diff --git a/ansible.cfg b/ansible.cfg
index d315089..d0e9b33 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,6 @@
 [defaults]
 nocows = true
+interpreter_python = auto_silent
 inventory = inventory.yml
 remote_user = root
 
diff --git a/roles/alpine/tasks/main.yml b/roles/alpine/tasks/main.yml
index 9776239..d37b3ed 100644
--- a/roles/alpine/tasks/main.yml
+++ b/roles/alpine/tasks/main.yml
@@ -26,6 +26,12 @@
   hostname:
     name: '{{ dns_name }}'
 
+- name: Set up resolv.conf
+  template:
+    dest: /etc/resolv.conf
+    src: resolv.conf.j2
+    mode: 0644
+
 - name: Configure hosts
   template:
     dest: /etc/hosts
diff --git a/roles/proxmox-backup/tasks/main.yml b/roles/proxmox-backup/tasks/main.yml
index 9f9db9e..b3f35b9 100644
--- a/roles/proxmox-backup/tasks/main.yml
+++ b/roles/proxmox-backup/tasks/main.yml
@@ -58,18 +58,6 @@
     mode: 0644
   notify: reload interfaces
 
-- name: Disable SSH password authentication
-  lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: '^#?{{ item.key }}'
-    line: '{{ item.key }} {{ item.value }}'
-  loop:
-    - key: PasswordAuthentication
-      value: 'no'
-    - key: PermitRootLogin
-      value: 'prohibit-password'
-  notify: reload sshd
-
 - name: Run SSH instance in management VRF
   when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt')
   block:
diff --git a/roles/proxmox-backup/templates/nftables.conf.j2 b/roles/proxmox-backup/templates/nftables.conf.j2
index aff70a9..eed9e44 100644
--- a/roles/proxmox-backup/templates/nftables.conf.j2
+++ b/roles/proxmox-backup/templates/nftables.conf.j2
@@ -19,6 +19,10 @@ table inet filter {
             packet-too-big, parameter-problem, time-exceeded,
         } accept comment "accept some ICMPv6"
 
+        iif mgmt0 ip6 hoplimit 255 ip6 nexthdr icmpv6 icmpv6 type {
+            nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert
+        } accept comment "accept IPv6 neighbor discovery"
+
         # BGP / BFD sessions
         iif lan0 ip6 saddr fe80::/64 accept
         iif lan1 ip6 saddr fe80::/64 accept
diff --git a/templates/resolv.conf.j2 b/templates/resolv.conf.j2
index abfee17..feadf5d 100644
--- a/templates/resolv.conf.j2
+++ b/templates/resolv.conf.j2
@@ -1,4 +1,4 @@
 search {{ domain }}
-{% for server in dns %}
+{% for server in dns6 %}
 nameserver {{ server }}
 {% endfor %}