diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
index 8809327..daceb64 100644
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -245,15 +245,23 @@ with:
 BEAKER_PUPPET_COLLECTION=puppet7 BEAKER_setfile=debian11-64 bundle exec rake beaker
 ```
 
+or
+
+```sh
+BEAKER_PUPPET_COLLECTION=none BEAKER_setfile=archlinux-64 bundle exec rake beaker
+```
+
+This latter example will use the distribution's own version of Puppet.
+
 You can replace the string `debian11` with any common operating system.
 The following strings are known to work:
 
 * ubuntu2004
 * ubuntu2204
 * debian11
-* centos7
-* centos8
+* debian12
 * centos9
+* archlinux
 * almalinux8
 * almalinux9
 * fedora36
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 0000000..f2d08d6
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,6 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+skip-changelog:
+ - head-branch: ['^release-*', 'release']
diff --git a/.github/release.yml b/.github/release.yml
new file mode 100644
index 0000000..f5b5d7a
--- /dev/null
+++ b/.github/release.yml
@@ -0,0 +1,42 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+
+changelog:
+  exclude:
+    labels:
+      - duplicate
+      - invalid
+      - modulesync
+      - question
+      - skip-changelog
+      - wont-fix
+      - wontfix
+
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - backwards-incompatible
+
+    - title: New Features 🎉
+      labels:
+        - enhancement
+
+    - title: Bug Fixes 🐛
+      labels:
+        - bug
+
+    - title: Documentation Updates 📚
+      labels:
+        - documentation
+        - docs
+
+    - title: Dependency Updates ⬆️
+      labels:
+        - dependencies
+
+    - title: Other Changes
+      labels:
+        - "*"
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
new file mode 100644
index 0000000..66127cd
--- /dev/null
+++ b/.github/workflows/labeler.yml
@@ -0,0 +1,17 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: "Pull Request Labeler"
+
+on:
+  pull_request_target: {}
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 55324aa..93b33c2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,3 +20,10 @@ jobs:
       #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
       username: ${{ secrets.PUPPET_FORGE_USERNAME }}
       api_key: ${{ secrets.PUPPET_FORGE_API_KEY }}
+
+  create-github-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create GitHub release
+        uses: voxpupuli/gha-create-a-github-release@v1
diff --git a/.msync.yml b/.msync.yml
index 876cb3b..95e8c97 100644
--- a/.msync.yml
+++ b/.msync.yml
@@ -2,4 +2,4 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-modulesync_config_version: '8.0.1'
+modulesync_config_version: '9.1.0'
diff --git a/.puppet-lint.rc b/.puppet-lint.rc
index 02a3e71..37817b6 100644
--- a/.puppet-lint.rc
+++ b/.puppet-lint.rc
@@ -1 +1,4 @@
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
 --fail-on-warnings
diff --git a/Gemfile b/Gemfile
index ec7b4cd..7123c66 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,7 +4,7 @@
 source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
 group :test do
-  gem 'voxpupuli-test', '~> 7.2',   :require => false
+  gem 'voxpupuli-test', '~> 9.0',   :require => false
   gem 'coveralls',                  :require => false
   gem 'simplecov-console',          :require => false
   gem 'puppet_metadata', '~> 4.0',  :require => false
diff --git a/REFERENCE.md b/REFERENCE.md
index 285876b..4625f1c 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -799,6 +799,7 @@ The following parameters are available in the `icinga::web` class:
 * [`default_admin_pass`](#-icinga--web--default_admin_pass)
 * [`db_pass`](#-icinga--web--db_pass)
 * [`apache_cgi_pass_auth`](#-icinga--web--apache_cgi_pass_auth)
+* [`apache_config`](#-icinga--web--apache_config)
 * [`db_type`](#-icinga--web--db_type)
 * [`db_host`](#-icinga--web--db_host)
 * [`db_port`](#-icinga--web--db_port)
@@ -838,6 +839,15 @@ Data type: `Boolean`
 Either turn on or off the apache cgi pass thru auth.
 An option available since Apache v2.4.15 and required for authenticated access to the Icinga Web Api.
 
+##### <a name="-icinga--web--apache_config"></a>`apache_config`
+
+Data type: `Boolean`
+
+Wether or not install an default Apache config for Icinga Web 2. If set to `true` Icinga is
+reachable via `/icingaweb2`.
+
+Default value: `true`
+
 ##### <a name="-icinga--web--db_type"></a>`db_type`
 
 Data type: `Enum['mysql', 'pgsql']`
diff --git a/manifests/init.pp b/manifests/init.pp
index 448f085..6079751 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -89,6 +89,13 @@
     features        => [],
   }
 
+  # check selinux
+  $_selinux = if fact('os.selinux.enabled') and $facts['os']['selinux']['enabled'] and $icinga2::globals::selinux_package_name {
+    $icinga2::manage_selinux
+  } else {
+    false
+  }
+
   # switch logging between mainlog, syslog and eventlog
   if $facts['kernel'] != 'windows' {
     if $logging_type == 'file' {
@@ -125,16 +132,20 @@
 
   case $facts['kernel'] {
     'linux': {
-      $icinga_user    = $icinga2::globals::user
-      $icinga_group   = $icinga2::globals::group
-      $icinga_package = $icinga2::globals::package_name
-      $icinga_service = $icinga2::globals::service_name
+      $icinga_user     = $icinga2::globals::user
+      $icinga_group    = $icinga2::globals::group
+      $icinga_service  = $icinga2::globals::service_name
+      $icinga_packages = if $_selinux {
+        [$icinga2::globals::package_name, $icinga2::globals::selinux_package_name] + $extra_packages
+      } else {
+        [$icinga2::globals::package_name] + $extra_packages
+      }
 
       case $facts['os']['family'] {
         'redhat': {
           $icinga_user_homedir = $icinga2::globals::spool_dir
 
-          package { ['nagios-common', $icinga_package] + $extra_packages:
+          package { ['nagios-common'] + $icinga_packages:
             ensure => installed,
             before => Class['icinga2'],
           }
@@ -147,7 +158,7 @@
         'debian': {
           $icinga_user_homedir = '/var/lib/nagios'
 
-          package { [$icinga_package] + $extra_packages:
+          package { $icinga_packages:
             ensure => installed,
             before => Class['icinga2'],
           }
@@ -156,7 +167,7 @@
         'suse': {
           $icinga_user_homedir = $icinga2::globals::spool_dir
 
-          package { [$icinga_package] + $extra_packages:
+          package { $icinga_packages:
             ensure => installed,
             before => Class['icinga2'],
           }
@@ -191,7 +202,8 @@
             ensure  => file,
             owner   => $icinga_user,
             group   => $icinga_group,
-            require => Package[$icinga_package];
+            seltype => 'icinga2_spool_t',
+            require => Package[$icinga_packages];
           ["${icinga_user_homedir}/.ssh", "${icinga_user_homedir}/.ssh/controlmasters"]:
             ensure => directory,
             mode   => '0700';
diff --git a/manifests/server.pp b/manifests/server.pp
index e37747d..51770b0 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -127,11 +127,12 @@
 
     ($global_zones + keys($_workers) + $zone).each |String $dir| {
       file { "${icinga2::globals::conf_dir}/zones.d/${dir}":
-        ensure => directory,
-        tag    => 'icinga2::config::file',
-        owner  => $icinga2::globals::user,
-        group  => $icinga2::globals::group,
-        mode   => '0750',
+        ensure  => directory,
+        tag     => 'icinga2::config::file',
+        owner   => $icinga2::globals::user,
+        group   => $icinga2::globals::group,
+        mode    => '0750',
+        seltype => 'icinga2_etc_t',
       }
     }
   } else {
@@ -140,6 +141,7 @@
       purge   => true,
       recurse => true,
       force   => true,
+      seltype => 'icinga2_etc_t',
     }
   }
 }
diff --git a/manifests/web.pp b/manifests/web.pp
index 9534706..89a10be 100644
--- a/manifests/web.pp
+++ b/manifests/web.pp
@@ -15,6 +15,10 @@
 #   Either turn on or off the apache cgi pass thru auth.
 #   An option available since Apache v2.4.15 and required for authenticated access to the Icinga Web Api.
 #
+# @param apache_config
+#   Wether or not install an default Apache config for Icinga Web 2. If set to `true` Icinga is
+#   reachable via `/icingaweb2`.
+#
 # @param db_type
 #   What kind of database type to use.
 #
@@ -56,6 +60,7 @@
   Boolean                                     $manage_database    = false,
   Variant[Stdlib::Host, Array[Stdlib::Host]]  $api_host           = 'localhost',
   String                                      $api_user           = 'icingaweb2',
+  Boolean                                     $apache_config      = true,
 ) {
   # install all required php extentions
   # by icingaweb (done by package dependencies) before PHP
@@ -152,11 +157,13 @@
   include apache::mod::proxy_http
   include apache::mod::ssl
 
-  apache::custom_config { 'icingaweb2':
-    ensure        => present,
-    content       => template('icinga/apache_custom_default.conf.erb'),
-    verify_config => false,
-    priority      => false,
+  if $apache_config {
+    apache::custom_config { 'icingaweb2':
+      ensure        => present,
+      content       => template('icinga/apache_custom_default.conf.erb'),
+      verify_config => false,
+      priority      => false,
+    }
   }
 
   #
diff --git a/metadata.json b/metadata.json
index be85837..0ceb5ec 100644
--- a/metadata.json
+++ b/metadata.json
@@ -25,7 +25,6 @@
     {
       "operatingsystem": "CentOS",
       "operatingsystemrelease": [
-        "7",
         "8",
         "9"
       ]
@@ -33,7 +32,6 @@
     {
       "operatingsystem": "RedHat",
       "operatingsystemrelease": [
-        "7",
         "8",
         "9"
       ]
@@ -52,12 +50,6 @@
         "9"
       ]
     },
-    {
-      "operatingsystem": "Scientific",
-      "operatingsystemrelease": [
-        "7"
-      ]
-    },
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
@@ -76,9 +68,8 @@
     {
       "operatingsystem": "Fedora",
       "operatingsystemrelease": [
-        "35",
-        "36",
-        "37"
+        "39",
+        "40"
       ]
     },
     {
diff --git a/spec/classes/icinga_spec.rb b/spec/classes/icinga_spec.rb
index 89d9106..bcefc07 100644
--- a/spec/classes/icinga_spec.rb
+++ b/spec/classes/icinga_spec.rb
@@ -22,7 +22,7 @@
 
       it { is_expected.to compile }
 
-      case facts[:osfamily]
+      case facts[:os]['family']
       when 'RedHat', 'Debian', 'Suse'
 
         context 'ca => true, this_zone => foo, zones => {}' do
diff --git a/spec/classes/repos_spec.rb b/spec/classes/repos_spec.rb
index 0541cec..ae86060 100644
--- a/spec/classes/repos_spec.rb
+++ b/spec/classes/repos_spec.rb
@@ -78,7 +78,7 @@
         end
       end
 
-      case facts[:osfamily]
+      case facts[:os]['family']
       when 'RedHat'
         context 'with manage_epel => false, manage_powertools => false' do
           let(:params) do
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 9efb4ae..58c9b66 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -9,6 +9,10 @@
 
 require 'voxpupuli/test/spec_helper'
 
+RSpec.configure do |c|
+  c.facterdb_string_keys = false
+end
+
 add_mocked_facts!
 
 if File.exist?(File.join(__dir__, 'default_module_facts.yml'))