diff --git a/ansible/group_vars/all/network.yml b/ansible/group_vars/all/network.yml
new file mode 100644
index 0000000..c5f2b30
--- /dev/null
+++ b/ansible/group_vars/all/network.yml
@@ -0,0 +1,2 @@
+private_ip: "{{ wireguard.clients[ansible_fqdn].ip }}"
+protected_ip: "{{ private_ip }}"
diff --git a/ansible/host_vars/pve-docker.yml b/ansible/host_vars/pve-docker.yml
index 625cc2e..86bd388 100644
--- a/ansible/host_vars/pve-docker.yml
+++ b/ansible/host_vars/pve-docker.yml
@@ -1,5 +1,7 @@
 expose_ssh: true
-traefik_private_ip: "{{ ansible_default_ipv4.address }}"
+
+private_ip: "{{ ansible_default_ipv4.address }}"
+protected_ip: 192.168.2.47
 
 traefik_proxy_protocol_trusted_ips: 10.23.0.0/16
 
diff --git a/ansible/main.yml b/ansible/main.yml
index 01ba450..cdc8ace 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -49,6 +49,7 @@
     - gitlab
     - heimdall
     - gitea
+    - duplicati
 
 - hosts: walker
   roles:
diff --git a/ansible/roles/duplicati/files/docker-compose.yml b/ansible/roles/duplicati/files/docker-compose.yml
index 4b6242a..d37fbc7 100644
--- a/ansible/roles/duplicati/files/docker-compose.yml
+++ b/ansible/roles/duplicati/files/docker-compose.yml
@@ -13,4 +13,4 @@ services:
       - /:/source:ro
     restart: unless-stopped
     ports:
-      - "{{ wireguard.clients[ansible_fqdn].ip }}:8200:8200"
+      - "{{ protected_ip }}:8200:8200"
diff --git a/ansible/roles/traefik/defaults/main.yml b/ansible/roles/traefik/defaults/main.yml
index 67357fd..ad9e8de 100644
--- a/ansible/roles/traefik/defaults/main.yml
+++ b/ansible/roles/traefik/defaults/main.yml
@@ -1,4 +1,3 @@
-traefik_private_ip: "{{ wireguard.clients[ansible_fqdn].ip }}"
 traefik_influx_db_dir: ./influxdb
 
 traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}"
diff --git a/ansible/roles/traefik/files/docker-compose.yml b/ansible/roles/traefik/files/docker-compose.yml
index 859f4cc..c9b6b67 100644
--- a/ansible/roles/traefik/files/docker-compose.yml
+++ b/ansible/roles/traefik/files/docker-compose.yml
@@ -19,8 +19,8 @@ services:
     volumes:
       - "{{ traefik_influx_db_dir }}:/var/lib/influxdb"
     ports:
-      - "{{ traefik_private_ip }}:38089:8089/udp"
-      - "{{ traefik_private_ip }}:38086:8086"
+      - "{{ private_ip }}:38089:8089/udp"
+      - "{{ private_ip }}:38086:8086"
     environment:
       - INFLUXDB_DB=traefik
       - INFLUXDB_HTTP_AUTH_ENABLED=
diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml
index 7f44c84..f522647 100644
--- a/ansible/roles/traefik/files/traefik.yml
+++ b/ansible/roles/traefik/files/traefik.yml
@@ -15,7 +15,7 @@ entryPoints:
       trustedIPs:
         - "{{ traefik_proxy_protocol_trusted_ips }}"
   traefik:
-    address: "{{ traefik_private_ip }}:8080"
+    address: "{{ private_ip }}:8080"
 
 ping: {}
 
@@ -53,7 +53,7 @@ serversTransport:
 
 metrics:
   influxDB:
-    address: "{{ traefik_private_ip }}:38089"
+    address: "{{ private_ip }}:38089"
     database: traefik
     pushInterval: 30s