diff --git a/ansible/roles/zenith_proxy/defaults/main.yml b/ansible/roles/zenith_proxy/defaults/main.yml
index 6b1a43aaa..02267cb87 100644
--- a/ansible/roles/zenith_proxy/defaults/main.yml
+++ b/ansible/roles/zenith_proxy/defaults/main.yml
@@ -15,7 +15,7 @@ zenith_proxy_pod_name: "{{ zenith_proxy_service_name }}"
 zenith_proxy_client_container_name: "{{ zenith_proxy_client_service_name }}"
 zenith_proxy_mitm_container_name: "{{ zenith_proxy_mitm_service_name }}"
 
-zenith_proxy_image_tag: '0.12.0'
+zenith_proxy_image_tag: '0.14.0'
 
 zenith_proxy_client_image_repository: ghcr.io/azimuth-cloud/zenith-client
 zenith_proxy_client_image: "{{ zenith_proxy_client_image_repository }}:{{ zenith_proxy_image_tag }}"
diff --git a/ansible/roles/zenith_proxy/templates/pod.service.j2 b/ansible/roles/zenith_proxy/templates/pod.service.j2
index d46617556..e10df23f7 100644
--- a/ansible/roles/zenith_proxy/templates/pod.service.j2
+++ b/ansible/roles/zenith_proxy/templates/pod.service.j2
@@ -9,7 +9,7 @@ Type=simple
 Restart=always
 User={{ zenith_proxy_podman_user }}
 Group={{ zenith_proxy_podman_user }}
-ExecStartPre=/usr/bin/podman pod create --replace --name {{ zenith_proxy_pod_name }}
+ExecStartPre=/usr/bin/podman pod create --replace --name {{ zenith_proxy_pod_name }} --network=slirp4netns
 ExecStartPre=/usr/bin/podman pod start {{ zenith_proxy_pod_name }}
 ExecStart=/usr/bin/podman-pod-infra-attach.sh {{ zenith_proxy_pod_name }}
 ExecStop=/usr/bin/podman pod stop --ignore -t 10 {{ zenith_proxy_pod_name }}
diff --git a/environments/.caas/hooks/post.yml b/environments/.caas/hooks/post.yml
index 309610ff9..eaaeb23f9 100644
--- a/environments/.caas/hooks/post.yml
+++ b/environments/.caas/hooks/post.yml
@@ -11,8 +11,6 @@
         zenith_proxy_upstream_host: "{{ ansible_host }}" # IP
         zenith_proxy_upstream_port: "{{ grafana_port }}"
         zenith_proxy_client_token: "{{ zenith_token_monitoring }}"
-        zenith_proxy_client_auth_params:
-          tenancy-id: "{{ openstack_project_id }}"
         zenith_proxy_mitm_enabled: yes
         zenith_proxy_mitm_auth_inject: basic
         zenith_proxy_mitm_auth_basic_username: "{{ grafana_security.admin_user }}"
@@ -31,8 +29,6 @@
         zenith_proxy_upstream_host: "{{ ansible_host }}" # IP
         zenith_proxy_upstream_port: 443
         zenith_proxy_client_token: "{{ zenith_token_ood }}"
-        zenith_proxy_client_auth_params:
-          tenancy-id: "{{ openstack_project_id }}"
         zenith_proxy_mitm_enabled: yes
         zenith_proxy_mitm_auth_inject: basic
         zenith_proxy_mitm_auth_basic_username: azimuth
diff --git a/environments/.caas/inventory/extra_groups b/environments/.caas/inventory/extra_groups
deleted file mode 100644
index 45a1dc7aa..000000000
--- a/environments/.caas/inventory/extra_groups
+++ /dev/null
@@ -1,16 +0,0 @@
-[basic_users:children]
-cluster
-
-[etc_hosts:children]
-cluster
-
-[zenith:children]
-grafana
-openondemand
-
-[manila:children]
-login
-compute
-
-[podman:children]
-zenith
diff --git a/environments/.caas/inventory/group_vars/all/basic_users.yml b/environments/.caas/inventory/group_vars/all/basic_users.yml
index 2823a4862..0e381486e 100644
--- a/environments/.caas/inventory/group_vars/all/basic_users.yml
+++ b/environments/.caas/inventory/group_vars/all/basic_users.yml
@@ -10,3 +10,6 @@ basic_users_users:
       - adm
       - systemd-journal
     sudo: azimuth ALL=(ALL) NOPASSWD:ALL
+
+# the path *on the control node* for the home directories depends on the filesystem:
+basic_users_homedir_server_path: "{{ '/home' if cluster_home_manila_share | bool else '/exports/home' }}"
diff --git a/environments/.caas/inventory/group_vars/all/hpctests.yml b/environments/.caas/inventory/group_vars/all/hpctests.yml
index 192c90c5a..a6a2c9174 100644
--- a/environments/.caas/inventory/group_vars/all/hpctests.yml
+++ b/environments/.caas/inventory/group_vars/all/hpctests.yml
@@ -8,3 +8,6 @@ hpctests_outdir: "{{ playbook_dir }}/.tmp/hpctests"
 # hpctests run by default in Azimuth but not trying to stress-test the nodes
 # just check compiler, mpi etc works
 hpctests_hpl_mem_frac: 0.05 # 5% node memory
+
+# use basic_user-defined user:
+hpctests_user: azimuth
diff --git a/environments/.caas/inventory/groups b/environments/.caas/inventory/groups
index f5665790f..dbafc523e 100644
--- a/environments/.caas/inventory/groups
+++ b/environments/.caas/inventory/groups
@@ -69,8 +69,9 @@ openhpc
 [proxy]
 # Hosts to configure http/s proxies - see ansible/roles/proxy/README.md
 
-[manila]
+[manila:children]
 # Hosts to configure for manila fileshares
+cluster
 
 [persist_hostkeys:children]
 # Hosts to use common set of hostkeys which persist across reimaging.
@@ -125,3 +126,10 @@ builder
 [gateway:children]
 # Add builder to this group to install gateway ansible-init playbook into image
 builder
+
+[zenith:children]
+grafana
+openondemand
+
+[podman:children]
+zenith