diff --git a/deploy.yaml b/deploy.yaml
index b3ebf76..ac67b87 100644
--- a/deploy.yaml
+++ b/deploy.yaml
@@ -6,8 +6,8 @@
   user: root
   roles:
     - role: reachable
-    - role: server
     - role: network
+    - role: server
     - role: firewall
     - role: ssh
     - role: jails
diff --git a/roles/jails/templates/bastille.conf.j2 b/roles/jails/templates/bastille.conf.j2
index 4c636db..dfdc0af 100644
--- a/roles/jails/templates/bastille.conf.j2
+++ b/roles/jails/templates/bastille.conf.j2
@@ -57,7 +57,7 @@ bastille_network_pf_ext_if="ext_if"                                   ## default
 bastille_network_pf_table="jails"                                     ## default: "jails"
 bastille_network_shared=""                                            ## default: ""
 bastille_network_gateway=""                                           ## default: ""
-bastille_network_gateway6="{{ ansible_default_ipv6.address }}"        ## default: ""
+bastille_network_gateway6="{{ primaryip.stdout }}"        ## default: ""
 
 ## Default Templates
 bastille_template_base="default/base"                                 ## default: "default/base"
diff --git a/roles/network/tasks/main.yaml b/roles/network/tasks/main.yaml
index c1dd567..fc9e3f1 100644
--- a/roles/network/tasks/main.yaml
+++ b/roles/network/tasks/main.yaml
@@ -6,3 +6,7 @@
 - name: determine ipv6 net
   shell: ifconfig {{ netif.primary }} inet6 | awk '{ if (/2a01/) { sub(/::.$/, "::", $2); print $2"/64" }}'
   register: jailnet
+
+- name: determine primary ipv6 address
+  shell: ifconfig {{ netif.primary }} inet6 | awk '{ if (/2a01/) { print $2 }}'
+  register: primaryip
diff --git a/roles/pubnix/templates/Bastillefile.j2 b/roles/pubnix/templates/Bastillefile.j2
index 29c86e6..6a9b4a3 100644
--- a/roles/pubnix/templates/Bastillefile.j2
+++ b/roles/pubnix/templates/Bastillefile.j2
@@ -1,3 +1,5 @@
+CP etc /
+
 PKG {{ jails.pubnix.pkgs | join(' ') }}
 
 SYSRC sshd_enable=YES
@@ -11,7 +13,6 @@ CMD mkdir -p /home
 
 FSTAB /home home nullfs rw 0 0
 
-CP etc /
 
 # FIXME: fails for now, see: https://github.com/BastilleBSD/bastille/issues/743
 #CP usr/share/skel /usr/share/skel
diff --git a/roles/pubnix/templates/resolv.conf.j2 b/roles/pubnix/templates/resolv.conf.j2
index da24562..f0f3aef 100644
--- a/roles/pubnix/templates/resolv.conf.j2
+++ b/roles/pubnix/templates/resolv.conf.j2
@@ -1,2 +1,2 @@
-nameserver {{ ansible_default_ipv6.address }}
+nameserver {{ primaryip.stdout }}
 options edns0