diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index 2907c09..1b23cab 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -34,7 +34,6 @@ services:
   wireguard:
     domain: "wg01.vpn.{{ base_domain }}"
     volume: "{{ base_volume }}/wireguard"
-    port: 51820
     version: arm64v8-alpine
 
   snowflake:
diff --git a/roles/docker/tasks/services.yml b/roles/docker/tasks/services.yml
index 0eb37c9..c0f5a22 100644
--- a/roles/docker/tasks/services.yml
+++ b/roles/docker/tasks/services.yml
@@ -7,6 +7,14 @@
     mode: u=rwx,g=rx,o=rx
     state: directory
 
+- name: Create Docker network for services
+  docker_network:
+    name: services
+    ipam_config:
+      - subnet: 172.17.0.0/16
+        gateway: 172.17.0.1
+    state: present
+
 - name: Deploy services
   include_tasks: "services/{{ item.service }}.yml"
   loop: "{{ services | dict2items(key_name='service') }}"
diff --git a/roles/docker/tasks/services/caddy.yml b/roles/docker/tasks/services/caddy.yml
index 9c47a45..72e3582 100644
--- a/roles/docker/tasks/services/caddy.yml
+++ b/roles/docker/tasks/services/caddy.yml
@@ -24,7 +24,8 @@
     name: caddy
     image: "caddy:{{ services.caddy.version }}"
     restart_policy: unless-stopped
-    network_mode: host
+    networks:
+      - services
     volumes:
       - "{{ services.caddy.volume }}/Caddyfile:/etc/caddy/Caddyfile:ro"
       - "{{ services.caddy.volume }}/config:/config:rw"
diff --git a/roles/docker/tasks/services/emby.yml b/roles/docker/tasks/services/emby.yml
index 2315bb2..3942dbd 100644
--- a/roles/docker/tasks/services/emby.yml
+++ b/roles/docker/tasks/services/emby.yml
@@ -15,12 +15,14 @@
 
 - name: Deploy Emby Docker container
   docker_container:
-    name: emby
+    name: emby_app
     image: "emby/embyserver_arm64v8:{{ services.emby.version }}"
     restart_policy: unless-stopped
     env:
       UID: '1000'
       GID: '1000'
+    networks:
+      - services
     volumes:
       - "{{ services.emby.volume }}/programdata:/config:rw"
       - "{{ services.emby.volume }}/tvshows:/mnt/share1:rw"
diff --git a/roles/docker/tasks/services/monerod.yml b/roles/docker/tasks/services/monerod.yml
index 1207821..41b03a0 100644
--- a/roles/docker/tasks/services/monerod.yml
+++ b/roles/docker/tasks/services/monerod.yml
@@ -7,9 +7,11 @@
 
 - name: Deploy Monero node Docker container
   docker_container:
-    name: monerod
+    name: monerod_node
     image: "sethsimmons/simple-monerod:{{ services.monerod.version }}"
     restart_policy: unless-stopped
+    networks:
+      - services
     volumes:
       - monerod-node-blockchain:/home/monero/.bitmonero:rw
     command:
@@ -20,4 +22,3 @@
       - --enable-dns-blocklist
     published_ports:
       - '18080:18080'
-      - '127.0.0.1:18081:18089'
diff --git a/roles/docker/tasks/services/nextcloud.yml b/roles/docker/tasks/services/nextcloud.yml
index 01adc76..bc54a79 100644
--- a/roles/docker/tasks/services/nextcloud.yml
+++ b/roles/docker/tasks/services/nextcloud.yml
@@ -74,12 +74,17 @@
             REDIS_HOST_PASSWORD: "{{ secrets.nextcloud.redis_pw }}"
             PHP_MEMORY_LIMIT: 2G
             PHP_UPLOAD_LIMIT: 16G
+          networks:
+            - default
+            - services
           volumes:
             - "{{ services.nextcloud.volume }}/app:/var/www/html:rw"
             - "{{ services.nextcloud.volume }}/apache2/apache2.conf:/etc/apache2/apache2.conf:ro"
             - "{{ services.nextcloud.volume }}/apache2/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
-          ports:
-            - '127.0.0.1:8080:80'
           depends_on:
             - postgres
             - redis
+
+      networks:
+        services:
+          external: true
diff --git a/roles/docker/tasks/services/wireguard.yml b/roles/docker/tasks/services/wireguard.yml
index f9e39b0..3d00cc5 100644
--- a/roles/docker/tasks/services/wireguard.yml
+++ b/roles/docker/tasks/services/wireguard.yml
@@ -14,7 +14,7 @@
     restart_policy: unless-stopped
     env:
       SERVERURL: "{{ services.wireguard.domain }}"
-      SERVERPORT: "{{ services.wireguard.port }}"
+      SERVERPORT: 51820
       PEERS: "{{ secrets.wireguard.peers }}"
       PEERDNS: auto
       TZ: "{{ timezone }}"
@@ -22,7 +22,7 @@
       - "{{ services.wireguard.volume }}:/config:rw"
       - /lib/modules:/lib/modules:rw
     published_ports:
-      - "{{ services.wireguard.port }}:{{ services.wireguard.port }}/udp"
+      - '51820:51820/udp'
     capabilities:
       - net_admin
       - sys_module
diff --git a/roles/docker/templates/Caddyfile.j2 b/roles/docker/templates/Caddyfile.j2
index 43d0493..db529c4 100644
--- a/roles/docker/templates/Caddyfile.j2
+++ b/roles/docker/templates/Caddyfile.j2
@@ -13,7 +13,7 @@
         -Server
     }
 
-    reverse_proxy localhost:8080
+    reverse_proxy nextcloud_app_1:80
 }
 
 {{ services.emby.domain }} {
@@ -24,7 +24,7 @@
         -Server
     }
 
-    reverse_proxy localhost:8096
+    reverse_proxy emby_app:8096
 }
 
 {{ services.monerod.domain }}:18089 {
@@ -35,5 +35,5 @@
         -Server
     }
 
-    reverse_proxy localhost:18081
+    reverse_proxy monerod_node:18089
 }
diff --git a/roles/docker/templates/daemon.json.j2 b/roles/docker/templates/daemon.json.j2
index ce3b976..de7efe6 100644
--- a/roles/docker/templates/daemon.json.j2
+++ b/roles/docker/templates/daemon.json.j2
@@ -1,11 +1,5 @@
 {
   "data-root": "{{ ssd_mount_point }}/docker-runtime",
-  "default-address-pools": [
-    {
-      "base": "172.17.0.0/16",
-      "size": 24
-    }
-  ],
   "ipv6": true,
   "fixed-cidr-v6": "fd00::/80"
 }