diff --git a/k8s/manifests/dispatcher-cronjob.yaml b/k8s/manifests/dispatcher-cronjob.yaml
index 8833f2f..97e79ba 100644
--- a/k8s/manifests/dispatcher-cronjob.yaml
+++ b/k8s/manifests/dispatcher-cronjob.yaml
@@ -41,7 +41,7 @@ spec:
                       name: dispatcher-approle
                       key: secret_id
                 - name: VIKUNJA_BASE_URL
-                  value: "https://tasks.ctz.fyi"
+                  value: "http://vikunja.vikunja.svc.cluster.local:3456"
                 - name: VIKUNJA_PROJECT_ID
                   value: "78"
                 - name: VIKUNJA_TODO_BUCKET_ID
diff --git a/k8s/policies/networkpolicy.yaml b/k8s/policies/networkpolicy.yaml
index 7095d1c..8b5b9e1 100644
--- a/k8s/policies/networkpolicy.yaml
+++ b/k8s/policies/networkpolicy.yaml
@@ -51,7 +51,7 @@ spec:
         - port: 6443
           protocol: TCP
 ---
-# Allow dispatcher egress to k8s API and OpenBao only
+# Allow dispatcher egress to k8s API, OpenBao, and Vikunja
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
@@ -78,3 +78,18 @@ spec:
       ports:
         - port: 8200
           protocol: TCP
+    # Vikunja in-cluster
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: vikunja
+      ports:
+        - port: 3456
+          protocol: TCP
+    # k8s API server
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+      ports:
+        - port: 6443
+          protocol: TCP