diff --git a/group_vars/nas/vars.yml b/group_vars/nas/vars.yml
index a31419e..2e0ae05 100644
--- a/group_vars/nas/vars.yml
+++ b/group_vars/nas/vars.yml
@@ -2,7 +2,7 @@ raid_uuid: '4d184875-19eb-4923-9b79-bf669c1f7978'
 lambroek_password: "{{ vault_lambroek_password }}"
 s3_access_key_id: "{{ vault_s3_access_key_id }}"
 s3_secret_access_key: "{{ vault_s3_secret_access_key }}"
-rclone_photos_obf_pass: "{{ vault_rclone_photos_obf_pass }}"
-rclone_photos_obf_pass2: "{{ vault_rclone_photos_obf_pass2 }}"
+rclone_obf_pass: "{{ vault_rclone_obf_pass }}"
+rclone_obf_pass2: "{{ vault_rclone_obf_pass2 }}"
 lander_commit_sha: 'e438bd045ca2ee64e3d9ab98f416027b5417c3f6'
 lander_api_key: "{{ vault_lander_api_key }}"
diff --git a/group_vars/nas/vault.yml b/group_vars/nas/vault.yml
index 012369d..393c6c6 100644
--- a/group_vars/nas/vault.yml
+++ b/group_vars/nas/vault.yml
@@ -1,33 +1,32 @@
 $ANSIBLE_VAULT;1.1;AES256
-65316664376330633730613661343336373835663166343536666632633931623431336664346130
-3030623238313032363964623836316166656165623736390a383233313938343662656634326364
-66333237396532303061646565396132376633386365633665656434363332656637303434646265
-3336666432633037650a373437326532343461666363323763343535386465356436313964306663
-38383732366666663962666462326463626264313965396664303534313863636263323164653162
-65653762356431636231643263303339346536313665346363336231613464396238313266326662
-66346433643134383661366265613739346239356639613032613339393739343738643864356136
-34353366666538346630356566653065363563383938633462333337363962666133386239333236
-38653133316364643536623831306263363063343237393232623930626239316661643862613363
-37336162353063353437363566356133363139646435316663303966363339623865656231393163
-38323062643666343730333032643735643738393063633336303834393733393065356135633236
-65323938306461326138303837626463646131303139386461653763383065316236396334353762
-63343766626362353865306436343937653964386236613062386466626132323264333136313636
-30336338313731613531316531306433393535396538643065626265363832316264376666356461
-36363866633832646234626336633032656566366231626431366232313536383561656534346231
-37373561376361623133383330333262386331336631383961333439656430623162346330323037
-32336366336264323139653861666563393935366663616239353364656264383134386662323439
-34376239373636663764616237613136663630343365333064396665316537366531333131393364
-37353835353332643538323436333331316435343664346164666463396639313736653961373465
-65366634653563396333636333333565633534396463646133666563303139663338343563363535
-33623033316136343837646265633633636662346161373836396264663761353536386463366139
-38343333356439393438653663316438636431373264623134356134633361306636666463396661
-34353166323963613634393032633262313034353166653530613164613036653537633165396337
-63363563356233316335363534326364633433646134303033343830663537313434313833316565
-65643464313230353138393537376137356561653739633934663539376636356339313836356332
-31363730653362613431616563326465353833343165633962663665346337306564333832336364
-32346532366233343566323339393064376461613033386261653064313333346461363733336636
-32386139363865626232353866633866643133313036363637323035613738383635343432396263
-38653430623137343934316231326630323234323237303162643231613961646538376332326630
-63306637303539376534313237323863376131623462626465373231363630616439346533353566
-61343833613466653063346634366133376561336632356465363831366230386330663231353932
-37343634306466663931
+37346237633132376331343965346531353137643430376563323237353761313035396634316464
+6562336662656266636466626531373834653832353331630a653962656431373932363937396438
+65663735326331323333396336653933373633383530386463346435316466393664383630393065
+6366326463306435340a616263613366333536626239636239393364333363346630666430393163
+65613063383539323339636262353462343439656135333130396134326433356333623366333638
+38653939306564633865303032666337616436666264656432346339386361666161333034376632
+34363035333431343035643635663839326130396465653066323639333833663761313565393537
+31363861646630633032643838636663396235336265316161353036623539356534646530323534
+65313863333233383461383165383534386435633130633864363038353932636631376461663763
+35626364636633303738346161393161356333306630386438626534356336646531336164396537
+63613434366232333738326166303237353831666137386134346562663766656536373431343630
+66363666353432306539383035356636303635636639646537663362656235373236393866383364
+30333261646661393566373833613336316533336632613663383061613431376337376234666636
+34393864313462303937366136333662386465653839356563653236663632376531363663343963
+61333966323661383364363733373062373230363664356661306134393061386464393763633433
+35333330616234656531306431306566663131663932303231613665363030313733326337313635
+32666539306638333763623161303730613663366630326562303731343064376634373264323337
+66353161376537333461613438316662623138393835666539303030656134373664663537373462
+36303833333831626632633337393562336538633465326537653431386162346165356465393837
+66393161383639643638366336356139323533393932646333373631366566626537313536346664
+64343064373432326633393263623365323561386261633161313638656539363434393332353736
+38633537653730333837303766353338383433626331623937313136326561623730346361623336
+65303961626230363634653333396566333735323132336165623734363165366137663765663636
+65316431363666653738623838663831343433333939616162366337346135336631333661643865
+38613536373837393664336133333934303166356365346563643265326136353838316336666664
+35376138326431343661316264626665343366613335383062366331373634626133626163333361
+61366262633965323165336663633963626633656236666239346434396439393461336230663366
+31393135663433313933613862353962333664653962653562303832616334663334356562646133
+64303761363833316464363237366238376230386236636265363339666332613238353865646537
+34333333336631393033353532366333376465643362326438396138383861646463363462396164
+343064393363653934613861366638616461
diff --git a/hosts.ini b/hosts.ini
index cd752ae..0d9705f 100644
--- a/hosts.ini
+++ b/hosts.ini
@@ -1,2 +1,16 @@
 [nas]
 192.168.0.3 static_ip=192.168.0.3
+
+[ruby]
+192.168.0.2 static_ip=192.168.0.2
+
+# Caddy reverse proxy host
+[web]
+192.168.0.3 static_ip=192.168.0.3
+
+[lander]
+192.168.0.3 static_ip=192.168.0.3
+
+# Miniflux server host
+[miniflux]
+192.168.0.2 static_ip=192.168.0.2
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 5f20a61..ed16ec8 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -26,7 +26,6 @@
       - docker-ce
       - docker-ce-cli
       - containerd.io
-      - docker-compose
       - cron
     state: present
 
diff --git a/roles/lander/meta/main.yml b/roles/lander-web/meta/main.yml
similarity index 100%
rename from roles/lander/meta/main.yml
rename to roles/lander-web/meta/main.yml
diff --git a/roles/lander-web/tasks/main.yml b/roles/lander-web/tasks/main.yml
new file mode 100644
index 0000000..35d87e5
--- /dev/null
+++ b/roles/lander-web/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Ensure Caddyfile is present
+  template:
+    src: 'lander.Caddyfile.j2'
+    dest: '/etc/caddy/lander.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload
diff --git a/roles/lander-web/templates/lander.Caddyfile.j2 b/roles/lander-web/templates/lander.Caddyfile.j2
new file mode 100644
index 0000000..f379beb
--- /dev/null
+++ b/roles/lander-web/templates/lander.Caddyfile.j2
@@ -0,0 +1,3 @@
+s.roosens.me {
+    reverse_proxy {{ groups['lander'][0] }}:18080
+}
diff --git a/roles/lander/files/lander.Caddyfile b/roles/lander/files/lander.Caddyfile
deleted file mode 100644
index fd99453..0000000
--- a/roles/lander/files/lander.Caddyfile
+++ /dev/null
@@ -1,3 +0,0 @@
-s.roosens.me {
-    reverse_proxy localhost:18080
-}
diff --git a/roles/lander/tasks/main.yml b/roles/lander/tasks/main.yml
index f4103fa..f64ed46 100644
--- a/roles/lander/tasks/main.yml
+++ b/roles/lander/tasks/main.yml
@@ -67,12 +67,3 @@
     name: 'lander'
     state: started
     enabled: true
-
-- name: Ensure Caddyfile is present
-  copy:
-    src: 'lander.Caddyfile'
-    dest: '/etc/caddy/lander.Caddyfile'
-    owner: root
-    group: root
-    mode: '0644'
-  notify: caddy-reload
diff --git a/roles/miniflux-web/meta/main.yml b/roles/miniflux-web/meta/main.yml
new file mode 100644
index 0000000..1dbd0f6
--- /dev/null
+++ b/roles/miniflux-web/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: caddy
diff --git a/roles/miniflux-web/tasks/main.yml b/roles/miniflux-web/tasks/main.yml
new file mode 100644
index 0000000..b1059a9
--- /dev/null
+++ b/roles/miniflux-web/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Ensure Caddyfile is present
+  template:
+    src: 'miniflux.Caddyfile.j2'
+    dest: '/etc/caddy/miniflux.Caddyfile'
+    owner: root
+    group: root
+    mode: '0644'
+  notify: caddy-reload
diff --git a/roles/miniflux-web/templates/miniflux.Caddyfile.j2 b/roles/miniflux-web/templates/miniflux.Caddyfile.j2
new file mode 100644
index 0000000..45f0583
--- /dev/null
+++ b/roles/miniflux-web/templates/miniflux.Caddyfile.j2
@@ -0,0 +1,3 @@
+nws.roosens.me {
+    reverse_proxy {{ groups['miniflux'][0] }}:8080
+}
diff --git a/roles/rclone/templates/rclone.conf.j2 b/roles/rclone/templates/rclone.conf.j2
index 679b602..f11f220 100644
--- a/roles/rclone/templates/rclone.conf.j2
+++ b/roles/rclone/templates/rclone.conf.j2
@@ -15,6 +15,11 @@ endpoint = https://s3.gra.io.cloud.ovh.net/
 [photos-crypt]
 type = crypt
 remote = ovh-s3:pi-s3/photos
-password = {{ rclone_photos_obf_pass }}
-password2 = {{ rclone_photos_obf_pass2 }}
+password = {{ rclone_obf_pass }}
+password2 = {{ rclone_obf_pass2 }}
 
+[jef-crypt]
+type = crypt
+remote = ovh-s3:pi-s3/jef
+password = {{ rclone_obf_pass }}
+password2 = {{ rclone_obf_pass2 }}
diff --git a/roles/samba/files/smb.conf b/roles/samba/files/smb.conf
index 3b9ff1f..e37ac8e 100644
--- a/roles/samba/files/smb.conf
+++ b/roles/samba/files/smb.conf
@@ -246,8 +246,14 @@
   writeable = yes
   guest ok = no
 
-[jellyfin-libraries]
-  path = /mnt/data1/jellyfin/libraries
+[media]
+  path = /mnt/data1/media
   browseable = no
   writeable = yes
   guest ok = no
+
+[jef]
+    path = /mnt/data1/jef
+    browseable = no
+    writeable = yes
+    guest ok = no
diff --git a/roles/samba/tasks/main.yml b/roles/samba/tasks/main.yml
index 60ea3c3..0fa0b46 100644
--- a/roles/samba/tasks/main.yml
+++ b/roles/samba/tasks/main.yml
@@ -20,6 +20,14 @@
     shell: /sbin/nologin
   notify: smbpasswd-lambroek
 
+- name: Ensure Jef share directory is present
+  ansible.builtin.file:
+    path: '/mnt/data1/jef'
+    state: 'directory'
+    mode: '0775'
+    owner: 'debian'
+    group: 'data'
+
 - name: Copy over smb config file
   copy:
     src: smb.conf
diff --git a/web.yml b/web.yml
new file mode 100644
index 0000000..2dd9112
--- /dev/null
+++ b/web.yml
@@ -0,0 +1,12 @@
+---
+- hosts: web
+  become: yes
+  roles:
+    - lander-web
+  tags: lander
+
+- hosts: web
+  become: yes
+  roles:
+    - miniflux-web
+  tags: miniflux