diff --git a/ansible.cfg b/ansible.cfg
index da825e5..7c3ad17 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,6 @@
 [defaults]
 ask_vault_pass = True
+inventory = inventory.yml
 
 [privilege_escalation]
 become_ask_pass = True
diff --git a/inventory.yml b/inventory.yml
new file mode 100644
index 0000000..b41db92
--- /dev/null
+++ b/inventory.yml
@@ -0,0 +1,4 @@
+bookworm:
+  hosts:
+    fudiggity:
+      ansible_connection: local
diff --git a/playbook.yml b/playbook.yml
index f65dbe3..463b1cf 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,5 +1,5 @@
 - name: Provision debian server
-  hosts: localhost
+  hosts: bookworm
   pre_tasks:
     - name: Install shared packages
       become: true
diff --git a/templates/network/resolved.j2 b/templates/network/resolved.j2
index 1d87caf..1c950ec 100644
--- a/templates/network/resolved.j2
+++ b/templates/network/resolved.j2
@@ -28,10 +28,10 @@
 #DNSOverTLS=no
 #MulticastDNS=yes
 #LLMNR=yes
-#Cache=yes
-#CacheFromLocalhost=no
-#DNSStubListener=yes
+Cache=yes
+CacheFromLocalhost=yes
+DNSStubListener=yes
 DNSStubListenerExtra={{ vpn_listen_address }}
 DNSStubListenerExtra={{ vpn_media_listen_address }}
-#ReadEtcHosts=yes
+ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no
diff --git a/templates/nftables.j2 b/templates/nftables.j2
index 2a1226f..100bd44 100644
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@@ -52,11 +52,9 @@ table ip filter {
   chain vpn_chain {
     meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_set accept comment "DNS"
 
-    tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS" # TODO: remove?
-
     tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
 
-    tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
+    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
     tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol"
 
     tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale"
@@ -75,7 +73,7 @@ table ip filter {
   chain media_vpn_chain {
     meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_media_set accept comment "DNS"
 
-    tcp dport { 80, 443 } ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
+    tcp dport 80 ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
   }
 
   # docker's user configurable forward hook chain