diff --git a/README.md b/README.md
index 9e582d6..3f9cc41 100644
--- a/README.md
+++ b/README.md
@@ -252,8 +252,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
 
 <!-- readme: contributors -start -->
 <table>
- <tbody>
-  <tr>
+	<tbody>
+		<tr>
             <td align="center">
                 <a href="https://github.com/crypt0rr">
                     <img src="https://avatars.githubusercontent.com/u/57799908?v=4" width="100;" alt="crypt0rr"/>
@@ -282,13 +282,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>michaelhodges</b></sub>
                 </a>
             </td>
-            <td align="center">
-                <a href="https://github.com/LaijieJi">
-                    <img src="https://avatars.githubusercontent.com/u/108839952?v=4" width="100;" alt="LaijieJi"/>
-                    <br />
-                    <sub><b>LaijieJi</b></sub>
-                </a>
-            </td>
             <td align="center">
                 <a href="https://github.com/adamsthws">
                     <img src="https://avatars.githubusercontent.com/u/52178922?v=4" width="100;" alt="adamsthws"/>
@@ -296,8 +289,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>adamsthws</b></sub>
                 </a>
             </td>
-  </tr>
-  <tr>
             <td align="center">
                 <a href="https://github.com/theryukverse">
                     <img src="https://avatars.githubusercontent.com/u/22323518?v=4" width="100;" alt="theryukverse"/>
@@ -305,6 +296,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>theryukverse</b></sub>
                 </a>
             </td>
+		</tr>
+		<tr>
             <td align="center">
                 <a href="https://github.com/KhaaL">
                     <img src="https://avatars.githubusercontent.com/u/692524?v=4" width="100;" alt="KhaaL"/>
@@ -320,10 +313,17 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                 </a>
             </td>
             <td align="center">
-                <a href="https://github.com/jpmurray">
-                    <img src="https://avatars.githubusercontent.com/u/1550428?v=4" width="100;" alt="jpmurray"/>
+                <a href="https://github.com/onlykshitij">
+                    <img src="https://avatars.githubusercontent.com/u/30444410?v=4" width="100;" alt="onlykshitij"/>
                     <br />
-                    <sub><b>jpmurray</b></sub>
+                    <sub><b>onlykshitij</b></sub>
+                </a>
+            </td>
+            <td align="center">
+                <a href="https://github.com/LaijieJi">
+                    <img src="https://avatars.githubusercontent.com/u/108839952?v=4" width="100;" alt="LaijieJi"/>
+                    <br />
+                    <sub><b>LaijieJi</b></sub>
                 </a>
             </td>
             <td align="center">
@@ -340,8 +340,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>mikkotor</b></sub>
                 </a>
             </td>
-  </tr>
-  <tr>
+		</tr>
+		<tr>
             <td align="center">
                 <a href="https://github.com/NI-R0">
                     <img src="https://avatars.githubusercontent.com/u/98448863?v=4" width="100;" alt="NI-R0"/>
@@ -384,8 +384,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>pjv</b></sub>
                 </a>
             </td>
-  </tr>
-  <tr>
+		</tr>
+		<tr>
             <td align="center">
                 <a href="https://github.com/wedge22">
                     <img src="https://avatars.githubusercontent.com/u/34723349?v=4" width="100;" alt="wedge22"/>
@@ -393,6 +393,13 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>wedge22</b></sub>
                 </a>
             </td>
+            <td align="center">
+                <a href="https://github.com/jpmurray">
+                    <img src="https://avatars.githubusercontent.com/u/1550428?v=4" width="100;" alt="jpmurray"/>
+                    <br />
+                    <sub><b>jpmurray</b></sub>
+                </a>
+            </td>
             <td align="center">
                 <a href="https://github.com/Jacob-JA-Shanks">
                     <img src="https://avatars.githubusercontent.com/u/44290899?v=4" width="100;" alt="Jacob-JA-Shanks"/>
@@ -421,6 +428,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>dfilvtov</b></sub>
                 </a>
             </td>
+		</tr>
+		<tr>
             <td align="center">
                 <a href="https://github.com/cdkooistra">
                     <img src="https://avatars.githubusercontent.com/u/70811244?v=4" width="100;" alt="cdkooistra"/>
@@ -428,8 +437,6 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>cdkooistra</b></sub>
                 </a>
             </td>
-  </tr>
-  <tr>
             <td align="center">
                 <a href="https://github.com/Aurorainic">
                     <img src="https://avatars.githubusercontent.com/u/88829187?v=4" width="100;" alt="Aurorainic"/>
@@ -458,8 +465,8 @@ A huge thank you to all our contributors! ScaleTail wouldn’t be what it is tod
                     <sub><b>orchard0</b></sub>
                 </a>
             </td>
-  </tr>
- <tbody>
+		</tr>
+	<tbody>
 </table>
 <!-- readme: contributors -end -->
 
diff --git a/services/actual-budget/.env b/services/actual-budget/.env
index 8707710..230206c 100644
--- a/services/actual-budget/.env
+++ b/services/actual-budget/.env
@@ -20,3 +20,12 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# Uncomment any of the lines below to set configuration options.
+#ACTUAL_HTTPS_KEY=/data/selfhost.key
+#ACTUAL_HTTPS_CERT=/data/selfhost.crt
+ACTUAL_PORT=5006
+ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
+ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
+ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
+# See all options and more details at https://actualbudget.org/docs/config/
diff --git a/services/actual-budget/compose.yaml b/services/actual-budget/compose.yaml
index 72bd66a..f501764 100644
--- a/services/actual-budget/compose.yaml
+++ b/services/actual-budget/compose.yaml
@@ -56,15 +56,12 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      # Uncomment any of the lines below to set configuration options.
-      # - ACTUAL_HTTPS_KEY=/data/selfhost.key
-      # - ACTUAL_HTTPS_CERT=/data/selfhost.crt
-      # - ACTUAL_PORT=5006
-      # - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20
-      # - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50
-      # - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20
-      # See all options and more details at https://actualbudget.org/docs/config/
-      # !! If you are not using any of these options, remove the 'environment:' tag entirely.
+      - ACTUAL_HTTPS_KEY=${ACTUAL_HTTPS_KEY}
+      - ACTUAL_HTTPS_CERT=${ACTUAL_HTTPS_CERT}
+      - ACTUAL_PORT=${ACTUAL_PORT}
+      - ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=${ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB}
+      - ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=${ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB}
+      - ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=${ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB}
     volumes:
       - ./${SERVICE}-data:/data
     depends_on:
diff --git a/services/adguardhome-sync/.env b/services/adguardhome-sync/.env
index c03156f..392843f 100644
--- a/services/adguardhome-sync/.env
+++ b/services/adguardhome-sync/.env
@@ -20,3 +20,27 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# Origin AdGuardHome
+ORIGIN_URL=http://192.168.1.1:3000 #Your origin Adguard Home instance -> change as necessary
+ORIGIN_USERNAME=username #change as necessary
+ORIGIN_PASSWORD=password #change as necessary
+
+# First replication target
+REPLICA1_URL=http://192.168.1.2 #Your destination Adguard Home instance change as necessary
+REPLICA1_USERNAME=dbtech #change as necessary
+REPLICA1_PASSWORD=password #change as necessary
+
+# Second replication target (optional)
+#REPLICA2_URL=http://192.168.1.3 #change as necessary
+#REPLICA2_USERNAME=username #change as necessary
+#REPLICA2_PASSWORD=password #change as necessary
+
+# Third replication target (optional)
+#REPLICA3_URL=http://192.168.1.4 #change as necessary
+#REPLICA3_USERNAME=username #change as necessary
+#REPLICA3_PASSWORD=password #change as necessary
+
+# Options
+CRON=*/1 * * * * # run every 1 minute
+RUN_ON_START=true
diff --git a/services/adguardhome-sync/compose.yaml b/services/adguardhome-sync/compose.yaml
index 0ef1f9b..58a7f49 100644
--- a/services/adguardhome-sync/compose.yaml
+++ b/services/adguardhome-sync/compose.yaml
@@ -43,29 +43,20 @@ services:
     command: run
     environment:
       - TZ=${TZ}
-      # Origin AdGuardHome
-      - ORIGIN_URL=http://192.168.1.1:3000 #Your origin Adguard Home instance -> change as necessary
-      - ORIGIN_USERNAME=username #change as necessary
-      - ORIGIN_PASSWORD=password #change as necessary
-
-      # First replication target
-      - REPLICA1_URL=http://192.168.1.2 #Your destination Adguard Home instance change as necessary
-      - REPLICA1_USERNAME=dbtech #change as necessary
-      - REPLICA1_PASSWORD=password #change as necessary
-
-      # Second replication target (optional)
-      #- REPLICA2_URL=http://192.168.1.3 #change as necessary
-      #- REPLICA2_USERNAME=username #change as necessary
-      #- REPLICA2_PASSWORD=password #change as necessary
-
-      # Third replication target (optional)
-      #- REPLICA3_URL=http://192.168.1.4 #change as necessary
-      #- REPLICA3_USERNAME=username #change as necessary
-      #- REPLICA3_PASSWORD=password #change as necessary
-
-      # Options
-      - CRON=*/1 * * * * # run every 1 minute
-      - RUN_ON_START=true
+      - ORIGIN_URL=${ORIGIN_URL}
+      - ORIGIN_USERNAME=${ORIGIN_USERNAME}
+      - ORIGIN_PASSWORD=${ORIGIN_PASSWORD}
+      - REPLICA1_URL=${REPLICA1_URL}
+      - REPLICA1_USERNAME=${REPLICA1_USERNAME}
+      - REPLICA1_PASSWORD=${REPLICA1_PASSWORD}
+      - REPLICA2_URL=${REPLICA2_URL}
+      - REPLICA2_USERNAME=${REPLICA2_USERNAME}
+      - REPLICA2_PASSWORD=${REPLICA2_PASSWORD}
+      - REPLICA3_URL=${REPLICA3_URL}
+      - REPLICA3_USERNAME=${REPLICA3_USERNAME}
+      - REPLICA3_PASSWORD=${REPLICA3_PASSWORD}
+      - CRON=${CRON}
+      - RUN_ON_START=${RUN_ON_START}
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/affine/.env b/services/affine/.env
index 6e65bb1..0409ff7 100644
--- a/services/affine/.env
+++ b/services/affine/.env
@@ -28,6 +28,6 @@ AFFINE_REVISION=stable
 AFFINE_SERVER_EXTERNAL_URL=https://affine.<YOUR_TS_DOMAIN>.ts.net
 
 # database credentials
-DB_USERNAME=affine
-DB_PASSWORD=affine
-DB_DATABASE=affine
\ No newline at end of file
+POSTGRES_USER=affine
+POSTGRES_PASSWORD=affine
+DB_DATABASE=affine
diff --git a/services/affine/compose.yml b/services/affine/compose.yml
index e8f4a4d..1ee917e 100644
--- a/services/affine/compose.yml
+++ b/services/affine/compose.yml
@@ -61,14 +61,14 @@ services:
         condition: service_completed_successfully
     volumes:
       # custom configurations
-      - ./${SERVICE}-storage:/root/.affine/storage
-      - ./${SERVICE}-config:/root/.affine/config
+      - ./${SERVICE}-data/storage:/root/.affine/storage
+      - ./${SERVICE}-data/config:/root/.affine/config
     env_file:
       - .env
     environment:
       # Varibles are delared in .env file.
       - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${postgres:-affine}
+      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${postgres:-affine}
       - AFFINE_INDEXER_ENABLED=false
       #- EXAMPLE_VAR=${EXAMPLE_VAR}
     restart: always
@@ -78,15 +78,15 @@ services:
     container_name: affine_migration_job # Name for local container management
     volumes:
       # custom configurations
-      - ./${SERVICE}-storage:/root/.affine/storage
-      - ./${SERVICE}-config:/root/.affine/config
+      - ./${SERVICE}-data/storage:/root/.affine/storage
+      - ./${SERVICE}-data/config:/root/.affine/config
     command: [ 'sh', '-c', 'node ./scripts/self-host-predeploy.js' ]
     env_file:
       - .env
     environment:
       # Varibles are delared in .env file.
       - REDIS_SERVER_HOST=redis
-      - DATABASE_URL=postgresql://${DB_USERNAME}:${DB_PASSWORD}@postgres:5432/${postgres:-affine}
+      - DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${postgres:-affine}
       - AFFINE_INDEXER_ENABLED=false
       #- EXAMPLE_VAR=${EXAMPLE_VAR}
     depends_on:
@@ -109,16 +109,16 @@ services:
     image: pgvector/pgvector:pg16 # Image to be used
     container_name: affine_postgres # Name for local container management
     volumes:
-      - ./postgres:/var/lib/postgresql/data
+      - ./${SERVICE}-data/postgres:/var/lib/postgresql/data
     environment:
       # Varibles are delared in .env file.
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_DB: ${postgres:-affine}
-      POSTGRES_INITDB_ARGS: '--data-checksums'
+     - POSTGRES_USER=${POSTGRES_USER}
+     - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+     - POSTGRES_DB=${postgres:-affine}
+     - POSTGRES_INITDB_ARGS='--data-checksums'
       # you better set a password for you database
       # or you may add 'POSTGRES_HOST_AUTH_METHOD=trust' to ignore postgres security policy
-      POSTGRES_HOST_AUTH_METHOD: trust
+     - POSTGRES_HOST_AUTH_METHOD=trust
       #- EXAMPLE_VAR=${EXAMPLE_VAR}
     healthcheck:
       test: [ 'CMD', 'pg_isready', '-U', "${DB_USERNAME}", '-d', "${postgres:-affine}" ] # Check if postgres process is running
diff --git a/services/arcane/.env b/services/arcane/.env
index 89794c0..7b3dcae 100644
--- a/services/arcane/.env
+++ b/services/arcane/.env
@@ -20,3 +20,11 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 TAILNET_NAME= # for example: tail-scale
 
 #EXAMPLE_VAR="Environment varibale"
+
+#ENCRYPTION_KEY must be 32 bytes (raw/base64/hex). Use 'openssl rand -base64 32' in your CLI to generate a secure random key.
+ENCRYPTION_KEY=verysecretkeythatshouldbereplaced
+#JWT_SECRET should be a secure random string. Use 'openssl rand -base64 32' in your CLI to generate another secure random key.
+JWT_SECRET=verysecretkeythatshouldbereplaced
+LOG_LEVEL=info # Optional
+LOG_JSON=false # Optional
+OIDC_ENABLED=false # Optional
diff --git a/services/arcane/compose.yaml b/services/arcane/compose.yaml
index 70808e8..c587233 100644
--- a/services/arcane/compose.yaml
+++ b/services/arcane/compose.yaml
@@ -56,15 +56,15 @@ services:
       - APP_URL=https://arcane.${TAILNET_NAME}.ts.net
       - PUID=1000
       - PGID=1000
-      - ENCRYPTION_KEY=verysecretkeythatshouldbereplaced # ENCRYPTION_KEY must be 32 bytes (raw/base64/hex). Use 'openssl rand -base64 32' in your CLI to generate a secure random key.
-      - JWT_SECRET=verysecretkeythatshouldbereplaced # JWT_SECRET should be a secure random string. Use 'openssl rand -base64 32' in your CLI to generate another secure random key.
-      - LOG_LEVEL=info # Optional
-      - LOG_JSON=false # Optional
-      - OIDC_ENABLED=false # Optional
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY}
+      - JWT_SECRET=${JWT_SECRET}
+      - LOG_LEVEL=${LOG_LEVEL}
+      - LOG_JSON=${LOG_JSON}
+      - OIDC_ENABLED=${OIDC_ENABLED}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./${SERVICE}-data:/app/data
-      - ./opt/dockerdata:/app/data/projects # Optional volume for an existing Docker Compose directory.
+      - ./${SERVICE}-data/opt/dockerdata:/app/data/projects # Optional volume for an existing Docker Compose directory.
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/beszel-agent/.env b/services/beszel-agent/.env
index 4d2a035..ac574db 100644
--- a/services/beszel-agent/.env
+++ b/services/beszel-agent/.env
@@ -20,3 +20,7 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+PORT=45876
+KEY: "ssh-ed25519 <ADD-YOUR-beszel-agent-KEY-HERE>"
+
diff --git a/services/beszel-agent/compose.yaml b/services/beszel-agent/compose.yaml
index d6292f5..356e2b0 100644
--- a/services/beszel-agent/compose.yaml
+++ b/services/beszel-agent/compose.yaml
@@ -39,8 +39,8 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      PORT: 45876
-      KEY: "ssh-ed25519 <ADD-YOUR-beszel-agent-KEY-HERE>"
+      - PORT=${PORT}
+      - KEY=${KEY}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro # Read-only access to the docker.sock
     depends_on:
diff --git a/services/booklore/.env b/services/booklore/.env
index eba934a..b7cb2bb 100644
--- a/services/booklore/.env
+++ b/services/booklore/.env
@@ -16,6 +16,8 @@ TS_AUTHKEY= # Add your TS authkey
 # Time Zone setting for containers 
 TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 
+#EXAMPLE_VAR="Environment varibale"
+
 # Optional Service variables
 
 # MariaDB Credentials
@@ -23,8 +25,3 @@ MYSQL_ROOT_PASSWORD= # Use a strong password for the databases root user, should
 MYSQL_DATABASE=booklore
 MYSQL_USER=booklore
 MYSQL_PASSWORD= # Use a strong password; must match DATABASE_PASSWORD defined in the booklore container
-      
-# To set a timezone, uncomment the next line and change Etc/UTC to a TZ identifier from this list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
-TZ=Europe/Paris
-
-#EXAMPLE_VAR="Environment varibale"
diff --git a/services/booklore/compose.yaml b/services/booklore/compose.yaml
index 96fc5c6..45aed56 100644
--- a/services/booklore/compose.yaml
+++ b/services/booklore/compose.yaml
@@ -69,20 +69,20 @@ services:
         condition: service_healthy    
       tailscale:
         condition: service_healthy
-    restart: unless-stopped
+    restart: always
   mariadb:
     image: lscr.io/linuxserver/mariadb:11.4.5
     container_name: mariadb
     environment:
       - PUID=1000
       - PGID=1000
-      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}   # Use a strong password for the database's root user, should be different from MYSQL_PASSWORD
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
       - MYSQL_DATABASE=${MYSQL_DATABASE}
-      - MYSQL_USER=${MYSQL_USER}                        # Must match DATABASE_USERNAME defined in the booklore container
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}        # Use a strong password; must match DATABASE_PASSWORD defined in the booklore container
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
     volumes:
-      - ./mariadb_config:/config
-    restart: unless-stopped
+      - ./${SERVICE}-data/mariadb_config:/config
+    restart: always
     healthcheck:
       test: ["CMD", "mariadb-admin", "ping", "-h", "localhost"]
       interval: 5s
diff --git a/services/caddy/compose.yaml b/services/caddy/compose.yaml
index 4cc9025..b137e8b 100644
--- a/services/caddy/compose.yaml
+++ b/services/caddy/compose.yaml
@@ -46,11 +46,11 @@ services:
       - PGID=1000
       - TZ=${TZ}
     volumes:
-      - $PWD/Caddyfile:/etc/caddy/Caddyfile
-      - $PWD/site:/srv
-      - $PWD/caddy_data:/data
-      - $PWD/caddy_config:/config
-      - $PWD/tailscale/tmp/tailscaled.sock:/var/run/tailscale/tailscaled.sock # mount the socket at the right place. Comment out if not required.
+      - ./${SERVICE}-data/Caddyfile:/etc/caddy/Caddyfile
+      - ./${SERVICE}-data/site:/srv
+      - ./${SERVICE}-data/caddy_data:/data
+      - ./${SERVICE}-data/caddy_config:/config
+      - ./${SERVICE}-data/tailscale/tmp/tailscaled.sock:/var/run/tailscale/tailscaled.sock # mount the socket at the right place. Comment out if not required.
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/clipcascade/.env b/services/clipcascade/.env
index 939bec9..5614e3f 100644
--- a/services/clipcascade/.env
+++ b/services/clipcascade/.env
@@ -20,3 +20,9 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# To learn more about environment variables, check the Advanced Details section in the GitHub README.
+CC_MAX_MESSAGE_SIZE_IN_MiB=1
+CC_ALLOWED_ORIGINS=https://clipcascade.example.com
+CC_SERVER_DB_PASSWORD=QjuGlhE3uwylBBANMkX1 o2MdEoFgbU5XkFvTftky
+CC_SERVER_LOGGING_LEVEL=DEBUG
diff --git a/services/clipcascade/compose.yaml b/services/clipcascade/compose.yaml
index eb1c884..2438b8a 100644
--- a/services/clipcascade/compose.yaml
+++ b/services/clipcascade/compose.yaml
@@ -53,11 +53,10 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      # To learn more about environment variables, check the Advanced Details section in the GitHub README.
-      - CC_MAX_MESSAGE_SIZE_IN_MiB=1
-      # - CC_ALLOWED_ORIGINS=https://clipcascade.example.com
-      # - CC_SERVER_DB_PASSWORD=QjuGlhE3uwylBBANMkX1 o2MdEoFgbU5XkFvTftky
-      # - CC_SERVER_LOGGING_LEVEL=DEBUG
+      - CC_MAX_MESSAGE_SIZE_IN_MiB=${CC_MAX_MESSAGE_SIZE_IN_MiB}
+      - CC_ALLOWED_ORIGINS=${CC_ALLOWED_ORIGINS}
+      - CC_SERVER_DB_PASSWORD=${CC_SERVER_DB_PASSWORD}
+      - CC_SERVER_LOGGING_LEVEL=${CC_SERVER_LOGGING_LEVEL}
       - TZ=${TZ}
     volumes:
       - ./${SERVICE}-data/cc_users:/database
diff --git a/services/coder/.env b/services/coder/.env
index 7584c56..a48030c 100644
--- a/services/coder/.env
+++ b/services/coder/.env
@@ -18,11 +18,11 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 
 # Optional Service variables
 # PUID=1000
-
+YOUR-TAILSCALE-DOMAIN=
 CODER_VERSION=latest
-POSTGRES_USER=username
-POSTGRES_PASSWORD=strongpassword
-POSTGRES_DB=coder
-CODER_ACCESS_URL=https://coder.<YOUR-TAILSCALE-DOMAIN>.ts.net
-
+POSTGRES_USER=username  # The PostgreSQL user (useful to connect to the database)
+POSTGRES_PASSWORD=strongpassword  # The PostgreSQL password (useful to connect to the database)
+POSTGRES_DB=coder  # The PostgreSQL default database (automatically created at first launch)
+CODER_ACCESS_URL=https://${SERVICE}.${YOUR-TAILSCALE-DOMAIN}.ts.net
+CODER_HTTP_ADDRESS="0.0.0.0:7080"
 #EXAMPLE_VAR="Environment varibale"
diff --git a/services/coder/compose.yaml b/services/coder/compose.yaml
index 06b2998..30e5920 100644
--- a/services/coder/compose.yaml
+++ b/services/coder/compose.yaml
@@ -53,9 +53,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      CODER_PG_CONNECTION_URL: "postgresql://${POSTGRES_USER:-username}:${POSTGRES_PASSWORD:-password}@localhost/${POSTGRES_DB:-coder}?sslmode=disable"
-      CODER_HTTP_ADDRESS: "0.0.0.0:7080"
-      CODER_ACCESS_URL: "${CODER_ACCESS_URL}"
+      - CODER_PG_CONNECTION_URL="postgresql://${POSTGRES_USER:-username}:${POSTGRES_PASSWORD:-password}@localhost/${POSTGRES_DB:-coder}?sslmode=disable"
+      - CODER_HTTP_ADDRESS=${CODER_HTTP_ADDRESS}
+      - CODER_ACCESS_URL=${CODER_ACCESS_URL}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./${SERVICE}-data/coder-home:/home/coder
@@ -79,9 +79,9 @@ services:
     # More versions here: https://hub.docker.com/_/postgres
     image: "postgres:17"
     environment:
-      POSTGRES_USER: ${POSTGRES_USER:-username} # The PostgreSQL user (useful to connect to the database)
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password} # The PostgreSQL password (useful to connect to the database)
-      POSTGRES_DB: ${POSTGRES_DB:-coder} # The PostgreSQL default database (automatically created at first launch)
+      - POSTGRES_USER=${POSTGRES_USER:-username}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-password}
+      - POSTGRES_DB=${POSTGRES_DB:-coder}
     volumes:
       - ./${SERVICE}-data/coder-data:/var/lib/postgresql/data # Use "docker volume rm coder_coder_data" to reset Coder
     healthcheck:
diff --git a/services/configarr/compose.yaml b/services/configarr/compose.yaml
index a599c81..f5ba31b 100644
--- a/services/configarr/compose.yaml
+++ b/services/configarr/compose.yaml
@@ -42,7 +42,7 @@ services:
       - TZ=${TZ}
     volumes:
       - ./${SERVICE}-data/config:/app/config
-      - ${PWD}/${SERVICE}-data/dockerrepos:/app/repos
+      - ./${SERVICE}-data/dockerrepos:/app/repos
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/convertx/.env b/services/convertx/.env
index fd865a2..aa93ce7 100644
--- a/services/convertx/.env
+++ b/services/convertx/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# will use randomUUID() if unset
+JWT_SECRET=aLongAndSecretStringUsedToSignTheJSONWebToken1234
diff --git a/services/convertx/compose.yaml b/services/convertx/compose.yaml
index c77c330..13b1729 100644
--- a/services/convertx/compose.yaml
+++ b/services/convertx/compose.yaml
@@ -53,7 +53,7 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - JWT_SECRET=aLongAndSecretStringUsedToSignTheJSONWebToken1234 # will use randomUUID() if unset
+      - JWT_SECRET=${JWT_SECRET}
     volumes:
       - ./${SERVICE}-data:/app/data
     depends_on:
diff --git a/services/copyparty/.env b/services/copyparty/.env
index 62c2472..2fd5f6d 100644
--- a/services/copyparty/.env
+++ b/services/copyparty/.env
@@ -20,3 +20,7 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+LD_PRELOAD=/usr/lib/libmimalloc-secure.so.NOPE
+# Make sure to adjust to the location you want
+FILE_SHARE=/path/to/your/fileshare/top/folder:/w:z
diff --git a/services/copyparty/compose.yaml b/services/copyparty/compose.yaml
index 14dc310..9aac5e1 100644
--- a/services/copyparty/compose.yaml
+++ b/services/copyparty/compose.yaml
@@ -71,15 +71,14 @@ services:
       - source: copyparty-config
         target: /cfg/copyparty.conf
     volumes:
-      - ./config:/cfg:z
-      - /path/to/your/fileshare/top/folder:/w:z # Make sure to adjust to the location you want
+      - ./${SERVICE}-data/config:/cfg:z
+      - ${FILE_SHARE}
     depends_on:
       tailscale:
         condition: service_healthy
-
     # enabling mimalloc by replacing "NOPE" with "2" will make some stuff twice as fast, but everything will use twice as much ram:
     environment:
-      LD_PRELOAD: /usr/lib/libmimalloc-secure.so.NOPE
+      - LD_PRELOAD=${LD_PRELOAD}
     stop_grace_period: 15s  # thumbnailer is allowed to continue finishing up for 10s after the shutdown signal
     healthcheck:
       # hide it from logs with "/._" so it matches the default --lf-url filter 
diff --git a/services/ddns-updater/.env b/services/ddns-updater/.env
index 938195e..ed3f40b 100644
--- a/services/ddns-updater/.env
+++ b/services/ddns-updater/.env
@@ -20,3 +20,23 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+CONFIG=
+PERIOD=5m
+UPDATE_COOLDOWN_PERIOD=5m
+PUBLICIP_FETCHERS=all
+PUBLICIP_HTTP_PROVIDERS=all
+PUBLICIPV4_HTTP_PROVIDERS=all
+PUBLICIPV6_HTTP_PROVIDERS=all
+PUBLICIP_DNS_PROVIDERS=all
+PUBLICIP_DNS_TIMEOUT=3s
+HTTP_TIMEOUT=10s
+# Web UI
+LISTENING_ADDRESS=:8000
+ROOT_URL=/
+# Backup
+BACKUP_PERIOD=0 # 0 to disable
+BACKUP_DIRECTORY=/updater/data
+LOG_LEVEL=info
+LOG_CALLER=hidden
+#SHOUTRRR_ADDRESSES=
diff --git a/services/ddns-updater/compose.yaml b/services/ddns-updater/compose.yaml
index 62c88d8..ae57ca9 100644
--- a/services/ddns-updater/compose.yaml
+++ b/services/ddns-updater/compose.yaml
@@ -54,28 +54,22 @@ services:
     container_name: app-${SERVICE} # Name for local container management
     environment:
       - TZ=${TZ}
-      - CONFIG=
-      - PERIOD=5m
-      - UPDATE_COOLDOWN_PERIOD=5m
-      - PUBLICIP_FETCHERS=all
-      - PUBLICIP_HTTP_PROVIDERS=all
-      - PUBLICIPV4_HTTP_PROVIDERS=all
-      - PUBLICIPV6_HTTP_PROVIDERS=all
-      - PUBLICIP_DNS_PROVIDERS=all
-      - PUBLICIP_DNS_TIMEOUT=3s
-      - HTTP_TIMEOUT=10s
-
-      # Web UI
-      - LISTENING_ADDRESS=:8000
-      - ROOT_URL=/
-
-      # Backup
-      - BACKUP_PERIOD=0 # 0 to disable
-      - BACKUP_DIRECTORY=/updater/data
-
-      # Other
-      - LOG_LEVEL=info
-      - LOG_CALLER=hidden
+      - CONFIG=${CONFIG}
+      - PERIOD=${PERIOD}
+      - UPDATE_COOLDOWN_PERIOD=${UPDATE_COOLDOWN_PERIOD}
+      - PUBLICIP_FETCHERS=${PUBLICIP_FETCHERS}
+      - PUBLICIP_HTTP_PROVIDERS=${PUBLICIP_HTTP_PROVIDERS}
+      - PUBLICIPV4_HTTP_PROVIDERS=${PUBLICIPV4_HTTP_PROVIDERS}
+      - PUBLICIPV6_HTTP_PROVIDERS=${PUBLICIPV6_HTTP_PROVIDERS}
+      - PUBLICIP_DNS_PROVIDERS=${PUBLICIP_DNS_PROVIDERS}
+      - PUBLICIP_DNS_TIMEOUT=${PUBLICIP_DNS_TIMEOUT}
+      - HTTP_TIMEOUT=${HTTP_TIMEOUT}
+      - LISTENING_ADDRESS=${LISTENING_ADDRESS}
+      - ROOT_URL=${ROOT_URL}
+      - BACKUP_PERIOD=${BACKUP_PERIOD}
+      - BACKUP_DIRECTORY=${BACKUP_DIRECTORY}
+      - LOG_LEVEL=${LOG_LEVEL}
+      - LOG_CALLER=${LOG_CALLER}
       #- SHOUTRRR_ADDRESSES=
     volumes:
       - ./${SERVICE}-data/data:/updater/data
diff --git a/services/dockhand/compose.yaml b/services/dockhand/compose.yaml
index 2b4e978..b701b6f 100644
--- a/services/dockhand/compose.yaml
+++ b/services/dockhand/compose.yaml
@@ -56,7 +56,7 @@ services:
       - HOST_DATA_DIR=/app/data
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./dockhand-data:/app/data # Data directory for Dockhand - you may need to change the path
+      - ./${SERVICE}-data/dockhand-data:/app/data # Data directory for Dockhand - you may need to change the path
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/docmost/.env b/services/docmost/.env
index 10dfbdf..77ad451 100644
--- a/services/docmost/.env
+++ b/services/docmost/.env
@@ -20,3 +20,10 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+APP_URL='http://localhost:3000'
+APP_SECRET='REPLACE_WITH_LONG_SECRET' # Please replace with a long secret
+REDIS_URL='redis://localhost:6379'
+POSTGRES_DB=docmost
+POSTGRES_USER=docmost
+POSTGRES_PASSWORD=STRONG_PASSWORD
diff --git a/services/docmost/compose.yaml b/services/docmost/compose.yaml
index 36359f3..2baff00 100644
--- a/services/docmost/compose.yaml
+++ b/services/docmost/compose.yaml
@@ -53,10 +53,10 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      APP_URL: 'http://localhost:3000'
-      APP_SECRET: 'REPLACE_WITH_LONG_SECRET' # Please replace with a long secret
-      DATABASE_URL: 'postgresql://docmost:STRONG_DB_PASSWORD@localhost:5432/docmost?schema=public'
-      REDIS_URL: 'redis://localhost:6379'
+      - APP_URL=${APP_URL}
+      - APP_SECRET=${APP_SECRET}
+      - DATABASE_URL='postgresql://docmost:${POSTGRES_PASSWORD}@localhost:5432/docmost?schema=public'
+      - REDIS_URL=${REDIS_URL}
     volumes:
       - ./${SERVICE}-data/docmost:/app/data/storage
     depends_on:
@@ -79,9 +79,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE}-database # Name for local container management
     environment:
-      POSTGRES_DB: docmost
-      POSTGRES_USER: docmost
-      POSTGRES_PASSWORD: STRONG_DB_PASSWORD
+      - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_USER=${POSTGRES_USER)
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
     restart: always
     volumes:
       - ./${SERVICE}-data/db-data:/var/lib/postgresql/data
diff --git a/services/eigenfocus/.env b/services/eigenfocus/.env
index 64a5045..63678d3 100644
--- a/services/eigenfocus/.env
+++ b/services/eigenfocus/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+ DEFAULT_HOST_URL=http://127.0.0.1:3000
diff --git a/services/eigenfocus/compose.yaml b/services/eigenfocus/compose.yaml
index bb0886d..7450747 100644
--- a/services/eigenfocus/compose.yaml
+++ b/services/eigenfocus/compose.yaml
@@ -56,7 +56,7 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      - DEFAULT_HOST_URL=http://127.0.0.1:3000
+      - DEFAULT_HOST_URL=${DEFAULT_HOST_URL}
     volumes:
       - ./${SERVICE}-data:/eigenfocus-app/app-data
     depends_on:
diff --git a/services/excalidraw/.env b/services/excalidraw/.env
index 8ee7ade..655a203 100644
--- a/services/excalidraw/.env
+++ b/services/excalidraw/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+NODE_ENV=production
diff --git a/services/excalidraw/compose.yaml b/services/excalidraw/compose.yaml
index e8a3fb3..ae56f8b 100644
--- a/services/excalidraw/compose.yaml
+++ b/services/excalidraw/compose.yaml
@@ -53,7 +53,7 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - NODE_ENV=production
+      - NODE_ENV=${NODE_ENV}
       - TZ=${TZ}
     stdin_open: true
     volumes:
diff --git a/services/flaresolverr/.env b/services/flaresolverr/.env
index 3ec266d..a77d1d2 100644
--- a/services/flaresolverr/.env
+++ b/services/flaresolverr/.env
@@ -20,3 +20,8 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+LOG_LEVEL=info
+LOG_FILE=none
+LOG_HTML=false
+CAPTCHA_SOLVER=none
diff --git a/services/flaresolverr/compose.yaml b/services/flaresolverr/compose.yaml
index 2ee7d57..c7c3290 100644
--- a/services/flaresolverr/compose.yaml
+++ b/services/flaresolverr/compose.yaml
@@ -53,9 +53,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE}-server # Name for local container management
     environment:
-      - LOG_LEVEL=${LOG_LEVEL:-info}
-      - LOG_FILE=${LOG_FILE:-none}
-      - LOG_HTML=${LOG_HTML:-false}
-      - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
+      - LOG_LEVEL=${LOG_LEVEL}
+      - LOG_FILE=${LOG_FILE}
+      - LOG_HTML=${LOG_HTML}
+      - CAPTCHA_SOLVER=${CAPTCHA_SOLVER}
       - TZ=${TZ}
-    restart: unless-stopped
+    restart: always
diff --git a/services/formbricks/.env b/services/formbricks/.env
index 0167f95..cebc5cd 100644
--- a/services/formbricks/.env
+++ b/services/formbricks/.env
@@ -36,6 +36,9 @@ NEXTAUTH_URL=${WEBAPP_URL}
 # Set the below to your public domain (default is WEBAPP_URL)
 PUBLIC_URL=${WEBAPP_URL}
 
+# Postgress password
+POSTGRES_PASSWORD=password
+
 # PostgreSQL DB for Formbricks to connect to
 DATABASE_URL="postgresql://postgres:postgres@postgres:5432/formbricks?schema=public"
 
diff --git a/services/formbricks/compose.yaml b/services/formbricks/compose.yaml
index 9e9b19e..0410777 100644
--- a/services/formbricks/compose.yaml
+++ b/services/formbricks/compose.yaml
@@ -53,7 +53,7 @@ services:
     volumes:
       - ./${SERVICE}-data/postgres:/var/lib/postgresql/data
     environment:
-      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
   redis:
     restart: always
     image: valkey/valkey@sha256:12ba4f45a7c3e1d0f076acd616cb230834e75a77e8516dde382720af32832d6d
diff --git a/services/fossflow/.env b/services/fossflow/.env
index dac5e6b..d56c9c3 100644
--- a/services/fossflow/.env
+++ b/services/fossflow/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+YOUR-TS-DOMAIN=
+PUBLIC_URL="https://${SERVICE}.${YOUR-TS-DOMAIN}.ts.net"
diff --git a/services/fossflow/compose.yaml b/services/fossflow/compose.yaml
index 55e1eb1..a4e9866 100644
--- a/services/fossflow/compose.yaml
+++ b/services/fossflow/compose.yaml
@@ -56,7 +56,7 @@ services:
       context: https://github.com/stan-smith/FossFLOW.git
       dockerfile: Dockerfile
     environment:
-      - PUBLIC_URL="https://fossflow.<YOUR-TS-DOMAIN>.ts.net"
+      - PUBLIC_URL=${PUBLIC_URL}
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/frigate/.env b/services/frigate/.env
index c758070..30d0920 100644
--- a/services/frigate/.env
+++ b/services/frigate/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+FRIGATE_RTSP_PASSWORD=password
diff --git a/services/frigate/compose.yaml b/services/frigate/compose.yaml
index edd403d..c9d4ac4 100644
--- a/services/frigate/compose.yaml
+++ b/services/frigate/compose.yaml
@@ -68,7 +68,7 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      - FRIGATE_RTSP_PASSWORD=password
+      - FRIGATE_RTSP_PASSWORD=${FRIGATE_RTSP_PASSWORD}
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - ./${SERVICE}-data/config:/config
diff --git a/services/ghost/.env b/services/ghost/.env
index 9c30995..ee5acdf 100644
--- a/services/ghost/.env
+++ b/services/ghost/.env
@@ -20,3 +20,12 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# see https://ghost.org/docs/config/#configuration-options
+DB_CLIENT=mysql
+DB_CONNECTION=db
+DB_USER=root
+DB_PASSWORD=example
+DB_CONNECTION_DB=ghost
+URL=http://localhost:8080
+MYSQL_ROOT_PASSWORD=example
diff --git a/services/ghost/compose.yaml b/services/ghost/compose.yaml
index 0e1bbd5..e01b2c0 100644
--- a/services/ghost/compose.yaml
+++ b/services/ghost/compose.yaml
@@ -54,15 +54,12 @@ services:
     container_name: app-${SERVICE} # Name for local container management
     environment:
       # see https://ghost.org/docs/config/#configuration-options
-      database__client: mysql
-      database__connection__host: db
-      database__connection__user: root
-      database__connection__password: example
-      database__connection__database: ghost
-      
-      # this url value is just an example, and is likely wrong for your environment!
-      url: http://localhost:8080
-      
+      - DB_CLIENT=${DB_CLIENT}
+      - DB_CONNECTION=${DB_CONNECTION}
+      - DB_USER=${DB_USER}
+      - DB_PASSWORD=${DB_PASSWORD}
+      - DB_CONNECTION_DB=${DB_CONNECTION_DB}
+      - URL=${URL}
       # contrary to the default mentioned in the linked documentation, this image defaults to NODE_ENV=production (so development mode needs to be explicitly specified if desired)
       #NODE_ENV: development
     volumes:
@@ -83,7 +80,7 @@ services:
     image: mysql:8.0
     container_name: db-${SERVICE} # Name for local container management
     environment:
-      MYSQL_ROOT_PASSWORD: example
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
     volumes:
       - ./${SERVICE}-data/db:/var/lib/mysql
     restart: always
diff --git a/services/gitea/compose.yaml b/services/gitea/compose.yaml
index 034b02c..037e34a 100644
--- a/services/gitea/compose.yaml
+++ b/services/gitea/compose.yaml
@@ -57,7 +57,7 @@ services:
       - USER_GID=1000
       - TZ=${TZ}
     volumes:
-      - ./gitea-data/data:/data
+      - ./${SERVICE}-data/data:/data
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     depends_on:
diff --git a/services/gotify/.env b/services/gotify/.env
index 4aad555..a9e1ad8 100644
--- a/services/gotify/.env
+++ b/services/gotify/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+GOTIFY_DEFAULTUSER_PASS=admin
diff --git a/services/gotify/compose.yaml b/services/gotify/compose.yaml
index 43b5b4a..eaea73c 100644
--- a/services/gotify/compose.yaml
+++ b/services/gotify/compose.yaml
@@ -53,7 +53,7 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - GOTIFY_DEFAULTUSER_PASS=admin
+      - GOTIFY_DEFAULTUSER_PASS=${GOTIFY_DEFAULTUSER_PASS}
     volumes:
       - ./${SERVICE}-data/app/data:/app/data
     depends_on:
diff --git a/services/hemmelig/.env b/services/hemmelig/.env
index 45fdf99..99d6c2f 100644
--- a/services/hemmelig/.env
+++ b/services/hemmelig/.env
@@ -20,3 +20,9 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+DATABASE_URL=file:/app/database/hemmelig.db
+BETTER_AUTH_SECRET=change-this-to-a-secure-secret-min-32-chars
+BETTER_AUTH_URL=https://secrets.example.com
+NODE_ENV=production
+HEMMELIG_BASE_URL=https://secrets.example.com
diff --git a/services/hemmelig/compose.yaml b/services/hemmelig/compose.yaml
index 566d73c..ea112d5 100644
--- a/services/hemmelig/compose.yaml
+++ b/services/hemmelig/compose.yaml
@@ -56,11 +56,11 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      - DATABASE_URL=file:/app/database/hemmelig.db
-      - BETTER_AUTH_SECRET=change-this-to-a-secure-secret-min-32-chars
-      - BETTER_AUTH_URL=https://secrets.example.com
-      - NODE_ENV=production
-      - HEMMELIG_BASE_URL=https://secrets.example.com
+      - DATABASE_URL=${DATABASE_URL}
+      - BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET}
+      - BETTER_AUTH_URL=${BETTER_AUTH_URL}
+      - NODE_ENV=${NODE_ENV}
+      - HEMMELIG_BASE_URL=${HEMMELIG_BASE_URL}
     volumes:
       - ./${SERVICE}-data/database:/app/database
       - ./${SERVICE}-data/uploads:/app/uploads
diff --git a/services/homarr/.env b/services/homarr/.env
index 59e7e88..289e89f 100644
--- a/services/homarr/.env
+++ b/services/homarr/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# Please generate a key with: openssl rand -hex 32
+SECRET_ENCRYPTION_KEY=
diff --git a/services/homarr/compose.yaml b/services/homarr/compose.yaml
index 120101f..3188e77 100644
--- a/services/homarr/compose.yaml
+++ b/services/homarr/compose.yaml
@@ -56,7 +56,7 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      - SECRET_ENCRYPTION_KEY=  # Please generate a key with: openssl rand -hex 32
+      - SECRET_ENCRYPTION_KEY=${SECRET_ENCRYPTION_KEY}
     volumes:
       # - /var/run/docker.sock:/var/run/docker.sock # Optional, only if you want docker integration
       - ./${SERVICE}-data/appdata:/appdata
diff --git a/services/homepage/.env b/services/homepage/.env
index 367438e..ddf09f8 100644
--- a/services/homepage/.env
+++ b/services/homepage/.env
@@ -22,3 +22,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 TAILNET_NAME=
 
 #EXAMPLE_VAR="Environment varibale"
+
+HOMEPAGE_ALLOWED_HOSTS=${SERVICE}.${TAILNET_NAME}.ts.net
diff --git a/services/homepage/compose.yaml b/services/homepage/compose.yaml
index de0519c..bb8797f 100644
--- a/services/homepage/compose.yaml
+++ b/services/homepage/compose.yaml
@@ -53,7 +53,7 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - HOMEPAGE_ALLOWED_HOSTS=homepage.${TAILNET_NAME}.ts.net
+      - HOMEPAGE_ALLOWED_HOSTS=${HOMEPAGE_ALLOWED_HOSTS}
     volumes:
       - ./${SERVICE}-data/config:/app/config
       - /var/run/docker.sock:/var/run/docker.sock:ro # optional, for docker integrations
diff --git a/services/hytale/compose.yaml b/services/hytale/compose.yaml
index 05167aa..bee75b2 100644
--- a/services/hytale/compose.yaml
+++ b/services/hytale/compose.yaml
@@ -53,4 +53,4 @@ services:
     depends_on:
       tailscale:
         condition: service_healthy
-    restart: unless-stopped
+    restart: always
diff --git a/services/immich/compose.yaml b/services/immich/compose.yaml
index fc2ca9f..a72cd7a 100644
--- a/services/immich/compose.yaml
+++ b/services/immich/compose.yaml
@@ -101,10 +101,10 @@ services:
     container_name: app-${SERVICE}-postgres
     image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23
     environment:
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_DB: ${DB_DATABASE_NAME}
-      POSTGRES_INITDB_ARGS: "--data-checksums"
+      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_USER=${DB_USERNAME}
+      - POSTGRES_DB=${DB_DATABASE_NAME}
+      - POSTGRES_INITDB_ARGS="--data-checksums"
       # Uncomment the DB_STORAGE_TYPE: 'HDD' var if your database isn't stored on SSDs
       # DB_STORAGE_TYPE: 'HDD'
     volumes:
diff --git a/services/jellyfin/compose.yaml b/services/jellyfin/compose.yaml
index 7a0bfbc..618a3f9 100644
--- a/services/jellyfin/compose.yaml
+++ b/services/jellyfin/compose.yaml
@@ -59,8 +59,8 @@ services:
       # - JELLYFIN_PublishedServerUrl=192.168.0.5 #optional
     volumes:
       - ./${SERVICE}-data/config:/config
-      - ./media/tvseries:/data/tvshows
-      - ./media/movies:/data/movies
+      - ./${SERVICE}-data/media/tvseries:/data/tvshows
+      - ./${SERVICE}-data/media/movies:/data/movies
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/kaneo/compose.yaml b/services/kaneo/compose.yaml
index 23294d1..74d7d23 100644
--- a/services/kaneo/compose.yaml
+++ b/services/kaneo/compose.yaml
@@ -68,7 +68,7 @@ services:
       timeout: 5s # Time to wait for the check to succeed
       retries: 5 # Number of retries before marking as unhealthy
       start_period: 30s # Time to wait before starting health checks
-    restart: unless-stopped
+    restart: always
 
   # ${SERVICE} - Backend (API)
   backend:
@@ -78,13 +78,13 @@ services:
     env_file:
       - .env
     environment:
-      DATABASE_URL: "postgresql://${DB_USERNAME}:${DB_PASSWORD}@localhost:${SERVICEPORT_DATABASE}/${DB_DATABASE_NAME}"
+      - DATABASE_URL="postgresql://${DB_USERNAME}:${DB_PASSWORD}@localhost:${SERVICEPORT_DATABASE}/${DB_DATABASE_NAME}"
     depends_on:
       tailscale:
         condition: service_healthy
       postgres:
         condition: service_healthy
-    restart: unless-stopped
+    restart: always
 
   # ${SERVICE} - Frontend (Web)
   frontend:
@@ -98,7 +98,7 @@ services:
         condition: service_healthy
       backend:
         condition: service_started
-    restart: unless-stopped
+    restart: always
 
 volumes:
   postgres_data:
diff --git a/services/karakeep/.env b/services/karakeep/.env
index 4778fd2..93d3991 100644
--- a/services/karakeep/.env
+++ b/services/karakeep/.env
@@ -28,4 +28,12 @@ MAX_ASSET_SIZE_MB=50
 DISABLE_SIGNUPS=false
 DISABLE_PASSWORD_AUTH=false
 
+MEILI_ADDR=http://meilisearch:7700
+BROWSER_WEB_URL=http://chrome:9222
+# OPENAI_API_KEY: ...
+# You almost never want to change the value of the DATA_DIR variable.
+# If you want to mount a custom directory, change the volume mapping above instead.
+DATA_DIR=/data # DON'T CHANGE THIS
+MEILI_NO_ANALYTICS="true"
+
 #EXAMPLE_VAR="Environment varibale"
diff --git a/services/karakeep/compose.yaml b/services/karakeep/compose.yaml
index 43c845e..231e88a 100644
--- a/services/karakeep/compose.yaml
+++ b/services/karakeep/compose.yaml
@@ -55,13 +55,13 @@ services:
     env_file:
       - .env
     environment:
-      MEILI_ADDR: http://meilisearch:7700
-      BROWSER_WEB_URL: http://chrome:9222
+      - MEILI_ADDR=${MEILI_ADDR}
+      - BROWSER_WEB_URL=${BROWSER_WEB_URL}
       # OPENAI_API_KEY: ...
 
       # You almost never want to change the value of the DATA_DIR variable.
       # If you want to mount a custom directory, change the volume mapping above instead.
-      DATA_DIR: /data # DON'T CHANGE THIS
+      - DATA_DIR=${DATA_DIR}
     volumes:
       # By default, the data is stored in a docker volume called "data".
       # If you want to mount a custom directory, change the volume mapping to:
@@ -97,6 +97,6 @@ services:
     env_file:
       - .env
     environment:
-      MEILI_NO_ANALYTICS: "true"
+      - MEILI_NO_ANALYTICS=${MEILI_NO_ANALYTICS}
     volumes:
       - ./${SERVICE}-data/meilisearch:/meili_data
diff --git a/services/mattermost/compose.yaml b/services/mattermost/compose.yaml
index 8f570f9..9ff3791 100644
--- a/services/mattermost/compose.yaml
+++ b/services/mattermost/compose.yaml
@@ -73,12 +73,12 @@ services:
       # timezone inside container
       - TZ=${TZ}
       # necessary Mattermost options/variables (see .env file)
-      - MM_SQLSETTINGS_DRIVERNAME
-      - MM_SQLSETTINGS_DATASOURCE
+      - MM_SQLSETTINGS_DRIVERNAME=${MM_SQLSETTINGS_DRIVERNAME}
+      - MM_SQLSETTINGS_DATASOURCE=${MM_SQLSETTINGS_DATASOURCE}
       # necessary for bleve
-      - MM_BLEVESETTINGS_INDEXDIR
+      - MM_BLEVESETTINGS_INDEXDIR=${MM_BLEVESETTINGS_INDEXDIR}
       # additional settings
-      - MM_SERVICESETTINGS_SITEURL
+      - MM_SERVICESETTINGS_SITEURL=${MM_SERVICESETTINGS_SITEURL}
     restart: always
     depends_on:
       - database
@@ -101,6 +101,6 @@ services:
       # timezone inside container
       - TZ=${TZ}
       # necessary Postgres options/variables defined in the .env file
-      - POSTGRES_USER
-      - POSTGRES_PASSWORD
-      - POSTGRES_DB
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB}
diff --git a/services/mealie/.env b/services/mealie/.env
index 1b98930..80094f2 100644
--- a/services/mealie/.env
+++ b/services/mealie/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+ALLOW_SIGNUP="false"
+BASE_URL=https://mealie.yourdomain.ts.net # Alter to your domain
diff --git a/services/mealie/compose.yaml b/services/mealie/compose.yaml
index 4e08e6c..f954e49 100644
--- a/services/mealie/compose.yaml
+++ b/services/mealie/compose.yaml
@@ -57,12 +57,11 @@ services:
         limits:
           memory: 1000M # (2)
     environment:
-      # Set Backend ENV Variables Here - https://docs.mealie.io/documentation/getting-started/installation/backend-config/
-      ALLOW_SIGNUP: "false"
-      PUID: 1000
-      PGID: 1000
-      TZ: Europe/Amsterdam
-      BASE_URL: https://mealie.yourdomain.ts.net # Alter to your domain
+      - ALLOW_SIGNUP=${ALLOW_SIGNUP}
+      - PUID=1000
+      - PGID=1000
+      - TZ=${TZ}
+      - BASE_URL=${BASE_URL}
     volumes:
       - ./${SERVICE}-data:/app/data/
     depends_on:
diff --git a/services/memos/.env b/services/memos/.env
index 1f1ff89..f6b65d0 100644
--- a/services/memos/.env
+++ b/services/memos/.env
@@ -20,3 +20,7 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+YOUR_TS_DOMAIN=
+MEMOS_PORT=5230
+MEMOS_DRIVER=sqlite
+MEMOS_INSTANCE_URL=https://${SERVCIE}.${YOUR_TS_DOMAIN}.ts.net
diff --git a/services/memos/compose.yaml b/services/memos/compose.yaml
index e6111e8..47c7da8 100644
--- a/services/memos/compose.yaml
+++ b/services/memos/compose.yaml
@@ -53,9 +53,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      MEMOS_PORT: 5230
-      MEMOS_DRIVER: sqlite
-      MEMOS_INSTANCE_URL: https://memos.<YOUR_TS_DOMAIN>.ts.net # Update with your Tailscale domain
+      - MEMOS_PORT=${MEMOS_PORT}
+      - MEMOS_DRIVER=${MEMOS_DRIVER}
+      - MEMOS_INSTANCE_URL=${MEMOS_INSTANCE_URL}
     volumes:
       - ./${SERVICE}-data:/var/opt/memos
     depends_on:
diff --git a/services/metube/compose.yaml b/services/metube/compose.yaml
index fd3f1c5..035d502 100644
--- a/services/metube/compose.yaml
+++ b/services/metube/compose.yaml
@@ -56,7 +56,7 @@ services:
       - PGID=1000
       - TZ=${TZ}
     volumes:
-      - ./downloads:/downloads
+      - ./${SERVICE}-data/downloads:/downloads
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/nanote/.env b/services/nanote/.env
index 92aa9ee..e4f7057 100644
--- a/services/nanote/.env
+++ b/services/nanote/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+NOTES_PATH=/notes
+SECRET_KEY=<yourkey>
diff --git a/services/nanote/compose.yaml b/services/nanote/compose.yaml
index cf7c648..84f3229 100644
--- a/services/nanote/compose.yaml
+++ b/services/nanote/compose.yaml
@@ -56,8 +56,8 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      - NOTES_PATH=/notes
-      - SECRET_KEY=<yourkey>
+      - NOTES_PATH=${NOTES_PATH}
+      - SECRET_KEY=${SECRET_KEY}
     volumes:
       - ./${SERVICE}-data:/notes
     depends_on:
diff --git a/services/navidrome/.env b/services/navidrome/.env
index b0e74ea..f6b2944 100644
--- a/services/navidrome/.env
+++ b/services/navidrome/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+PATH_TO_MEDIA=/path/to/your/music/folder:/music:ro
diff --git a/services/navidrome/compose.yaml b/services/navidrome/compose.yaml
index a532863..4d035b7 100644
--- a/services/navidrome/compose.yaml
+++ b/services/navidrome/compose.yaml
@@ -60,7 +60,7 @@ services:
       - TZ=${TZ}
     volumes:
       - ./${SERVICE}-data/data:/data
-      - /path/to/your/music/folder:/music:ro # Adjust to your liking
+      - ${PATH_TO_MEDIA}
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/netbox/compose.yaml b/services/netbox/compose.yaml
index 76f49e3..6ae8c0d 100644
--- a/services/netbox/compose.yaml
+++ b/services/netbox/compose.yaml
@@ -51,10 +51,10 @@ services:
     environment:
       - TZ=${TZ}
     volumes:
-      - ./config:/etc/netbox/config:z,ro
-      - ./${SERVICE}/media:/opt/netbox/netbox/media
-      - ./${SERVICE}/reports:/opt/netbox/netbox/reports
-      - ./${SERVICE}/scripts:/opt/netbox/netbox/scripts
+      - ./${SERVICE}-data/config:/etc/netbox/config:z,ro
+      - ./${SERVICE}-data/media:/opt/netbox/netbox/media
+      - ./${SERVICE}-data/reports:/opt/netbox/netbox/reports
+      - ./${SERVICE}-data/scripts:/opt/netbox/netbox/scripts
     depends_on:
         postgres:
           condition: service_healthy
@@ -96,7 +96,7 @@ services:
       interval: 10s
       retries: 5
     volumes:
-      - ./${SERVICE}/postgres/data:/var/lib/postgresql/data
+      - ./${SERVICE}-data/postgres/data:/var/lib/postgresql/data
 
   # redis
   redis:
@@ -114,7 +114,7 @@ services:
       interval: 1s
       retries: 5
     volumes:
-      - ./${SERVICE}/redis/data:/data
+      - ./${SERVICE}-data/redis/data:/data
   redis-cache:
     container_name: ${SERVICE}-rediscache
     image: docker.io/valkey/valkey:8.1-alpine
@@ -125,4 +125,4 @@ services:
       - valkey-server --requirepass $$REDIS_PASSWORD ## $$ because of docker-compose
     healthcheck: *redis-healthcheck
     volumes:
-      - ./${SERVICE}/redis/cache:/data
+      - ./${SERVICE}-data/redis/cache:/data
diff --git a/services/next-explorer/.env b/services/next-explorer/.env
index 691d23e..12308bb 100644
--- a/services/next-explorer/.env
+++ b/services/next-explorer/.env
@@ -22,9 +22,16 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 
 # Any Container environment variables are declared below. See https://docs.docker.com/compose/how-tos/environment-variables/
 
-ACCESS_PATH=/home/root/data # Change this to the path you want to share with Tailscale. This should be an absolute path on the host machine. For example, if you want to share the /home/user/files directory, set ACCESS_PATH=/home/user/files.
-TAILNET_NAME=your-tailnet-name # Change this to your Tailnet name, which is the domain you use for Tailscale. For example, if your Tailnet is "example.com", set TAILNET_NAME=example.com.
-SESSION_SECRET=your-super-secret # Use 'openssl rand -base64 32' in your CLI to generate a secure random key.
-PUBLIC_URL=https://file-explorer.<YOUR_TS_DOMAIN>.ts.net # Optional: Set this to the public URL of your service if needed for correct URL generation in the app. For example, if you are exposing the service at https://example.com, set PUBLIC_URL=https://example.com.
+# Change this to the path you want to share with Tailscale. This should be an absolute path on the host machine. For example, if you want to share the /home/user/files directory, set ACCESS_PATH=/home/user/files.
+ACCESS_PATH=/home/root/data
+
+# Change this to your Tailnet name, which is the domain you use for Tailscale.
+TAILNET_NAME=your-tailnet-name
+
+# Use 'openssl rand -base64 32' in your CLI to generate a secure random key.
+SESSION_SECRET=your-super-secret
+
+# Optional: Set this to the public URL of your service if needed for correct URL generation in the app. For example, if you are exposing the service at https://example.com, set PUBLIC_URL=https://example.com.
+PUBLIC_URL=https://${SERVICE}.${TAILNET_NAME}.ts.net
 
 #EXAMPLE_VAR="Environment varibale"
diff --git a/services/next-explorer/compose.yaml b/services/next-explorer/compose.yaml
index c4b2c5a..418fb96 100644
--- a/services/next-explorer/compose.yaml
+++ b/services/next-explorer/compose.yaml
@@ -52,7 +52,7 @@ services:
     image: ${IMAGE_URL}
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE}
-    restart: unless-stopped
+    restart: always
     #ports:
     #  - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required
     # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
@@ -60,16 +60,14 @@ services:
      # - ${DNS_SERVER}
     environment:
       - NODE_ENV=production
-      - PUBLIC_URL=${PUBLIC_URL} # Optional: Set this to the public URL of your service if needed for correct URL generation in the app. For example, if you are exposing the service at https://example.com, set PUBLIC_URL=https://example.com.
-      
-      # Optional: lock sessions to a known secret
+      - PUBLIC_URL=${PUBLIC_URL}
       - SESSION_SECRET=${SESSION_SECRET}
       
       # Optional host UID/GID mapping
       - PUID=${PUID} # Change according to your customization if needed
       - PGID=${PGID} # Change according to your customization if needed
     volumes:
-      - ./config:/config
-      - ./cache:/cache
+      - ./${SERVICE}-data/config:/config
+      - ./${SERVICE}-data/cache:/cache
       # Each /mnt/<Label> mount becomes a top-level volume in the UI
       - ${ACCESS_PATH}:/mnt/Files # This needs to be changed by user
diff --git a/services/ollama/.env b/services/ollama/.env
index 6edc726..660bc6d 100644
--- a/services/ollama/.env
+++ b/services/ollama/.env
@@ -21,3 +21,8 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # OLLAMA_API_KEY= # Optional: set a secret key to restrict API access (leave blank to disable auth)
 
 #EXAMPLE_VAR="Environment varibale"
+
+OLLAMA_HOST=0.0.0.0:11434
+# Optional: keeps models loaded in memory (default is 5 min)
+OLLAMA_KEEP_ALIVE=24h
+#OLLAMA_API_KEY=${OLLAMA_API_KEY} # Optional: set an API key to restrict access
diff --git a/services/ollama/compose.yaml b/services/ollama/compose.yaml
index 1650e48..a02437f 100644
--- a/services/ollama/compose.yaml
+++ b/services/ollama/compose.yaml
@@ -59,9 +59,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route Ollama through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - OLLAMA_HOST=0.0.0.0:11434
-      - OLLAMA_KEEP_ALIVE=24h # Optional: keeps models loaded in memory (default is 5 min)
-      # - OLLAMA_API_KEY=${OLLAMA_API_KEY} # Optional: set an API key to restrict access
+      - OLLAMA_HOST=${OLLAMA_HOST}
+      - OLLAMA_KEEP_ALIVE=${OLLAMA_KEEP_ALIVE}
+      # - OLLAMA_API_KEY=${OLLAMA_API_KEY}
     volumes:
       - ./${SERVICE}-data:/root/.ollama # Stores downloaded models
     depends_on:
diff --git a/services/paperless/compose.yml b/services/paperless/compose.yml
index 9b5b125..f986c5b 100644
--- a/services/paperless/compose.yml
+++ b/services/paperless/compose.yml
@@ -73,7 +73,7 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Europe/Amsterdam
+      - TZ=${TZ}
       - PAPERLESS_TIME_ZONE=${PAPERLESS_TIME_ZONE}
       - PAPERLESS_OCR_LANGUAGE=${PAPERLESS_OCR_LANGUAGE}
       - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
@@ -92,7 +92,7 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Europe/Amsterdam
+      - TZ=${TZ}
       - POSTGRES_DB=paperless
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
@@ -105,4 +105,4 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Europe/Amsterdam
+      - TZ=${TZ}
diff --git a/services/picard/compose.yaml b/services/picard/compose.yaml
index 50dc063..92c747c 100644
--- a/services/picard/compose.yaml
+++ b/services/picard/compose.yaml
@@ -55,7 +55,7 @@ services:
     environment:
       - USER_ID=1000
       - GROUP_ID=1000
-      - TZ=Europe/Amsterdam # Change according to your timezone or set by mapping /etc/localtime between the host and the container.
+      - TZ=${TZ}
     volumes:
       - ./${SERVICE}-data/config:/config:rw
       - ./${SERVICE}-data/music:/storage:rw
diff --git a/services/pingvin-share/.env b/services/pingvin-share/.env
index 898c8a0..4ce8454 100644
--- a/services/pingvin-share/.env
+++ b/services/pingvin-share/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# Set to true if a reverse proxy is in front of the container
+TRUST_PROXY=false
diff --git a/services/pingvin-share/compose.yaml b/services/pingvin-share/compose.yaml
index 641432e..b0c635a 100644
--- a/services/pingvin-share/compose.yaml
+++ b/services/pingvin-share/compose.yaml
@@ -53,7 +53,7 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - TRUST_PROXY=false # Set to true if a reverse proxy is in front of the container
+      - TRUST_PROXY=${TRUST_PROXY}
       - TZ=${TZ}
     volumes:
       - ./${SERVICE}-data/data:/opt/app/backend/data
diff --git a/services/plex/.env b/services/plex/.env
index c57df59..c69f986 100644
--- a/services/plex/.env
+++ b/services/plex/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+PLEX_CLAIM=
diff --git a/services/plex/compose.yaml b/services/plex/compose.yaml
index 9fc40b2..b3f643b 100644
--- a/services/plex/compose.yaml
+++ b/services/plex/compose.yaml
@@ -57,7 +57,7 @@ services:
       - PGID=1000
       - TZ=${TZ}
       - VERSION=docker
-      - PLEX_CLAIM= #optional
+      - PLEX_CLAIM=${PLEX_CLAIM}
     volumes:
       - ./${SERVICE}-data/config:/config
       - ./${SERVICE}-data/media/tvseries:/tv
diff --git a/services/portracker/.env b/services/portracker/.env
index 31ec3c9..893109f 100644
--- a/services/portracker/.env
+++ b/services/portracker/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+DATABASE_PATH=/data/portracker.db
diff --git a/services/portracker/compose.yaml b/services/portracker/compose.yaml
index 9de793b..f58cc6e 100644
--- a/services/portracker/compose.yaml
+++ b/services/portracker/compose.yaml
@@ -59,7 +59,7 @@ services:
       # Required for discovering services running in Docker
       - /var/run/docker.sock:/var/run/docker.sock:ro
     environment:
-      - DATABASE_PATH=/data/portracker.db
+      - DATABASE_PATH=${DATABASE_PATH}
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/posterizarr/.env b/services/posterizarr/.env
index cea35b1..ad2b0d9 100644
--- a/services/posterizarr/.env
+++ b/services/posterizarr/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+TERM=xterm
+RUN_TIME=disabled
diff --git a/services/posterizarr/compose.yaml b/services/posterizarr/compose.yaml
index 2259a04..308a57f 100644
--- a/services/posterizarr/compose.yaml
+++ b/services/posterizarr/compose.yaml
@@ -53,9 +53,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - TZ=Europe/Amsterdam 
-      - TERM=xterm 
-      - RUN_TIME=disabled 
+      - TZ=${TZ}
+      - TERM=${TERM}
+      - RUN_TIME=${RUN_TIME}
     user: "1000:1000" 
     volumes:
       - ./${SERVICE}-data/config:/config:rw
diff --git a/services/qbittorrent/.env b/services/qbittorrent/.env
index bcf3d0b..1b3825e 100644
--- a/services/qbittorrent/.env
+++ b/services/qbittorrent/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+WEBUI_PORT=8080
+TORRENTING_PORT=6881 #optional
diff --git a/services/qbittorrent/compose.yaml b/services/qbittorrent/compose.yaml
index 26bc363..b094b07 100644
--- a/services/qbittorrent/compose.yaml
+++ b/services/qbittorrent/compose.yaml
@@ -56,8 +56,8 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      - WEBUI_PORT=8080 
-      # - TORRENTING_PORT=6881 #optional
+      - WEBUI_PORT=${WEBUI_PORT}
+      - TORRENTING_PORT=${TORRENTING_PORT}
     volumes:
       - ./${SERVICE}-data/config:/config
       - ./${SERVICE}-data/downloads:/downloads
diff --git a/services/recyclarr/.env b/services/recyclarr/.env
index 01ed560..9b0b4ba 100644
--- a/services/recyclarr/.env
+++ b/services/recyclarr/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+RECYCLARR_CREATE_CONFIG=true
diff --git a/services/recyclarr/compose.yaml b/services/recyclarr/compose.yaml
index 58dbd5e..e4e14d2 100644
--- a/services/recyclarr/compose.yaml
+++ b/services/recyclarr/compose.yaml
@@ -42,7 +42,7 @@ services:
       - ./${SERVICE}-data/config:/config
     environment:
       - TZ=${TZ}
-      - RECYCLARR_CREATE_CONFIG=true
+      - RECYCLARR_CREATE_CONFIG=${RECYCLARR_CREATE_CONFIG}
     user: 1000:1000
     depends_on:
       tailscale:
diff --git a/services/searxng/compose.yaml b/services/searxng/compose.yaml
index 639004c..e80b648 100644
--- a/services/searxng/compose.yaml
+++ b/services/searxng/compose.yaml
@@ -59,7 +59,7 @@ services:
       - SEARXNG_VALKEY_URL=${SEARXNG_VALKEY_URL}
       - TZ=${TZ}
     volumes:
-      - ./searxng:/etc/searxng:rw
+      - ./${SERVICE}-data:/etc/searxng:rw
     cap_drop:
       - ALL
     cap_add:
@@ -82,7 +82,7 @@ services:
     container_name: valkey-searxng
     image: docker.io/valkey/valkey:8-alpine
     command: valkey-server --save 30 1 --loglevel warning
-    restart: unless-stopped
+    restart: always
     volumes:
       - valkey-data2:/data
     cap_drop:
diff --git a/services/seerr/.env b/services/seerr/.env
index 8dd2a35..914380c 100644
--- a/services/seerr/.env
+++ b/services/seerr/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+PORT=5055
diff --git a/services/seerr/compose.yaml b/services/seerr/compose.yaml
index f0ceadf..bbbd331 100644
--- a/services/seerr/compose.yaml
+++ b/services/seerr/compose.yaml
@@ -56,7 +56,7 @@ services:
     environment:
       - LOG_LEVEL=debug
       - TZ=${TZ}
-      - PORT=5055
+      - PORT=${PORT}
     volumes:
       - ./${SERVICE}-data/config:/app/config
     depends_on:
diff --git a/services/slink/.env b/services/slink/.env
index a1e4ba9..f6822bd 100644
--- a/services/slink/.env
+++ b/services/slink/.env
@@ -20,3 +20,20 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+# Your application hostname
+ORIGIN=https://your-domain.com
+
+# Require user approval before they can upload images
+USER_APPROVAL_REQUIRED=true
+
+# User password requirements
+USER_PASSWORD_MIN_LENGTH=8
+USER_PASSWORD_REQUIREMENTS=15 # bitmask of requirements
+
+# Maximum image size allowed to be uploaded (no more than 50M)
+IMAGE_MAX_SIZE=15M
+
+# Storage provider to use.
+# Available options are local and smb
+STORAGE_PROVIDER=local
diff --git a/services/slink/compose.yaml b/services/slink/compose.yaml
index fb092ab..eff916f 100644
--- a/services/slink/compose.yaml
+++ b/services/slink/compose.yaml
@@ -56,23 +56,12 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-
-      # Your application hostname
-      - ORIGIN=https://your-domain.com
-
-      # Require user approval before they can upload images
-      - USER_APPROVAL_REQUIRED=true
-
-      # User password requirements
-      - USER_PASSWORD_MIN_LENGTH=8
-      - USER_PASSWORD_REQUIREMENTS=15 # bitmask of requirements 
-
-      # Maximum image size allowed to be uploaded (no more than 50M)
-      - IMAGE_MAX_SIZE=15M
-
-      # Storage provider to use. 
-      # Available options are local and smb
-      - STORAGE_PROVIDER=local
+      - ORIGIN=${ORIGIN}
+      - USER_APPROVAL_REQUIRED=${USER_APPROVAL_REQUIRED}
+      - USER_PASSWORD_MIN_LENGTH=${USER_PASSWORD_MIN_LENGTH}
+      - USER_PASSWORD_REQUIREMENTS=${USER_PASSWORD_REQUIREMENTS}
+      - IMAGE_MAX_SIZE=${IMAGE_MAX_SIZE}
+      - STORAGE_PROVIDER=${STORAGE_PROVIDER}
     volumes:
       - ./${SERVICE}-data/var/data:/app/var/data
       - ./${SERVICE}-data/images:/app/slink/images
diff --git a/services/speedtest-tracker/.env b/services/speedtest-tracker/.env
index 5eb822c..41d9081 100644
--- a/services/speedtest-tracker/.env
+++ b/services/speedtest-tracker/.env
@@ -20,3 +20,13 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+APP_KEY=
+DB_CONNECTION=sqlite
+#- APP_NAME=
+APP_URL= # Base URL used for notifications. example: speedtest.funny-name.ts.net
+#APP_TIMEZONE=Europe/Amsterdam
+#DISPLAY_TIMEZONE=Europe/Amsterdam
+#PUBLIC_DASHBOARD=true
+#SPEEDTEST_SCHEDULE=0 23 * * *
+#SPEEDTEST_SERVERS=
diff --git a/services/speedtest-tracker/compose.yaml b/services/speedtest-tracker/compose.yaml
index 5fe108d..89c894f 100644
--- a/services/speedtest-tracker/compose.yaml
+++ b/services/speedtest-tracker/compose.yaml
@@ -55,10 +55,10 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
-      - APP_KEY=
-      - DB_CONNECTION=sqlite
+      - APP_KEY=${APP_KEY}
+      - DB_CONNECTION=${DB_CONNECTION}
       #- APP_NAME=
-      - APP_URL= # Base URL used for notifications. example: speedtest.funny-name.ts.net
+      - APP_URL=${APP_URL}
       #- APP_TIMEZONE=Europe/Amsterdam
       #- DISPLAY_TIMEZONE=Europe/Amsterdam
       #- PUBLIC_DASHBOARD=true
@@ -66,7 +66,7 @@ services:
       #- SPEEDTEST_SERVERS=
     volumes:
       - ./${SERVICE}-data:/config
-      - ./nginx/default.conf:/config/nginx/site-confs/default.conf
+      - ./${SERVICE}-data/nginx/default.conf:/config/nginx/site-confs/default.conf
       #- ./${SERVICE}-data/path/to-custom-ssl-keys:/config/keys
     depends_on:
       tailscale:
diff --git a/services/stirlingpdf/.env b/services/stirlingpdf/.env
index 865b0d6..4f9b4fb 100644
--- a/services/stirlingpdf/.env
+++ b/services/stirlingpdf/.env
@@ -20,3 +20,7 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+DOCKER_ENABLE_SECURITY=false
+INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
+LANGS=en_GB
diff --git a/services/stirlingpdf/compose.yaml b/services/stirlingpdf/compose.yaml
index b836f03..a4a8a6f 100644
--- a/services/stirlingpdf/compose.yaml
+++ b/services/stirlingpdf/compose.yaml
@@ -53,9 +53,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - DOCKER_ENABLE_SECURITY=false
-      - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
-      - LANGS=en_GB
+      - DOCKER_ENABLE_SECURITY=${DOCKER_ENABLE_SECURITY}
+      - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=${INSTALL_BOOK_AND_ADVANCED_HTML_OPS}
+      - LANGS=${LANGS}
     volumes:
       - ./${SERVICE}-data/trainingData:/usr/share/tessdata # Required for extra OCR languages
       - ./${SERVICE}-data/extraConfigs:/configs
diff --git a/services/subtrackr/.env b/services/subtrackr/.env
index 36b5072..7869374 100644
--- a/services/subtrackr/.env
+++ b/services/subtrackr/.env
@@ -20,3 +20,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+GIN_MODE=release
+DATABASE_PATH=/app/data/subtrackr.db
diff --git a/services/subtrackr/compose.yaml b/services/subtrackr/compose.yaml
index 6cd381c..6e65f7c 100644
--- a/services/subtrackr/compose.yaml
+++ b/services/subtrackr/compose.yaml
@@ -56,8 +56,8 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=${TZ}
-      - GIN_MODE=release
-      - DATABASE_PATH=/app/data/subtrackr.db
+      - GIN_MODE=${GIN_MODE}
+      - DATABASE_PATH=${DATABASE_PATH}
     volumes:
       - ./${SERVICE}-data/data:/app/data
     depends_on:
diff --git a/services/swingmx/.env b/services/swingmx/.env
index 78ba5db..95c629b 100644
--- a/services/swingmx/.env
+++ b/services/swingmx/.env
@@ -20,3 +20,5 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+PATH_TO_MUSIC=/path/to/music
diff --git a/services/swingmx/compose.yaml b/services/swingmx/compose.yaml
index 13ba29a..3327e08 100644
--- a/services/swingmx/compose.yaml
+++ b/services/swingmx/compose.yaml
@@ -58,7 +58,7 @@ services:
       - TZ=${TZ}
     volumes:
       - ./${SERVICE}-data/app/config:/config
-      - /path/to/music:/music
+      - ${PATH_TO_MUSIC}:/music
     depends_on:
       tailscale:
         condition: service_healthy
diff --git a/services/tandoor/compose.yaml b/services/tandoor/compose.yaml
index 8b9880d..cd3c0ae 100644
--- a/services/tandoor/compose.yaml
+++ b/services/tandoor/compose.yaml
@@ -80,9 +80,9 @@ services:
     network_mode: service:tailscale
     container_name: app-${SERVICE}-database
     environment:
-      POSTGRES_PASSWORD: ${DB_PASSWORD}
-      POSTGRES_USER: ${DB_USERNAME}
-      POSTGRES_DB: ${DB_DATABASE_NAME}
+      - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - POSTGRES_USER=${DB_USERNAME}
+      - POSTGRES_DB=${DB_DATABASE_NAME}
     volumes:
       - ./${SERVICE}-data/database:/var/lib/postgresql/data
     healthcheck:
diff --git a/services/technitium/.env b/services/technitium/.env
index 0405bfe..2ffb1c8 100644
--- a/services/technitium/.env
+++ b/services/technitium/.env
@@ -24,3 +24,65 @@ DNS_SERVER2=8.8.4.4
 ADMIN_PASSWORD=ChangeME
 
 #EXAMPLE_VAR="Environment varibale"
+
+#The primary domain name used by this DNS Server to identify itself.
+DNS_SERVER_DOMAIN=home.arpa
+
+#DNS web console admin user password.
+DNS_SERVER_ADMIN_PASSWORD=${ADMIN_PASSWORD}
+
+#The path to a file that contains a plain text password for the DNS web console admin user.
+DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt
+
+#DNS Server will use IPv6 for querying whenever possible with this option enabled.
+DNS_SERVER_PREFER_IPV6=false
+
+#Comma separated list of network interface IP addresses that you want the web service to listen on
+for requests. The "172.17.0.1" address is the built-in Docker bridge. The "[::]" is the default value if not specified. Note! This must be used only with "host" network mode.
+DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES=172.17.0.1,127.0.0.1
+
+#The TCP port number for the DNS web console over HTTP protocol.
+DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380
+
+#The TCP port number for the DNS web console over HTTPS protocol.
+DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443
+
+#Enables HTTPS for the DNS web console.
+DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false
+
+#Enables self signed TLS certificate for the DNS web console.
+DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false
+
+#Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
+DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false
+
+#Use allow to support Tailscale Networks - Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
+DNS_SERVER_RECURSION=Allow
+
+#Comma separated list of IP addresses or network addresses to allow access. Add ! character at
+the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.
+DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2
+
+#Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
+DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24
+
+#Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option.  This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
+DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24
+
+#Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
+DNS_SERVER_ENABLE_BLOCKING=false
+
+#Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
+DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false
+
+#A comma separated list of block list URLs.
+DNS_SERVER_BLOCK_LIST_URLS=
+
+#Comma separated list of forwarder addresses.
+DNS_SERVER_FORWARDERS=${DNS_SERVER1},${DNS_SERVER2}
+
+#Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
+DNS_SERVER_FORWARDER_PROTOCOL=Tcp
+
+#Enable this option to use local time instead of UTC for logging.
+DNS_SERVER_LOG_USING_LOCAL_TIME=true
diff --git a/services/technitium/compose.yaml b/services/technitium/compose.yaml
index 474c165..dc8cbde 100644
--- a/services/technitium/compose.yaml
+++ b/services/technitium/compose.yaml
@@ -60,26 +60,26 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - DNS_SERVER_DOMAIN=${SERVICE}.local #The primary domain name used by this DNS Server to identify itself.
-      - DNS_SERVER_ADMIN_PASSWORD=${ADMIN_PASSWORD} #DNS web console admin user password.
-      # - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
-      - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
-      # - DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES=172.17.0.1,127.0.0.1 #Comma separated list of network interface IP addresses that you want the web service to listen on for requests. The "172.17.0.1" address is the built-in Docker bridge. The "[::]" is the default value if not specified. Note! This must be used only with "host" network mode.
-      # - DNS_SERVER_WEB_SERVICE_HTTP_PORT=5380 #The TCP port number for the DNS web console over HTTP protocol.
-      # - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=53443 #The TCP port number for the DNS web console over HTTPS protocol.
-      # - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=false #Enables HTTPS for the DNS web console.
-      # - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=false #Enables self signed TLS certificate for the DNS web console.
-      # - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
-      - DNS_SERVER_RECURSION=Allow #Use allow to support Tailscale Networks - Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworkACL.
-      # - DNS_SERVER_RECURSION_NETWORK_ACL=192.168.10.0/24, !192.168.10.2 #Comma separated list of IP addresses or network addresses to allow access. Add ! character at the start to deny access, e.g. !192.168.10.0/24 will deny entire subnet. The ACL is processed in the same order its listed. If no networks match, the default policy is to deny all except loopback. Valid only for `UseSpecifiedNetworkACL` recursion option.
-      # - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworkACL` recursion option. This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
-      # - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworkACL` recursion option.  This option is obsolete and DNS_SERVER_RECURSION_NETWORK_ACL should be used instead.
-      # - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
-      # - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
-      # - DNS_SERVER_BLOCK_LIST_URLS= #A comma separated list of block list URLs.
-      - DNS_SERVER_FORWARDERS=${DNS_SERVER1},${DNS_SERVER2} #Comma separated list of forwarder addresses.
-      # - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson.
-      # - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
+      - DNS_SERVER_DOMAIN=${DNS_SERVER_DOMAIN}
+      - DNS_SERVER_ADMIN_PASSWORD=${ADMIN_PASSWORD}
+      - DNS_SERVER_ADMIN_PASSWORD_FILE=${DNS_SERVER_ADMIN_PASSWORD_FILE}
+      - DNS_SERVER_PREFER_IPV6=${DNS_SERVER_PREFER_IPV6}
+      - DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES=${DNS_SERVER_WEB_SERVICE_LOCAL_ADDRESSES}
+      - DNS_SERVER_WEB_SERVICE_HTTP_PORT=${DNS_SERVER_WEB_SERVICE_HTTP_PORT}
+      - DNS_SERVER_WEB_SERVICE_HTTPS_PORT=${DNS_SERVER_WEB_SERVICE_HTTPS_PORT}
+      - DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS=${DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS}
+      - DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT=${DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT}
+      - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=${DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP}
+      - DNS_SERVER_RECURSION=${DNS_SERVER_RECURSION}
+      - DNS_SERVER_RECURSION_NETWORK_ACL=${DNS_SERVER_RECURSION_NETWORK_ACL}
+      - DNS_SERVER_RECURSION_DENIED_NETWORKS=${DNS_SERVER_RECURSION_DENIED_NETWORKS}
+      - DNS_SERVER_RECURSION_ALLOWED_NETWORKS=${DNS_SERVER_RECURSION_ALLOWED_NETWORKS}
+      - DNS_SERVER_ENABLE_BLOCKING=${DNS_SERVER_ENABLE_BLOCKING}
+      - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=${DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT}
+      - DNS_SERVER_BLOCK_LIST_URLS=${DNS_SERVER_BLOCK_LIST_URLS}
+      - DNS_SERVER_FORWARDERS=${DNS_SERVER1},${DNS_SERVER2}
+      - DNS_SERVER_FORWARDER_PROTOCOL=${DNS_SERVER_FORWARDER_PROTOCOL}
+      - DNS_SERVER_LOG_USING_LOCAL_TIME=${DNS_SERVER_LOG_USING_LOCAL_TIME}
     volumes:
       - ./${SERVICE}-data/app/config:/config
     depends_on:
diff --git a/services/tracktor/.env b/services/tracktor/.env
index a95d051..97c0bcd 100644
--- a/services/tracktor/.env
+++ b/services/tracktor/.env
@@ -20,3 +20,7 @@ TS_TAILNET= # Your Tailscale tailnet name (e.g., my-tailnet).
 # PUID=1000
 
 #EXAMPLE_VAR="Environment varibale"
+
+TRACKTOR_DEMO_MODE=false
+FORCE_DATA_SEED=false
+CORS_ORIGINS="https://${SERVICE}.${TS_TAILNET}.ts.net" # Adjust as needed for your setup
diff --git a/services/tracktor/compose.yaml b/services/tracktor/compose.yaml
index aa68c51..b5730b8 100644
--- a/services/tracktor/compose.yaml
+++ b/services/tracktor/compose.yaml
@@ -53,9 +53,9 @@ services:
     network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
     container_name: app-${SERVICE} # Name for local container management
     environment:
-      - TRACKTOR_DEMO_MODE=false
-      - FORCE_DATA_SEED=false
-      - CORS_ORIGINS="https://${SERVICE}.${TS_TAILNET}.ts.net" # Adjust as needed for your setup
+      - TRACKTOR_DEMO_MODE=${TRACKTOR_DEMO_MODE}
+      - FORCE_DATA_SEED=${FORCE_DATA_SEED}
+      - CORS_ORIGINS=${CORS_ORIGINS}
     volumes:
       - ./${SERVICE}-data:/data
     depends_on:
diff --git a/services/vikunja/.env b/services/vikunja/.env
index a1601c8..8da2e4a 100644
--- a/services/vikunja/.env
+++ b/services/vikunja/.env
@@ -22,6 +22,6 @@ TZ=Europe/Amsterdam # See: https://en.wikipedia.org/wiki/List_of_tz_database_tim
 # Any Container environment variables are declared below. See https://docs.docker.com/compose/how-tos/environment-variables/
 
 #EXAMPLE_VAR="Environment varibale"
-
-VIKUNJA_SERVICE_PUBLICURL=https://vikunja.<YOUR_TS_DOMAIN>.ts.net/
-VIKUNJA_DATABASE_PATH=/db/vikunja.db # Path to the SQLite database file. Ensure this path is correctly mapped in your Docker volumes.a
\ No newline at end of file
+TAIL_NET_DOMAIN=<Your tailnet domain>
+VIKUNJA_SERVICE_PUBLICURL=https://${SERVICE}.${TAIL_NET_DOMAIN}.ts.net/
+VIKUNJA_DATABASE_PATH=/db/vikunja.db # Path to the SQLite database file. Ensure this path is correctly mapped in your Docker volumes.a