diff --git a/ansible/README.md b/ansible/README.md
index 8094b13..fa5b9ba 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -1,3 +1,5 @@
+Usage: `ansible-playbook main.yml -i hosts.cfg --limit=cabinet`
+
 Assumes:
 
 - All:
diff --git a/ansible/files/50unattended-upgrades b/ansible/files/50unattended-upgrades
index 54fc785..95ca52f 100644
--- a/ansible/files/50unattended-upgrades
+++ b/ansible/files/50unattended-upgrades
@@ -109,7 +109,7 @@ Unattended-Upgrade::Package-Blacklist {
 
 // Automatically reboot *WITHOUT CONFIRMATION* if
 //  the file /var/run/reboot-required is found after the upgrade
-//Unattended-Upgrade::Automatic-Reboot "false";
+Unattended-Upgrade::Automatic-Reboot "false";
 
 // Automatically reboot even if there are users currently logged in
 // when Unattended-Upgrade::Automatic-Reboot is set to true
diff --git a/ansible/files/sshd_config b/ansible/files/sshd_config
index edd3b94..62470a4 100644
--- a/ansible/files/sshd_config
+++ b/ansible/files/sshd_config
@@ -12,6 +12,7 @@
 
 Port 22
 Port 2222
+Port 37121
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::
diff --git a/ansible/hosts.cfg b/ansible/hosts.cfg
index e6b60bd..0b22507 100644
--- a/ansible/hosts.cfg
+++ b/ansible/hosts.cfg
@@ -1,11 +1,14 @@
-[router]
-corsa
+[compute]
+fogcutter   interface=eno1
+
+[daily]
+cabinet interface=enp9s0
 
 [nfs]
 bigdummy    interface=enp2s0
 
-[compute]
-fogcutter   interface=eno1
-
 [remote]
 joe@madone.seaturtle.pw interface=enp1s0
+
+[router]
+corsa
diff --git a/ansible/main.yml b/ansible/main.yml
index e6801c2..109014a 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -1,7 +1,7 @@
 # All hosts are debian 10
 ---
 # Common
-- hosts: compute,nfs,router
+- hosts: daily,compute,nfs,router
   become: yes
   handlers:
     - import_tasks: handlers.yml
@@ -51,7 +51,7 @@
         group: root
         mode: '0644'
 
-    - name: Enable unattended-upgrades
+    - name: Enable auto-upgrades
       copy:
         src: files/20auto-upgrades
         dest: /etc/apt/apt.conf.d/20auto-upgrades
@@ -78,7 +78,7 @@
       notify: Restart chrony service
 
     # Core networking
-    - name: Configure sshd_config to listen on 2222/22 and disable password auth
+    - name: Configure sshd_config to listen on 37121/2222/22 and disable password auth
       copy:
         src: files/sshd_config
         dest: /etc/ssh/sshd_config