diff --git a/bundles/letsencrypt/metadata.py b/bundles/letsencrypt/metadata.py
index 24f9d9e..75211ef 100644
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@@ -51,14 +51,23 @@ def renew(metadata):
     'letsencrypt/domains'
 )
 def delegated_domains(metadata):
+    delegated_domains = {
+        domain
+            for other_node in repo.nodes
+            if other_node.has_bundle('letsencrypt')
+                and other_node.metadata.get('letsencrypt/delegate_to_node', None) == node.name
+            for domain in other_node.metadata.get('letsencrypt/domains').keys()
+    }
+
     return {
         'letsencrypt': {
             'domains': {
                 domain: set()
-                    for other_node in repo.nodes
-                    if other_node.has_bundle('letsencrypt')
-                        and other_node.metadata.get('letsencrypt/delegate_to_node', None) == node.name
-                    for domain in other_node.metadata.get('letsencrypt/domains').keys()
+                    for domain in delegated_domains
             },
         },
+        'dns': {
+            domain: repo.libs.dns.get_a_records(metadata, internal=False)
+                for domain in delegated_domains
+        },
     }
diff --git a/bundles/mosquitto/metadata.py b/bundles/mosquitto/metadata.py
new file mode 100644
index 0000000..5238450
--- /dev/null
+++ b/bundles/mosquitto/metadata.py
@@ -0,0 +1,20 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'mosquitto': {},
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'letsencrypt/domains'
+)
+def letsencrypt(metadata):
+    return  {
+        'letsencrypt': {
+            'domains': {
+                metadata.get('mosquitto/hostname'): set(),
+            },
+        },
+    }
diff --git a/bundles/opendkim/files/key_table b/bundles/opendkim/files/key_table
index d669afe..18a3edd 100644
--- a/bundles/opendkim/files/key_table
+++ b/bundles/opendkim/files/key_table
@@ -1,3 +1,3 @@
-% for domain in domains:
+% for domain in sorted(domains):
 mail._domainkey.${domain} ${domain}:mail:/etc/opendkim/keys/${domain}/mail.private
 % endfor
diff --git a/bundles/opendkim/files/signing_table b/bundles/opendkim/files/signing_table
index 90bf076..88f087f 100644
--- a/bundles/opendkim/files/signing_table
+++ b/bundles/opendkim/files/signing_table
@@ -1,3 +1,3 @@
-% for domain in domains:
+% for domain in sorted(domains):
 *@${domain} mail._domainkey.${domain}
 % endfor
diff --git a/nodes/home.server.py b/nodes/home.server.py
index d33df89..35257c9 100644
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@@ -13,6 +13,7 @@
         'grafana',
         'influxdb2',
         'mirror',
+        'mosquitto',
         'postgresql',
         'redis',
         'smartctl',
@@ -51,6 +52,9 @@
         'letsencrypt': {
             'delegate_to_node': 'htz.mails',
         },
+        'mosquitto': {
+            'hostname': 'mqtt.sublimity.de',
+        },
         'nextcloud': {
             'hostname': 'cloud.sublimity.de',
             'version': '21.0.5',
@@ -61,11 +65,6 @@
                 'destination': 'Bilder/Chronologie',
             },
         },
-        'users': {
-            'root': {
-                'shell': '/usr/bin/zsh',
-            },
-        },
         'vm': {
             'cores': 2,
             'ram':  16192,
diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py
index 1bdd129..c2a0164 100644
--- a/nodes/htz.mails.py
+++ b/nodes/htz.mails.py
@@ -69,7 +69,7 @@
         'mailserver': {
             'hostname': 'mail.sublimity.de',
             'admin_email': 'postmaster@sublimity.de',
-            'domains': [
+            'domains': {
                 'ckn.li',
                 'sublimity.de',
                 'freibrief.net',
@@ -79,7 +79,7 @@
                 'wettengl.net',
                 'wingl.de',
                 'woodpipe.de',
-            ],
+            },
         },
         'rspamd': {
             'hostname': 'rspamd.sublimity.de',