diff --git a/nixos/common/containers/derp.nix b/nixos/common/containers/derp.nix
index 478b0be5..cca534c7 100644
--- a/nixos/common/containers/derp.nix
+++ b/nixos/common/containers/derp.nix
@@ -32,4 +32,16 @@
     log-driver = "journald";
     extraOptions = [ "--network=host" ];
   };
+
+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        1443  # Headscale DERP (tcp)
+      ];
+      allowedUDPPorts = [
+        3478  # Headscale DERP (udp)
+      ];
+    };
+  };
 }
diff --git a/nixos/hosts/piaware-rpi4/containers/piaware.nix b/nixos/common/containers/piaware.nix
similarity index 100%
rename from nixos/hosts/piaware-rpi4/containers/piaware.nix
rename to nixos/common/containers/piaware.nix
diff --git a/nixos/hosts/backups-rpi4/default.nix b/nixos/hosts/backups-rpi4/default.nix
index 9004b2e0..971730a2 100644
--- a/nixos/hosts/backups-rpi4/default.nix
+++ b/nixos/hosts/backups-rpi4/default.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{ hostname, ... }: {
   imports = [ 
     ../../common/services/tailscale-autoconnect.nix
     ../../common/modules/raspberry-pi-4.nix
@@ -8,7 +8,7 @@
   ];
   
   time.timeZone = "Europe/Warsaw";
-  networking.hostName = "backups-rpi4";
+  networking.hostName = hostname;
   services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
   boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
 }
diff --git a/nixos/hosts/frankfurt-linode-01/default.nix b/nixos/hosts/frankfurt-linode-01/default.nix
index 6dbb5ab7..049fa887 100644
--- a/nixos/hosts/frankfurt-linode-01/default.nix
+++ b/nixos/hosts/frankfurt-linode-01/default.nix
@@ -3,7 +3,7 @@
     (modulesPath + "/profiles/qemu-guest.nix")
     (import ../../common/containers/derp.nix { domainName = "frankfurt.sysctl.io"; })
     ../../common/services/tailscale-autoconnect.nix
-    ../../common/services/docker.nix
+    ../../common/services/podman.nix
     ./firewall.nix
     ./wireguard.nix
   ];
diff --git a/nixos/hosts/frankfurt-linode-01/firewall.nix b/nixos/hosts/frankfurt-linode-01/firewall.nix
index c27416bb..3b083cfc 100644
--- a/nixos/hosts/frankfurt-linode-01/firewall.nix
+++ b/nixos/hosts/frankfurt-linode-01/firewall.nix
@@ -7,7 +7,6 @@
         443   # HTTPS
         42420 # Vintage Story
         25565 # Minecraft
-        1443  # Headscale DERP (tcp)
         25    # Mailserver
         143   # Mailserver
         465   # Mailserver
@@ -17,7 +16,6 @@
         4443  # Jitsi
       ];
       allowedUDPPorts = [
-        3478  # Headscale DERP (udp)
         10000 # Jitsi Meet (udp)
         15636 # Enshrouded - Game
         15637 # Enshrouded - Query Port
diff --git a/nixos/hosts/milan-linode-01/default.nix b/nixos/hosts/milan-linode-01/default.nix
index a020c60f..d0d00de2 100644
--- a/nixos/hosts/milan-linode-01/default.nix
+++ b/nixos/hosts/milan-linode-01/default.nix
@@ -1,10 +1,9 @@
 { hostname, lib, modulesPath, ... }: {
   imports = [ 
     (modulesPath + "/profiles/qemu-guest.nix")
-    ../../common/services/tailscale-autoconnect.nix
-    ../../common/services/docker.nix
-    ./firewall.nix
     (import ../../common/containers/derp.nix { domainName = "milan.sysctl.io"; })
+    ../../common/services/tailscale-autoconnect.nix
+    ../../common/services/podman.nix
   ];
 
   boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
diff --git a/nixos/hosts/milan-linode-01/firewall.nix b/nixos/hosts/milan-linode-01/firewall.nix
deleted file mode 100644
index 6152094c..00000000
--- a/nixos/hosts/milan-linode-01/firewall.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ ... }: {
-  networking = {
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        1443  # Headscale DERP (tcp)
-      ];
-      allowedUDPPorts = [
-        3478  # Headscale DERP (udp)
-      ];
-    };
-  };
-}
diff --git a/nixos/hosts/osaka-linode-01/default.nix b/nixos/hosts/osaka-linode-01/default.nix
index ec52770b..2cf9fc6c 100644
--- a/nixos/hosts/osaka-linode-01/default.nix
+++ b/nixos/hosts/osaka-linode-01/default.nix
@@ -3,7 +3,7 @@
     (modulesPath + "/profiles/qemu-guest.nix")
     (import ../../common/containers/derp.nix { domainName = "osaka.sysctl.io"; })
     ../../common/services/tailscale-autoconnect.nix
-    ../../common/services/docker.nix
+    ../../common/services/podman.nix
   ];
 
   boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix
deleted file mode 100644
index 6152094c..00000000
--- a/nixos/hosts/osaka-linode-01/firewall.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ ... }: {
-  networking = {
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        1443  # Headscale DERP (tcp)
-      ];
-      allowedUDPPorts = [
-        3478  # Headscale DERP (udp)
-      ];
-    };
-  };
-}
diff --git a/nixos/hosts/piaware-rpi4/default.nix b/nixos/hosts/piaware-rpi4/default.nix
index 1c2312c8..8cabeb62 100644
--- a/nixos/hosts/piaware-rpi4/default.nix
+++ b/nixos/hosts/piaware-rpi4/default.nix
@@ -3,7 +3,7 @@
     ../../common/services/tailscale-autoconnect.nix
     ../../common/services/podman.nix
     ../../common/modules/raspberry-pi-4.nix
-    ./containers/piaware.nix
+    ../../common/containers/piaware.nix
   ];
 
   time.timeZone = "Europe/Warsaw";