diff --git a/files/Dockerfile b/files/Dockerfile
index 0509f86..5e8269b 100644
--- a/files/Dockerfile
+++ b/files/Dockerfile
@@ -68,27 +68,28 @@ RUN echo "Configuring systemd" && \
         ls | grep -v systemd-tmpfiles-setup.service | xargs rm -f && \
         rm -f /lib/systemd/system/sockets.target.wants/*udev* && \
         systemctl mask -- \
-            tmp.mount \
-            etc-hostname.mount \
-            etc-hosts.mount \
-            etc-resolv.conf.mount \
-            -.mount \
-            swap.target \
-            getty.target \
+            apt-daily-upgrade.timer \
+            apt-daily.timer \
+            e2scrub_all.timer \
+            fstrim.timer \
             getty-static.service \
-            dev-mqueue.mount \
-            cgproxy.service \
-            systemd-tmpfiles-setup-dev.service \
-            systemd-remount-fs.service \
+            getty.target \
+            motd-news.timer \
+            swap.swap \
+            swap.target \
             systemd-ask-password-wall.path \
-            systemd-logind.service && \
-                systemctl mask -- \
-                        cron.service \
-                        dbus.service \
-                        exim4.service \
-                        ntp.service && \
+            systemd-logind.service \
+            systemd-remount-fs.service \
+            systemd-tmpfiles-setup.service \
+            tmp.mount && \
+        systemctl mask -- \
+            cron.service \
+            dbus.service \
+            ntp.service && \
         systemctl set-default multi-user.target || true && \
         sed -ri /etc/systemd/journald.conf -e 's!^#?Storage=.*!Storage=volatile!' && \
+        # Avoid port binding confict between dnsmasq and systemd-resolved && \
+        sed -i 's/#DNSStubListener=yes/DNSStubListener=no/' /etc/systemd/resolved.conf && \
         # Set locale && \
         localedef -i en_US -f UTF-8 en_US.UTF-8 && \
         # Configure openssh-server && \
diff --git a/files/usr/local/bin/provision-user b/files/usr/local/bin/provision-user
index 0106dbb..921f271 100755
--- a/files/usr/local/bin/provision-user
+++ b/files/usr/local/bin/provision-user
@@ -60,8 +60,8 @@ if [[ ! -f "/etc/kdk/provisioned" ]]; then
     install -m 0600 -o ${KDK_USERNAME} /dev/null /var/log/kdk-provision.log
 
     # Setup yadm dotfiles
-    runuser -l ${KDK_USERNAME} -c "yadm clone --bootstrap ${KDK_DOTFILES_REPO}" >> /var/log/kdk-provision.log 2>&1
-
-    mkdir -p /etc/kdk
-    echo 1 > /etc/kdk/provisioned
+    if runuser -l ${KDK_USERNAME} -c "yadm clone --bootstrap ${KDK_DOTFILES_REPO}" >> /var/log/kdk-provision.log 2>&1; then
+	mkdir -p /etc/kdk
+	echo 1 > /etc/kdk/provisioned
+    fi
 fi