstable updates" from "Expert mode"
+* From that point you can install [microG](https://microg.org/download.html) (nightly) [F-Droid](https://f-droid.org). Don't forget to enable "Unstable updates" from "Expert mode"
+
+
+**Before Sailfish X upgrades with  android 8.1 LXC**
+
+There is not enough free space in `/opt`partition to hold the current (patched) *system.img*, the upgrades and the backup all at the same time.
+
+Either delete the backup from `/opt/alien/system.img.pre_haystack` or move this file to your SD card.
+
+Then don't forget to re-run the patch to patch your new upgraded Android *system.img*.
+
 
 
 Reverting the changes (if needed)
@@ -116,3 +136,5 @@ Kudos
 ===
 The code is based on a fork from the excelent work of [rfvermut](https://github.com/rfvermut) here:
  * [sailfish-signature-spoofing](https://github.com/vermut/sailfish-signature-spoofing)
+Also kudos to Lanchon for maintaining haystack:
+ * https://github.com/Lanchon/haystack
diff --git a/haystack b/haystack
index 4530d4e..096ae9d 160000
--- a/haystack
+++ b/haystack
@@ -1 +1 @@
-Subproject commit 4530d4e2dddc89720265e8b7c6c1d08b4fe0614c
+Subproject commit 096ae9df45dfab1952aa4d25ca4ab603fc7ba3da
diff --git a/run.sh b/run.sh
index 4d3d1af..c7f9eac 100644
--- a/run.sh
+++ b/run.sh
@@ -1,52 +1,129 @@
 #!/bin/bash
 
+if [ -z "${SAILFISH}" ]; then
+    SAILFISH=192.168.2.15
+    echo -e "\e[33;1mWARNING:\e[0m no address specified, falling back to USB: ${SAILFISH}"
+else
+    echo Looking for Sailfish device at address: ${SAILFISH}
+fi
+
+if (( $SSH )); then
+    echo -e "\e[34;1m=================================\e[37;1m"
+    echo [**] 0. Establish SSH tunnel
+    echo -e "\e[34;1m=================================\e[0m"
+    if ! ssh -L 127.0.0.1:873:127.0.0.1:873 nemo@${SAILFISH} -Nf; then
+        echo -e "\e[31;1mERROR:\e[0m couldn't start tunnel. falling back to direct connection"
+    else
+        echo "SSH Tunnel established"
+        SSHTUNNELACTIVE=1
+        SAILFISH=127.0.0.1
+    fi
+fi
+
 set -e
 SYSTEM_PATH=system
 
+rsync_error () {
+    echo -e "\e[31;1mERROR:\e[0m cannot download from rsync daemon"
+    echo "- Did you remember to start the daemon with option '--address=${SAILFISH}'"
+    case "${SAILFISH}" in
+        127.0.0.1)
+            echo "- Did the tunnel setup abov fail?"
+            echo "- Alternatively use this docker on a direct connection with '--env SSH=0' instead"
+        ;;
+        192.168.2.15)
+            ## USB isn't actually blocked by firewall on current versions of Sailfish OS
+            #echo "- If connected over USB, did you remember to open the firewall port:"
+            #echo "  iptables -A connman-INPUT -i rndis0 -p tcp -m tcp --dport 873 -j ACCEPT"
+            echo "- Or alternatively use this docker on a SSH tunnel with '--env SSH=1' instead"
+        ;;
+        *)
+            echo "- If connected over Wifi, did you remember to open the firewall port:"
+            echo "  iptables -A connman-INPUT -i wlan0 -p tcp -m tcp --dport 873 -j ACCEPT"
+            echo "- Or alternatively use this docker on a SSH tunnel with '--env SSH=1' instead"
+        ;;
+    esac
+    exit 1
+}
+
+
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 1. Fetch files via RSYNC
-rsync -va \
+echo -e "\e[34;1m=================================\e[0m"
+rsync -vaP \
     rsync://${SAILFISH}/alien/system.img \
-    /tmp/system.img
+    /tmp/system.img || rsync_error
 
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 1.1 unpack the squashfs
-cd /tmp && unsquashfs system.img
+echo -e "\e[34;1m=================================\e[0m"
+mkdir /tmp/system.img.mount
+mount /tmp/system.img /tmp/system.img.mount
+rsync -avPSHAX /tmp/system.img.mount/ /tmp/system.img.new/
+
 
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 1.2 get files to patch
-mkdir /sailfish
-rsync -va /tmp/squashfs-root/${SYSTEM_PATH}/{framework,app,priv-app} \
+echo -e "\e[34;1m=================================\e[0m"
+mkdir -p /sailfish
+rsync -avPSHAX /tmp/system.img.new/${SYSTEM_PATH}/{framework,app,priv-app} \
   /sailfish
 
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 2. Deodex the vdex and dex files
-cd /vdexExtractor/bin && ./vdexExtractor -i /sailfish --ignore-crc-error
+echo -e "\e[34;1m=================================\e[0m"
+#cd /vdexExtractor/bin && ./vdexExtractor -i /sailfish --ignore-crc-error
+cd /vdexExtractor/bin && ./vdexExtractor -i /sailfish/framework/oat/arm/services.vdex --ignore-crc-error
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 2. add classes.dex to services.jar
+echo -e "\e[34;1m=================================\e[0m"
 cp /sailfish/framework/oat/arm/services_classes.dex /tmp/classes.dex
 zip -j /sailfish/framework/services.jar /tmp/classes.dex
 
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 3. Apply the patch
+echo -e "\e[34;1m=================================\e[0m"
 API_VERSION=27
-rm -rf /hook
-/haystack/patch-fileset /haystack/patches/sigspoof-hook-7.0-9.0 ${API_VERSION} /sailfish/framework /hook
-rm -rf /hook_core
-/haystack/patch-fileset /haystack/patches/sigspoof-core ${API_VERSION} /hook /hook_core
+rm -rf /sailfish/hook
+/haystack/patch-fileset /haystack/patches/sigspoof-hook-7.0-9.0 ${API_VERSION} /sailfish/framework /sailfish/hook
+rm -rf /sailfish/hook_core
+/haystack/patch-fileset /haystack/patches/sigspoof-core ${API_VERSION} /sailfish/hook /sailfish/hook_core
+rm -rf /sailfish/hook_unifiednlp
+/haystack/patch-fileset /haystack/patches/unifiednlp-7.0 ${API_VERSION} /sailfish/hook_core /sailfish/hook_unifiednlp
 
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 4. Merge back the results
-mv -v /hook_core/* /sailfish/framework/
+echo -e "\e[34;1m=================================\e[0m"
+mv -v /sailfish/hook_unifiednlp/* /sailfish/framework/
 
+echo -e "\e[34;1m=================================\e[37;1m"
 echo [**] 5.1 Merge results back
-rsync -va \
-    /sailfish/framework/ \
-    /tmp/squashfs-root/${SYSTEM_PATH}/framework/
-# rsync -va \
-#     /sailfish/app/ \
-#     /tmp/squashfs-root/${SYSTEM_PATH}/app/
-# rsync -va \
-#     /sailfish/priv-app/ \
-#     /tmp/squashfs-root/${SYSTEM_PATH}/priv-app/
-
- echo [**] 5.2 rebuild squashfs
- cd /tmp && mksquashfs squashfs-root system.img.haystack -comp lz4 -Xhc -noappend -no-exports -no-duplicates -no-fragments
-
- echo [**] 5. Upload results back
- rsync -va --delete-after -b --suffix=".pre_haystack" \
-     /tmp/system.img.haystack \
-     rsync://${SAILFISH}/alien/system.img
\ No newline at end of file
+echo -e "\e[34;1m=================================\e[0m"
+rsync -avPSHAX \
+    /sailfish/framework/services.jar \
+    /tmp/system.img.new/${SYSTEM_PATH}/framework/
+
+if [[ "$NOMAPS" != "1" ]]; then
+  echo -e "\e[34;1m=================================\e[37;1m"
+  echo [**] 5.1.1 Install MicroG Maps API -- mapsv1
+  echo -e "\e[34;1m=================================\e[0m"
+  unzip -d /tmp/system.img.new/ /mapsv1.flashable.zip  'system/framework/*'
+fi
+
+echo -e "\e[34;1m=================================\e[37;1m"
+echo [**] 5.2 rebuild squashfs
+echo -e "\e[34;1m=================================\e[0m"
+cd /tmp && mksquashfs system.img.new system.img.haystack -comp lz4 -Xhc -noappend -no-exports -no-duplicates -no-fragments
+umount /tmp/system.img.mount
+losetup -D
+
+echo -e "\e[34;1m=================================\e[37;1m"
+echo [**] 5. Upload results back
+echo -e "\e[34;1m=================================\e[0m"
+rsync -vaP --delete-after -b --suffix=".pre_haystack" \
+    /tmp/system.img.haystack \
+    rsync://${SAILFISH}/alien/system.img
+
+if (( $SSHTUNNELACTIVE )); then
+    : #killall -2 ssh
+fi