diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..4b6e3e1
Binary files /dev/null and b/.DS_Store differ
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 0000000..b2f76bf
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,21 @@
+name: Test
+on:
+  push:
+
+jobs: 
+  validate:
+    runs-on: ubuntu-latest
+    env: 
+      SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@master
+
+      - name: Install pre-requisites
+        run: |
+          sudo wget -q -O /usr/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64
+          sudo chmod a+x /usr/bin/sops
+
+      - name: SOPS
+        run: |
+          sops --config <(echo '') -d inventory/group_vars/all/users.sops.yaml
\ No newline at end of file
diff --git a/inventory/hosts.yaml b/inventory/hosts.yaml
index e9ccab7..bd87ef6 100644
--- a/inventory/hosts.yaml
+++ b/inventory/hosts.yaml
@@ -2,7 +2,7 @@ all:
   vars:
     ansible_user: lholota
     domain: homecentr.one
-    ups_shutdown_command: "systemctl stop ve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
+    ups_shutdown_command: "systemctl stop pve-ha-crm & systemctl stop pve-ha-lrm && /sbin/shutdown -h +0"
   children:
     pve_nodes:
       hosts:
@@ -71,7 +71,7 @@ all:
               promtail_docker_logs_enabled: true
             unifi_controller:
               ansible_host: 10.1.2.76
-            docs:
+            netboot:
               ansible_host: 10.1.2.77
               docker_enabled: true
               docker_enable_tcp: true
@@ -119,6 +119,10 @@ all:
               docker_enabled: true
               docker_enable_tcp: true
               promtail_docker_logs_enabled: true
+            dhcp1:
+              ansible_host: 10.1.2.90
+            dhcp2:
+              ansible_host: 10.1.2.91
         vm:
           hosts:
             coder:
diff --git a/playbooks/local/ssh.yaml b/playbooks/local/ssh.yaml
index 688eba0..4214b5a 100644
--- a/playbooks/local/ssh.yaml
+++ b/playbooks/local/ssh.yaml
@@ -30,9 +30,12 @@
         create: false
         marker: "# {mark} Homecentr SSH configuration"
         block: |
+          # Locally connecting to an actual host, canonicalization works
           Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr '10.0.0.0/8'"
             ForwardAgent yes
 
-          Match host=pve*.{{ domain }},app-*.{{ domain }} exec "dig -t a '%h' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
+          # Remotely the raw hostname does not exist (only with prefix), therefore canonicalization does not work
+          # so we have to add the domain manually
+          Match host=pve*,app-* exec "dig -t a 'ssh-%h.{{ domain }}' +short | tail -n1 | grepcidr -v '10.0.0.0/8'"
             ForwardAgent yes
-            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
+            ProxyCommand /usr/local/bin/cloudflared access ssh --hostname "ssh-%h.{{ domain }}"