From 59cd225e0e2c3cb0948c0c474a02b995162cdb01 Mon Sep 17 00:00:00 2001
From: Kelin <kelin@kelinshomelab.duckdns.org>
Date: Tue, 3 Feb 2026 22:48:27 -0500
Subject: [PATCH] Fix variable substitution in users_database.yml

- Update localize_users_database_file to properly resolve nested variables in AUTHELIA_ADMIN_EMAIL
- Fix template to use correct AUTHELIA_* variables instead of DEFAULT_* variables
- Update deploy-core.sh to only process files containing variables and fix .env path
- Fix file permissions for authelia config files
---
 .../core/authelia/config/configuration.yml    |  24 +-
 .../core/authelia/config/db.sqlite3           | Bin 0 -> 225280 bytes
 .../core/authelia/config/notification.txt     |   0
 .../core/authelia/config/users_database.yml   |  22 +-
 .../config/users_database.yml.template        |   8 +-
 .../core/authelia/secrets/users_database.yml  |  19 ++
 docker-compose/core/deploy-core.sh            |  19 +-
 docker-compose/core/docker-compose.yml        |  12 +-
 .../core/duckdns/config/logrotate.conf        |   5 +
 .../dynamic/external-host-homeassistant.yml   |   4 +-
 .../traefik/dynamic/local-host-production.yml | 248 +++++++++---------
 .../core/traefik/dynamic/sablier.yml          | 172 ++++++------
 docker-compose/core/traefik/traefik.yml       |   2 +-
 scripts/common.sh                             |   2 +-
 14 files changed, 278 insertions(+), 259 deletions(-)
 create mode 100644 docker-compose/core/authelia/config/db.sqlite3
 create mode 100644 docker-compose/core/authelia/config/notification.txt
 create mode 100644 docker-compose/core/authelia/secrets/users_database.yml
 create mode 100644 docker-compose/core/duckdns/config/logrotate.conf

diff --git a/docker-compose/core/authelia/config/configuration.yml b/docker-compose/core/authelia/config/configuration.yml
index 4fa2f41..3acecb8 100644
--- a/docker-compose/core/authelia/config/configuration.yml
+++ b/docker-compose/core/authelia/config/configuration.yml
@@ -11,12 +11,12 @@ log:
 
 theme: dark
 
-jwt_secret: ${AUTHELIA_JWT_SECRET}
+jwt_secret: 4f263cdfa9929d007551fd5a5a6b552f7e17127cc4bb425b375a8532631d527b6b591a560a784552a33767699391973799e7472b679e7f94fcf4aca2ce5b2efc
 
-default_redirection_url: https://auth.${DOMAIN}
+default_redirection_url: https://auth.kelinreij.duckdns.org
 
 totp:
-  issuer: ${DOMAIN}
+  issuer: kelinreij.duckdns.org
   period: 30
   skew: 1
 
@@ -36,34 +36,34 @@ access_control:
   
   rules:
     # Bypass Authelia for Jellyfin (allow app access)
-    - domain: jellyfin.${DOMAIN}
+    - domain: jellyfin.kelinreij.duckdns.org
       policy: bypass
     
     # Bypass for Plex (allow app access)
-    - domain: plex.${DOMAIN}
+    - domain: plex.kelinreij.duckdns.org
       policy: bypass
     
     # Bypass for Home Assistant (has its own auth)
-    - domain: ha.${DOMAIN}
+    - domain: ha.kelinreij.duckdns.org
       policy: bypass
     
     # Protected: All other services require authentication
-    - domain: "*.${DOMAIN}"
+    - domain: "*.kelinreij.duckdns.org"
       policy: one_factor
     
     # Two-factor for admin services (optional)
     # - domain:
-    #     - "admin.${DOMAIN}"
-    #     - "portainer.${DOMAIN}"
+    #     - "admin.kelinreij.duckdns.org"
+    #     - "portainer.kelinreij.duckdns.org"
     #   policy: two_factor
 
 session:
   name: authelia_session
-  secret: ${AUTHELIA_SESSION_SECRET}
+  secret: 3ba018547a24dfd49ae55f23b5b75377ec93f5957707e2a669b0a49966df745a5b062eee3f7356e0abae21452915bdd30a32f404ec0a2a7a957c93a2fa2a94c8
   expiration: 24h      # Session expires after 24 hours
   inactivity: 24h      # Session expires after 24 hours of inactivity
   remember_me_duration: 1M
-  domain: ${DOMAIN}
+  domain: kelinreij.duckdns.org
 
 regulation:
   max_retries: 3
@@ -71,7 +71,7 @@ regulation:
   ban_time: 5m
 
 storage:
-  encryption_key: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+  encryption_key: dd23db430500eb630e469d5cf0f77dd597649bd4d1a90c02ad673286d8eb9aa8f55435655435d40033751003fc764a173944dbc3ad89d57330e185269792a4b7
   local:
     path: /config/db.sqlite3
 
diff --git a/docker-compose/core/authelia/config/db.sqlite3 b/docker-compose/core/authelia/config/db.sqlite3
new file mode 100644
index 0000000000000000000000000000000000000000..beeee984239582d6960d0ad40493dd26bb558ef2
GIT binary patch
literal 225280
zcmeI5du$s?p5NJewM1LuJa(sdc3v%eb}f!AFGY!xHTybRYI`)6NSUHM_RdcFD6%E@
zNFr%IH1=#RgSKbpoXKMi<QBWZ=5V+J?vDi6d*lwm1&2cd1czXA$zX#+k_+<JVJ<k}
zvREv#!7UC6_EOc)>Si@b(Uw=Tznp1{?EY2tuRi^&`c+leW9{;?-q7UDN^Q5$kf$S0
zL<Ax73$h%EL<Dlok>fMu=qJaYkz;@y&WB#_^bsOw)#nF^)IjX7sBAL!e`9|g`*G~A
zVt*MO9{%UUSB5?-9vk?7ga5t%2Yr9p|J`A6SnL$#;kth3Wl@x}S>c1ZMqy(|Q#ZD&
z>iVjBC6P!Z)kdXJRg0DKroPpz6&iY_T<<6_ypU7Uc}32r&o3+TiH`Co<cX+EK6*)B
z%H)-cN>0vX^Kxc=d0Ae~Ev=+;*W^peH95VW&n{(1<SR-hf5r^btZTJ$VONu{q;m_e
zrE?QgiA3BDZOQ2MdQ+?UB&-XCovlhuZ(QGXug!X4<wfN}dVM)BpIUn@J$1?oQPQ{c
zM!i)_M|Rc{t7<j9!byxHHl48K>RPd;HRSWl+4BLN*E36(*A;ofNnbn~H>REtrSWm$
z_N4ikv~sa_t4be;_w7j^c<+4gd|TLBitiP6np!)(X*i<u^piu<#c?5`mrL5s`i&iu
zPt`)RQ89n3o`UL>_x-8c@tB#=_g^p*x~p&5hUa~I!k19*eD4V@RI59>R+95eE6Q3v
zy|U^)5Z4eE)^j;xc&aO6v(RdF@)Xn!jg&x|XB*Udod-@$*)Lt#Y!I6an!6=q>QXc_
zo4RMk?po+n@|<U*#3;TtDoT@+!tE`S6*U*NTGKYQ8Ud=+gTKdo+=5qor{|cdrzXvY
zwh=pd*-9L-`AWH@ZWfA-N=@C>8rMlqadYn!o4Buz4M}U0Vb&AWUY!b_i5cZ%qIB}4
zaOb2+r_`*dC2db9V3@DReN31O4;qJ`gQbX@^68|Patl-t4O2E*0-Q1;b$m!#IvGZc
zNt-&w{1_e1ME;m^dVk!qqU5H-sp)-<`ZzHc4w_TFSkujd&V$92@opYdo*t5}O^2nO
z=f|cvCqH%kPGp$+=gZL{N&9M8bbg=4z)+_`FCDvmZA6s5`c>imw23)XF!X}|5d<77
zqr?F_)RNZaBRREN({~HCTekPy)^4fS3+2)d*L75z8#{VYB|_~Si&N5^kr^$Bry>6r
zhKHnPw!0_BdGf(0#}OI1^ZKAD&CLlPPMc3qFKOk5-nd0eX?;_-ifr!5Az$X<iu9h1
z-frk#)|ic3rGrlD!mg+4+L@VkrIM;wy$I)n1(SBO%8A*!tMho=;GFsxDfx-NbR|+u
zX0{?B4x--N^*dv}H+3Xi6y}RNB_;tz>}6?aNP257%wD+9NS)%IrWJm(&@fI8kgD{w
zU|cq9IHam`omz<P%XcbUb+xALR!A*Kuc~_KCP!e<wv?sJqH<N{2>4@=vl*U{Jkij1
zwKKANw=<@c+PGEK;)dKWN-IRml~666=NO{oKu0Cn2s-HKh_WiK_6<p=PYc(~Y-U#+
z>)MT`S*x+?k<QP4U)Bo9PSA?z86q0L^M)Ww)6>F->t>uBu$)tUzPLF8y=Pkbd^p+2
zb!Q>9&3dy)sxS4;=8k+mn_X7Y88>fRnP;O=E|aViyy(VzA-%k&>?5-h6E>~J&96-T
z(~b1h)P=NN$h#Kj2AHNL2tPyC=p(H+)MibW^U77bQRkfX*MMSwP2KVtBTD`~VbIpR
z^h@NQPv00N|B7SZj>JBWeK)ohn;!eyu|FX{@c{u4009sH0T2KI5C8!X009sHfrmjL
zDGo)}1mU@4A~`#mNKPiE<z({Jnb}uUb7vD%sj2z-<ovnGMC#Q<Vo2PZIXgXfHkBL-
z3p0Cm?%cV=)NE>I-U>4~<b)Y)6DBp6m`Ti}$ld9E1_qrl1L0w2lZp9haxeQn{R2*z
z{_rrV`I(vdnfduC>pp$`c9^L?5@v+QVD@b4Tykz|E-`EC)@KJv2qehx2nQPpLXtB-
zGdpJou|tfGen0Z$=(qY~yRo&{r(=U-KOXz@*tyt08vWO?-y8i_?0=5^!Ps}k-Whvi
zEH##T7!Mxz009sH0T2KI5C8!X009sHfyau#i5L4X4Oi$J^CTTUTqnaI=)gqs)f-7X
z_I&@i;0@jsW0R4cVRrD-oNC8VscL1tL?bF|#fDlZZ@|eA5+eU4zI=7NsF86J*2`s2
zI^jvnFZW+`^yA0=;>rF6M}imMODFmj=Q<g2S<~v|MR{dgD?94FIPOJIFyGqyufHt!
zXPpQrC^8oLU2D*1u~O2USV%fYpXwhU@dn5~{bc{-Fda0(j`SRRqW|PDGp6sESpW1e
zX9!d5cI22z;W^>i&-Tw-@l>h>f{Kjwpo3L5b*=W9vHrPX?ogMfN6F3K(Ke{UWoMLN
z>^JR5)%9ndBlqPDl!$#C8MB}D^L_o#zCdnmKiiF+LUDUXuQ#-kN(SbTTq1doiHt$F
zjNsXqybz8(*$<Y!|0jd~@c{u4009sH0T2KI5C8!X009sH0T6hE3D5}vX#YRL4;V=U
z0T2KI5C8!X009sH0T2KI5C8!}0Pp`{1|R?eAOHd&00JNY0w4eaAOHd&@aPl3`~OG(
z86$-t00JNY0w4eaAOHd&00JNY0w93)KWqR5KmY_l00ck)1V8`;KmY_l00bU=0?hb-
za}&--KgCEP2!H?xfB*=900@8p2!H?xfB*<Qegv5I|Kpc<q!<K100ck)1V8`;KmY_l
z00ck)1RfIt%=mxv>tm8^BohQc00ck)1V8`;KmY_l00ck)1Rg5_c>n)cJ#Hix1V8`;
zKmY_l00ck)1V8`;K;SVYz`XxI{+J>_vOxd@KmY_l00ck)1V8`;KmY_l;E^Xl-~S7-
z-;a?0@c{u4009sH0T2KI5C8!X009sH0T4Ju1YQ>gBa(5vcwH-Q|AFwm-}u6RJ~s5d
z-+t#OpM2(<Cx*7i|Lc|2U;Xw^e)g+hXny}sKlz>i@`Gdl_}{$sWcokc8~I=V;P-wz
zKl*>Z|BK)L^})Y$>_7d{|M+j&Dt-Si#C{qf|BoG_BtjJs009sH0T2KI5C8!X009sH
z0T2Lz`zJ8mFO8V}2hRNe*vGN&#<pV9V}CpLC-)ycVgLaU009sH0T2KI5C8!X009sH
zfdeCu92$zO3Bq&9L~?dAk(^9S%gN-cGqbOzX3x%@JC~T6P0h?tCQ`2^5`#l~GiRsg
z&Zd%sZNjAH5;KXJ6p4w385nfJ41|Z7O(y22$-V6R^ba^;`oqJd=4WQ+XXfXpto!u!
z+hL~qNSG0RdQ#_-b5nDPSzEV0J4iwxL54@T2vQ_D^E0z^b`U#++y2M+{{u5jL<|BT
z00JNY0w4eaAOHd&00JNY0=*D;kmLW|_Ww_N(F9>Y00ck)1V8`;KmY_l00ck)1V8`;
z4l#k2@&AWdSEvR8AOHd&00JNY0w4eaAOHd&00JOzp9Glw|L!v;1P1{S009sH0T2KI
z5C8!X009sH0T4K>1nBtxvHnjYvELdk9sl_F<>)_+io>spzdrQuhq8mW27WkjiCp~i
z$omJW|M9;NK9RPzgb&_p6gGA=bz{4#uCJ<B5{bl|S}8Oe*OO|oQm$*|hFYy@<m;xs
z)vOg7dZpY^I1=galeV{ok5b{0(_2((`ny()#Y#z2>sq}Y7Jaz*a|<~oomb?1`uwsY
zb9D<3EKfvb^3hB3QYNolRC01Ao0l`|%ggd=ZfPZ*yCz>!uF2{3e0C{AZnUCg@@LE-
z#p{Kg9j&~jsU+~iYw6s?^laP>ZOPQM8%?d=pb}ToIa6pR5fm!!=oB&|lT4+8LUnzs
zTxc|Fni~;MsJZdBR%~?8Mk}d>hP+6S<(F0zS7UimxsYC8&dUqyxg1HQO0TZv(<`gK
zw2;vCVx_9p<-Bs0kg{o6GF!DmxzSd_CPH;+mPopbnjH@%?r3o8ls~#IL<_}+zNg9O
zv)N@OopIH2qr8w_UQ?We>{Yh4QdhE@mD;XaDl`hb)H>#BUO&H_J@4K&8s997()74s
z4C>{Qc9W#DcB^V;opNDUQ@6ES-l>>vzw4Q$%j*iU!$sw)>|Iu!5OOxdoR%l(`MB}o
zt|*O<3%5lxr+LA=Z)3jv;hpc@^y!^lJDf@+;uhGw!cLPs0zU{Nx+6*#Ck12DB+;yE
zHCmo*YBi#XR#)i>CxyX_qdYP}AzuuXQBXjhaPAQ|*0x1ya#FZ`&7>8S4E{duBNx2d
zJ3mJsA4Au8ESPm#<d)P;V%U|Mx~q}G(kn!!ro8eY8sB?cl)ijYFrGCDmzou|r0wZJ
zxXk%a@whVATaYr>SekF>qIB}4aJy;JWQ3TnPx}}$7Y-JmMZg6-o%DcNe1k-pvO5|#
zp1CecE7O88Zz63}8dd5HJrC%&Th4WnhnOSRf|?`4Aiwka7AaSzg%7`IBIgKmP7V1U
z0Y{+sM^UV41zO<u;!t)9#50nt5D3jW0_umY$JI@i(d+f5R&$@ZS1=WJwn$B*aeddl
z#yoA;MVwlDEj?v>o|3+$H|ni*0>?wmT3S`LnohE1OVz;<n@+fyxu!K*ipJO`DH`XT
zqERoAYJlFjrS6efH}#@bF?ze9Q+L6=c#LOcTuIfAhL(?90eON*#P6guQJR|*J{&R4
ziz~@J8TFYMSEP3%BbvDnj?}R%q<SwVXIe-})vI27^TC2ayIF0m9CdGmv?5X|yYZ)5
zt9ztU-P|Sh53dHsH+fq7rh+Z%2F0WCZ<L4!AU@Xe0PkoUw8C3<-N3e9qBayfKgTnl
zppa?@rj`@DCQp!yapUQtC@qk?FPMd8P)OaWRJNN{o&vL7Dd2_Y>);d(XXKJrFV=Lk
zo)v%p;)dz!@1{*t4r&$ro$?uQ@M`b2`_Kx=T9q^)XqCKsQ)O_u_Bzejt5-6v*7V&%
z?Ur3Ql85ffr>0swYqhztqZjG(_7`}TVueP7w1}*-t#PaB)gy_Ewj>&)5mB#JY7O@$
zNurcfq&jVbLSd^(^za&9uB)I;CE~4{<%U}@JAv)uxVTd(YwA0NT3Ih|b!Z1f<Ewo`
z(&^KJRb{N-*wGubrAiuhwEpV<+3&NWz(updeujjMGw=ULNE?6nAlvzf8w5ZA1V8`;
zKmY_l00ck)1V8`;K;Y*?U{pLs8vR!zLxY2>1Hak#AN%6MoygVLG5VkQlfLo3@!s^h
zJ@I$Vmx1p;XZCsR>g0Va?TxH^-}-z#6yEvXd$<bKDtUp;c4s;-(4AhFkQd6No7;NZ
zuaUQ`n%h@nzI%6qdM^MR>B44%^zjFK-0i+4s*2rjZp*uUNK?skUQaK1!*lW*qLd|X
zcrKfrmbAZ=_P*PJcPd+TwWjS>NLP<uC9mdhas-BLl-3Jdj(|S~+Ih(lk|!Gau69Ot
z?{>zNQfc2<+>qb3-b1Z~YU%WThA27MQAsv}4mvubtcrK8+_K(Ct(i8*Ng?OdfX@m!
z0==6frO9-ycWI0DW|4H})i;|vE!}~ZX>AnB<u1nzIFvloBX7t9Z+B^u%}4ACG1lqz
zbxvJK+kLLCdAI?l>6?q-s{l(`XV^)zrZZi_&e_15PwtIRksLB{Q<UDA7YxhxXsXmo
zwLtnkiK)@NvZ<3Z%vaLk%NLUEr|lcyz!wd~N9~a>C{K8IjvL8$NM<Ig>Si|KhhW}A
z@CBaPhnoI(68!k&34)Bihd(2em-+N9zFs<GCdVAPar>n`QJS9@?l5B!TKMu~9`R)#
zzD(~q$ky65G}`;_ALipG$CGItu|(Bs87LBn$a{uNN4}k9qwz>Y{0pgA6h4|Xix%$4
zE;16SOx|vhcV%V5xa|lszUWInmixFz?|?CK3?s*^fsVY9W0A<fk0ezUK8lB1eRaF2
zk=lhdxX>Af#v8%O6MV6=#q)x}-kn0w_0J&{TW^dbMoL;0630aO_AdNPDinl|PKVn&
z882AV>ZHa*25y$y7V=!l7dl%!Hylj<z)jw${gPP=x@`?Zw+EhY>=cUIJ9?cCEhD3U
z_-CK+JypI;?@zFG!1e4*upUH)3hBfy_c{8FR&2~qANhBN950b$%KrW$`I{ieS#nI0
z;{|e@CdVt}c%B^2wdcrp8g`l-H0)F4c#<5SCC4B+@Hr#|%)uS8Y~*99vLF~Y%m#{W
zs|B;o87S1;*#K(Y8qH5y4L92a_`ID9tX_yVf+{y=+QMoRNS<&*kyebQ5NU4ZMM)*8
z$?hXH?Njl&9#TPK>|Xo0ky;a_0#SOcqtZ^rinJ@*YyEQ9TKl8ysJ15_zx$OO8C|y^
z-0L^pW1DBy=F&-CQOPsE-pk7)-l%aWySOb>)bgB8SZ3}_kMm)yTHr!9vzE`LN#AX|
zB1dH{N!=v9O6GJcI!o(9Hm59I%$PH>CRnk!D?-I`$_0hYU|LYtocqwBv~-S@T@NLt
z8Z&t-PP60sDjkk1FQnHN(u)c`v#2a9-kE)+z$v-Im3NBLFulY2bi57|R_h#@r<Ge;
z$TMm?r$|3u@v<m=BP-k<@fCdGv+vvzpXY%>gPq`(g`wh|y-{dTzE666Rg|`~g0Z#l
zR5E3J=sm}KPF=uDh2DWlRoqy~iqbAg%yyTF@%#nru|n_V^m+N~458v~PlM$US??7Z
zMxO9=ir@WuhV;*7g?p!bJ}fk_<H<q={0+K};_zzlYAr3<1N3U4c6-EpTX;GSm4_oO
zz2BAIB(Hzg+2S(b^Zn>at->xf0%FhG1-<WG6<@R^My6m4#2Tn@IQ#z{k|rwD009sH
z0T2KI5C8!X009sH0T2KI5I6t=%>4fYh#gUa00@8p2!H?xfB*=900@8p2!H?x90mf+
z`+u3}L&yKqzxaRv2!H?xfB*=900@8p2!H?xfB*<QLIjxh|09$tBn1RO00ck)1V8`;
zKmY_l00ck)1VDf#z_kBAN6x=Y4*C}#5C8!X009sH0T2KI5C8!X009sHfk%jd)BYcO
zcjUd{e>WTz&-MK@_S)zl_r)W>Pm)QG!}u|mvLE{=eP3){%AU7j41bAVdo4v?fCO)m
zU7jF6W@h<CULa<HU3Mw^uXC2N=LKi(=`9${6Fl2PD*THCd$Agq-Vz@j*muA3HO^A@
zUTW*^0^Mzl<cy6spFY2=IO}`!;=rQ6SoHTHF8a$eLH`P|;j6*>R-+GF5}v;ZZD3_t
zS_byIlsz{Ehiai;BYRDhZYYA$WEcA7Zr#Kb*G>|=Vw)S{G_Ty|O7i1o+z&St-~Y^B
zCA*T46!~@~;f81K+94&c^pX<43*u_Pq#$n0zadIRqWBw~ABDFPJhM7I_YU#yHTOr_
z8NMeUzq@cnloUm{H^MGQ&sE6IblhvFc%FzW30DMH^blPU*9MQ4FXAV`Dape<sVxz@
zAIyW?S0#C<n+{%O+E;8}TIVz<csoHc?#99HxgB1BpT|aIsW&-$dU5M9Uh&WPAfDtT
z&js-W!*@mDN&EIgaoYcfv5^m*KmY_l00ck)1V8`;KmY_l00ck)1Re|lX8r#e65}*E
z=-;IMo&G+{{HEvGgI=2?$7ynWo*XC0L9b7dBSDT=$U)<Ko*ejq00@8p2!H?xfB*=9
z00@8p2!H?x{G13d?f*DYVS*g=FFqgu0w4eaAOHd&00JNY0w4eaAOHf75P{L*FGYqT
ze-jaZW$?ww-^4P}A4gw`e1-fMiCi@QrQh0pM$C(2@yNdvr8nmVW1XFZSFDulTG^dT
z?VtFwt=-~JBptWsJ*;PzF0U){Qf5)P>P)Zh6eBbHE+871o_crOh=|hsyztGp*r|7c
zKzs$C<W08=ggn@ZcEuf?a@9-nm2__5wRCPGnM%doscmP>nY;F68QHu(JsZ4SXg01_
zYWllcNj{&=E-UGb8(v;iE~M9&^YVrC@|t4BwpA;X8(qrUQ(Ux?T4>0N>AaF(T2WeK
zUs%uOluTZwSJ(3Cl~wCbHLYH)luN<T>&wfoUK#Sk65g!TcGXg$QIPY>)x3KTC#D-s
ztxmL7>%~e{tMg>+bhVLSQqwFE?nTXxht=rRDIX@a&{?!v(}>Y*>RZiPp`lmG#M1N1
zMI|TG)Nzu!kj<>+b7>+KmK&VuQ4ecY+CqA5A-$;3Ot+{kD|toEkq4PuTF6^4I%^zc
zpoXg+6b+qO7s#~1aPov+ic^(4%}$TT-><(XN|!DPce!OmFyapPeYRbx5sd3TijN0S
zG!$!Ef##ZCa<6u?s*@b-56d^`nzmQj?y^V;&%muYt;P6Gba*r>n{iIK%N|_F=9Hz2
z8TpcOO`fntLalCp^EtzFPBd<O?(d1xI`O4TtS{ZzDHOMNbh9*jyP>OfeXCq(G;5mb
zInsd4XWKZ^fT%w@#)}5z2nXlB<UN7#3H6}2-(x*!Ab?FiaP|paUI@tao&{VLUGF$M
z6ZC#uGtCkQ!kTJ}gNo9ZBR`VH$A$NwGZVe56aPUA@4EM`&zCsweD4V=RI4Ocm-g>U
z_q1A_D5q{{#7}CS9E>Af*lcJuQ`lHB`bB9sD;V3XEjm>PGv#WrQqt7ARyXg&o!uHP
zf6`{<tK@}?htG5k596EfdiQHapD1Os!o8EM(T0b%?KfQDDc{rXDBimfuuHRq)#*I?
zuIbMtf~MbH<<ZIJZbbX9VKNn`o~nU|x$;&hHuOEMtD5tE++5r0tdqyg>hAgF?D;@-
zx3#(zZnplmSa_|AwYpH>7jUn(o`DuuH&w0{&)qRU`CRwU-E*Hcgrn6AX5Rm|Yvtn_
z2!H?xfB*=900@8p2!H?xfB*=9z!4^Z_Wu!ncu*Y#KmY_l00ck)1V8`;KmY_l00g=u
zfcAfvpdbbUAOHd&00JNY0w4eaAOHd&00Kvt0Mq`bYxz6t`P0AnfB*=900@8p2!H?x
zfB*=900@8p2s|PLnD+l8k|HDn1V8`;KmY_l00ck)1V8`;KmY_lAV|Pz|HnQ*_FJQW
zHhSs!zc_wAs*1ln@PY8HpzH(wJvKe?1L@>R;dawpiM7<Ms3mPrFKTt>>(jo~RhbLD
zucJyAYAzRcHFsgtsYJ^Xsg@$H#B?&ahU%_H7SH!q-=AVu*Cz`&KXYA_R;C4G-dr@d
zQE61kBDu^;?{(Etf-c_Na{YtdnkcEN@KM|(qi$?h)%8{NN+OY%Q=Jttiv(0%ZIA`D
z%kJX4-3mVMquO=+y)$Q55yjfI{+$BCS2kzX&+WXMfU}Q5>vHJsRszl*1&3?x+GzZP
z_il*N_O|d*s*SzdyH#+OoaS16sQ7bT*nVhW<bX`aHPS8X_G~xYz8#Ydm+)fg!mOR>
zx)42dIbgj?mi%8AJ{k?r0f7x>xTSVL#=kasHz5wzz`I*{yt(nVR&0d131>;`F87VF
zjiSqix}6ord)fE`+t#pKC(wNqqVYSwSP`YIE#U)ei-@)s7~BG7U&8(^nf4X*K1?24
ztwiISWl@?Q7mPu(u1j`Ds@<y64KY+&$EMX=?^Mioy}pgTyvuF~x>CG%TArXW#f=wt
zMY{3EZP6?uz3bk$F`sMq&iDR=TiOYhbK5KIG|Afk><av()*sywrHhk-F=>)8_k$re
zy{XlRCS*e#w#py8ILadv6!OJD83hI83FjVhV{KcMCMSj4*GyVL$>8tfK61gUz4LSQ
zaa&THwpN|)f>lyCiBGQ7)L_GE%4>N=<9lz5(w9#P#<M12rZwn8!<_#Vk1KQC7mgxj
zuCX-V(8Wiysp_=<A8^|q(SZO6fB*=900@8p2!H?xfB*=900<l+0!;fqNz|Gm2mOl=
z2!H?xfB*=900@8p2!H?xfB*=9z#~M!ZU4U)`-QPPqu+}vBfm13iV7pABkz!8(&K<W
z!!+KzSEtCBnTx``FPOtr?6K{Ys#exZbjW;}3<PvWx3|6c1>XRcwxYd{W;x=c*z-#(
z%340XvMOT`Z*Uazh4k{8Vh!%vtkibZQlU|h^UBq{%gVY~CzCGd;5PHRZvdEeeIc7!
z%jeQdnY`TA2vydW)J-x>E-Krf3)!5qbTK1eQm)AptXSL?p^`b}f|64*3(A^&f*tRe
za%PAG#sZ%RL`FwDt*<Vo^NPHXURy{nD)h{vvaEP#_L-)-HFCF2a%_pvl$ayWD%AoR
zhpXx(t=!Nzb*&~(c;DlU-Z^5<xuu0XqquV_8YiX8o6^F9aPK5rv{bi?nre?K4-_oC
zORw;XmFnHE&xuktE8IK9M(qqtZk?fETSB<Ni@e)}i=zZ{bEP}CWnn!>azkEq3pvYn
zy$J;2lMI}B1K|>0EM3ekaH8u%^l(i>2+Qr^hWJ2BF*}z8imeA&YPCtnp(?qIv$LY~
z=Dc96o5NiBT>R*X|KN+w@CLy0MO$K|#VTJk@K8R~Qld0JFZ@G|Ee`_^k{^?QCL&+v
zV2isR=cEMZI#`*<F|mW5oZ^;p`zQ$ORWi(4E2(5|3lp554((=DC-Ygll5JaG@=DI|
z($y(2!zH{}x+qkg=(-SXt*r%&Ry|w=!`h4})h`OhEw*6bx0Y1buH7`~rJHsJ;|EFF
zWyMlvQMu~me7-0@cBa7K2P5T%GiBzC?9>H~SEog(NK*C2zEagGHB&vMhQzv`RK$%h
zCq+pk%D>r#^0pb1nl1Ui{j*5yLwkR;U8wH`h>u2JiipAwBO{lG-yV3S|3=>*3O_vd
zhtZ!!7lmh|U%aoT|NHezqIBt!aQ7{qR|wAb3Kadp%iQ+8lUakp_u()c^OOmfKNY1L
zieNO^Crjq@kaF>QVBWoJ)ttP>4RM<Hc)5}ta~d}kKcihTMntKyAQ(5;Bo%lo3A9TQ
zFTeyZK|H~Z>EQ+9CnsqPlVuV}a<cnKj+gOxH#*frGW<mbFIGnVxREkMQ7RCv*E(wL
z<x{4-;N9T!U90Vnk|`^A(aIB^c>L~{j3JRWsK05=<+L*_FI<~T{@M3!1n(mcUoY(J
zXyq;1gAg`}*h`l?Gi|125fC>IxH8F9%A1a6)%fcAR=Ln<*1Y9JctY)`G~3!(bu-!{
zL+fYzsM$HQmcuJhPMs)Rg3;j-UTY$>iOVem8AEE*r`1&#UBJEB-H4=MVD7<oZSA{D
zj+YNzZxr6Y=v2bOx)%4>A=j$4*B@sTjX_cRMpn2z;w$(<*V^EF3a7{j4fZ*1Sr{tL
zzYAM1h6ZJdb*47^x-mc&Gsz0Z*1nU;_@>aCzT9*20)8s=4otF0C#vwzL}{0#X1gUd
zL&n&USwS>rjpM|nk*bo<rEx1J3~n#ATuG<v)z=!~O8Vnu9vxSjO`b7t93yQHqPef_
z!42p38vAPRT+ul18F3{8k#^SIb6oMeX(K91iXz+_WGmR*``EdLdyU%#!<B?j#*4Fu
z_u`Ceg8oj*aKGmBt6|RVz@0Kb2@ktZshwAL-~ZoNQy+mr00ck)1V8`;KmY_l00ck)
z1V8`;4l@C?{}1!ifo>oG0w4eaAOHd&00JNY0w4eaAn;%ap#A?~I3gAh009sH0T2KI
z5C8!X009sH0T4LM1knCJ%uffpfdB}A00@8p2!H?xfB*=900@A<gCT(S|AXO(SU>;-
zKmY_l00ck)1V8`;KmY_l;4l*yCCVL(d?ylH82kI9|7v7!_>YD~@m$}J`X+@+<U50@
z2dMjCs_$ag3+fwd#-|T*uZwBk60Q7AE12bFos}E?OX>21G3(4Ss{_AkeCjA~c40hy
zq<6cxd%<|h+Hdk0yJRl^0otpB@-K3CY~zb!)m*Ha`|wuH<=f!VS~fQ%4NmDBzUuEo
zT+RNH@g!$272Y0_eE(sWF1!HFUN^p#&v}CUn3+Yyd4c$TDQP^x*-M2Np1G;Ff;&&}
zEYHRA1pP5~uRh&NCC1rHg?kTg;dEv%6`tf|*J}Ht?5MXVPWMt7<LsrvQ>TrcykKjZ
zPoG~_oc+3Zaliw?13f$s#IwMo<$t&-I8@#zYm7c>o0DM^5&x!g4`&k*=l%ciza2g%
ze!1^|_a%j9<kv<&vfKUNet_-&eMU7*<&Cx153(14yT?pO?bF>2%-vP#K6(L`4x$sF
zxBWZ!nF_Mw<!cAh2e6<0I=!kCt;{hsFaERh?_>AcMXL)ScAs4U&K8}%>Q|To<`yJm
zKf0w%Ub(2`yv^NKb4x4f+%@@<a!pRJ=d(*0Qmb1bJDFQsm9hJn9Kp@(n2m;m6%cIL
zo?c#4tf$;|3uSw+IJH!06y)>E+4HXPgzaX>H^QS;2MbBV!>)xn``6JjW>HyI@`~)7
zipGsg7Y?cqfV-n7w_e)GFYy9}^Z_VGu?t}FNcI3kA_Gs+%~bF8vtEeztlD${IJ*e@
zJP<FA$F>6i{zpEa%`PkHjO#Q=F?J!nzMPjY9GL&%nc&g#KHL->tnWG6+ofMg=N4W|
z=O*^Q`EjwP6&lvo$NSH%+Rds?_G4EI4VekNzP#*Od4~M3>Pa<iud=O`y2=pY`y>}y
zc1I4Yg@x@-Z?+$cjW#<9KiJn8PJM-2g>l;d`)r&;90WiB1V8`;KmY_l00ck)1V8`;
zK;Q@wpyU4|PaGkIp(+S~00@8p2!H?xfB*=900@8p2!O!83E=(zzL6mS2!H?xfB*=9
w00@8p2!H?xfB*;_IRa?^AGt>cg+TxWKmY_l00ck)1V8`;KmY_lVBZA(KP9>|_5c6?

literal 0
HcmV?d00001

diff --git a/docker-compose/core/authelia/config/notification.txt b/docker-compose/core/authelia/config/notification.txt
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose/core/authelia/config/users_database.yml b/docker-compose/core/authelia/config/users_database.yml
index ba22fac..17858f7 100644
--- a/docker-compose/core/authelia/config/users_database.yml
+++ b/docker-compose/core/authelia/config/users_database.yml
@@ -1,20 +1,12 @@
-# Authelia Users Database
-# Copy to /opt/stacks/authelia/users_database.yml
-# Generate password hashes with: docker run authelia/authelia:latest authelia crypto hash generate argon2 --password 'yourpassword'
+###############################################################
+#                         Users Database                      #
+###############################################################
 
 users:
-  ${AUTHELIA_ADMIN_USER}:
-    displayname: ${AUTHELIA_ADMIN_USER}
-    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
-    email: ${AUTHELIA_ADMIN_EMAIL}
+  kelin:
+    displayname: "kelin"
+    password: "$argon2id$v=19$m=65536,t=3,p=4$e97MzVuvteD5VfHT+Kw9Ew$NnK63ABYKRm5d8nWG7Z8dbRBJfhhHjaf71zQ354KSN4"
+    email: kelinshomelab@gmail.com
     groups:
       - admins
       - users
-  
-  # Example: Additional user
-  # user1:
-  #   displayname: "User One"
-  #   password: "$argon2id$v=19$m=65536,t=3,p=4$CHANGEME"
-  #   email: user1@example.com
-  #   groups:
-  #     - users
diff --git a/docker-compose/core/authelia/config/users_database.yml.template b/docker-compose/core/authelia/config/users_database.yml.template
index 5d9dfef..9421ef4 100644
--- a/docker-compose/core/authelia/config/users_database.yml.template
+++ b/docker-compose/core/authelia/config/users_database.yml.template
@@ -3,10 +3,10 @@
 ###############################################################
 
 users:
-  ${DEFAULT_USER}:
-    displayname: "Administrator"
-    password: "${DEFAULT_PASSWORD_HASH}"  # Generate with: docker run authelia/authelia:latest authelia crypto hash generate pbkdf2 --password 'yourpassword'
-    email: ${DEFAULT_EMAIL}
+  ${AUTHELIA_ADMIN_USER}:
+    displayname: "${AUTHELIA_ADMIN_USER}"
+    password: "${AUTHELIA_ADMIN_PASSWORD_HASH}"
+    email: ${AUTHELIA_ADMIN_EMAIL}
     groups:
       - admins
       - users
diff --git a/docker-compose/core/authelia/secrets/users_database.yml b/docker-compose/core/authelia/secrets/users_database.yml
new file mode 100644
index 0000000..9e1b204
--- /dev/null
+++ b/docker-compose/core/authelia/secrets/users_database.yml
@@ -0,0 +1,19 @@
+# yamllint disable rule:line-length
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+users:
+  authelia:
+    disabled: false
+    displayname: "Test User"
+    password: "$argon2id$v=19$m=32768,t=1,p=8$eUhVT1dQa082YVk2VUhDMQ$E8QI4jHbUBt3EdsU1NFDu4Bq5jObKNx7nBKSn1EYQxk"  # Password is 'authelia'
+    email: authelia@authelia.com
+    groups:
+      - admins
+      - dev
+...
+# yamllint enable rule:line-length
diff --git a/docker-compose/core/deploy-core.sh b/docker-compose/core/deploy-core.sh
index 66c491f..bf7f9ac 100755
--- a/docker-compose/core/deploy-core.sh
+++ b/docker-compose/core/deploy-core.sh
@@ -6,16 +6,16 @@ set -e
 
 # Source common functions
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-REPO_DIR="/home/kelin/EZ-Homelab"  # Fixed repo path since script runs from /opt/stacks/core
+REPO_DIR="$HOME/EZ-Homelab"  
 source "$REPO_DIR/scripts/common.sh"
 
 log_info "Deploying core stack..."
 
 # Load environment
-load_env_file_safely .env
+load_env_file_safely "$REPO_DIR/.env"
 
 # Copy fresh templates
-cp "$REPO_DIR/docker-compose/core/authelia/secrets/users_database.yml" "./authelia/secrets/users_database.yml"
+# cp "$REPO_DIR/docker-compose/core/authelia/secrets/users_database.yml" "./authelia/secrets/users_database.yml"
 
 # Localize labels in compose file (only replaces variables in labels, not environment sections)
 localize_compose_labels docker-compose.yml
@@ -23,7 +23,7 @@ localize_compose_labels docker-compose.yml
 # Localize config files - Process all YAML config files (excluding docker-compose.yml)
 # This performs FULL variable replacement on config files like:
 # - authelia/config/configuration.yml
-# - authelia/secrets/users_database.yml <- HANDLED SPECIALLY to preserve password hashes
+# - authelia/config/users_database.yml <- HANDLED SPECIALLY to preserve password hashes
 # - traefik/dynamic/*.yml
 #
 # Why exclude docker-compose.yml?
@@ -35,10 +35,13 @@ localize_compose_labels docker-compose.yml
 # nested variables like ${AUTHELIA_ADMIN_PASSWORD_HASH} or ${SERVICE_NAME}.${DOMAIN}
 # The localize_users_database_file function handles password hashes specially to avoid corruption
 for config_file in $(find . -name "*.yml" -o -name "*.yaml" | grep -v docker-compose.yml); do
-    if [[ "$config_file" == *"users_database.yml" ]]; then
-        localize_users_database_file "$config_file"
-    else
-        localize_config_file "$config_file"
+    # Only process files that contain variables (have ${ in them)
+    if grep -q '\${' "$config_file"; then
+        if [[ "$config_file" == *"users_database.yml" ]]; then
+            localize_users_database_file "$config_file"
+        else
+            localize_config_file "$config_file"
+        fi
     fi
 done
 
diff --git a/docker-compose/core/docker-compose.yml b/docker-compose/core/docker-compose.yml
index 5e8fbf2..117f762 100644
--- a/docker-compose/core/docker-compose.yml
+++ b/docker-compose/core/docker-compose.yml
@@ -48,7 +48,7 @@ services:
       - 'homelab.category=core'
       - 'homelab.description=Reverse proxy and SSL termination'
       - 'traefik.enable=true'
-      - 'traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)'
+      - 'traefik.http.routers.traefik.rule=Host(`traefik.kelinreij.duckdns.org`)'
       - 'traefik.http.routers.traefik.entrypoints=websecure'
       - 'traefik.http.routers.traefik.tls.certresolver=letsencrypt'
       - 'traefik.http.routers.traefik.middlewares=authelia@docker'
@@ -80,13 +80,13 @@ services:
       # If Traefik is on a remote server: these labels are NOT USED; 
       #   configure external yml files in /traefik/dynamic folder instead.
       - 'traefik.enable=true'
-      - 'traefik.http.routers.authelia.rule=Host(`auth.${DOMAIN}`)'
+      - 'traefik.http.routers.authelia.rule=Host(`auth.kelinreij.duckdns.org`)'
       - 'traefik.http.routers.authelia.entrypoints=websecure'
       - 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
       - 'traefik.http.routers.authelia.service=authelia'
       - 'traefik.http.services.authelia.loadbalancer.server.port=9091'
       # Authelia forward auth middleware configuration
-      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/'
+      - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/'
       - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=X-Secret'
       - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
 
@@ -127,7 +127,7 @@ networks:
 
 x-dockge:
   urls:
-    - https://auth.${DOMAIN}
+    - https://auth.kelinreij.duckdns.org
     - http://192.168.4.11:9091
-    - https://traefik.${DOMAIN}
-    - http://192.168.4.11:8080
\ No newline at end of file
+    - https://traefik.kelinreij.duckdns.org
+    - http://192.168.4.11:8080
diff --git a/docker-compose/core/duckdns/config/logrotate.conf b/docker-compose/core/duckdns/config/logrotate.conf
new file mode 100644
index 0000000..828dfc6
--- /dev/null
+++ b/docker-compose/core/duckdns/config/logrotate.conf
@@ -0,0 +1,5 @@
+/config/duck.log {
+    rotate 5
+    size 100k
+    compress
+}
diff --git a/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml b/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml
index 783903c..8f04899 100644
--- a/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml
+++ b/docker-compose/core/traefik/dynamic/external-host-homeassistant.yml
@@ -2,7 +2,7 @@ http:
   routers:
     # Individual Services
     homeassistant:
-      rule: "Host(`hass.${DOMAIN}`)"
+      rule: "Host(`hass.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
       service: homeassistant
@@ -15,5 +15,5 @@ http:
     homeassistant:
       loadBalancer:
         servers:
-          - url: "http://${HOMEASSISTANT_IP}:8123"
+          - url: "http://:8123"
         passHostHeader: true
diff --git a/docker-compose/core/traefik/dynamic/local-host-production.yml b/docker-compose/core/traefik/dynamic/local-host-production.yml
index 13f7a49..c49224f 100644
--- a/docker-compose/core/traefik/dynamic/local-host-production.yml
+++ b/docker-compose/core/traefik/dynamic/local-host-production.yml
@@ -1,101 +1,101 @@
 http:
   routers:
-# Remote Server Services (${REMOTE_SERVER_HOSTNAME})
-    dockge-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`dockge.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+# Remote Server Services (your-remote-server)
+    dockge-your-remote-server:
+      rule: "Host(`dockge.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: dockge-${REMOTE_SERVER_HOSTNAME}
+      service: dockge-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    dozzle-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`dozzle.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    dozzle-your-remote-server:
+      rule: "Host(`dozzle.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: dozzle-${REMOTE_SERVER_HOSTNAME}
+      service: dozzle-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    glances-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`glances.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    glances-your-remote-server:
+      rule: "Host(`glances.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: glances-${REMOTE_SERVER_HOSTNAME}
+      service: glances-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    backrest-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`backrest.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    backrest-your-remote-server:
+      rule: "Host(`backrest.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: backrest-${REMOTE_SERVER_HOSTNAME}
+      service: backrest-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    duplicati-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`duplicati.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    duplicati-your-remote-server:
+      rule: "Host(`duplicati.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: duplicati-${REMOTE_SERVER_HOSTNAME}
+      service: duplicati-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    homepage-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`homepage.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    homepage-your-remote-server:
+      rule: "Host(`homepage.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: homepage-${REMOTE_SERVER_HOSTNAME}
+      service: homepage-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    homarr-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`homarr.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    homarr-your-remote-server:
+      rule: "Host(`homarr.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: homarr-${REMOTE_SERVER_HOSTNAME}
+      service: homarr-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    grafana-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`grafana.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    grafana-your-remote-server:
+      rule: "Host(`grafana.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: grafana-${REMOTE_SERVER_HOSTNAME}
+      service: grafana-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    prometheus-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`prometheus.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    prometheus-your-remote-server:
+      rule: "Host(`prometheus.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: prometheus-${REMOTE_SERVER_HOSTNAME}
+      service: prometheus-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
         - authelia@docker
 
-    uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
-      rule: "Host(`status.${REMOTE_SERVER_HOSTNAME}.${DOMAIN}`)"
+    uptime-kuma-your-remote-server:
+      rule: "Host(`status.your-remote-server.kelinreij.duckdns.org`)"
       entryPoints:
         - websecure
-      service: uptime-kuma-${REMOTE_SERVER_HOSTNAME}
+      service: uptime-kuma-your-remote-server
       tls:
         certResolver: letsencrypt
       middlewares:
@@ -103,286 +103,286 @@ http:
 
 # Service Definitions
   services:
-    backrest-${SERVER_HOSTNAME}:
+    backrest-jasper:
       loadBalancer:
         servers:
-          - url: "http://${SERVER_IP}:9898"
+          - url: "http://192.168.4.4:9898"
         passHostHeader: true
 
-    vaultwarden-${SERVER_HOSTNAME}:
+    vaultwarden-jasper:
       loadBalancer:
         servers:
-          - url: "http://${SERVER_IP}:8091"
+          - url: "http://192.168.4.4:8091"
         passHostHeader: true
 
-    bookstack-${SERVER_HOSTNAME}:
+    bookstack-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:6875"
+          - url: "http://192.168.4.4:6875"
         passHostHeader: true
 
-    calibre-web-${SERVER_HOSTNAME}:
+    calibre-web-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8083"
+          - url: "http://192.168.4.4:8083"
         passHostHeader: true
 
-    code-${SERVER_HOSTNAME}:
+    code-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8079"
+          - url: "http://192.168.4.4:8079"
         passHostHeader: true
 
-    dockge-${SERVER_HOSTNAME}:
+    dockge-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:5001"
+          - url: "http://192.168.4.4:5001"
         passHostHeader: true
 
-    dockhand-${SERVER_HOSTNAME}:
+    dockhand-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:3003"
+          - url: "http://192.168.4.4:3003"
         passHostHeader: true
 
-    dokuwiki-${SERVER_HOSTNAME}:
+    dokuwiki-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8087"
+          - url: "http://192.168.4.4:8087"
         passHostHeader: true
 
-    dozzle-${SERVER_HOSTNAME}:
+    dozzle-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8085"
+          - url: "http://192.168.4.4:8085"
         passHostHeader: true
 
-    duplicati-${SERVER_HOSTNAME}:
+    duplicati-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8200"
+          - url: "http://192.168.4.4:8200"
         passHostHeader: true
 
-    ez-assistant-${SERVER_HOSTNAME}:
+    ez-assistant-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:18789"  # Internal IP of ${SERVER_HOSTNAME} server
+          - url: "http://192.168.4.4:18789"  # Internal IP of jasper server
         passHostHeader: true
 
-    formio-${SERVER_HOSTNAME}:
+    formio-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:3002"
+          - url: "http://192.168.4.4:3002"
         passHostHeader: true
 
-    gitea-${SERVER_HOSTNAME}:
+    gitea-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:3010"
+          - url: "http://192.168.4.4:3010"
         passHostHeader: true
 
-    glances-${SERVER_HOSTNAME}:
+    glances-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:61208"
+          - url: "http://192.168.4.4:61208"
         passHostHeader: true
 
-    homarr-${SERVER_HOSTNAME}:
+    homarr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:7575"
+          - url: "http://192.168.4.4:7575"
         passHostHeader: true
 
-    homepage-${SERVER_HOSTNAME}:
+    homepage-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:3000"
+          - url: "http://192.168.4.4:3000"
         passHostHeader: true
 
-    jellyfin-${SERVER_HOSTNAME}:
+    jellyfin-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8096"
+          - url: "http://192.168.4.4:8096"
         passHostHeader: true
 
-    jupyter-${SERVER_HOSTNAME}:
+    jupyter-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8890"
+          - url: "http://192.168.4.4:8890"
         passHostHeader: true
 
-    kopia-${SERVER_HOSTNAME}:
+    kopia-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:51515"
+          - url: "http://192.168.4.4:51515"
         passHostHeader: true
 
-    mealie-${SERVER_HOSTNAME}:
+    mealie-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:9000"
+          - url: "http://192.168.4.4:9000"
         passHostHeader: true
 
-    mediawiki-${SERVER_HOSTNAME}:
+    mediawiki-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8086"
+          - url: "http://192.168.4.4:8086"
         passHostHeader: true
 
-    motioneye-${SERVER_HOSTNAME}:
+    motioneye-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8081"
+          - url: "http://192.168.4.4:8081"
         passHostHeader: true
 
-    nextcloud-${SERVER_HOSTNAME}:
+    nextcloud-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8089"
+          - url: "http://192.168.4.4:8089"
         passHostHeader: true
 
-    openkm-${SERVER_HOSTNAME}:
+    openkm-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:18080"
+          - url: "http://192.168.4.4:18080"
         passHostHeader: true
 
-    openwebui-${SERVER_HOSTNAME}:
+    openwebui-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:3000"
+          - url: "http://192.168.4.4:3000"
         passHostHeader: true
 
-    qbittorrent-${SERVER_HOSTNAME}:
+    qbittorrent-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8081"
+          - url: "http://192.168.4.4:8081"
         passHostHeader: true
 
-    tdarr-${SERVER_HOSTNAME}:
+    tdarr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8265"
+          - url: "http://192.168.4.4:8265"
         passHostHeader: true
 
-    unmanic-${SERVER_HOSTNAME}:
+    unmanic-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8889"
+          - url: "http://192.168.4.4:8889"
         passHostHeader: true
 
-    wordpress-${SERVER_HOSTNAME}:
+    wordpress-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8088"
+          - url: "http://192.168.4.4:8088"
         passHostHeader: true
 
     # Arr Services
 
-    jellyseerr-${SERVER_HOSTNAME}:
+    jellyseerr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:5055"
+          - url: "http://192.168.4.4:5055"
         passHostHeader: true
 
-    prowlarr-${SERVER_HOSTNAME}:
+    prowlarr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:9696"
+          - url: "http://192.168.4.4:9696"
         passHostHeader: true
 
-    radarr-${SERVER_HOSTNAME}:
+    radarr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:7878"
+          - url: "http://192.168.4.4:7878"
         passHostHeader: true
 
-    sonarr-${SERVER_HOSTNAME}:
+    sonarr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8989"
+          - url: "http://192.168.4.4:8989"
         passHostHeader: true
 
-    lidarr-${SERVER_HOSTNAME}:
+    lidarr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8686"
+          - url: "http://192.168.4.4:8686"
         passHostHeader: true
 
-    readarr-${SERVER_HOSTNAME}:
+    readarr-jasper:
       loadbalancer:
         servers:
-          - url: "http://${SERVER_IP}:8787"
+          - url: "http://192.168.4.4:8787"
         passHostHeader: true
 
-    mylar3-${SERVER_HOSTNAME}:
+    mylar3-jasper:
       loadBalancer:
         servers:
-          - url: "http://${SERVER_IP}:8090"
+          - url: "http://192.168.4.4:8090"
         passHostHeader: true
 
 
 
 
-# Remote Server Service Definitions (${REMOTE_SERVER_HOSTNAME})
-    dockge-${REMOTE_SERVER_HOSTNAME}:
+# Remote Server Service Definitions (your-remote-server)
+    dockge-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:5001"
+          - url: "http://your.remote.ip.address:5001"
         passHostHeader: true
 
-    dozzle-${REMOTE_SERVER_HOSTNAME}:
+    dozzle-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:8085"
+          - url: "http://your.remote.ip.address:8085"
         passHostHeader: true
 
-    glances-${REMOTE_SERVER_HOSTNAME}:
+    glances-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:61208"
+          - url: "http://your.remote.ip.address:61208"
         passHostHeader: true
 
-    backrest-${REMOTE_SERVER_HOSTNAME}:
+    backrest-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:9898"
+          - url: "http://your.remote.ip.address:9898"
         passHostHeader: true
 
-    duplicati-${REMOTE_SERVER_HOSTNAME}:
+    duplicati-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:8200"
+          - url: "http://your.remote.ip.address:8200"
         passHostHeader: true
 
-    homepage-${REMOTE_SERVER_HOSTNAME}:
+    homepage-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:3000"
+          - url: "http://your.remote.ip.address:3000"
         passHostHeader: true
 
-    homarr-${REMOTE_SERVER_HOSTNAME}:
+    homarr-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:7575"
+          - url: "http://your.remote.ip.address:7575"
         passHostHeader: true
 
-    grafana-${REMOTE_SERVER_HOSTNAME}:
+    grafana-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:3000"
+          - url: "http://your.remote.ip.address:3000"
         passHostHeader: true
 
-    prometheus-${REMOTE_SERVER_HOSTNAME}:
+    prometheus-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:9090"
+          - url: "http://your.remote.ip.address:9090"
         passHostHeader: true
 
-    uptime-kuma-${REMOTE_SERVER_HOSTNAME}:
+    uptime-kuma-your-remote-server:
       loadbalancer:
         servers:
-          - url: "http://${REMOTE_SERVER_IP}:3001"
+          - url: "http://your.remote.ip.address:3001"
         passHostHeader: true
 
 # Middleware Definitions
diff --git a/docker-compose/core/traefik/dynamic/sablier.yml b/docker-compose/core/traefik/dynamic/sablier.yml
index 8c3908a..2255cb3 100644
--- a/docker-compose/core/traefik/dynamic/sablier.yml
+++ b/docker-compose/core/traefik/dynamic/sablier.yml
@@ -3,16 +3,16 @@ http:
   middlewares:
     authelia:
       forwardauth:
-        address: http://authelia:9091/api/verify?rd=https://auth.${DOMAIN}/
+        address: http://authelia:9091/api/verify?rd=https://auth.kelinreij.duckdns.org/
         authResponseHeaders:
           - X-Secret
         trustForwardHeader: true
 
-    sablier-${SERVER_HOSTNAME}-arr:
+    sablier-jasper-arr:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-arr
+          group: jasper-arr
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -20,11 +20,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-backrest:
+    sablier-jasper-backrest:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-backrest
+          group: jasper-backrest
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -32,11 +32,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-vaultwarden:
+    sablier-jasper-vaultwarden:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-vaultwarden
+          group: jasper-vaultwarden
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -44,11 +44,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-bookstack:
+    sablier-jasper-bookstack:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-bookstack
+          group: jasper-bookstack
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -56,11 +56,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-calibre-web:
+    sablier-jasper-calibre-web:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-calibre-web
+          group: jasper-calibre-web
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -68,11 +68,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-code-server:
+    sablier-jasper-code-server:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-code-server
+          group: jasper-code-server
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -80,11 +80,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-dozzle:
+    sablier-jasper-dozzle:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-dozzle
+          group: jasper-dozzle
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -92,11 +92,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-dokuwiki:
+    sablier-jasper-dokuwiki:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-dokuwiki
+          group: jasper-dokuwiki
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -104,11 +104,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-duplicati:
+    sablier-jasper-duplicati:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-duplicati
+          group: jasper-duplicati
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -116,11 +116,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-assistant:
+    sablier-jasper-assistant:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-assistant
+          group: jasper-assistant
           sessionDuration: 30m
           ignoreUserAgent: curl
           dynamic:
@@ -128,11 +128,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-formio:
+    sablier-jasper-formio:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-formio
+          group: jasper-formio
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -140,11 +140,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-gitea:
+    sablier-jasper-gitea:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-gitea
+          group: jasper-gitea
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -152,11 +152,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-glances:
+    sablier-jasper-glances:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-glances
+          group: jasper-glances
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -164,11 +164,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-homarr:
+    sablier-jasper-homarr:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-homarr
+          group: jasper-homarr
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -176,11 +176,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-jellyfin:
+    sablier-jasper-jellyfin:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-jellyfin
+          group: jasper-jellyfin
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -188,11 +188,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-jupyter:
+    sablier-jasper-jupyter:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-jupyter
+          group: jasper-jupyter
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -200,11 +200,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-komodo:
+    sablier-jasper-komodo:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-komodo
+          group: jasper-komodo
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -212,11 +212,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-kopia:
+    sablier-jasper-kopia:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-kopia
+          group: jasper-kopia
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -224,11 +224,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-mealie:
+    sablier-jasper-mealie:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-mealie
+          group: jasper-mealie
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -236,11 +236,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-mediawiki:
+    sablier-jasper-mediawiki:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-mediawiki
+          group: jasper-mediawiki
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -248,11 +248,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-nextcloud:
+    sablier-jasper-nextcloud:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-nextcloud
+          group: jasper-nextcloud
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -260,11 +260,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-openkm:
+    sablier-jasper-openkm:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-openkm
+          group: jasper-openkm
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -272,11 +272,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-openwebui:
+    sablier-jasper-openwebui:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-openwebui
+          group: jasper-openwebui
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -284,11 +284,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-pulse:
+    sablier-jasper-pulse:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-pulse
+          group: jasper-pulse
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -296,11 +296,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-tdarr:
+    sablier-jasper-tdarr:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-tdarr
+          group: jasper-tdarr
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -308,11 +308,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-unmanic:
+    sablier-jasper-unmanic:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-unmanic
+          group: jasper-unmanic
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -320,11 +320,11 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    sablier-${SERVER_HOSTNAME}-wordpress:
+    sablier-jasper-wordpress:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${SERVER_HOSTNAME}-wordpress
+          group: jasper-wordpress
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
@@ -332,123 +332,123 @@ http:
             theme: ghost
             show-details-by-default: true
 
-    # Remote Server (${REMOTE_SERVER_HOSTNAME}) Sablier Middlewares
-    sablier-${REMOTE_SERVER_HOSTNAME}-dockge:
+    # Remote Server (your-remote-server) Sablier Middlewares
+    sablier-your-remote-server-dockge:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-dockge
+          group: your-remote-server-dockge
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Dockge (${REMOTE_SERVER_HOSTNAME})
+            displayName: Dockge (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-dozzle:
+    sablier-your-remote-server-dozzle:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-dozzle
+          group: your-remote-server-dozzle
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Dozzle (${REMOTE_SERVER_HOSTNAME})
+            displayName: Dozzle (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-glances:
+    sablier-your-remote-server-glances:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-glances
+          group: your-remote-server-glances
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Glances (${REMOTE_SERVER_HOSTNAME})
+            displayName: Glances (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-backrest:
+    sablier-your-remote-server-backrest:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-backrest
+          group: your-remote-server-backrest
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Backrest (${REMOTE_SERVER_HOSTNAME})
+            displayName: Backrest (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-duplicati:
+    sablier-your-remote-server-duplicati:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-duplicati
+          group: your-remote-server-duplicati
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Duplicati (${REMOTE_SERVER_HOSTNAME})
+            displayName: Duplicati (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-homepage:
+    sablier-your-remote-server-homepage:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-homepage
+          group: your-remote-server-homepage
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Homepage (${REMOTE_SERVER_HOSTNAME})
+            displayName: Homepage (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-homarr:
+    sablier-your-remote-server-homarr:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-homarr
+          group: your-remote-server-homarr
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Homarr (${REMOTE_SERVER_HOSTNAME})
+            displayName: Homarr (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-grafana:
+    sablier-your-remote-server-grafana:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-grafana
+          group: your-remote-server-grafana
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Grafana (${REMOTE_SERVER_HOSTNAME})
+            displayName: Grafana (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-prometheus:
+    sablier-your-remote-server-prometheus:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-prometheus
+          group: your-remote-server-prometheus
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Prometheus (${REMOTE_SERVER_HOSTNAME})
+            displayName: Prometheus (your-remote-server)
             theme: ghost
             show-details-by-default: true
 
-    sablier-${REMOTE_SERVER_HOSTNAME}-uptime-kuma:
+    sablier-your-remote-server-uptime-kuma:
       plugin:
         sablier:
           sablierUrl: http://sablier-service:10000
-          group: ${REMOTE_SERVER_HOSTNAME}-uptime-kuma
+          group: your-remote-server-uptime-kuma
           sessionDuration: 5m
           ignoreUserAgent: curl
           dynamic:
-            displayName: Uptime Kuma (${REMOTE_SERVER_HOSTNAME})
+            displayName: Uptime Kuma (your-remote-server)
             theme: ghost
             show-details-by-default: true
diff --git a/docker-compose/core/traefik/traefik.yml b/docker-compose/core/traefik/traefik.yml
index 1dc73a0..a7aa1c6 100644
--- a/docker-compose/core/traefik/traefik.yml
+++ b/docker-compose/core/traefik/traefik.yml
@@ -27,7 +27,7 @@ entryPoints:
 certificatesResolvers:
   letsencrypt:
     acme:
-      email: ${ACME_EMAIL}  # Your email for Let's Encrypt notifications
+      email: kelinshomelab@gmail.com  # Your email for Let's Encrypt notifications
       caServer: https://acme-v02.api.letsencrypt.org/directory  # Use staging for testing
       storage: /letsencrypt/acme.json
       # DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)
diff --git a/scripts/common.sh b/scripts/common.sh
index 68271d0..b91f989 100644
--- a/scripts/common.sh
+++ b/scripts/common.sh
@@ -154,7 +154,7 @@ localize_users_database_file() {
     # Resolve nested variables first
     local resolved_user="${AUTHELIA_ADMIN_USER}"
     local resolved_email=$(eval echo "${AUTHELIA_ADMIN_EMAIL}")
-    local resolved_password="${AUTHELIA_ADMIN_PASSWORD_HASH}"
+    local resolved_password="${AUTHELIA_ADMIN_PASSWORD_HASH}"  # Don't eval - password hash contains $ that would be interpreted
 
     # Escape $ in password hash for sed
     local escaped_password=$(printf '%s\n' "$resolved_password" | sed 's/\$/\\$/g')