diff --git a/data/common/common.yaml b/data/common/common.yaml
--- a/data/common/common.yaml
+++ b/data/common/common.yaml
@@ -920,10 +920,11 @@
     deploy_hook: gandi_paas
   netbox:
     domains:
-      - inventory.internal.softwareheritage.org
-  netbox-vagrant:
+      - inventory.internal.admin.swh.network
+  # legacy hostname, needed for the redirect
+  inventory.internal.softwareheritage.org:
     domains:
-      - inventory-vagrant.internal.softwareheritage.org
+      - inventory.internal.softwareheritage.org
 
 bind::update_key: local-update
 
@@ -1034,7 +1035,11 @@
   inventory/CNAME:
     type: CNAME
     record: inventory.internal.softwareheritage.org
-    data: bojimans.internal.softwareheritage.org.
+    data: bojimans.internal.admin.swh.network.
+  inventory-admin/CNAME:
+    type: CNAME
+    record: inventory.internal.admin.swh.network
+    data: bojimans.internal.admin.swh.network.
   glyptotek/A: # OPNSense firewall, not managed by puppet
     record: "%{alias('opnsense::hosts.glyptotek.fqdn')}"
     data: "%{alias('opnsense::hosts.glyptotek.ip')}"
@@ -3593,8 +3598,8 @@
 netbox::allowed_hosts:
   - "*"
   - "localhost"
-netbox::vhost::letsencrypt_cert: netbox
-netbox::vhost::name: inventory.internal.softwareheritage.org
+netbox::vhost::letsencrypt_cert: inventory.internal.admin.swh.network
+netbox::vhost::name: inventory.internal.admin.swh.network
 netbox::backend::url: "http://localhost:%{hiera('netbox::gunicorn::port')}/"
 netbox::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}"
 netbox::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}"
diff --git a/data/hostname/bojimans.internal.admin.swh.network.yaml b/data/hostname/bojimans.internal.admin.swh.network.yaml
new file mode 100644
--- /dev/null
+++ b/data/hostname/bojimans.internal.admin.swh.network.yaml
@@ -0,0 +1,7 @@
+--- 
+apache::rewrite_domains:
+  # Must have matching certificates in letsencrypt::certificates
+  inventory.internal.softwareheritage.org:
+    rewrites:
+      - "^.*$ https://inventory.internal.admin.swh.network"
+
diff --git a/data/hostname/bojimans.internal.softwareheritage.org.yaml b/data/hostname/bojimans.internal.softwareheritage.org.yaml
deleted file mode 100644
--- a/data/hostname/bojimans.internal.softwareheritage.org.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-networks:
-  eth0:
-    address: 192.168.100.199
-    netmask: 24
-    gateway: 192.168.100.1
diff --git a/data/subnets/vagrant.yaml b/data/subnets/vagrant.yaml
--- a/data/subnets/vagrant.yaml
+++ b/data/subnets/vagrant.yaml
@@ -51,8 +51,6 @@
 
 dns::forward_zones: { }
 
-netbox::vhost::letsencrypt_cert: inventory-vagrant
-netbox::vhost::name: inventory-vagrant.internal.softwareheritage.org
 netbox::mail::from: inventory+vagrant@softwareheritage.org
 netbox::admin::email: sysop+vagrant@softwareheritage.org
 
@@ -89,6 +87,11 @@
     host: dali.internal.admin.swh.network
     aliases:
       - db1.internal.admin.swh.network
+  10.168.50.60:
+    host: bojimans.internal.admin.swh.network
+    aliases:
+      - inventory.internal.admin.swh.network
+      - inventory.internal.softwareheritage.org
   10.168.100.18:
     host: banco.internal.softwareheritage.org
     aliases:
@@ -181,10 +184,6 @@
     host: belvedere.internal.softwareheritage.org
     aliases:
       - db.internal.softwareheritage.org
-  10.168.100.199:
-    host: bojimans.internal.softwareheritage.org
-    aliases:
-      - inventory.internal.softwareheritage.org
   10.168.100.201:
     host: kafka1.internal.softwareheritage.org
     aliases:
diff --git a/manifests/site.pp b/manifests/site.pp
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -207,7 +207,7 @@
   include role::swh_remote_objstorage
 }
 
-node 'bojimans.internal.softwareheritage.org' {
+node 'bojimans.internal.admin.swh.network' {
   include role::swh_netbox
 }
 
diff --git a/site-modules/profile/manifests/netbox/reverse_proxy.pp b/site-modules/profile/manifests/netbox/reverse_proxy.pp
--- a/site-modules/profile/manifests/netbox/reverse_proxy.pp
+++ b/site-modules/profile/manifests/netbox/reverse_proxy.pp
@@ -4,7 +4,7 @@
   $static_path = "${install_path}/netbox/static"
 
   ::profile::reverse_proxy {'netbox':
-    extra_apache_opts => {
+    extra_apache_opts   => {
       proxy_preserve_host => true,
       aliases             => [
         { alias => '/static',
diff --git a/site-modules/role/manifests/swh_netbox.pp b/site-modules/role/manifests/swh_netbox.pp
--- a/site-modules/role/manifests/swh_netbox.pp
+++ b/site-modules/role/manifests/swh_netbox.pp
@@ -2,4 +2,6 @@
 class role::swh_netbox inherits role::swh_server {
   include profile::netbox
   include profile::netbox::reverse_proxy
+  # redirect inventory.i.s.o -> inventory.i.a.s.n
+  include profile::apache::rewrite_domains
 }