diff --git a/src/playbooks/setbaseconfig.yml b/src/playbooks/setbaseconfig.yml
new file mode 100644
index 000000000..449e2e0b4
--- /dev/null
+++ b/src/playbooks/setbaseconfig.yml
@@ -0,0 +1,11 @@
+---
+# Simple playbook to make sure config.sh, config.php, and any other simple
+# config scripts like them can be quickly deployed to servers.
+
+- hosts: all:!exclude-all:!load-balancers-unmanaged
+  become: yes
+  roles:
+    - set-vars
+    - umask-set
+    - base-config-scripts
+    - umask-unset
diff --git a/src/playbooks/site.yml b/src/playbooks/site.yml
index a6a1bbad2..038dce9cd 100644
--- a/src/playbooks/site.yml
+++ b/src/playbooks/site.yml
@@ -88,6 +88,7 @@
     - set-vars
     - umask-set
     - base
+    - base-config-scripts
   tags: base
 
 - hosts: load-balancers
diff --git a/src/roles/base-config-scripts/tasks/main.yml b/src/roles/base-config-scripts/tasks/main.yml
new file mode 100644
index 000000000..14eda89c2
--- /dev/null
+++ b/src/roles/base-config-scripts/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Ensure config variables available in PHP and shell files
+  template:
+    src: "config.{{ item }}.j2"
+    dest: "{{ m_deploy }}/config.{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - "php"
+    - "sh"
diff --git a/src/roles/base/templates/config.php.j2 b/src/roles/base-config-scripts/templates/config.php.j2
similarity index 100%
rename from src/roles/base/templates/config.php.j2
rename to src/roles/base-config-scripts/templates/config.php.j2
diff --git a/src/roles/base/templates/config.sh.j2 b/src/roles/base-config-scripts/templates/config.sh.j2
similarity index 100%
rename from src/roles/base/templates/config.sh.j2
rename to src/roles/base-config-scripts/templates/config.sh.j2
diff --git a/src/roles/base/tasks/main.yml b/src/roles/base/tasks/main.yml
index b154975cf..27a2443c6 100644
--- a/src/roles/base/tasks/main.yml
+++ b/src/roles/base/tasks/main.yml
@@ -210,17 +210,6 @@
     group: root
     mode: 0755
 
-- name: Ensure config variables available in PHP and shell files
-  template:
-    src: "config.{{ item }}.j2"
-    dest: "{{ m_deploy }}/config.{{ item }}"
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - "php"
-    - "sh"
-
 - name: "Ensure {{ m_tmp }} exists"
   file:
     path: "{{ m_tmp }}"
diff --git a/src/scripts/autodeployer/check-for-changes.sh b/src/scripts/autodeployer/check-for-changes.sh
index 9601202cb..7cafccf94 100755
--- a/src/scripts/autodeployer/check-for-changes.sh
+++ b/src/scripts/autodeployer/check-for-changes.sh
@@ -41,16 +41,17 @@ source /opt/.deploy-meza/config.sh
 # FIXME: For now, don't touch secret config. At some point find a way to
 #        configure it's repo and version.
 
+# Make sure config.sh is up-to-date in case there has been a secret config
+# change since the last deploy, which could impact local_config_repo var.
+meza setbaseconfig "$m_environment"
+source /opt/.deploy-meza/config.sh
+
+
 if [ -z "$local_config_repo_repo" ]; then
 	>&2 echo "Auto-deploy requires 'local_config_repo' set in secret or public config"
 	exit 1;
 fi
 
-if [ -z "$enforce_meza_version" ]; then
-	>&2 echo "Auto-deploy requires 'enforce_meza_version' var set in public or secret config"
-	exit 1;
-fi
-
 # Set Slack notify variables that are the same for all notifications
 if [ ! -z "$autodeployer_slack_token"    ]; then    SLACK_TOKEN="$autodeployer_slack_token";    fi
 if [ ! -z "$autodeployer_slack_username" ]; then SLACK_USERNAME="$autodeployer_slack_username"; fi
@@ -111,12 +112,26 @@ if [ $? -eq 0 ]; then
 
 	pushd "$PUBLIC_CONFIG_DEST"
 	PUBLIC_CONFIG_DIFF=$(git diff "$PUBLIC_CONFIG_BEFORE_HASH" "$PUBLIC_CONFIG_AFTER_HASH" 2>&1)
+	PUBLIC_CONFIG_COMMITS=$(git log --oneline "$PUBLIC_CONFIG_BEFORE_HASH...$PUBLIC_CONFIG_AFTER_HASH" 2>&1)
 	pushd
 else
 	PUBLIC_CONFIG_DIFF=""
 	PUBLIC_CONFIG_AFTER_HASH=""
 fi
 
+# Make sure config.sh is up-to-date after public config change above, since it
+# impacts what version of
+meza setbaseconfig "$m_environment"
+source /opt/.deploy-meza/config.sh
+
+
+# This could change based upon changes to public config, so only check for it at
+# this point, not earlier.
+if [ -z "$enforce_meza_version" ]; then
+	>&2 echo "Auto-deploy requires 'enforce_meza_version' var set in public or secret config"
+	exit 1;
+fi
+
 # Set MEZA version
 MEZA_REPO="https://github.com/enterprisemediawiki/meza"
 MEZA_DEST="/opt/meza"
@@ -151,6 +166,11 @@ if [ $? -eq 0 ]; then
 	MEZA_AFTER_HASH=$(echo "$MEZA_CHANGE" | jq '.plays[0].tasks[0].hosts.localhost.after' -r)
 	echo "Before hash: $MEZA_BEFORE_HASH"
 	echo "After hash:  $MEZA_AFTER_HASH"
+
+	pushd "$MEZA_DEST"
+	MEZA_COMMITS=$(git log --oneline "$PUBLIC_CONFIG_BEFORE_HASH...$PUBLIC_CONFIG_AFTER_HASH" 2>&1)
+	pushd
+
 else
 	MEZA_AFTER_HASH=""
 fi
@@ -177,6 +197,9 @@ if [ ! -z "$PUBLIC_CONFIG_AFTER_HASH" ]; then
 
 		Tracking version: \`$PUBLIC_CONFIG_VERSION\`
 
+		Commits:
+		$PUBLIC_CONFIG_COMMITS
+
 		Diff:
 		\`\`\`
 		$PUBLIC_CONFIG_DIFF
@@ -204,6 +227,9 @@ if [ ! -z "$MEZA_AFTER_HASH" ]; then
 		  TO:   \`$MEZA_AFTER_HASH\`
 
 		Tracking version: \`$MEZA_VERSION\`
+
+		Commits:
+		$MEZA_COMMITS
 END
 )
 
@@ -221,8 +247,9 @@ fi
 # Do deploy
 #
 echo "Deploying"
-DEPLOY_TYPE="Deploy"
-DEPLOY_ARGS="--tags base --skip-tags mediawiki" # autodeploy deploys everything ... but while testing keep it really light
-DEPLOY_LOG_PREFIX="deploy-after-config-change-"
+# Allow overriding variables by only setting them if they're empty
+if [ -z "$DEPLOY_TYPE"       ]; then DEPLOY_TYPE="Deploy";                            fi
+if [ -z "$DEPLOY_ARGS"       ]; then DEPLOY_ARGS="";                                  fi
+if [ -z "$DEPLOY_LOG_PREFIX" ]; then DEPLOY_LOG_PREFIX="deploy-after-config-change-"; fi
 source "$DIR/do-deploy.sh"
 echo "Done"
diff --git a/src/scripts/autodeployer/slack-notify.sh b/src/scripts/autodeployer/slack-notify.sh
index fa4e14fad..9f51b0ea8 100755
--- a/src/scripts/autodeployer/slack-notify.sh
+++ b/src/scripts/autodeployer/slack-notify.sh
@@ -43,13 +43,13 @@ elif [ -z "$SLACK_COLOR" ]; then
 	SLACK_COLOR="good" # assume all is well
 fi
 
-if [ -z "$SLACK_CHANNEL" ]; then
+if [ ! -z "$SLACK_CHANNEL" ]; then
 	SLACK_CHANNEL_WITH_PARAM="channel='$SLACK_CHANNEL'"
 else
 	SLACK_CHANNEL_WITH_PARAM="" # use default for token
 fi
 
-if [ -z "$SLACK_USERNAME" ]; then
+if [ ! -z "$SLACK_USERNAME" ]; then
 	SLACK_USERNAME_WITH_PARAM="username='$SLACK_USERNAME'"
 else
 	SLACK_USERNAME_WITH_PARAM="" # use default for token
@@ -60,8 +60,9 @@ if [ -z "$SLACK_ICON_URL" ]; then
 fi
 
 
-# Escape single quotes
+# Escape chars: '
 SLACK_MESSAGE=$(echo "$SLACK_MESSAGE" | sed "s/'/\\\'/g")
+# FIXME: also handle ``` inside diffs, which are wrapped in ```...so only escape the inner ones.
 
 # Turn on allowing failures
 set +e
diff --git a/src/scripts/meza.py b/src/scripts/meza.py
index adcfa20a7..f2cb6ffbe 100755
--- a/src/scripts/meza.py
+++ b/src/scripts/meza.py
@@ -443,6 +443,20 @@ def meza_command_backup (argv):
 	meza_shell_exec_exit(rc)
 
 
+def meza_command_setbaseconfig (argv):
+
+	env = argv[0]
+
+	rc = check_environment(env)
+	if rc != 0:
+		meza_shell_exec_exit(rc)
+
+	shell_cmd = playbook_cmd( 'setbaseconfig', env ) + argv[1:]
+	rc = meza_shell_exec( shell_cmd )
+
+	meza_shell_exec_exit(rc)
+
+
 def meza_command_destroy (argv):
 	print "command not yet built"