diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml
index 910c3dd..6508b3e 100644
--- a/ansible/roles/podman/defaults/main.yml
+++ b/ansible/roles/podman/defaults/main.yml
@@ -9,7 +9,8 @@ nginx_path: "{{ podman_volumes }}/nginx"
 partkeepr_path: "{{ podman_volumes }}/partkeepr"
 photos_path: "{{ podman_volumes }}/photos"
 pihole_path: "{{ podman_volumes }}/pihole"
-satisfactory_path: "{{ podman_volumes }}/satisfactory"
+factorio_path: "{{ podman_volumes }}/factorio"
+fulfillr_path: "{{ podman_volumes }}/fulfillr"
 
 drone_server_proto: "http"
 drone_runner_capacity: "8"
@@ -20,6 +21,7 @@ assistant_server_name: assistant.bdebyl.net
 bookstack_server_name: wiki.skudakrennsport.com
 ci_server_name: ci.bdebyl.net
 cloud_server_name: cloud.bdebyl.net
+fulfillr_server_name: fulfillr.debyltech.com
 home_server_name: home.bdebyl.net
 logs_server_name: logs.bdebyl.net
 parts_server_name: parts.bdebyl.net
diff --git a/ansible/roles/podman/tasks/configuration-nginx-http.yml b/ansible/roles/podman/tasks/configuration-nginx-http.yml
index b9e07c0..fef3635 100644
--- a/ansible/roles/podman/tasks/configuration-nginx-http.yml
+++ b/ansible/roles/podman/tasks/configuration-nginx-http.yml
@@ -61,17 +61,18 @@
     group: "{{ podman_user }}"
     mode: 0644
   loop:
+    - "{{ api_debyltech_server_name }}.conf"
     - "{{ assistant_server_name }}.conf"
     - "{{ bookstack_server_name }}.conf"
     - "{{ ci_server_name }}.http.conf"
     - "{{ cloud_server_name }}.conf"
+    - "{{ fulfillr_server_name }}.conf"
     - "{{ home_server_name }}.conf"
     - "{{ logs_server_name }}.conf"
     - "{{ parts_server_name }}.conf"
     - "{{ photos_server_name }}.conf"
     - "{{ pi_server_name }}.conf"
     - "{{ video_server_name }}.conf"
-    - "{{ api_debyltech_server_name }}.conf"
   notify:
     - restorecon podman
     - restart nginx
@@ -86,17 +87,18 @@
     group: "{{ podman_user }}"
     state: link
   loop:
+    - "{{ api_debyltech_server_name }}.conf"
     - "{{ assistant_server_name }}.conf"
     - "{{ bookstack_server_name }}.conf"
     - "{{ ci_server_name }}.http.conf"
     - "{{ cloud_server_name }}.conf"
+    - "{{ fulfillr_server_name }}.conf"
     - "{{ home_server_name }}.conf"
     - "{{ logs_server_name }}.conf"
     - "{{ parts_server_name }}.conf"
     - "{{ photos_server_name }}.conf"
     - "{{ pi_server_name }}.conf"
     - "{{ video_server_name }}.conf"
-    - "{{ api_debyltech_server_name }}.conf"
   notify:
     - restorecon podman
     - restart nginx
diff --git a/ansible/roles/podman/tasks/container-debyltech.yml b/ansible/roles/podman/tasks/container-debyltech.yml
deleted file mode 100644
index 1db8958..0000000
--- a/ansible/roles/podman/tasks/container-debyltech.yml
+++ /dev/null
@@ -1,51 +0,0 @@
----
-- name: create required debyltech volumes
-  become: true
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{ podman_subuid.stdout }}"
-    group: "{{ podman_subuid.stdout }}"
-    mode: 0755
-  notify: restorecon podman
-  loop:
-    - "{{ debyltech_path }}/api"
-    - "{{ debyltech_path }}/api/config"
-  tags: debyltech
-
-- name: template api.debyltech.com files
-  become: true
-  ansible.builtin.template:
-    src: "debyltech/{{ item }}.j2"
-    dest: "{{ debyltech_path }}/api/config/{{ item }}"
-    owner: "{{ podman_user }}"
-    group: "{{ podman_user }}"
-    mode: 0644
-  loop:
-    - "config.json"
-  tags: debyltech
-
-- name: create api.debyltech.com container
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_container:
-    name: apidebyltech
-    image: docker.io/debyltech/go-snipcart-webhook:0.1.34
-    command: --config /conf/config.json --release
-    recreate: true
-    restart: true
-    restart_policy: on-failure:3
-    log_driver: journald
-    network:
-      - shared
-    volumes:
-      - "{{ debyltech_path }}/api/config:/conf"
-    ports:
-      - "8040:8080"
-  tags: debyltech
-
-- name: create systemd startup job for api.debyltech.com
-  include_tasks: systemd-generate.yml
-  vars:
-    container_name: apidebyltech
-  tags: debyltech
diff --git a/ansible/roles/podman/tasks/container-factorio.yml b/ansible/roles/podman/tasks/container-factorio.yml
new file mode 100644
index 0000000..f70b640
--- /dev/null
+++ b/ansible/roles/podman/tasks/container-factorio.yml
@@ -0,0 +1,48 @@
+---
+- name: create factorio host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ factorio_path }}"
+  tags: factorio
+
+- name: unshare chown the elastic volume
+  become: true
+  become_user: "{{ podman_user }}"
+  changed_when: false
+  ansible.builtin.command: |
+    podman unshare chown -R 845:845 {{ factorio_path }}
+  tags: factorio
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+  tags: factorio
+
+- name: create factorio server container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: factorio
+    image: docker.io/factoriotools/factorio:1.1.80
+    recreate: true
+    restart: true
+    restart_policy: on-failure:3
+    log_driver: journald
+    volumes:
+      - "{{ factorio_path }}:/factorio"
+    ports:
+      - 34197:34197/udp
+      - 27015:27015/tcp
+  tags: factorio
+
+- name: create systemd startup job for factorio
+  include_tasks: systemd-generate.yml
+  vars:
+    container_name: factorio
+  tags: factorio
diff --git a/ansible/roles/podman/tasks/container-fulfillr.yml b/ansible/roles/podman/tasks/container-fulfillr.yml
new file mode 100644
index 0000000..914b876
--- /dev/null
+++ b/ansible/roles/podman/tasks/container-fulfillr.yml
@@ -0,0 +1,54 @@
+---
+- name: create fulfillr host directory volumes
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0755
+  notify: restorecon podman
+  loop:
+    - "{{ fulfillr_path }}"
+  tags: fulfillr
+
+- name: template fulfillr config
+  become: true
+  ansible.builtin.template:
+    src: "templates/fulfillr/{{ item }}.j2"
+    dest: "{{ fulfillr_path }}/{{ item }}"
+    owner: "{{ podman_user }}"
+    group: "{{ podman_user }}"
+    mode: 0644
+  loop:
+    - production.json
+  notify:
+    - restorecon podman
+  tags: fulfillr
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+  tags: fulfillr
+
+- name: create fulfillr server container
+  become: true
+  become_user: "{{ podman_user }}"
+  containers.podman.podman_container:
+    name: fulfillr
+    image: "{{ aws_ecr_endpoint }}/fulfillr:20230503.1557"
+    command: --config /config/production.json
+    recreate: true
+    restart: true
+    restart_policy: on-failure:3
+    log_driver: journald
+    volumes:
+      - "{{ fulfillr_path }}:/config"
+    ports:
+      - 9054:8080/tcp
+  tags: fulfillr
+
+- name: create systemd startup job for fulfillr
+  include_tasks: systemd-generate.yml
+  vars:
+    container_name: fulfillr
+  tags: fulfillr
diff --git a/ansible/roles/podman/tasks/container-satisfactory.yml b/ansible/roles/podman/tasks/container-satisfactory.yml
deleted file mode 100644
index 1c75096..0000000
--- a/ansible/roles/podman/tasks/container-satisfactory.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-- name: create satisfactory host directory volumes
-  become: true
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{ podman_user }}"
-    group: "{{ podman_user }}"
-    mode: 0755
-  notify: restorecon podman
-  loop:
-    - "{{ satisfactory_path }}/config"
-  tags: satisfactory
-
-- name: flush handlers
-  ansible.builtin.meta: flush_handlers
-  tags: satisfactory
-
-- name: create satisfactory server container
-  become: true
-  become_user: "{{ podman_user }}"
-  containers.podman.podman_container:
-    name: satisfactory
-    image: docker.io/wolveix/satisfactory-server:latest
-    recreate: true
-    restart: true
-    restart_policy: on-failure:3
-    log_driver: journald
-    memory: 16g
-    memory_reservation: 12g
-    volumes:
-      - "{{ satisfactory_path }}/config:/config"
-    env:
-      MAXPLAYERS: 4
-      STEAMBETA: "false"
-    ports:
-      - "7777:7777/udp"
-      - "15000:15000/udp"
-      - "15777:15777/udp"
-  tags: satisfactory
-
-- name: create systemd startup job for satisfactory
-  include_tasks: systemd-generate.yml
-  vars:
-    container_name: satisfactory
-  tags: satisfactory
diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml
index af72177..51ece8b 100644
--- a/ansible/roles/podman/tasks/firewall.yml
+++ b/ansible/roles/podman/tasks/firewall.yml
@@ -5,23 +5,29 @@
     port: "{{ item }}"
     permanent: true
     immediate: true
-    zone: "public"
     state: enabled
   loop:
     - "{{ syslog_udp_default }}/udp"
     - "{{ syslog_udp_error }}/udp"
     - "{{ syslog_udp_unifi }}/udp"
-    - 1153/tcp
-    - 1153/udp
+    # nginx
+    - 80/tcp
     - 443/tcp
+    # pihole (unused?)
     - 53/tcp
     - 53/udp
+    # pihole (iptables preroute)
+    - 1153/tcp
+    - 1153/udp
+    # ???
     - 6875/tcp
-    - 80/tcp
-    # satisfactory
+    # Satisfactory
     - 7777/udp
     - 15000/udp
     - 15777/udp
+    # Factorio
+    - 27015/tcp
+    - 34197/udp
   notify: restart firewalld
   tags: firewall
 
@@ -31,7 +37,6 @@
     port: "{{ item }}"
     permanent: true
     immediate: true
-    zone: "public"
     state: disabled
   loop:
     - 2456/udp
diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml
index 220cf6b..382cb8d 100644
--- a/ansible/roles/podman/tasks/main.yml
+++ b/ansible/roles/podman/tasks/main.yml
@@ -11,6 +11,6 @@
 - import_tasks: container-bookstack.yml
 - import_tasks: container-photos.yml
 - import_tasks: container-cloud.yml
-- import_tasks: container-debyltech.yml
+- import_tasks: container-fulfillr.yml
 - import_tasks: container-nginx.yml
-- import_tasks: container-satisfactory.yml
+- import_tasks: container-factorio.yml
diff --git a/ansible/roles/podman/templates/debyltech/config.json.j2 b/ansible/roles/podman/templates/debyltech/config.json.j2
deleted file mode 100644
index c9a6b9a..0000000
--- a/ansible/roles/podman/templates/debyltech/config.json.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-{
-  "snipcart_api_key": "{{ snipcart_api_key }}",
-  "shippo_api_key": "{{ shippo_api_key }}",
-  "weight_unit": "g",
-  "dimension_unit": "cm",
-  "manufacture_country": "US",
-  "sender_address": {
-    "name": "de Byl Technologies LLC",
-    "address1": "176 Lull Rd",
-    "city": "Weare",
-    "state": "NH",
-    "country": "US",
-    "zip": "03281",
-    "email": "sales@debyltech.com"
-  },
-  "default_parcel": {
-    "length": "10",
-    "width": "19",
-    "height": "16.5"
-  }
-}
diff --git a/ansible/roles/podman/templates/fulfillr/production.json.j2 b/ansible/roles/podman/templates/fulfillr/production.json.j2
new file mode 100644
index 0000000..180f131
--- /dev/null
+++ b/ansible/roles/podman/templates/fulfillr/production.json.j2
@@ -0,0 +1,5 @@
+{
+  "snipcart_api_key": "{{ snipcart_api_key }}",
+  "shippo_api_key": "{{ shippo_api_key }}",
+  "label_file_type": "PNG"
+}
\ No newline at end of file
diff --git a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2
index 83cfb1c..567037c 100644
--- a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2
+++ b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2
@@ -2,7 +2,7 @@ upstream hass {
   server 127.0.0.1:8123;
 }
 server {
-  resolver 192.168.2.10 ipv6=off;
+  resolver 192.168.1.10 ipv6=off;
   modsecurity on;
   modsecurity_rules_file /etc/nginx/modsec_includes.conf;
 
diff --git a/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2
index 968f070..6dd30d5 100644
--- a/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2
+++ b/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2
@@ -4,7 +4,7 @@ upstream drone {
 
 geo $local_access {
   default 0;
-  192.168.2.1 1;
+  192.168.1.1 1;
 }
 
 server {
diff --git a/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2 b/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2
new file mode 100644
index 0000000..1fe3173
--- /dev/null
+++ b/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2
@@ -0,0 +1,24 @@
+upstream fulfillr {
+  server 127.0.0.1:9054;
+}
+server {
+  resolver 192.168.1.10 ipv6=off;
+  modsecurity on;
+  modsecurity_rules_file /etc/nginx/modsec_includes.conf;
+
+  listen 80;
+  server_name {{ fulfillr_server_name }};
+
+  location / {
+    allow 192.168.0.0/16;
+    allow 127.0.0.1;
+    deny all;
+
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header Upgrade         $http_upgrade;
+    proxy_set_header Connection      $connection_upgrade;
+
+    proxy_buffering off;
+    proxy_pass http://fulfillr;
+  }
+}
diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml
index 28cf17e..df20cf2 100644
Binary files a/ansible/vars/vault.yml and b/ansible/vars/vault.yml differ