diff --git a/_modules/fastd.py b/_modules/fastd.py
index 138825294ba3100614b9728c74cebfcae0959795..0dada6ec8b4e710291256d76a4d9f4cd7fdb049c 100644
--- a/_modules/fastd.py
+++ b/_modules/fastd.py
@@ -10,15 +10,15 @@ def mac(domain_id, host_id):
 
 
 def all_instances():
-    tmp = []
+    all = []
     for domain in __salt__['pillar.get']('domains'):
         domain_id = __salt__['pillar.get'](
             'domains:{}:domain_id'.format(domain))
         instances = __salt__['pillar.get'](
             'domains:{0}:fastd:instances'.format(domain), [])
-        tmp.extend(["dom{0}_{1}".format(domain_id, instance['mtu'])
+        all.extend(["dom{0}_{1}".format(domain_id, instance['mtu'])
                     for instance in instances])
-    return tmp
+    return all
 
 #  enumerate fastd interface names for mesh-announce
 
diff --git a/bird/files/gateway/direct.conf.j2 b/bird/files/gateway/direct.conf.j2
index 5b1ae9799f45408399083142504f87e04fe180f1..e254ef7e6f796d4515858b6cb4c05e90ba5aa84e 100644
--- a/bird/files/gateway/direct.conf.j2
+++ b/bird/files/gateway/direct.conf.j2
@@ -1,3 +1,3 @@
 protocol direct d_domains {
-	interface {% for domain in pillar['domains'].values() -%} "dom{{ domain['domain_id'] }}-br"{% if not loop.last %}, {% endif %}{% endfor %};
+	interface {% for domain in pillar['domains'].values()|sort(attribute='domain_id') -%} "dom{{ domain['domain_id'] }}-br"{% if not loop.last %}, {% endif %}{% endfor %};
 }
diff --git a/bird/files/gateway/radv.conf.j2 b/bird/files/gateway/radv.conf.j2
index 739bf3050edaacb60d17d20732f19968eac3fe3d..6bcd762d6ac27778bca7fdca87a925858f0a199a 100644
--- a/bird/files/gateway/radv.conf.j2
+++ b/bird/files/gateway/radv.conf.j2
@@ -6,7 +6,7 @@ protocol radv radv_dom{{ domain_id }} {
 		min delay {{ salt['pillar.get']('radv:min_delay', 3) }};
 		max ra interval 60;
 		other config yes;
-		{%- for prefix,prefixval in pillar['domains'][domain]['IPv6']['subnets'].items() %}
+		{%- for prefix,prefixval in pillar['domains'][domain]['IPv6']['subnets'].items()|sort %}
 		prefix {{ prefix }} {
 		{%- if not ('announce' in prefixval and prefixval['announce'] == False ) %}
 			valid lifetime 3600;
@@ -17,12 +17,12 @@ protocol radv radv_dom{{ domain_id }} {
 		};
 		{%- endfor %}
 		rdnss {
-			{%- for ns in pillar['domains'][domain]['IPv6']['name_servers'] %}
+			{%- for ns in pillar['domains'][domain]['IPv6']['name_servers']|sort %}
 			ns {{ ns }};
 			{%- endfor %}
 		};
 		dnssl {
-			{%- for domain in salt['pillar.get']('domains:%s:search'|format(domain)) %}
+			{%- for domain in salt['pillar.get']('domains:%s:search'|format(domain))|sort %}
 			domain "{{ domain }}";
 			{%- endfor %}
 		};
diff --git a/fastd/files/fastd-exporter.service.j2 b/fastd/files/fastd-exporter.service.j2
index e87c7a190c9167e54b1b9fce61184e5aaece4631..d99218abe25854d9f258b1f8702017240c3aa1d2 100644
--- a/fastd/files/fastd-exporter.service.j2
+++ b/fastd/files/fastd-exporter.service.j2
@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 Type=simple
-ExecStart=/usr/local/go/bin/fastd-exporter -instances {{ ','.join(salt['fastd.all_instances']()) }} --metrics.perpeer
+ExecStart=/usr/local/go/bin/fastd-exporter -instances {{ ','.join(salt['fastd.all_instances']()|sort) }} --metrics.perpeer
 
 [Install]
 WantedBy=multi-user.target
diff --git a/kea-dhcp/files/kea-dhcp6.conf.j2 b/kea-dhcp/files/kea-dhcp6.conf.j2
index 6d222ee1d4f224a8bd25c989548628c562d6d684..7551d676b7f7ea6f9af6e659e3a1ec10edb0e2d5 100644
--- a/kea-dhcp/files/kea-dhcp6.conf.j2
+++ b/kea-dhcp/files/kea-dhcp6.conf.j2
@@ -2,7 +2,7 @@
 "Dhcp6":
 {
   "interfaces-config": {
-    "interfaces": {{ salt['kea.v6_interfaces']()|json }}
+    "interfaces": {{ salt['kea.v6_interfaces']()|sort|json }}
   },
   "lease-database": {
     "type": "memfile",
diff --git a/network/files/ferm-domain-batman.conf.j2 b/network/files/ferm-domain-batman.conf.j2
index 4aad35b4e678d8afcd56b5499bdfd2f3e94f827c..29621a517dfa377fddfdfaad124a706a6eab0255 100644
--- a/network/files/ferm-domain-batman.conf.j2
+++ b/network/files/ferm-domain-batman.conf.j2
@@ -5,7 +5,7 @@
 domain (ip ip6) {
     table filter {
         chain FORWARD {
-            interface dom{{ domain_id }}-br saddr ({{ " ".join(nets4|list + nets6|list) }}) {
+            interface dom{{ domain_id }}-br saddr ({{ " ".join(nets4|sort + nets6|sort) }}) {
                 proto tcp dport smtp REJECT;
                 ACCEPT;
             }
@@ -13,7 +13,7 @@ domain (ip ip6) {
     }
     table nat {
         chain POSTROUTING {
-            outerface {{ salt['pillar.get']('ferm:public_interface', 'ens13') }} saddr ({{ ' '.join(nets4) }}) SNAT to {{ routing['internet']['addr4'] }};
+            outerface {{ salt['pillar.get']('ferm:public_interface', 'ens13') }} saddr ({{ ' '.join(nets4|sort) }}) SNAT to {{ routing['internet']['addr4'] }};
         }
     }
 }
diff --git a/network/files/ferm-vxlan-vtep.conf.j2 b/network/files/ferm-vxlan-vtep.conf.j2
index 66b98e7367f6c345ed0077c9bd3bf76388a0fbba..4bbb713af5ea1588f78fbb988726d57582795b2d 100644
--- a/network/files/ferm-vxlan-vtep.conf.j2
+++ b/network/files/ferm-vxlan-vtep.conf.j2
@@ -10,7 +10,7 @@ domain ip6 {
 
     table filter {
         chain INPUT {
-            saddr ({%- for ip in vtep.values() %}
+            saddr ({%- for ip in vtep.values()|sort %}
 				{{ ip }}
 			{%- endfor %}) proto udp dport 4789 ACCEPT;
         }
diff --git a/network/files/ifup-domain-batman.sh.j2 b/network/files/ifup-domain-batman.sh.j2
index 31a67c7a059db3a7f00e0a53d71c526dcad644a9..15a95e92405a5346521460e873f1d17f69272ba8 100644
--- a/network/files/ifup-domain-batman.sh.j2
+++ b/network/files/ifup-domain-batman.sh.j2
@@ -81,7 +81,7 @@
 	ip link set master dom{{ domain_id }}-bat dev dom{{ domain_id }}-tp
 	ip link set mtu {{ salt['pillar.get']('domains:%s:mtu'|format(domain), 1312) }} dev dom{{ domain_id }}-tp
 	{% endif %}
-	{%- for vtepIP in vtep.values() %}
+	{%- for vtepIP in vtep.values()|sort %}
 	bridge fdb append 00:00:00:00:00:00 dev dom{{ domain_id }}-tp dst {{ vtepIP }}
 	{%- endfor %}
 {% endif %}
diff --git a/yanic/files/ferm.conf.j2 b/yanic/files/ferm.conf.j2
index 426d77548c59fc329fc4e402ad17e13db7887831..740a4c01540f9855745d4dc366835af68f90f9a9 100644
--- a/yanic/files/ferm.conf.j2
+++ b/yanic/files/ferm.conf.j2
@@ -1,7 +1,7 @@
 domain (ip6) {
   table filter {
     chain INPUT {
-      interface ({%- for domain in salt['pillar.get']('domains', {}).values() %}dom{{ domain['domain_id'] }}-br{% if not loop.last %} {% endif %}{%- endfor %}) {
+      interface ({%- for domain in salt['pillar.get']('domains', {}).values()|sort(attribute='domain_id') %}dom{{ domain['domain_id'] }}-br{% if not loop.last %} {% endif %}{%- endfor %}) {
         saddr fe80::/64 proto udp dport 10001 ACCEPT;
       }
     }