diff --git a/playbook.yml b/playbook.yml
index 44659df..ab0faa3 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -19,12 +19,12 @@
     - role: cloudflare-ddns
     - role: cloudflared
     - role: nginx
-    # - role: actual
-    # - role: changedetection
-    # - role: pi-hole
-    # - role: monitoring
+    - role: pi-hole
+    - role: actual
     # - role: postgres
     # - role: wedding
+    # - role: changedetection
+    # - role: monitoring
   vars:
     # devsec.hardening.ssh_hardening vars:
     ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN.
diff --git a/roles/actual/tasks/main.yml b/roles/actual/tasks/main.yml
index d68d690..c8f446b 100644
--- a/roles/actual/tasks/main.yml
+++ b/roles/actual/tasks/main.yml
@@ -13,6 +13,7 @@
     mounts:
       - source: actual_data
         target: /data
+    restart_policy: always
 - name: Include simple-reverse-proxy role
   ansible.builtin.include_role:
     name: simple-reverse-proxy
diff --git a/roles/pi-hole/handlers/main.yml b/roles/pi-hole/handlers/main.yml
deleted file mode 100644
index 2100479..0000000
--- a/roles/pi-hole/handlers/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-- name: Restart Nginx
-  become: true
-  ansible.builtin.systemd:
-    name: nginx.service
-    state: restarted
-- name: Restart ufw
-  become: true
-  ansible.builtin.systemd:
-    name: ufw.service
-    state: restarted
diff --git a/roles/pi-hole/tasks/main.yml b/roles/pi-hole/tasks/main.yml
index 7a757b7..629ac95 100644
--- a/roles/pi-hole/tasks/main.yml
+++ b/roles/pi-hole/tasks/main.yml
@@ -1,93 +1,39 @@
 ---
-- name: Create a user for running the pi-hole podman container
-  ansible.builtin.include_role:
-    name: user
-  vars:
-    user_username: "{{ pi_hole_username }}"
-    user_password: "{{ pi_hole_password }}"
-- name: Create the pi-hole container
-  ansible.builtin.include_role:
-    name: podman-container
-    apply:
-      become: true
-      become_user: "{{ pi_hole_username }}"
-  vars:
-    podman_container_name: pi-hole
-    podman_container_image: docker.io/pihole/pihole
-    podman_container_tag: "{{ pi_hole_version }}"
-    podman_container_publish:
-      - 127.0.0.1:5053:53/tcp
-      - 127.0.0.1:5053:53/udp
-      - 127.0.0.1:8080:80
-    podman_simple_container_volumes:
-      - name: etc-pihole
-        mnt: /etc/pihole
-      - name: etc-dnsmasq.d
-        mnt: /etc/dnsmasq.d
-    podman_container_env:
+- name: Create a volume for DNS data
+  become: true
+  community.docker.docker_volume:
+    name: pihole_data
+- name: Create a volume for Dnsmasq data
+  become: true
+  community.docker.docker_volume:
+    name: dnsmasq_data
+- name: Install the container
+  become: true
+  community.docker.docker_container:
+    name: pi-hole
+    image: "docker.io/pihole/pihole:{{ pi_hole_version }}"
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+      - "127.0.0.1:8080:80/tcp"
+    mounts:
+      - source: pihole_data
+        target: /etc/pihole
+      - source: dnsmasq_data
+        target: /etc/dnsmasq.d
+    restart_policy: always
+    env:
       TZ: 'Europe/Amsterdam'
       WEBPASSWORD: "{{ pi_hole_web_password }}"
       # VIRTUAL_HOST: 'pi-hole.kleinendorst.info'
       # FTLCONF_LOCAL_IPV4: "{{ ansible_facts['default_ipv4']['address'] }}"
       PIHOLE_DNS_: 1.1.1.1;1.0.0.1
       DNSMASQ_USER: root
-      INTERFACE: tap0
-- name: Install certificate for pi-hole.kleinendorst.info
-  become: true
-  ansible.builtin.command:
-    cmd: register_certbot_domain.sh pi-hole.kleinendorst.info
-    creates: /etc/letsencrypt/live/pi-hole.kleinendorst.info # The certificate directory
-- name: Set Nginx configuration
-  become: true
-  ansible.builtin.template:
-    src: pi-hole.conf.j2
-    dest: /etc/nginx/conf.d/pi-hole.conf
-    mode: '0644'
-  notify: Restart Nginx
-- name: Debug
-  ansible.builtin.debug:
-    msg: "Don't forget to manually add a DNS record for pi-hole.kleinendorst.info pointing to: {{ ansible_facts['default_ipv4']['address'] }}."
-- name: Setup udp port forwarding (53 > 5053) in nginx
-  become: true
-  ansible.builtin.blockinfile:
-    path: /etc/nginx/nginx.conf
-    insertbefore: '^http \{$'
-    block: |
-      stream {
-        server {
-          listen 53;
-          proxy_pass 127.0.0.1:5053;
-        }
-
-        server {
-            listen 53 udp;
-            proxy_pass 127.0.0.1:5053;
-        }
-      }
-  notify: Restart Nginx
-# - name: Add forwarding rules for ufw
-#   become: true
-#   ansible.builtin.blockinfile:
-#     path: /etc/ufw/before.rules
-#     insertbefore: "^\\*filter$"
-#     block: |
-#       *nat
-#       :PREROUTING ACCEPT [0:0]
-#       -A PREROUTING -p tcp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
-#       -A PREROUTING -p udp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
-#       COMMIT
-#   notify: Restart ufw
-# - name: Allow all access to port 53 (udp)
-#   become: true
-#   community.general.ufw:
-#     rule: allow
-#     port: '53'
-#     proto: udp
-#   notify: Restart ufw
-# - name: Allow all access to port 53 (tcp)
-#   become: true
-#   community.general.ufw:
-#     rule: allow
-#     port: '53'
-#     proto: tcp
-#   notify: Restart ufw
+      DNSMASQ_LISTENING: all
+- name: Include simple-reverse-proxy role
+  ansible.builtin.include_role:
+    name: simple-reverse-proxy
+  vars:
+    simple_reverse_proxy_internal_port: 8080
+    simple_reverse_proxy_internal_subdomain: pi-hole
+    simple_reverse_proxy_redirect_to: /admin
diff --git a/roles/pi-hole/templates/pi-hole.conf.j2 b/roles/pi-hole/templates/pi-hole.conf.j2
deleted file mode 100644
index 4f8f751..0000000
--- a/roles/pi-hole/templates/pi-hole.conf.j2
+++ /dev/null
@@ -1,25 +0,0 @@
-server {
-  listen 443 ssl;
-  listen [::]:443 ssl;
-  server_name pi-hole.kleinendorst.info;
-
-  # SSL via Let's Encrypt
-  ssl_certificate /etc/letsencrypt/live/pi-hole.kleinendorst.info/fullchain.pem; # managed by Certbot
-  ssl_certificate_key /etc/letsencrypt/live/pi-hole.kleinendorst.info/privkey.pem; # managed by Certbot
-  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-  ssl_ciphers         HIGH:!aNULL:!MD5;
-
-  location = / {
-    return 301 https://pi-hole.kleinendorst.info/admin;
-  }
-
-  location / {
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $host;
-
-    set $upstream_address 127.0.0.1;
-    set $upstream_port 8080;
-    set $upstream_proto http;
-    proxy_pass $upstream_proto://$upstream_address:$upstream_port;
-  }
-}
diff --git a/roles/pi-hole/vars/main/defaults.yml b/roles/pi-hole/vars/main/defaults.yml
index 5a3025f..9175876 100644
--- a/roles/pi-hole/vars/main/defaults.yml
+++ b/roles/pi-hole/vars/main/defaults.yml
@@ -1,3 +1,2 @@
 ---
-pi_hole_username: pi-hole
 pi_hole_version: 2024.07.0
diff --git a/roles/pi-hole/vars/main/vault.yml b/roles/pi-hole/vars/main/vault.yml
index 81462a9..b46eed5 100644
--- a/roles/pi-hole/vars/main/vault.yml
+++ b/roles/pi-hole/vars/main/vault.yml
@@ -1,11 +1,9 @@
 $ANSIBLE_VAULT;1.1;AES256
-38343333306431366465313835386337326366336363336265326563306363646131636566616339
-6661613931366263333039346530356336323932383236380a636638343531383731613930353033
-37643532353933323633353539366637653565643539613262623037366333316361346462393133
-6431633163333931360a626130653537633962326363306630306264356330646637373236393334
-32383131396439393761343363353763356632333039303962633561663661323739393862353237
-39343739333663656337396530366263386166323730353839393039313932323165333532616264
-62393733386138616330383962666166373361313064313631353337343966623763326635666261
-62343736366666623236303638346337656564313931353634633535353037666565653965646162
-65626361623862643262346663633532643365306362666335626432633763333861326533353631
-3963343336313630663366356638656465613735633930393534
+31623263303861666139376462643866323437386464323334666434343837373031386462313536
+3538306437346465346466376639666339353137333366660a383164666539373635663263326264
+35353533313564336432646566346261313633333837663235643438333462343039353462663831
+3637316430363666650a663932306561373333316666376337666264373737383037653531363861
+30636539323361643365613139663137313137373265313266396337666237396437663433633032
+34373561373262333034636136346130333631626139346535663034613830323363336461366363
+37343535376138653163363833616335653566373031393131383764623636393032396165383938
+34386539373261313333
diff --git a/roles/simple-reverse-proxy/templates/nginx-configuration.conf.j2 b/roles/simple-reverse-proxy/templates/nginx-configuration.conf.j2
index 4d0631f..359cdd0 100644
--- a/roles/simple-reverse-proxy/templates/nginx-configuration.conf.j2
+++ b/roles/simple-reverse-proxy/templates/nginx-configuration.conf.j2
@@ -11,6 +11,14 @@ server {
   ssl_protocols         TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
   ssl_ciphers           HIGH:!aNULL:!MD5;
 
+  {% if simple_reverse_proxy_redirect_to != "" %}
+
+  location = / {
+    return 301 https://{{ simple_reverse_proxy_internal_subdomain }}.kleinendorst.info{{ simple_reverse_proxy_redirect_to }};
+  }
+
+  {% endif %}
+
   location / {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Host $host;
diff --git a/roles/simple-reverse-proxy/vars/main/defaults.yml b/roles/simple-reverse-proxy/vars/main/defaults.yml
index ad60add..e6abbb6 100644
--- a/roles/simple-reverse-proxy/vars/main/defaults.yml
+++ b/roles/simple-reverse-proxy/vars/main/defaults.yml
@@ -1,2 +1,3 @@
 ---
+simple_reverse_proxy_redirect_to: ''
 simple_reverse_proxy_external_port: 443