diff --git a/cloudflare/main.tf b/cloudflare/main.tf
index 40e71f6..dd3fb0a 100644
--- a/cloudflare/main.tf
+++ b/cloudflare/main.tf
@@ -64,6 +64,25 @@ resource "cloudflare_record" "vpn_wildcard" {
   ttl    = 3600
 }
 
+/**
+ *   vpn.bb8.fun
+ * *.vpn.bb8.fun
+ */
+resource "cloudflare_record" "dovpn" {
+  domain = "${var.domain}"
+  name   = "dovpn"
+  value  = "${var.ips["dovpn"]}"
+  type   = "A"
+}
+
+resource "cloudflare_record" "dovpn_wildcard" {
+  domain = "${var.domain}"
+  name   = "*.dovpn.${var.domain}"
+  value  = "${cloudflare_record.dovpn.hostname}"
+  type   = "CNAME"
+  ttl    = 3600
+}
+
 ########################
 ## Mailgun Mailing Lists
 ########################
diff --git a/kubernetes.tf b/kubernetes.tf
new file mode 100644
index 0000000..8ab7a7e
--- /dev/null
+++ b/kubernetes.tf
@@ -0,0 +1,9 @@
+module "etcd" {
+  source   = "modules/etcd"
+  host_ip  = "${var.ips["dovpn"]}"
+  data_dir = "/mnt/xwing/etcd"
+
+  providers = {
+    docker = "docker.sydney"
+  }
+}
diff --git a/media/airsonic.tf b/media/airsonic.tf
index 74986bf..695e5a0 100644
--- a/media/airsonic.tf
+++ b/media/airsonic.tf
@@ -4,7 +4,7 @@ module "airsonic" {
   name   = "airsonic"
 
   resource {
-    memory = "256"
+    memory = "1024"
   }
 
   web {
@@ -13,8 +13,6 @@ module "airsonic" {
     expose = true
   }
 
-  user = "lounge:audio"
-
   env = [
     "PUID=1004",
     "PGID=1003",
@@ -22,6 +20,11 @@ module "airsonic" {
     "JAVA_OPTS=-Xmx512m -Dserver.use-forward-headers=true -Dserver.context-path=/",
   ]
 
+  devices = [{
+    host_path      = "/dev/snd"
+    container_path = "/dev/snd"
+  }]
+
   # files = [
   #   "/usr/lib/jvm/java-1.8-openjdk/jre/lib/airsonic.properties",
   #   "/usr/lib/jvm/java-1.8-openjdk/jre/lib/sound.properties",
@@ -50,6 +53,10 @@ module "airsonic" {
       host_path      = "/mnt/xwing/config/airsonic/podcasts"
       container_path = "/podcasts"
     },
+    {
+      host_path      = "/mnt/xwing/config/airsonic/jre"
+      container_path = "/usr/lib/jvm/java-1.8-openjdk/jre/lib/"
+    },
   ]
 }
 
diff --git a/media/jackett.tf b/media/jackett.tf
index e036c62..3b54030 100644
--- a/media/jackett.tf
+++ b/media/jackett.tf
@@ -9,8 +9,6 @@ module "jackett" {
     host   = "jackett.${var.domain}"
   }
 
-  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
-
   volumes = [{
     host_path      = "/mnt/xwing/config/jackett"
     container_path = "/config"
diff --git a/media/radarr.tf b/media/radarr.tf
index d656a10..06ef78f 100644
--- a/media/radarr.tf
+++ b/media/radarr.tf
@@ -14,8 +14,6 @@ module "radarr" {
     memory_swap = 1024
   }
 
-  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
-
   volumes = [
     {
       host_path      = "/mnt/xwing/config/radarr"
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 2c9d59c..248bb55 100644
--- a/modules/container/main.tf
+++ b/modules/container/main.tf
@@ -3,7 +3,7 @@ data "docker_registry_image" "image" {
 }
 
 resource "docker_image" "image" {
-  name          = "${data.docker_registry_image.image.name}"
+  name          = "${var.image}"
   pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
 }
 
@@ -31,6 +31,7 @@ resource "docker_container" "container" {
   memory_swap = "${local.resource["memory_swap"]}"
 
   volumes = ["${var.volumes}"]
+  devices = ["${var.devices}"]
 
   # Look at this monstrosity
   # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 0540ab0..b77fda6 100644
--- a/modules/container/vars.tf
+++ b/modules/container/vars.tf
@@ -88,3 +88,9 @@ variable "volumes" {
   type        = "list"
   default     = []
 }
+
+variable "devices" {
+  description = "volumes"
+  type        = "list"
+  default     = []
+}
diff --git a/modules/etcd/main.tf b/modules/etcd/main.tf
new file mode 100644
index 0000000..fb22601
--- /dev/null
+++ b/modules/etcd/main.tf
@@ -0,0 +1,48 @@
+module "container" {
+  source = "../container"
+  image  = "captn3m0/etcd:v3.3.11"
+  name   = "etcd"
+
+  web = {
+    expose = false
+    host   = ""
+  }
+
+  networks = []
+
+  volumes = [
+    {
+      host_path      = "/usr/share/ca-certificates/"
+      container_path = "/etc/ssl/certs"
+    },
+    {
+      host_path      = "${var.data_dir}"
+      container_path = "/etcd-data"
+    },
+  ]
+
+  ports = [
+    {
+      internal = 2379
+      external = 2379
+      ip       = "${var.host_ip}"
+    },
+    {
+      internal = 2380
+      external = 2380
+      ip       = "${var.host_ip}"
+    },
+  ]
+
+  command = [
+    "/usr/local/bin/etcd",
+    "--data-dir=/etcd-data",
+    "--name=${var.node_name}",
+    "--advertise-client-urls=http://${var.host_ip}:2379",
+    "--initial-advertise-peer-urls=http://${var.host_ip}:2380",
+    "--initial-cluster=${var.node_name}=http://${var.host_ip}:2380",
+  ]
+
+  # "--listen-client-urls=http://0.0.0.0:2379",
+  # "--listen-peer-urls=http://0.0.0.0:2380",
+}
diff --git a/modules/etcd/variables.tf b/modules/etcd/variables.tf
new file mode 100644
index 0000000..dbaef83
--- /dev/null
+++ b/modules/etcd/variables.tf
@@ -0,0 +1,15 @@
+variable "host_ip" {
+  description = "Host IP Address to bind etcd to"
+  type        = "string"
+  default     = "0.0.0.0"
+}
+
+variable "data_dir" {
+  description = "Directory on host to mount to /etcd-data"
+  type        = "string"
+}
+
+variable "node_name" {
+  description = "name of the etcd node"
+  default     = "master"
+}
diff --git a/variables.tf b/variables.tf
index 1f50bdc..7a4dce8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -27,6 +27,7 @@ variable "ips" {
   default = {
     eth0   = "192.168.1.111"
     tun0   = "10.8.0.14"
+    dovpn  = "10.8.0.1"
     static = "139.59.48.222"
   }
 }