diff --git a/etc/nftables/nftables-network-fq.conf b/etc/nftables/nftables-network-fq.conf
index cb79c97..5f1f7a6 100644
--- a/etc/nftables/nftables-network-fq.conf
+++ b/etc/nftables/nftables-network-fq.conf
@@ -9,12 +9,12 @@ table inet filter {
 
     define ip-allowlist-ssh = {
         {{ssh_ipv4}},
-        51.222.159.116, # 0.grapheneos.network
+        51.222.156.101, # 0.grapheneos.org
     }
 
     define ip6-allowlist-ssh = {
         {{ssh_ipv6}},
-        2607:5300:205:200::2584, # 0.grapheneos.network
+        2607:5300:205:200::29c6, # 0.grapheneos.org
     }
 
     define priority-besteffort = 0
diff --git a/etc/nftables/nftables-network.conf b/etc/nftables/nftables-network.conf
index 389fb20..e6265aa 100644
--- a/etc/nftables/nftables-network.conf
+++ b/etc/nftables/nftables-network.conf
@@ -9,12 +9,12 @@ table inet filter {
 
     define ip-allowlist-ssh = {
         {{ssh_ipv4}},
-        51.222.159.116, # 0.grapheneos.network
+        51.222.156.101, # 0.grapheneos.org
     }
 
     define ip6-allowlist-ssh = {
         {{ssh_ipv6}},
-        2607:5300:205:200::2584, # 0.grapheneos.network
+        2607:5300:205:200::29c6, # 0.grapheneos.org
     }
 
     set ip-connlimit-ssh {
diff --git a/etc/nftables/nftables-web.conf b/etc/nftables/nftables-web.conf
index 2b56f9b..13752ba 100644
--- a/etc/nftables/nftables-web.conf
+++ b/etc/nftables/nftables-web.conf
@@ -8,12 +8,10 @@ table inet filter {
 
     define ip-allowlist-ssh = {
         {{ssh_ipv4}},
-        51.222.156.101, # 0.grapheneos.org
     }
 
     define ip6-allowlist-ssh = {
         {{ssh_ipv6}},
-        2607:5300:205:200::29c6, # 0.grapheneos.org
     }
 
     set ip-connlimit-ssh {
diff --git a/hosts.sh b/hosts.sh
index 5366a94..748e9d4 100644
--- a/hosts.sh
+++ b/hosts.sh
@@ -58,9 +58,10 @@ declare -Ar hosts_authorized_keys=(
     [1.grapheneos.org]=authorized_keys-replica-grapheneos
     [2.grapheneos.org]=authorized_keys-replica-grapheneos
     [3.grapheneos.org]=authorized_keys-replica-grapheneos
-    [1.grapheneos.network]=authorized_keys-replica-network
-    [2.grapheneos.network]=authorized_keys-replica-network
-    [3.grapheneos.network]=authorized_keys-replica-network
+    [0.grapheneos.network]=authorized_keys-replica-grapheneos
+    [1.grapheneos.network]=authorized_keys-replica-grapheneos
+    [2.grapheneos.network]=authorized_keys-replica-grapheneos
+    [3.grapheneos.network]=authorized_keys-replica-grapheneos
     [1.releases.grapheneos.org]=authorized_keys-replica-releases
     [2.releases.grapheneos.org]=authorized_keys-replica-releases
     [3.releases.grapheneos.org]=authorized_keys-replica-releases
@@ -77,8 +78,11 @@ declare -Ar hosts_firewall=(
     [1.ns2.grapheneos.org]=ns2
     [2.ns2.grapheneos.org]=ns2
     [mail.grapheneos.org]=mail
-    [staging.grapheneos.org]=web-fq
-    [1.grapheneos.org]=web-fq
+    [staging.grapheneos.org]=network-fq
+    [0.grapheneos.org]=network
+    [1.grapheneos.org]=network-fq
+    [2.grapheneos.org]=network
+    [3.grapheneos.org]=network
     [0.grapheneos.network]=network
     [1.grapheneos.network]=network-fq
     [2.grapheneos.network]=network
@@ -325,7 +329,6 @@ readonly hosts_certbot=(
     mail.grapheneos.org
     staging.grapheneos.org
     0.grapheneos.org
-    0.grapheneos.network
     0.releases.grapheneos.org
     staging.attestation.app
     attestation.app
@@ -338,7 +341,6 @@ readonly hosts_primary=(
     0.ns1.grapheneos.org
     0.ns2.grapheneos.org
     0.grapheneos.org
-    0.grapheneos.network
     0.releases.grapheneos.org
 )
 
@@ -346,7 +348,7 @@ readonly hosts_secondary=(
     {1..3}.ns1.grapheneos.org
     {1..2}.ns2.grapheneos.org
     {1..3}.grapheneos.org
-    {1..3}.grapheneos.network
+    {0..3}.grapheneos.network
     {1..3}.releases.grapheneos.org
 )
 
@@ -361,6 +363,7 @@ readonly hosts_backup=(
 
 readonly hosts_grapheneos=(
     {0..3}.grapheneos.org
+    {0..3}.grapheneos.network
 )
 
 readonly hosts_grapheneos_all=(
@@ -372,10 +375,6 @@ readonly hosts_releases=(
     {0..3}.releases.grapheneos.org
 )
 
-readonly hosts_network=(
-    {0..3}.grapheneos.network
-)
-
 readonly hosts_attestation=(
     staging.attestation.app
     attestation.app
@@ -385,7 +384,6 @@ readonly hosts_web=(
     "${hosts_dns[@]}"
     mail.grapheneos.org
     "${hosts_grapheneos_all[@]}"
-    "${hosts_network[@]}"
     "${hosts_releases[@]}"
     "${hosts_attestation[@]}"
     matrix.grapheneos.org
diff --git a/packages/0.grapheneos.network b/packages/0.grapheneos.network
index 118629e..b3b7bbf 100644
--- a/packages/0.grapheneos.network
+++ b/packages/0.grapheneos.network
@@ -1,5 +1,4 @@
 base
-certbot
 chrony
 cloud-guest-utils
 conntrack-tools
@@ -17,6 +16,7 @@ mtr
 neovim
 nftables
 nginx
+nginx-mod-brotli
 nginx-mod-stream
 nmap
 openssh
diff --git a/packages/0.grapheneos.org b/packages/0.grapheneos.org
index 9dfb786..1e0174a 100644
--- a/packages/0.grapheneos.org
+++ b/packages/0.grapheneos.org
@@ -18,6 +18,7 @@ neovim
 nftables
 nginx
 nginx-mod-brotli
+nginx-mod-stream
 nmap
 openssh
 pacman-contrib
diff --git a/packages/1.grapheneos.network b/packages/1.grapheneos.network
index 8f0b780..b3b7bbf 100644
--- a/packages/1.grapheneos.network
+++ b/packages/1.grapheneos.network
@@ -16,6 +16,7 @@ mtr
 neovim
 nftables
 nginx
+nginx-mod-brotli
 nginx-mod-stream
 nmap
 openssh
diff --git a/packages/1.grapheneos.org b/packages/1.grapheneos.org
index 7e3ab42..b3b7bbf 100644
--- a/packages/1.grapheneos.org
+++ b/packages/1.grapheneos.org
@@ -17,6 +17,7 @@ neovim
 nftables
 nginx
 nginx-mod-brotli
+nginx-mod-stream
 nmap
 openssh
 pacman-contrib
diff --git a/packages/2.grapheneos.network b/packages/2.grapheneos.network
index 8f0b780..b3b7bbf 100644
--- a/packages/2.grapheneos.network
+++ b/packages/2.grapheneos.network
@@ -16,6 +16,7 @@ mtr
 neovim
 nftables
 nginx
+nginx-mod-brotli
 nginx-mod-stream
 nmap
 openssh
diff --git a/packages/2.grapheneos.org b/packages/2.grapheneos.org
index 7e3ab42..b3b7bbf 100644
--- a/packages/2.grapheneos.org
+++ b/packages/2.grapheneos.org
@@ -17,6 +17,7 @@ neovim
 nftables
 nginx
 nginx-mod-brotli
+nginx-mod-stream
 nmap
 openssh
 pacman-contrib
diff --git a/packages/3.grapheneos.network b/packages/3.grapheneos.network
index 8f0b780..b3b7bbf 100644
--- a/packages/3.grapheneos.network
+++ b/packages/3.grapheneos.network
@@ -16,6 +16,7 @@ mtr
 neovim
 nftables
 nginx
+nginx-mod-brotli
 nginx-mod-stream
 nmap
 openssh
diff --git a/packages/3.grapheneos.org b/packages/3.grapheneos.org
index 7e3ab42..b3b7bbf 100644
--- a/packages/3.grapheneos.org
+++ b/packages/3.grapheneos.org
@@ -17,6 +17,7 @@ neovim
 nftables
 nginx
 nginx-mod-brotli
+nginx-mod-stream
 nmap
 openssh
 pacman-contrib
diff --git a/packages/staging.grapheneos.org b/packages/staging.grapheneos.org
index 9dfb786..1e0174a 100644
--- a/packages/staging.grapheneos.org
+++ b/packages/staging.grapheneos.org
@@ -18,6 +18,7 @@ neovim
 nftables
 nginx
 nginx-mod-brotli
+nginx-mod-stream
 nmap
 openssh
 pacman-contrib