diff --git a/.github/workflows/custom-artifact.yml b/.github/workflows/custom-artifact.yml
index 9a246a77a..293033cab 100644
--- a/.github/workflows/custom-artifact.yml
+++ b/.github/workflows/custom-artifact.yml
@@ -48,7 +48,7 @@ jobs:
       - name: Build and upload wire-server-deploy container
         run: |
           container_image=$(nix-build --no-out-link -A container)
-          skopeo copy --dest-creds "$DOCKER_LOGIN" \
+          skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \
             docker-archive:"$container_image" \
             "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
         env:
diff --git a/.github/workflows/offline.yml b/.github/workflows/offline.yml
index 2bd9a518a..5ad30d640 100644
--- a/.github/workflows/offline.yml
+++ b/.github/workflows/offline.yml
@@ -51,7 +51,7 @@ jobs:
         run: |
           container_image=$(nix-build --no-out-link -A container)
 
-          skopeo copy --dest-creds "$DOCKER_LOGIN" \
+          skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \
             docker-archive:"$container_image" \
             "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
         env:
@@ -68,5 +68,3 @@ jobs:
         run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve)
         env:
           HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
-
-
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index c9d74e2da..15dded1c1 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -11,7 +11,8 @@ gathering               = smart
 host_key_checking       = no
 
 interpreter_python      = /usr/bin/python3
-
+timeout                 = 30
 
 [privilege_escalation]
 become                  = yes
+become_timeout          = 30
diff --git a/ansible/hetzner-single-deploy.yml b/ansible/hetzner-single-deploy.yml
index 4d086fe32..61a3a92cb 100644
--- a/ansible/hetzner-single-deploy.yml
+++ b/ansible/hetzner-single-deploy.yml
@@ -1,9 +1,9 @@
 - hosts: all
   become: true
   vars:
-    artifact_hash: d8fe36747614968ea73ebd43d47b99364c52f9c1
+    artifact_hash: 3a18fae3106968b48b5a3b35f1bd0817ca4e5569
     ubuntu_version: 22.04.5
-    ssh_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPTGTo1lTqd3Ym/75MRyQvj8xZINO/GI6FzfIadSe5c backend+hetzner-dedicated-operator@wire.com"
+    ssh_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvYwUBNBINxRAJWO+zSzDWhmp1he65zW7RTVgKUatku0q3NvIpYFCFbu99EsGRm6fkC5tikT6ucbft+BXbCf5RRo3od4QdmwSTZtE0lyDHGczJCohwDVTMj2vAG7V9f6u/qPu8Pw0nbQTeIyx27B9XDZjCPnvb3nBh6vP7nb5dKTEGW83brtu9rM0sqeovZicxME+PiAHJCHkijE4w1IcMEjuaBBMsSnwOp3C3L1LVc+CJDvjMGiuNquNy+GBmP1R/3vZFXyblrtQfSLo9p39QIDhpwvRS465iaMo7mdWw7RQ9oOwFKCHHzd96zlQFHWzILfgHvFyRyB5b7GZ+bX1tYi9y66JbmCvhD/oSdjQ5EU+UKGdjqklcrnLdvrZq+YFYi1pyeRcLG/5OE+5C0IpH1aOHIeXI4Dq8HDqj4HWO6yvlEXTBrNcl0MI77hd77mT5vfhq8tBKoQdrY4IAjHB/bDhojL67qDcnGX42vsOzOzO+GZA1X9g+//0ehb3e8j/XP1u0qnlzApN+8ete5uR8sqlvWMoJfH62mmthEpIrCAuUpoBSiuNY5eM4arB6Jg3M6avcOjuTGEXEU0QVRhmISAPsTNsyc6KudTl/a3Z8IEMli8jhllENEROITsi4NJyeaCTVrGmqMbndUJObQluSmI+TaKDKJDv6aIZQox6iyQ=="
   tasks:
   - name: set ipv4 forward
     sysctl:
@@ -41,6 +41,7 @@
       - telnet
       - python3-lxml
       - qemu
+      - lxc
       - qemu-kvm
       - qemu-utils
       - libvirt-clients
@@ -50,7 +51,7 @@
   - name: generate german locales
     locale_gen:
       name: de_DE.UTF-8
-      state: present
+      state: present    
   - name: generate us locales
     locale_gen:
       name: en_US.UTF-8
@@ -100,8 +101,8 @@
       src: files/hetzner_server_sshd_config
       dest: /etc/ssh/sshd_config
       mode: 0644
-      owner: root
-      group: root
+      owner: ubuntu
+      group: ubuntu
     notify: sshd | restart
   - name: stop and disable dnsmasq service
     service:
@@ -148,8 +149,8 @@
       src: files/hetzner_server_nftables.conf.j2
       dest: /etc/nftables.conf
       mode: 0750
-      owner: root
-      group: root
+      owner: ubuntu
+      group: ubuntu
     notify: nftables | restart
     when: not nft_deployed.stat.exists
   - name: add local file flag after nftables deployment
diff --git a/bin/autodeploy.sh b/bin/autodeploy.sh
index 7c6bfd18b..3dcacf9e3 100755
--- a/bin/autodeploy.sh
+++ b/bin/autodeploy.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC2087
 set -Eeuo pipefail
-
+set -x
 msg() {
   echo >&2 -e "${1-}"
 }
@@ -81,9 +81,9 @@ parse_params "$@"
 ARTIFACT_HASH="${ARTIFACT_HASH:-5c06158547bc57846eadaa2be5c813ec43be9b59}"
 TARGET_SYSTEM="${TARGET_SYSTEM:-wiab-autodeploy.wire.link}"
 FORCE_REDEPLOY="${FORCE_REDEPLOY:-0}"
-SUBDOMAINS="account assets coturn federator inbucket nginz-https nginz-ssl sft teams webapp"
+SUBDOMAINS=""
 SSH_PORT=22
-SSH_USER=root
+SSH_USER=ubuntu
 DEMO_USER=demo
 SCRIPT_DIR=/home/"$DEMO_USER"/wire-server-deploy
 DO_SYSTEM_CLEANUP=false
@@ -160,18 +160,18 @@ remote_deployment() {
   }
   cd $SCRIPT_DIR &>/dev/null || exit 1
 
-  bash bin/offline-vm-setup.sh
-  msg ""
-  while sudo virsh list --all | grep -Fq running; do
-    sleep 20
-    msg "INFO: VM deployment still in progress ..."
-  done
-  sleep 20
-  msg ""
-  msg "INFO: VM deployment done. Starting all VMs:"
-  msg ""
-  for VM in $(sudo virsh list --all --name); do sudo virsh start "$VM"; done
-  sleep 60
+  #bash bin/offline-vm-stackit.sh
+  # msg ""
+  # while sudo virsh list --all | grep -Fq running; do
+  #   sleep 20
+  #   msg "INFO: VM deployment still in progress ..."
+  # done
+  # sleep 20
+  # msg ""
+  # msg "INFO: VM deployment done. Starting all VMs:"
+  # msg ""
+  # for VM in $(sudo virsh list --all --name); do sudo virsh start "$VM"; done
+  # sleep 60
 
   msg ""
   msg "INFO: Setting up offline environment (this will take a while)."
@@ -202,6 +202,7 @@ ansnode3 ansible_host=192.168.122.33
 
 [all:vars]
 ansible_user = $DEMO_USER
+ansible_ssh_common_args = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
 
 [cassandra:vars]
 cassandra_network_interface = enp1s0
@@ -417,7 +418,7 @@ if [ "$DO_SYSTEM_CLEANUP" = true ] && [ "$FORCE_REDEPLOY" = 1 ]; then
 fi
 
 msg "INFO: Commencing Wire-in-a-box deployment on $TARGET_SYSTEM."
-preprovision_hetzner
+#preprovision_hetzner
 ssh -p "$SSH_PORT" -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -o ServerAliveCountMax=10 "$DEMO_USER"@webapp."$TARGET_SYSTEM" "bash -s" <<EOT
 # Making relevant vars and functions available to remote shell via SSH
 $(declare -p DEMO_USER TARGET_SYSTEM SCRIPT_DIR)
diff --git a/bin/offline-secrets.sh b/bin/offline-secrets.sh
index 48df9d35c..d58d48072 100755
--- a/bin/offline-secrets.sh
+++ b/bin/offline-secrets.sh
@@ -63,6 +63,11 @@ team-settings:
     # container is pre-seeded
     # It is just the empty "{}" json hashmap
     configJson: "e30K"
+background-worker:
+  secrets:
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 EOF
 
 fi
diff --git a/bin/offline-vm-stackit-setup_old.sh b/bin/offline-vm-stackit-setup_old.sh
new file mode 100755
index 000000000..5a02813fc
--- /dev/null
+++ b/bin/offline-vm-stackit-setup_old.sh
@@ -0,0 +1,143 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+
+msg() {
+  echo >&2 -e "${1-}"
+}
+
+if [[ $EUID -eq 0 ]]; then
+  msg "Please don't run me as root" 1>&2
+  exit 1
+fi
+
+trap cleanup SIGINT SIGTERM ERR EXIT
+
+usage() {
+  cat <<EOF
+Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [--deploy-container name]
+
+Non-interactive script for deploying a standard set of Ubuntu Server containers using LXC.
+All containers are created with static IPs from the default LXC bridge (lxdbr0: 10.0.3.0/24).
+
+Available options:
+-h, --help                Print this help and exit
+-v, --verbose             Print debug info
+--deploy-container name   Deploy a single Ubuntu container
+EOF
+  exit
+}
+
+cleanup() {
+  trap - SIGINT SIGTERM ERR EXIT
+}
+die() {
+  local msg=$1
+  local code=${2-1} # default exit status 1
+  msg "$msg"
+  exit "$code"
+}
+
+parse_params() {
+  while :; do
+    case "${1-}" in
+    -h | --help) usage ;;
+    -v | --verbose) set -x ;;
+    --deploy-container) ;;
+    -?*) die "Unknown option: $1" ;;
+    *) break ;;
+    esac
+    shift
+  done
+  return 0
+}
+
+parse_params "$@"
+
+CONTAINER_NAME=(assethost kubenode1 kubenode2 kubenode3 ansnode1 ansnode2 ansnode3)
+CONTAINER_IP=(10.0.3.10 10.0.3.21 10.0.3.22 10.0.3.23 10.0.3.31 10.0.3.32 10.0.3.33)
+CONTAINER_RAM=(4096 8192 8192 8192 8192 8192 8192)
+CONTAINER_CPU=(2 6 6 6 4 4 4)
+
+if [[ -f "$HOME/.ssh/authorized_keys" && -s "$HOME/.ssh/authorized_keys" ]]; then
+  SSH_KEY=$(head -n 1 "$HOME/.ssh/authorized_keys")
+else
+  read -r -p "No SSH key found; please enter a valid SSH key: " SSH_KEY
+fi
+
+msg ""
+msg "Including the following SSH Key for container deployment:"
+msg "$SSH_KEY"
+msg ""
+
+# Ensure the default storage pool exists
+msg "Checking storage pool configuration..."
+if ! lxc storage list | grep -q "default"; then
+  msg "Default storage pool not found. Creating it..."
+  lxc storage create default dir
+else
+  msg "Default storage pool already exists."
+fi
+
+# Ensure the default profile has a root device configured
+msg "Checking default profile configuration..."
+if ! lxc profile show default | grep -q "root"; then
+  msg "Root device missing in default profile. Adding it..."
+  lxc profile device add default root disk path=/ pool=default
+else
+  msg "Default profile is correctly configured."
+fi
+
+# Ensure the default network exists
+msg "Checking network configuration..."
+if ! lxc network list | grep -q "lxdbr0"; then
+  msg "Default network lxdbr0 not found. Creating it..."
+  lxc network create lxdbr0
+  lxc network set lxdbr0 ipv4.address 10.0.3.1/24
+  lxc network set lxdbr0 ipv4.nat true
+  lxc network set lxdbr0 ipv6.address none
+else
+  msg "Default network lxdbr0 already exists."
+fi
+
+create_container() {
+  local name=$1
+  local ip=$2
+  local ram=$3
+  local cpu=$4
+
+  msg "Creating container: $name"
+  lxc launch ubuntu-daily:jammy "$name"  --storage default
+
+  msg "Configuring container resources..."
+  lxc config set "$name" limits.memory "${ram}MB"
+  lxc config set "$name" limits.cpu "$cpu"
+
+  msg "Attaching network and configuring static IP: $ip"
+  lxc network attach lxdbr0 "$name" eth0
+  lxc config device set "$name" eth0 ipv4.address "$ip"
+
+  msg "Creating demo user and adding SSH key..."
+  lxc exec "$name" -- bash -c "
+    if ! id -u demo > /dev/null 2>&1; then
+      adduser --disabled-password --gecos '' demo
+      usermod -aG sudo demo
+    fi
+    mkdir -p /home/demo/.ssh
+    echo \"$SSH_KEY\" > /home/demo/.ssh/authorized_keys
+    chown -R demo:demo /home/demo/.ssh
+    chmod 600 /home/demo/.ssh/authorized_keys
+  "
+
+  msg "Starting container..."
+  lxc restart "$name"
+}
+
+for ((i = 0; i < ${#CONTAINER_NAME[@]}; i++)); do
+  if lxc list | grep -q "${CONTAINER_NAME[i]}"; then
+    msg "Container ${CONTAINER_NAME[i]} already exists. Skipping..."
+    continue
+  else
+    create_container "${CONTAINER_NAME[i]}" "${CONTAINER_IP[i]}" "${CONTAINER_RAM[i]}" "${CONTAINER_CPU[i]}"
+  fi
+done
\ No newline at end of file
diff --git a/bin/offline-vm-stackit.sh b/bin/offline-vm-stackit.sh
new file mode 100755
index 000000000..1056734aa
--- /dev/null
+++ b/bin/offline-vm-stackit.sh
@@ -0,0 +1,182 @@
+#!/usr/bin/env bash
+
+set -Eeuo pipefail
+msg() {
+  echo >&2 -e "${1-}"
+}
+
+if [[ $EUID -eq 0 ]]; then
+  msg "Please don't run me as root" 1>&2
+  exit 1
+fi
+
+trap cleanup SIGINT SIGTERM ERR EXIT
+
+usage() {
+  cat <<EOF
+Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [--deploy-container name]
+
+Non-interactive script for deploying a standard set of Ubuntu Server containers using LXC.
+All containers are created with static IPs assigned by DHCP from the $(virbr0) bridge.
+
+Available options:
+-h, --help                Print this help and exit
+-v, --verbose             Print debug info
+--deploy-container name   Deploy a single Ubuntu container
+EOF
+  exit
+}
+
+cleanup() {
+  trap - SIGINT SIGTERM ERR EXIT
+}
+
+die() {
+  local msg=$1
+  local code=${2-1} # default exit status 1
+  msg "$msg"
+  exit "$code"
+}
+
+parse_params() {
+  while :; do
+    case "${1-}" in
+    -h | --help) usage ;;
+    -v | --verbose) set -x ;;
+    --deploy-container) ;;
+    -?*) die "Unknown option: $1" ;;
+    *) break ;;
+    esac
+    shift
+  done
+  return 0
+}
+
+parse_params "$@"
+
+CONTAINER_NAME=(assethost kubenode1 kubenode2 kubenode3 ansnode1 ansnode2 ansnode3)
+CONTAINER_IP=(192.168.122.10 192.168.122.21 192.168.122.22 192.168.122.23 192.168.122.31 192.168.122.32 192.168.122.33)
+CONTAINER_RAM=(4096 8192 8192 8192 8192 8192 8192)
+CONTAINER_CPU=(2 6 6 6 4 4 4)
+
+if [[ -f "$HOME/.ssh/authorized_keys" && -s "$HOME/.ssh/authorized_keys" ]]; then
+  SSH_KEY=$(head -n 1 "$HOME/.ssh/authorized_keys")
+else
+  read -r -p "No SSH key found; please enter a valid SSH key: " SSH_KEY
+fi
+
+msg ""
+msg "Including the following SSH Key for container deployment:"
+msg "$SSH_KEY"
+msg ""
+
+# Use virbr0 for network
+msg "Using virbr0 for container networking..."
+
+create_container() {
+  local name=$1
+  local ip=$2
+  local ram=$3
+  local cpu=$4
+
+  msg "Creating container: $name"
+  sudo lxc launch ubuntu-daily:jammy "$name" --storage default
+
+  msg "Configuring container resources..."
+  sudo lxc config set "$name" limits.memory "${ram}MB"
+  sudo lxc config set "$name" limits.cpu "$cpu"
+
+  msg "Attaching network and configuring IP via DHCP..."
+  sudo lxc network attach virbr0 "$name" eth0
+
+  msg "Configuring static IP for $name..."
+  sudo lxc exec "$name" -- bash -c "
+    echo 'network:
+      version: 2
+      ethernets:
+        eth0:
+          dhcp4: no
+          addresses:
+            - $ip/24
+          gateway4: 192.168.122.1
+          nameservers:
+            addresses:
+              - 8.8.8.8
+              - 8.8.4.4
+    ' > /etc/netplan/01-netcfg.yaml
+    chmod 600 /etc/netplan/01-netcfg.yaml
+    chown root:root /etc/netplan/01-netcfg.yaml
+    netplan apply
+    systemctl daemon-reload
+    systemctl restart systemd-networkd
+    apt-get install -y systemd dbus
+    systemctl start dbus || echo 'dbus service already running'
+  "
+
+  msg "Creating demo user and adding SSH key..."
+  sudo lxc exec "$name" -- bash -c "
+    if ! id -u demo > /dev/null 2>&1; then
+      adduser --disabled-password --gecos '' demo
+      usermod -aG sudo demo
+    fi
+    mkdir -p /home/demo/.ssh
+    echo \"$SSH_KEY\" > /home/demo/.ssh/authorized_keys
+    chown -R demo:demo /home/demo/.ssh
+    chmod 600 /home/demo/.ssh/authorized_keys
+    echo 'demo ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/demo
+    chmod 440 /etc/sudoers.d/demo
+  "
+  sudo lxc config set "$name" security.privileged true
+  sudo lxc config set "$name" linux.kernel_modules overlay,nf_nat,br_netfilter,ip_tables
+  sudo lxc restart "$name"
+  sudo lxc config device add "$name" modules disk source=/lib/modules path=/lib/modules
+  sudo lxc config device add "$name" kmsg unix-char path=/dev/kmsg
+  sudo lxc config device add "$name" proc-sys disk source=/proc/sys path=/proc/sys
+
+
+  msg "Starting container..."
+}
+
+sudo systemctl start snap.lxd.daemon
+sudo systemctl enable snap.lxd.daemon
+#sudo usermod -aG lxd "$USER"
+#newgrp lxd
+sudo apt update
+# shellcheck disable=SC2046
+sudo apt install --reinstall linux-modules-$(uname -r) linux-modules-extra-$(uname -r) -y
+sudo modprobe ip_vs
+sudo modprobe ip_vs_rr
+sudo modprobe ip_vs_wrr
+sudo modprobe ip_vs_lc
+sudo modprobe ip_vs_wlc
+sudo modprobe ip_vs_sh
+sudo modprobe nf_conntrack
+sudo modprobe dummy
+sudo modprobe ip_tables
+sudo modprobe br_netfilter
+sudo modprobe ip6_tables
+sudo modprobe ip_vs_sed
+sudo modprobe bridge
+sudo modprobe vxlan
+sudo modprobe overlay
+sudo sysctl -w kernel.panic=10
+sudo sysctl -w kernel.panic_on_oops=1
+sudo sysctl -w vm.overcommit_memory=1
+STORAGE_NAME="default"
+
+# Check if the storage pool already exists
+if sudo lxc storage list --format csv | grep -q "^$STORAGE_NAME,"; then
+  echo "Storage pool '$STORAGE_NAME' already exists. Skipping creation."
+else
+  echo "Storage pool '$STORAGE_NAME' does not exist. Creating it..."
+  sudo lxc storage create "$STORAGE_NAME" dir
+fi
+
+for ((i = 0; i < ${#CONTAINER_NAME[@]}; i++)); do
+  if sudo lxc list | grep -q "${CONTAINER_NAME[i]}"; then
+    msg "Container ${CONTAINER_NAME[i]} already exists. Skipping..."
+    continue
+  else
+    create_container "${CONTAINER_NAME[i]}" "${CONTAINER_IP[i]}" "${CONTAINER_RAM[i]}" "${CONTAINER_CPU[i]}"
+  fi
+done
diff --git a/terraform/examples/create-infrastructure.tf b/terraform/examples/create-infrastructure.tf
index 6d6d70058..2d74ac9ec 100644
--- a/terraform/examples/create-infrastructure.tf
+++ b/terraform/examples/create-infrastructure.tf
@@ -42,7 +42,7 @@ resource "hcloud_server" "redis" {
   count       = 0
   name        = "redis${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -53,7 +53,7 @@ resource "hcloud_server" "restund" {
   count       = 2
   name        = "restund${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -64,7 +64,7 @@ resource "hcloud_server" "minio" {
   count       = 3
   name        = "minio${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -75,7 +75,7 @@ resource "hcloud_server" "cassandra" {
   count       = 3
   name        = "cassandra${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx21"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
@@ -86,7 +86,7 @@ resource "hcloud_server" "elasticsearch" {
   count       = 3
   name        = "elasticsearch${count.index}"
   image       = "ubuntu-22.04"
-  server_type = "cx11"
+  server_type = "cx22"
   ssh_keys    = ["hetznerssh-key"]
 
   # Nuremberg (for choices see `hcloud datacenter list`)
diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/main.tf b/terraform/examples/wire-server-deploy-offline-hetzner/main.tf
index 30553a8ff..dfd9b7b61 100644
--- a/terraform/examples/wire-server-deploy-offline-hetzner/main.tf
+++ b/terraform/examples/wire-server-deploy-offline-hetzner/main.tf
@@ -63,7 +63,7 @@ resource "hcloud_server" "adminhost" {
   name        = "adminhost-${random_pet.adminhost.id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = <<-EOF
   #cloud-config
   apt:
@@ -98,7 +98,7 @@ resource "hcloud_server" "assethost" {
   name        = "assethost-${random_pet.assethost.id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = local.disable_network_cfg
 }
 
@@ -118,7 +118,7 @@ resource "hcloud_server" "restund" {
   name        = "restund-${random_pet.restund[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
+  server_type = "cx22"
   user_data   = local.disable_network_cfg
 }
 
@@ -139,7 +139,7 @@ resource "hcloud_server" "kubenode" {
   name        = "kubenode-${random_pet.kubenode[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx42"
+  server_type = "cpx41"
   user_data   = local.disable_network_cfg
 }
 
@@ -160,8 +160,8 @@ resource "hcloud_server" "cassandra" {
   name        = "cassandra-${random_pet.cassandra[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
-  user_data   = local.disable_network_cfg
+  server_type = "cx22"
+  # user_data   = local.disable_network_cfg
 }
 
 resource "hcloud_server_network" "cassandra" {
@@ -181,8 +181,8 @@ resource "hcloud_server" "elasticsearch" {
   name        = "elasticsearch-${random_pet.elasticsearch[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
-  user_data   = local.disable_network_cfg
+  server_type = "cx22"
+  # user_data   = local.disable_network_cfg
 }
 
 resource "hcloud_server_network" "elasticsearch" {
@@ -202,8 +202,8 @@ resource "hcloud_server" "minio" {
   name        = "minio-${random_pet.minio[count.index].id}"
   image       = "ubuntu-22.04"
   ssh_keys    = local.ssh_keys
-  server_type = "cx11"
-  user_data   = local.disable_network_cfg
+  server_type = "cx22"
+  # user_data   = local.disable_network_cfg
 }
 
 resource "hcloud_server_network" "minio" {
diff --git a/terraform/examples/wire-server-deploy-offline-hetzner/outputs.tf b/terraform/examples/wire-server-deploy-offline-hetzner/outputs.tf
index 87294ed5e..c1535555f 100644
--- a/terraform/examples/wire-server-deploy-offline-hetzner/outputs.tf
+++ b/terraform/examples/wire-server-deploy-offline-hetzner/outputs.tf
@@ -65,7 +65,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        cassandra_network_interface = "ens10"
+        cassandra_network_interface = "eth0"
       }
     }
     cassandra_seed = {
@@ -79,7 +79,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        elasticsearch_network_interface = "ens10"
+        elasticsearch_network_interface = "eth0"
       }
     }
     elasticsearch_master = {
@@ -93,7 +93,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        minio_network_interface = "ens10"
+        minio_network_interface = "eth0"
       }
     }
     restund = {
@@ -104,7 +104,7 @@ output "static-inventory" {
         }
       }
       vars = {
-        restund_network_interface = "ens10"
+        restund_network_interface = "eth0"
       }
     }
 
diff --git a/values/wire-server/prod-secrets.example.yaml b/values/wire-server/prod-secrets.example.yaml
index 311e4809d..dfa5439e7 100644
--- a/values/wire-server/prod-secrets.example.yaml
+++ b/values/wire-server/prod-secrets.example.yaml
@@ -73,12 +73,12 @@ nginz:
     basicAuth: "<username>:<htpasswd-hashed-password>"
 
 
-# Uncomment for federation below. Set values accordingly
-# background-worker:
-#   secrets:
-#     rabbitmq:
-#       username: wire-server
-#       password: verysecurepassword
+# RabbitMQ credentials for background-worker.
+background-worker:
+  secrets:
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 
 # Uncomment for legalhold. Set values accordingly