diff --git a/app-configs/rinoa/loggifly/config.yaml.j2 b/app-configs/rinoa/loggifly/config.yaml.j2
index 0ddb46c..bb606e7 100644
--- a/app-configs/rinoa/loggifly/config.yaml.j2
+++ b/app-configs/rinoa/loggifly/config.yaml.j2
@@ -1,6 +1,10 @@
 {% set vault_addr = 'https://vault.trez.wtf' %}
 {% set secrets_path = 'rinoa-docker/env' %}
 containers:
+  adguard:
+    action_keywords:
+      - restart:
+          regex: '\[error\] dnsproxy.*timeout'
   ghost_blog:
     action_keywords:
       - restart:
@@ -32,7 +36,7 @@ containers:
   swag:
     action_keywords:
       - restart:
-          regex: '^s6-.*: fatal.*$'
+          regex: 's6-.*: fatal.*$'
 global_keywords:
   keywords:
     - panic
diff --git a/host_vars/rinoa.yml b/host_vars/rinoa.yml
index 443590a..1cc0934 100644
--- a/host_vars/rinoa.yml
+++ b/host_vars/rinoa.yml
@@ -1,15 +1,22 @@
 appdata_base_path: /home/charish/.docker/config/appdata
+ansible_become_password: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  33393031336537653965343539636434613066326131653737396561653031336665633430353837
+  3166363261623634363162626161633831316539643339620a326538663930396335646631356335
+  39643539313531646566353034313734646432626462646530303762323939613833663237316631
+  3134383462306432630a626163356437336331356339353332613265366564323234613732626331
+  64333464306531303163376566393065643136633165373364373733323838616437
 secrets_path: rinoa-docker/env
 file_metadata:
-  "app-configs/rinoa/mongodb/config/keyfile.j2":
+  "mongodb/config/keyfile.j2":
     owner: "999"
     group: "999"
     mode: "0600"
-  "app-configs/rinoa/searxng/settings.yml.j2":
+  "searxng/settings.yml.j2":
     owner: "977"
     group: "977"
     mode: "0644"
-  "app-configs/rinoa/searxng/uwsgi.ini.j2":
+  "searxng/uwsgi.ini.j2":
     owner: "977"
     group: "977"
-    mode: "0644"
\ No newline at end of file
+    mode: "0644"
diff --git a/tar-valon_config_deploy.yml b/tar-valon_config_deploy.yml
index 90c7800..89dbc9e 100644
--- a/tar-valon_config_deploy.yml
+++ b/tar-valon_config_deploy.yml
@@ -5,6 +5,8 @@
     - rikku
     - benedikta
   gather_facts: false
+  become: true
+  become_method: sudo
 
   vars:
     default_owner: "1000"
@@ -12,6 +14,11 @@
     default_mode: "0644"
 
   pre_tasks:
+    - name: Load host-specific vaulted variables if they exist
+      ansible.builtin.include_vars:
+        file: "host_vars/{{ inventory_hostname }}_vault.yml"
+      ignore_errors: true
+
     - name: Get remote user's UID and GID
       ansible.builtin.command: "id -u && id -g"
       register: remote_user_info