diff --git a/ansible.cfg b/ansible.cfg
index 7c3ad17..da825e5 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,5 @@
 [defaults]
 ask_vault_pass = True
-inventory = inventory.yml
 
 [privilege_escalation]
 become_ask_pass = True
diff --git a/inventory.yml b/inventory.yml
deleted file mode 100644
index b41db92..0000000
--- a/inventory.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-bookworm:
-  hosts:
-    fudiggity:
-      ansible_connection: local
diff --git a/playbook.yml b/playbook.yml
index 463b1cf..f65dbe3 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,5 +1,5 @@
 - name: Provision debian server
-  hosts: bookworm
+  hosts: localhost
   pre_tasks:
     - name: Install shared packages
       become: true
diff --git a/templates/network/resolved.j2 b/templates/network/resolved.j2
index 1c950ec..1d87caf 100644
--- a/templates/network/resolved.j2
+++ b/templates/network/resolved.j2
@@ -28,10 +28,10 @@
 #DNSOverTLS=no
 #MulticastDNS=yes
 #LLMNR=yes
-Cache=yes
-CacheFromLocalhost=yes
-DNSStubListener=yes
+#Cache=yes
+#CacheFromLocalhost=no
+#DNSStubListener=yes
 DNSStubListenerExtra={{ vpn_listen_address }}
 DNSStubListenerExtra={{ vpn_media_listen_address }}
-ReadEtcHosts=yes
+#ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no
diff --git a/templates/nftables.j2 b/templates/nftables.j2
index 100bd44..2a1226f 100644
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@@ -52,9 +52,11 @@ table ip filter {
   chain vpn_chain {
     meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_set accept comment "DNS"
 
+    tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS" # TODO: remove?
+
     tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
 
-    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
+    tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
     tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol"
 
     tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale"
@@ -73,7 +75,7 @@ table ip filter {
   chain media_vpn_chain {
     meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_media_set accept comment "DNS"
 
-    tcp dport 80 ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
+    tcp dport { 80, 443 } ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
   }
 
   # docker's user configurable forward hook chain