diff --git a/Vagrantfile b/Vagrantfile
index 542b1a8..f45ce6c 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,5 +1,5 @@
 Vagrant.configure("2") do |config|
-    config.vm.box = "ubuntu/jammy64"
+    config.vm.box = "bento/ubuntu-24.04"
 
     config.vm.provider "virtualbox" do |v|
         v.memory = 1024
diff --git a/manifests/public.pp b/manifests/public.pp
index f2a8992..f24a22d 100644
--- a/manifests/public.pp
+++ b/manifests/public.pp
@@ -5,7 +5,7 @@
         # main_user                 => 'root',
         manual_npm_installs         => false,
         enable_tls                  => true,
-        secondary_domains           => $::fqdn ? {
+        secondary_domains           => $facts['fqdn'] ? {
             'srcomp.studentrobotics.org'    => ['srcomp.srobo.org'],
             default                         => [],
         },
diff --git a/modules/compbox/manifests/firewall.pp b/modules/compbox/manifests/firewall.pp
index 767c824..3e4e3c1 100644
--- a/modules/compbox/manifests/firewall.pp
+++ b/modules/compbox/manifests/firewall.pp
@@ -16,53 +16,53 @@
   firewall { '100 allow ssh access':
     dport  => 22,
     proto  => tcp,
-    action => accept,
+    jump   => accept,
   }
   firewall { '100 allow ssh access (v6)':
     dport     => 22,
     proto     => tcp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 
   # NTP
   firewall { '100 allow ntp access':
     dport  => 123,
     proto  => udp,
-    action => accept,
+    jump   => accept,
   }
   firewall { '100 allow ntp access (v6)':
     dport     => 123,
     proto     => udp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 
   # HTTP(S)
   firewall { '100 allow http and https access':
     dport  => [80, 443],
     proto  => tcp,
-    action => accept,
+    jump   => accept,
   }
   firewall { '100 allow http and https access (v6)':
     dport     => [80, 443],
     proto     => tcp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 
   # Mythic Beasts
-  firewall { '200 allow Mythic Beasts\' munin monitoring access':
+  firewall { '200 allow Mythic Beasts’ munin monitoring access':
     dport     => 4949,
     source    => '93.93.128.100',
     proto     => tcp,
-    action    => accept,
+    jump      => accept,
   }
-  firewall { '200 allow Mythic Beasts\' munin monitoring access (v6)':
+  firewall { '200 allow Mythic Beasts’ munin monitoring access (v6)':
     dport     => 4949,
     source    => '2a00:1098:0:80:1000::100',
     proto     => tcp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 }
diff --git a/modules/compbox/manifests/fw_post.pp b/modules/compbox/manifests/fw_post.pp
index 1ce0305..22bdb53 100644
--- a/modules/compbox/manifests/fw_post.pp
+++ b/modules/compbox/manifests/fw_post.pp
@@ -1,13 +1,13 @@
 class compbox::fw_post {
   firewall { '999 drop all':
     proto  => 'all',
-    action => 'drop',
+    jump   => 'drop',
     before => undef,
   }
   firewall { '999 drop all (v6)':
     proto     => 'all',
-    action    => 'drop',
+    jump      => 'drop',
     before    => undef,
-    provider  => 'ip6tables',
+    protocol  => 'ip6tables',
   }
 }
diff --git a/modules/compbox/manifests/fw_pre.pp b/modules/compbox/manifests/fw_pre.pp
index d18f285..dca65a6 100644
--- a/modules/compbox/manifests/fw_pre.pp
+++ b/modules/compbox/manifests/fw_pre.pp
@@ -6,48 +6,48 @@
   # Default firewall rules (IPv4)
   firewall { '000 accept all icmp':
     proto  => 'icmp',
-    action => 'accept',
+    jump   => 'accept',
   }->
   firewall { '001 accept all to lo interface':
     proto   => 'all',
     iniface => 'lo',
-    action  => 'accept',
+    jump    => 'accept',
   }->
   firewall { '002 reject local traffic not on loopback interface':
     iniface     => '! lo',
     proto       => 'all',
     destination => '127.0.0.1/8',
-    action      => 'reject',
+    jump        => 'reject',
   }->
   firewall { '003 accept related established rules':
     proto  => 'all',
     state  => ['RELATED', 'ESTABLISHED'],
-    action => 'accept',
+    jump   => 'accept',
   }
 
   # Default firewall rules (IPv6)
   firewall { '000 accept all icmp (v6)':
     proto     => 'ipv6-icmp',
-    action    => 'accept',
-    provider  => 'ip6tables',
+    jump      => 'accept',
+    protocol  => 'ip6tables',
   }->
   firewall { '001 accept all to lo interface (v6)':
     proto     => 'all',
     iniface   => 'lo',
-    action    => 'accept',
-    provider  => 'ip6tables',
+    jump      => 'accept',
+    protocol  => 'ip6tables',
   }->
   firewall { '002 reject local traffic not on loopback interface (v6)':
     iniface     => '! lo',
     proto       => 'all',
     destination => '::1',
-    action      => 'reject',
-    provider    => 'ip6tables',
+    jump        => 'reject',
+    protocol    => 'ip6tables',
   }->
   firewall { '003 accept related established rules (v6)':
     proto     => 'all',
     state     => ['RELATED', 'ESTABLISHED'],
-    action    => 'accept',
-    provider  => 'ip6tables',
+    jump      => 'accept',
+    protocol  => 'ip6tables',
   }
 }
diff --git a/modules/compbox/manifests/hostname.pp b/modules/compbox/manifests/hostname.pp
index cf04843..9343cae 100644
--- a/modules/compbox/manifests/hostname.pp
+++ b/modules/compbox/manifests/hostname.pp
@@ -3,14 +3,14 @@
 
 class compbox::hostname ( $hostname = hiera('hostname') ) {
 
-  if $::fqdn != $hostname {
-    host { $::fqdn:
+  if $facts['fqdn'] != $hostname {
+    host { $facts['fqdn']:
       ensure  => absent,
       before  => Exec['hostnamectl'],
     }
 
-    if $::fqdn != $::hostname {
-      host { $::hostname:
+    if $facts['fqdn'] != $facts['hostname'] {
+      host { $facts['hostname']:
         ensure  => absent,
         before  => Exec['hostnamectl'],
       }
diff --git a/modules/compbox/manifests/init.pp b/modules/compbox/manifests/init.pp
index c058de6..78db867 100644
--- a/modules/compbox/manifests/init.pp
+++ b/modules/compbox/manifests/init.pp
@@ -192,7 +192,7 @@
 
     # Screens and stream
     class { '::nodejs':
-        repo_url_suffix         => '20.x',
+        repo_version        => '20',
     } ->
     compbox::npm_install { 'yarn':
         ensure              => present,
@@ -447,7 +447,7 @@
     }
 
     # Nginx configuration
-    $www_hostname = $::fqdn
+    $www_hostname = $facts['fqdn']
     if $enable_tls {
         package { 'snapd':
             ensure      => present,
@@ -539,7 +539,7 @@
     }
     service { 'sshd':
         ensure  => running,
-        name    => $::osfamily ? {
+        name    => $facts['os']['family'] ? {
             'Debian'  => 'ssh',
             default   => 'sshd',
         },
diff --git a/modules/firewall b/modules/firewall
index 49a7d76..40d2d35 160000
--- a/modules/firewall
+++ b/modules/firewall
@@ -1 +1 @@
-Subproject commit 49a7d761abd5ad1512ca07b5bf0c603434bee039
+Subproject commit 40d2d35c291071612798075fd8c9eada9d6da469
diff --git a/modules/nodejs b/modules/nodejs
index 81c59f8..57a060f 160000
--- a/modules/nodejs
+++ b/modules/nodejs
@@ -1 +1 @@
-Subproject commit 81c59f8d1a3742ea63130487c96f8e2b9ec3876e
+Subproject commit 57a060f3262e298dde24ef7514a55da79ac7b527
diff --git a/modules/stdlib b/modules/stdlib
index 45454b8..52740b7 160000
--- a/modules/stdlib
+++ b/modules/stdlib
@@ -1 +1 @@
-Subproject commit 45454b8de4ff8f860f6f78438107133e510336ed
+Subproject commit 52740b7c3570b1828ed78c02a566b92a8c2b7329