diff --git a/.forgejo/workflows/CD.yml b/.forgejo/workflows/CD.yml
index 0e64fd6..e0ebc15 100644
--- a/.forgejo/workflows/CD.yml
+++ b/.forgejo/workflows/CD.yml
@@ -104,6 +104,7 @@ jobs:
           base_url: https://vault.bitwarden.com
           secrets: |
             267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
+            d9924181-b061-44e0-b7b9-b264004791eb > ag_main_host
             e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
             6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
             52512c15-b474-42c3-9835-b23e001edf35 > auth_host
@@ -121,6 +122,7 @@ jobs:
         run: |
           cat <<EOF > ansible/hosts.ini
           [iac]
+          dns.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ag_main_host }} ansible_user=mafyuh
           arrs.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arrs_host }} ansible_user=mafyuh
           ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
           arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424
diff --git a/.forgejo/workflows/ansible-playbooks.yml b/.forgejo/workflows/ansible-playbooks.yml
index f284074..bb8b588 100644
--- a/.forgejo/workflows/ansible-playbooks.yml
+++ b/.forgejo/workflows/ansible-playbooks.yml
@@ -38,6 +38,7 @@ jobs:
           base_url: https://vault.bitwarden.com
           secrets: |
             267abc49-f755-4c88-a2a8-b23d00503e31 > arrs_host
+            d9924181-b061-44e0-b7b9-b264004791eb > ag_main_host
             e74d1f67-c909-4a2e-b6fc-b23e001dfa4a > ai_host
             6f9cef86-eb39-4e05-8c5b-b23e001e6170 > arm_host
             52512c15-b474-42c3-9835-b23e001edf35 > auth_host
@@ -59,6 +60,7 @@ jobs:
           ai.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ai_host }} ansible_user=mafyuh ansible_port=2424
           arm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.arm_host }} ansible_user=ubuntu ansible_port=2424
           auth.lan ansible_host=${{ steps.bitwarden-secrets.outputs.auth_host }} ansible_user=mafyuh
+          dns.lan ansible_host=${{ steps.bitwarden-secrets.outputs.ag_main_host }} ansible_user=mafyuh
           jf.lan ansible_host=${{ steps.bitwarden-secrets.outputs.jf_host }} ansible_user=mafyuh
           kasm.lan ansible_host=${{ steps.bitwarden-secrets.outputs.kasm_host }} ansible_user=mafyuh
           netboot.lan ansible_host=${{ steps.bitwarden-secrets.outputs.netboot_host }} ansible_user=mafyuh
diff --git a/README.md b/README.md
index 515aa5d..cf53a17 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 [![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
-[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
+[![CD](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
+[![Ansible](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/ansible-playbooks.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
 [![Tofu](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/tofu.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
 [![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions)
 [![Pulls](https://git.mafyuh.dev/mafyuh/iac/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/iac/pulls)
diff --git a/ansible/playbooks/deploy-docker.yml b/ansible/playbooks/deploy-docker.yml
index 970d635..19d667e 100644
--- a/ansible/playbooks/deploy-docker.yml
+++ b/ansible/playbooks/deploy-docker.yml
@@ -2,8 +2,18 @@
   hosts: "{{ target_host }}"
   vars:
     repo_path: "/home/{{ ansible_user }}/iac/docker/{{ folder }}"
-    secrets_mapping_file: "/home/{{ ansible_user }}/iac/secret-mappings.yml"
+    secrets_mapping_file: "/home/{{ ansible_user }}/iac/docker/secret-mappings.yml"
   tasks:
+    - name: Ensure the repository is up-to-date
+      ansible.builtin.shell: git pull
+      args:
+        chdir: "{{ repo_path }}"
+      register: git_pull_output
+
+    - name: Display git pull output
+      ansible.builtin.debug:
+        var: git_pull_output.stdout_lines
+
     - name: Read secret mapping
       ansible.builtin.slurp:
         src: "{{ secrets_mapping_file }}"
@@ -25,16 +35,6 @@
           {{ key }}={{ lookup('bitwarden.secrets.lookup', secret_id, access_token=bw_access_token) }}
           {% endfor %}
 
-    - name: Ensure the repository is up-to-date
-      ansible.builtin.shell: git pull
-      args:
-        chdir: "{{ repo_path }}"
-      register: git_pull_output
-
-    - name: Display git pull output
-      ansible.builtin.debug:
-        var: git_pull_output.stdout_lines
-
     - name: Restart services using Docker Compose
       community.docker.docker_compose_v2:
         project_src: "{{ repo_path }}"
diff --git a/secret-mappings.yml b/docker/secret-mappings.yml
similarity index 100%
rename from secret-mappings.yml
rename to docker/secret-mappings.yml