diff --git a/docker/compose.yml b/docker/compose.yml
index 630b2d0..d85a3e5 100644
--- a/docker/compose.yml
+++ b/docker/compose.yml
@@ -65,6 +65,7 @@ volumes:
 services:
   komodo-core:
     image: ghcr.io/mbecker20/komodo:latest
+    container_name: komodo-core
     restart: always
     depends_on:
       - komodo-mongo
@@ -89,19 +90,6 @@ services:
       KOMODO_GITHUB_OAUTH_ENABLED: true       
       KOMODO_GITHUB_OAUTH_ID: ${KOMODO_GITHUB_OAUTH_ID}
       KOMODO_GITHUB_OAUTH_SECRET: ${KOMODO_GITHUB_OAUTH_SECRET}
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.komodo.entrypoints=http"
-      - "traefik.http.routers.komodo.rule=Host(`komodo.${DOMAIN}`)"
-      - "traefik.http.middlewares.komodo-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.komodo.middlewares=komodo-https-redirect"
-      - "traefik.http.routers.komodo-secure.entrypoints=https"
-      - "traefik.http.routers.komodo-secure.rule=Host(`komodo.${DOMAIN}`)"
-      - "traefik.http.routers.komodo-secure.tls=true"
-      - "traefik.http.routers.komodo-secure.tls.certresolver=${DNS}"
-      - "traefik.http.services.komodo-secure.loadbalancer.server.port=9120"
 
   komodo-periphery:
     image: ghcr.io/mbecker20/periphery:latest
@@ -117,9 +105,6 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - komodo-repos:/etc/komodo/repos:rw 
       - komodo-stacks:/etc/komodo/stacks:rw 
-    labels: 
-      - "traefik.enable=false"
-    
 
   komodo-mongo:
     image: mongo
@@ -138,8 +123,6 @@ services:
     environment:
       MONGO_INITDB_ROOT_USERNAME: ${KOMODO_DB_USERNAME}
       MONGO_INITDB_ROOT_PASSWORD: ${KOMODO_DB_PASSWORD}
-    labels: 
-      - "traefik.enable=false"
 
   ollama:
     image: ollama/ollama
@@ -151,18 +134,6 @@ services:
       - 11434
     volumes:
       - ollama:/root/.ollama:rw
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.ollama-api.entrypoints=http"
-      - "traefik.http.routers.ollama-api.rule=Host(`ollama-api.${DOMAIN}`)"
-      - "traefik.http.middlewares.ollama-api-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.ollama-api.middlewares=ollama-api-https-redirect"
-      - "traefik.http.routers.ollama-api-secure.entrypoints=https"
-      - "traefik.http.routers.ollama-api-secure.rule=Host(`ollama-api.${DOMAIN}`)"
-      - "traefik.http.routers.ollama-api-secure.tls=true"
-      - "traefik.http.routers.ollama-api-secure.tls.certresolver=${DNS}"
     runtime: nvidia
     deploy:
       resources:
@@ -185,19 +156,6 @@ services:
       - OLLAMA_BASE_URL=http://ollama:11434
     volumes:
       - ollama-ui_data:/app/backend/data:rw
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.ollama-ui.entrypoints=http"
-      - "traefik.http.routers.ollama-ui.rule=Host(`ollama.${DOMAIN}`)"
-      - "traefik.http.middlewares.ollama-ui-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.ollama-ui.middlewares=ollama-ui-https-redirect"
-      - "traefik.http.routers.ollama-ui-secure.entrypoints=https"
-      - "traefik.http.routers.ollama-ui-secure.rule=Host(`ollama.${DOMAIN}`)"
-      - "traefik.http.routers.ollama-ui-secure.tls=true"
-      - "traefik.http.routers.ollama-ui-secure.tls.certresolver=${DNS}"
-      - "traefik.http.routers.ollama-ui-secure.middlewares=forward-auth"
 
   jellyfin:
     image: jellyfin/jellyfin
@@ -216,19 +174,6 @@ services:
     environment:
       - NVIDIA_DRIVER_CAPABILITIES=all
       - NVIDIA_VISIBLE_DEVICES=all
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.jellyfin.entrypoints=http"
-      - "traefik.http.routers.jellyfin.rule=Host(`jellyfin.${DOMAIN}`)"
-      - "traefik.http.middlewares.jellyfin-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.jellyfin.middlewares=jellyfin-https-redirect"
-      - "traefik.http.routers.jellyfin-secure.entrypoints=https"
-      - "traefik.http.routers.jellyfin-secure.rule=Host(`jellyfin.${DOMAIN}`)"
-      - "traefik.http.routers.jellyfin-secure.tls=true"
-      - "traefik.http.routers.jellyfin-secure.tls.certresolver=${DNS}"
-      - "traefik.http.services.jellyfin-secure.loadbalancer.server.port=8096"
     runtime: nvidia
     deploy:
       resources:
@@ -250,28 +195,13 @@ services:
       - OPENVPN_CONFIG=${OPENVPN_CONFIG}
       - OPENVPN_USERNAME=${OPENVPN_USERNAME}
       - OPENVPN_PASSWORD=${OPENVPN_PASSWORD}
-
     devices:
       - /dev/net/tun:/dev/net/tun
     cap_add:
       - NET_ADMIN
     ports:
-      # any ports needed to expose services through traefik need to be defined here
+      # any services proxied through this container need to declare ports here
       - 9091:9091 # transmission
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.transmission.entrypoints=http"
-      - "traefik.http.routers.transmission.rule=Host(`transmission.${DOMAIN}`) || Host(`torrent.${DOMAIN}`)"
-      - "traefik.http.middlewares.transmission-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.transmission.middlewares=transmission-https-redirect"
-      - "traefik.http.routers.transmission-secure.entrypoints=https"
-      - "traefik.http.routers.transmission-secure.rule=Host(`transmission.${DOMAIN}`) || Host(`torrent.${DOMAIN}`)"
-      - "traefik.http.routers.transmission-secure.tls=true"
-      - "traefik.http.routers.transmission-secure.tls.certresolver=${DNS}"
-      - "traefik.http.services.transmission-secure.loadbalancer.server.port=9091"
-      - "traefik.http.routers.transmission-secure.middlewares=forward-auth"
 
   rathole:
     image: rapiz1/rathole
@@ -281,8 +211,6 @@ services:
     volumes:
       - /home/sawyer/compose-files/docker/rathole/rathole.toml:/app/config.toml:ro
     command: --client /app/config.toml
-    labels:
-      - "traefik.enable=false"
 
   traefik:
     image: traefik
@@ -294,26 +222,20 @@ services:
       - DNS=${DNS}
     command: |
       traefik 
-      --log=true --log.level=INFO
-      --api.dashboard=true --api.insecure=true
-      --entrypoints.http --entrypoints.http.address=:80
-      --entrypoints.https --entrypoints.https.address=:443
-      --entrypoints.dnsovertls --entrypoints.dnsovertls.address=:853
-      --serverstransport.insecureskipverify=true 
-      --entrypoints.http.http.redirections.entrypoint.to=https
-      --entrypoints.http.http.redirections.entrypoint.scheme=https
-      --providers.docker=true --providers.docker.exposedbydefault=false
+      --configFile=/etc/traefik/static.toml
       --certificatesresolvers.${DNS}.acme.email=${CF_API_EMAIL}
       --certificatesresolvers.${DNS}.acme.storage=/etc/traefik/acme/acme.json
       --certificatesresolvers.${DNS}.acme.dnschallenge
       --certificatesresolvers.${DNS}.acme.dnschallenge.disablepropagationcheck=false
       --certificatesresolvers.${DNS}.acme.dnschallenge.provider=${DNS}
       --certificatesresolvers.${DNS}.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
-      --certificatesresolvers.${DNS}.acme.httpchallenge.entrypoint=http
+      --certificatesresolvers.${DNS}.acme.httpchallenge.entrypoint=web
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - /home/sawyer/acme/:/etc/traefik/acme:rw
+      - /home/sawyer/compose-files/docker/traefik/static.toml:/etc/traefik/static.toml:ro
+      - /home/sawyer/compose-files/docker/traefik/dynamic.toml:/etc/traefik/dynamic.toml:ro
     networks:
       - web
     ports:
@@ -321,20 +243,6 @@ services:
       - "443:443"
       - "853:853"
       - "8080:8080"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.traefik.entrypoints=http"
-      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
-      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
-      - "traefik.http.routers.traefik-secure.entrypoints=https"
-      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.${DOMAIN}`)"
-      - "traefik.http.routers.traefik-secure.tls=true"
-      - "traefik.http.routers.traefik-secure.tls.certresolver=${DNS}"
-      - "traefik.http.routers.traefik-secure.service=api@internal"
-      - "traefik.http.routers.treafik-secure.middlewares=forward-auth"
 
   traefik-forward-auth:
     image: thomseddon/traefik-forward-auth:2
@@ -348,19 +256,8 @@ services:
       - WHITELIST=${WHITELIST}
     networks:
       - web
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.auth.rule=Host(`auth.${DOMAIN}`)"
-      - "traefik.http.routers.auth.entrypoints=https"
-      - "traefik.http.routers.auth.tls=true"
-      - "traefik.http.routers.auth.tls.certresolver=${DNS}"
-      - "traefik.http.routers.auth.service=auth@docker"
-      - "traefik.http.services.auth.loadbalancer.server.port=4181"
-      - "traefik.http.middlewares.forward-auth.forwardauth.address=http://traefik-forward-auth:4181"
-      - "traefik.http.middlewares.forward-auth.forwardauth.trustForwardHeader=true"
-      - "traefik.http.middlewares.forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
-      - "traefik.http.routers.auth.middlewares=forward-auth"
+    expose: 
+      - 4181
 
   adguardhome:
     image: adguard/adguardhome
@@ -372,32 +269,10 @@ services:
       - adgaurd-conf:/opt/adguardhome/conf:rw
       - adguard-work:/opt/adguardhome/work:rw
       - certbot:/opt/adguardhome/certs/:rw
-    ports:
-      - 3000:3000/tcp
-      - "53:53/tcp"
-      - "53:53/udp"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.adguard.entrypoints=http"
-      - "traefik.http.routers.adguardng.rule=Host(`adguard.${DOMAIN}`) || Host(`adguardhome.${DOMAIN}`)"
-      - "traefik.http.middlewares.adguard-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.adguard.middlewares=adguard-https-redirect"
-      - "traefik.http.routers.adguard-secure.entrypoints=https"
-      - "traefik.http.services.adguard-secure.loadbalancer.server.port=3000"
-      - "traefik.http.routers.adguard-secure.rule=Host(`adguard.${DOMAIN}`) || Host(`adguardhome.${DOMAIN}`)"
-      - "traefik.http.routers.adguard-secure.tls=true"
-      - "traefik.http.routers.adguard-secure.tls.certresolver=${DNS}"
-      - "traefik.http.routers.adguard-secure.middlewares=forward-auth"
-
-      # DNS-over-TLS
-      - traefik.tcp.routers.adguard-dot.rule=HostSNI(`dns.${DOMAIN}`)
-      - traefik.tcp.routers.adguard-dot.entrypoints=dnsovertls
-      - traefik.tcp.routers.adguard-dot.tls=true
-      - traefik.tcp.routers.adguard-dot.service=adguard
-      - traefik.tcp.routers.adguard-dot.tls.certresolver=${DNS}
-      - traefik.tcp.services.adguard.loadbalancer.server.port=53
+    expose:
+      - 80 # http
+      - 853 # dot
+      - 443 # doh
 
   dashy:
     container_name: dashy
@@ -411,18 +286,6 @@ services:
       - /home/sawyer/compose-files/docker/dashy/conf.yml:/app/public/conf.yml:ro
     environment:
       - NODE_ENV=production
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.dashy.entrypoints=http"
-      - "traefik.http.routers.dashy.rule=Host(`dashy.${DOMAIN}`) || Host(`${DOMAIN}`)"
-      - "traefik.http.middlewares.dashy-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.dashy.middlewares=dashy-https-redirect"
-      - "traefik.http.routers.dashy-secure.entrypoints=https"
-      - "traefik.http.routers.dashy-secure.rule=Host(`dashy.${DOMAIN}`) || Host(`${DOMAIN}`)"
-      - "traefik.http.routers.dashy-secure.tls=true"
-      - "traefik.http.routers.dashy-secure.tls.certresolver=${DNS}"
 
   registry: # My own docker registry
     container_name: registry
@@ -432,18 +295,6 @@ services:
       - web
     expose:
       - 5000
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.registry.entrypoints=http"
-      - "traefik.http.routers.registry.rule=Host(`registry.${DOMAIN}`)"
-      - "traefik.http.middlewares.registry-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.registry.middlewares=registry-https-redirect"
-      - "traefik.http.routers.registry-secure.entrypoints=https"
-      - "traefik.http.routers.registry-secure.rule=Host(`registry.${DOMAIN}`)"
-      - "traefik.http.routers.registry-secure.tls=true"
-      - "traefik.http.routers.registry-secure.tls.certresolver=${DNS}"
 
   searxng:
     image: searxng/searxng
@@ -457,18 +308,6 @@ services:
       - 8080
     volumes:
       - /home/sawyer/compose-files/docker/searxng:/etc/searxng:rw
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.searxng.entrypoints=http"
-      - "traefik.http.routers.searxng.rule=Host(`searxng.${DOMAIN}`) || Host(`searx.${DOMAIN}`) || Host(`search.${DOMAIN}`)"
-      - "traefik.http.middlewares.searxng-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.searxng.middlewares=searxng-https-redirect"
-      - "traefik.http.routers.searxng-secure.entrypoints=https"
-      - "traefik.http.routers.searxng-secure.rule=Host(`searxng.${DOMAIN}`) || Host(`searx.${DOMAIN}`) || Host(`search.${DOMAIN}`)"
-      - "traefik.http.routers.searxng-secure.tls=true"
-      - "traefik.http.routers.searxng-secure.tls.certresolver=${DNS}"
 
   smokeping:
     image: lscr.io/linuxserver/smokeping
@@ -478,19 +317,6 @@ services:
       - web
     expose:
       - 80
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.ping.entrypoints=http"
-      - "traefik.http.routers.ping.rule=Host(`ping.${DOMAIN}`) || Host(`smokeping.${DOMAIN}`) "
-      - "traefik.http.middlewares.ping-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.ping.middlewares=ping-https-redirect"
-      - "traefik.http.routers.ping-secure.entrypoints=https"
-      - "traefik.http.routers.ping-secure.rule=Host(`ping.${DOMAIN}`) || Host(`smokeping.${DOMAIN}`) "
-      - "traefik.http.routers.ping-secure.tls=true"
-      - "traefik.http.routers.ping-secure.tls.certresolver=${DNS}"
-      - "traefik.http.routers.ping-secure.middlewares=forward-auth"
 
   languagetool:
     image: meyay/languagetool
@@ -507,18 +333,6 @@ services:
     volumes:
       - languagetool_ngrams:/ngrams:rw
       - languagetool_fasttext:/fasttext:rw
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.languagetool.entrypoints=http"
-      - "traefik.http.routers.languagetool.rule=Host(`languagetool.${DOMAIN}`) || Host(`smokelanguagetool.${DOMAIN}`) "
-      - "traefik.http.middlewares.languagetool-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.languagetool.middlewares=languagetool-https-redirect"
-      - "traefik.http.routers.languagetool-secure.entrypoints=https"
-      - "traefik.http.routers.languagetool-secure.rule=Host(`languagetool.${DOMAIN}`) || Host(`smokelanguagetool.${DOMAIN}`) "
-      - "traefik.http.routers.languagetool-secure.tls=true"
-      - "traefik.http.routers.languagetool-secure.tls.certresolver=${DNS}"
 
   # configures a gh action runner to redeploy this file
   homelab-github-runner:
@@ -529,8 +343,6 @@ services:
       ORG_NAME: LegitCamper
       REPO_URL: https://github.com/LegitCamper/homelab
       ACCESS_TOKEN: ${SELF_HOSTED_RUNNER}
-    labels:
-      - "traefik.enable=true"
 
   watchtower:
     image: containrrr/watchtower
@@ -543,8 +355,6 @@ services:
       WATCHTOWER_POLL_INTERVAL: 604800 # every 7 days
     command: --cleanup
     restart: always
-    labels:
-      - "traefik.enable=false"
 
   uptime-kuma:
     image: louislam/uptime-kuma:1
@@ -554,19 +364,6 @@ services:
       - uptime-kuma:/app/data:rw
     expose:
       - 3001
-    labels:
-      - "traefik.enable=true"
-      - "traefik.docker.network=web"
-      - "traefik.http.routers.ping.entrypoints=http"
-      - "traefik.http.routers.ping.rule=Host(`uptime-kuma.${DOMAIN}`)"
-      - "traefik.http.middlewares.ping-https-redirect.redirectscheme.scheme=https"
-      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.ping.middlewares=ping-https-redirect"
-      - "traefik.http.routers.ping-secure.entrypoints=https"
-      - "traefik.http.routers.ping-secure.rule=Host(`uptime-kuma.${DOMAIN}`)"
-      - "traefik.http.routers.ping-secure.tls=true"
-      - "traefik.http.routers.ping-secure.tls.certresolver=${DNS}"
-      - "traefik.http.routers.ping-secure.middlewares=forward-auth"
 
   # prometheus:
   #   image: prom/prometheus
diff --git a/docker/traefik/dynamic.toml b/docker/traefik/dynamic.toml
new file mode 100644
index 0000000..15065da
--- /dev/null
+++ b/docker/traefik/dynamic.toml
@@ -0,0 +1,164 @@
+[http.middlewares]
+[http.middlewares.auth.forwardAuth]
+address = "http://traefik-forward-auth:4181"
+trustForwardHeader = true
+authResponseHeaders = ["X-Forwarded-User"]
+[http.middlewares.auth.forwardAuth.tls]
+insecureSkipVerify = true
+caOptional = true
+
+[http.routers.traefik]
+middlewares = ["auth"]
+service = "api@internal"
+rule = "HostRegexp(`^traefik.+`)"
+[http.routers.traefik.tls]
+certResolver = "cloudflare"
+
+[http.routers.komodo]
+middlewares = ["auth"]
+service = "komodo"
+rule = "HostRegexp(`^komodo.+`)"
+[http.routers.komodo.tls]
+certResolver = "cloudflare"
+
+[http.services.komodo.loadBalancer]
+[[http.services.komodo.loadBalancer.servers]]
+url = "http://komodo-core:9120"
+
+[http.routers.ollama]
+middlewares = ["auth"]
+service = "ollama"
+rule = "HostRegexp(`^ollama.+`)"
+[http.routers.ollama.tls]
+certResolver = "cloudflare"
+
+[http.services.ollama.loadBalancer]
+[[http.services.ollama.loadBalancer.servers]]
+url = "http://ollama:8080"
+
+[http.routers.ollama-api]
+service = "ollama-api"
+rule = "HostRegexp(`^ollama-api.+`)"
+[http.routers.ollama-api.tls]
+certResolver = "cloudflare"
+
+[http.services.ollama-api.loadBalancer]
+[[http.services.ollama-api.loadBalancer.servers]]
+url = "http://ollama-api:11434"
+
+[http.routers.jellyfin]
+service = "jellyfin"
+rule = "HostRegexp(`^jellyfin.+`)"
+[http.routers.jellyfin.tls]
+certResolver = "cloudflare"
+
+[http.services.jellyfin.loadBalancer]
+[[http.services.jellyfin.loadBalancer.servers]]
+url = "http://jellyfin:8096"
+
+[http.routers.transmission]
+middlewares = ["auth"]
+service = "transmission"
+rule = "HostRegexp(`^transmission.+`) || HostRegexp(`^torrent.+`)"
+[http.routers.transmission.tls]
+certResolver = "cloudflare"
+
+[http.services.transmission.loadBalancer]
+[[http.services.transmission.loadBalancer.servers]]
+url = "http://transmission-openvpn:9091"
+
+[http.routers.dashy]
+middlewares = ["auth"]
+service = "dashy"
+rule = "HostRegexp(`^dashy.+`) || HostRegexp(`^.+`)"
+[http.routers.dashy.tls]
+certResolver = "cloudflare"
+
+[http.services.dashy.loadBalancer]
+[[http.services.dashy.loadBalancer.servers]]
+url = "http://dashy:80"
+
+[http.routers.registry]
+service = "registry"
+rule = "HostRegexp(`^registry.+`)"
+[http.routers.registry.tls]
+certResolver = "cloudflare"
+
+[http.services.registry.loadBalancer]
+[[http.services.registry.loadBalancer.servers]]
+url = "http://registry:5000"
+
+[http.routers.searxng]
+service = "searxng"
+rule = "HostRegexp(`^searxng.+`) || HostRegexp(`^search.+`)"
+[http.routers.searxng.tls]
+certResolver = "cloudflare"
+
+[http.services.searxng.loadBalancer]
+[[http.services.searxng.loadBalancer.servers]]
+url = "http://searxng:8080"
+
+[http.routers.smokeping]
+middlewares = ["auth"]
+service = "smokeping"
+rule = "HostRegexp(`^smokeping.+`)"
+[http.routers.smokeping.tls]
+certResolver = "cloudflare"
+
+[http.services.smokeping.loadBalancer]
+[[http.services.smokeping.loadBalancer.servers]]
+url = "http://smokeping:80"
+
+[http.routers.languagetool]
+service = "languagetool"
+rule = "HostRegexp(`^languagetool.+`)"
+[http.routers.languagetool.tls]
+certResolver = "cloudflare"
+
+[http.services.languagetool.loadBalancer]
+[[http.services.languagetool.loadBalancer.servers]]
+url = "http://languagetool:8010"
+
+[http.routers.uptime-kuma]
+middlewares = ["auth"]
+service = "uptime-kuma"
+rule = "HostRegexp(`^uptime-kuma.+`)"
+[http.routers.uptime-kuma.tls]
+certResolver = "cloudflare"
+
+[http.services.uptime-kuma.loadBalancer]
+[[http.services.uptime-kuma.loadBalancer.servers]]
+url = "http://uptime-kuma:3001"
+
+[http.routers.adguard]
+middlewares = ["auth"]
+service = "adguard"
+rule = "HostRegexp(`^adguard.+`) || HostRegexp(`^adguardhome.+`)"
+[http.routers.adguard.tls]
+certResolver = "cloudflare"
+
+[http.services.adguard.loadBalancer]
+[[http.services.adguard.loadBalancer.servers]]
+url = "http://adguardhome:80"
+
+[http.routers.doh]
+entryPoints = ["websecure"]
+service = "doh"
+rule = "HostRegexp(`^dns.+`)"
+[http.routers.doh.tls]
+certResolver = "cloudflare"
+
+[http.services.doh.loadBalancer]
+[[http.services.doh.loadBalancer.servers]]
+url = "http://adguard:443"
+
+[tcp.routers.dot]
+entryPoints = ["dot"]
+service = "dot"
+rule = "HostRegexp(`^dns.+`)"
+[tcp.routers.dot.tls]
+certResolver = "cloudflare"
+
+[tcp.services.dot.loadBalancer]
+[[tcp.services.dot.loadBalancer.servers]]
+url = "tcp://adguard:853"
diff --git a/docker/traefik/static.toml b/docker/traefik/static.toml
new file mode 100644
index 0000000..42f01aa
--- /dev/null
+++ b/docker/traefik/static.toml
@@ -0,0 +1,51 @@
+[global]
+checkNewVersion = true
+sendAnonymousUsage = false
+
+[log]
+level = "INFO"
+
+[api]
+insecure = true
+dashboard = true
+debug = true
+disableDashboardAd = true
+
+[serversTransport]
+insecureSkipVerify = true
+[tcpServersTransport]
+[tcpServersTransport.tls]
+insecureSkipVerify = true
+
+[entryPoints]
+[entryPoints.web]
+address = ":80"
+reusePort = true
+asDefault = false
+[entryPoints.web.http.redirections]
+[entryPoints.web.http.redirections.entryPoint]
+to = "websecure"
+scheme = "https"
+permanent = true
+[entryPoints.websecure]
+address = ":443"
+reusePort = true
+asDefault = true
+[entryPoints.dot]
+address = ":853"
+reusePort = true
+asDefault = false
+
+[providers]
+[providers.docker]
+exposedByDefault = false
+network = "web"
+useBindPortIP = false
+watch = true
+[providers.docker.tls]
+insecureSkipVerify = true
+[providers.file]
+directory = "/etc/traefik"
+watch = true
+filename = "dynamic.toml"
+debugLogGeneratedTemplate = true
diff --git a/secrets.env b/secrets.env
index 9770105..beb7ae7 100644
--- a/secrets.env
+++ b/secrets.env
@@ -1,95 +1,95 @@
 $ANSIBLE_VAULT;1.1;AES256
-66383130363330653463333463653263663732653338306433666631316462626162303836313535
-6566353161373032386130653134633565656466316235330a353338323938363836303237656361
-62633736666265616238366361626330333264643662616337396139313735303962616439643139
-3861626338313030300a376634346263636238626538323839306130306333323736346431343732
-36623437316332316163663565383732613764306239623861326438316637346562343061616161
-39336461666435323331653733353636333464376532623834646138346131353465353965323461
-33666162353731343233306362663463646564326638653035316530643538623361306663323230
-33376232393465376236366266613332666265313132626438313933313863393864353430613366
-64306565626466333635326138626561633830313937346430653166333932396261356131363339
-35376636393139333363646164613538613638376134323937633332663437643030393939363739
-30303138336363366330303630313338346639626437323062313561386634333436626264633632
-62613366313831666332633137616633383333666561303635336531633032313863383530646134
-63323465353533663662353332346431656631663430373138326238626635303232333533343032
-65306433336534643630356331326238666530396638363536653230303464313832303832633564
-34326164326232653263313439376364376165643962373866656165393939313533393130386462
-61666165306465653166393564346537363937356139613038626637363164633138323863356335
-66306639376634316231613833353630353835373339396136323136343663656237373539626532
-65313432613833313266643563663261333662356232333534346365313535393366613732303937
-63636335613237383434333030313664336237393365383936666137636364653437643236336265
-33316165323465336335643866613863373538356434636337366236373233313530303035626133
-61333765373066313961366237656462636361393031313464333666356166313838636664633361
-64356662653631376232643939633262386332613961616166396439633836306236626266643234
-64356664613761393764663865373732363733393038346163393666373461356232663666343630
-35616664386232353830306166366362353462393562353365393062656664326165393765383433
-64386634323630373838346534643530353163383235356531613933313230323361383765316539
-34346663323661646364383634663937653738303261326137636438643634346430323438383461
-33333838363130383639316366303035316565343064303030336662376261613131313431393233
-32643234613865613131613137343837663662313134623763623138626362373336346537303931
-31636263613161343234643835663034353530393961316639313134616438613234323366643963
-33386436643938666331626462353366373836393138643363363435363864313966333735343163
-30343565316166383833333039616437356333666266323035303438363333363139386561343138
-61643732393231646535306432303564616634353333653439323535316435343132393261343938
-62616131323334376162383131653235393532366165366135613232336135313530343064366636
-37313337313732663231616365613632663763303932313835306661653235633166333138383837
-62626462376262653730306534646337626639366465356135323465663933306338633766323934
-65613234396165373036393635613833633035666362643533626336353962616130386237393564
-32643832616661643062643135393664656234346138636562343363333231366537333737356237
-33666261366234356430643339623736643133376463636230376430393939663466616664346131
-30343963346162316131643734346336613566396533616637376361656232643336643838366163
-62643832613430323162616430643861323764656531343961383739356539336463363565323337
-34323465356262393235346239653730656131616464366362306336303532633936333062306435
-31313130336333363630626161343537633839376637626365663539653037363334333562393232
-64663839333039356130613466313239613037643837393561323334653739376536636636613331
-61306434326635616239363165633934666637363435353863373734353638623263356633356130
-63346564336234356437363533396537366239366465323235346337333034373233623939633435
-65666136333334343939303665653830333264373565386537303136373338306230626131656165
-65636533316433386266313134653237313937303539366665336235643238343163623537336332
-38363464333461373338316561303932636662306161373138373863366161653535613538343561
-34613231313465383330303235303634653430386665346437323739623938326637616232653532
-31626439383661613663343135313130376637636465373636383566646336326132343034643563
-34656133333633663933323064666636363266313039353131333866623361373838623334346666
-38316631646236666235653834666363666631646465376231393131623939316133303239636639
-63343430346264356539396561353339656265646664346635623164343435336430646535626636
-38396532333365333236356661333237613537613239373937393663343562356363336464643264
-35396139653962346139353566343961653033653334653733316462653335656638656635666534
-38383262343839613738393937313666343561373566366431656334633034643235366161336462
-35346431653137373163303132393662336561616437663838663135666336643838303930383938
-65396332613964326566396631616130316338626361376435663031363662663562653234626534
-32643466666462663530646335633566366163386339663663373763663733363839646562643037
-65363036343665353836626238386539336133663630333931333866633734393238663136373934
-38643637633834333535623163646236326163633733323136653532643934303134643039613963
-37383362646665656361363236353635323133616161373339623065383164303830363834353632
-65633963353835626336306535633433306630376137326433346333373166326363393739646231
-61393731323730303262383633356232626335653062343863386335363738333761633239626532
-64323161316664633337373730613639366531333562626537363439343039323134323338303964
-34346464653661646437643433613933383834373733656231646261383938376530663863623738
-36363831653437353736386565363463666461346564316336393232633435306330393662656663
-61343431376464396266396438303961653365333564343331653363313137396633386337303739
-66303839633765653435313438323036666137653666303132393737303936303366656430616165
-61323330356133303939653262393065323630653935646535303934306163643966336236376662
-66326230336132366365396136343030383531303666646638366263616331656165613431383462
-64656136643333323566363931353931643930633638363065313339663462336562643131373239
-62373338303130343966386630303837653765663462333465383230376239363433326138336166
-66383737653033323533643464613863343463303462306464636334393537316238386332663033
-64613363656566346438363037326133363966623731363963326331373333616261383436356231
-63656239653831623466623663366535643232366561396535633662393561626639616431336263
-38623633623564386165313665393839326338616661313561613463663037353162353563353634
-35386561663766626632346233643633666364666434346664363835396466623164366264653931
-30623266366264313136373362363861653363636435323035346638386431363335366437323938
-62666335346233393563636566303261646436636130316365653035313262626534643839383461
-36393339646262666537396431353961383565396263636364376430386536376266653233663830
-37386461626538323035323232393964393061326536663062613534366638323161396131653835
-31353230303366366335616665333239313963626166656539666431353335393839323462336565
-33383062386338373736663461353962633333396331616638343730626462623538363233393730
-39306432346339623666363866396462336264313031313239623733643833316563626532323961
-66666134383232653530336336376464636464633335656566646635346535353238336463366433
-35333363393337376261636165353561376561393134343662376535323033373132646236643837
-65363366643936656338373939616533353361353061616465393466393632373630316336643938
-35396134376539633664613165353763306133343464616663323763393334353435646661666132
-38633435346232356466396639343336366231383730383539653231366366326263653162333231
-66353339336135643531656337653439343335393730373563303537626236303965343963636562
-63346139333164366139353831386533343263306338363362616232373938623162646239326130
-63626633653262326665303730323765363964346261306633343963656338613831306435366365
-3035336238653636323132323533316466356332346438373730
+34343466366634363331376237386339633865653936663663663336646639303236666332636234
+3439653737386331313466613632346464306538356431660a386231303861346435326164373836
+31376637363539373634616265306534636364393633323366323062313336376631643436376337
+3032636434323137320a336537643336623966306165643235343830353936343461313534393834
+33336665396336333831363739353538356261383836383834366365663830326537373338316434
+66663137323339383361373437383164393163393635383633376464386365343834656430323361
+65393033303433633161646138633762613537663162323362363532333161616530663133396135
+36316133623733386434656364363962386533633864663237623730313765653232336237633761
+34366332336163663132316639343661646139396139363762363064333532353364633465376436
+64386231383962396566373064333334306436353930623436626463626431663530306436643536
+34316131666133356465383464333531356639343561643466343930643030303238363034353033
+64636363323439383834323732333738613562626238616537333961646665313462376365323862
+65373666313833386565643663376234373533343039323534656166613236633165313736643966
+30383835313662353936333430666364616230663064343163393538346433346635353264656636
+36346535646661383139303530353732313237346565623335656661313237313661393235366361
+32366364633334316231336333323636653631653739653037396230316236633662616534303838
+37663734353636323335363033343565316532363536653737633635393134623239383266326139
+33303236373438623839333765633130366530383836313236656531333630333834336161393834
+62623738666236396663666263363465306434613466623639386165306265333130363661303163
+33623663666266613835316437316139393930376636353838666433393338356230353662613632
+31396336643065363634336134386465326234336530353036346531386164383733393635313339
+64646336633564616261363539656661386165376135643333326233366535386236303330306139
+34383464393064366332643034386534393262383930396164323864376338613537363265316266
+32363562353131323965303733353462643131353933333631366630663066666133336437366163
+39333865613664633465353632313331333831343434393665393236386331396532386362643563
+35623435386234333663366139373163303239656532346465656263626233353533616636626130
+31356666373639306136393838373962626139346130656636623665396332613665333339633633
+65333130383533393133393763333833633162303533363965323535643235346664353533333130
+63356631353065616165356536613032396664383734646531366162643833393465633430356433
+33316636306338633833326338383339623738383062613334373563383264393933343539666164
+66646230653363316137623138396164396164303834666633343736636330306431373539613466
+37626139356261363661393934306263306636393863303964396562326335656566313532376335
+65346432663361653639613530663562613461303162653866356261353434343765643865663931
+64306138313337646332663438386162373535653336383539623034323932623664663032303534
+61643037643439616335303161623838653739323237356663306237663039636363626438333266
+36353435316235396263376535346238336532636330396432353366666639313438633565636561
+39336230666232303162643433653237326132386564626137633932383962396661346266366466
+39343464313465343566356432626464366366663634333934643963666339326234396366633331
+62626631383337346135616166323437656336663531663465663962383163316533623739326465
+35306536646130343965393037336664336536346439636462656565336630636238363563616565
+65613363366432343963373933613061376661393737383764303735333963626436646463666562
+32376636363134616437636435613066666335663638623531613963366633366233623438663265
+37336334343362306666326534356233323166313963633664396261626236316434616263656236
+36633138663231306139366365333164643835313664656263303734613834336635643638656333
+35656135653736373866623832613837396438333261626536396365343239626239343666346238
+66616235623363383261613865313930613165333734313331326437303931623465363639373534
+63316663663138303035333162303864636365386438373861383138646334663637383432326566
+65616561306632653563356364323165313935633637626437373834326431363661636131666638
+33386637383730313964646139333734333665353162663863353966653164643237623062663164
+62643437616531383334343137326439646535643666363936663138326631666633656637663532
+39653836326564623164353036623536376163663237613835353335343464623332333762313566
+34653265393965633938666365363661343130353265363461343862633437376136613432353861
+66363233623965393061633239343430373265353934613465393366656565386563636265613231
+63303962613433393064333736613738396633643735643933663832386564613730313037643262
+38643834643635393637346564653533383330653636613130343331366566653933353032303962
+37633966396634663238316161313563346331313230323366333264383963376533633661366666
+66346366653634373030333537393631633339326236613237353766663437323734396633306666
+38393237653730343861653336626339663736353435383434306263663466363334626232336634
+31633363363034373961363966626633626566343261353034323938653335363233613838393533
+63376138343239653665636565616434316331373335643239656535636131613931616637346537
+61313931663166393439623362353534323934313136343561303966623634363133343766303738
+33323461333334343433313661333635303639343133376135663566393032386334306563313532
+30356465613165646661666535306164373133663830616537306133666361376233663236336634
+38326139323737363362646634316132396161393832336466313830386532383863323831353039
+63636465366661366562356531306530363430653936383537313365623330393439613466343164
+66323830393635613932636432333365613930346166663638353038653732373437356231653137
+62616364356366643064333330353237643866326630343866336562393362653533373733303764
+66333762323638623466663165636536643463366530353230613333373266333934616432323536
+65303035386161336461373232646131363838386664373534613034306436353037306536363963
+35656636613066656163333266353663373063646133626331373230623165646134316563363036
+65383435303936643930656233353465643634306332666430353533373935663932353566333733
+38643364383530393236633533363062653961363463333036663830306339316330316238653438
+34366332346533653563386561656566336232353930623632336431343131386164313361656535
+36383163393163633662643066653130343336643733346132383666633763303136623333333937
+30623236626238623964643762396262643033383563363134643766656639653438396237343764
+36323862333438323366393731333733613964323062663738616432633365633737663166356230
+38313130306162363536393665613364386537363937613462656465333364313863303436376330
+37613136633331616230353564633333366635326630383733363562636430353633616533326336
+38376432666633396339346362623434653638323932396133663630633831333531633732313032
+36396561646233663339633838616539373332636536623032306163643239353937616532613138
+61343333353830353932313934666566363265393866343739646265653863306436356231396338
+32313532373637326639386331633436386366323139353466313566323462666465643861353637
+37336631356136343538383432633238636233373030363636656362373063336336666565373836
+32336237303833333966386364633063336534333831643833373766623934313439353763343730
+34343933383139666163636330336664313730393831373132326366626238383433303739666338
+61326662643331633636306162343932356534383837316461373536656639386464383539643930
+30363135303837623062333165663930326661646234356538336162373136646330386162303334
+35346566313566636430656139343066623862313164626132656365333466333165633334346264
+63623866316566653964306334363265336230646130653339666665353439326161663530316464
+66343664386330616433633533633061346364666139643934616532303363656166663865373331
+62663537653035616637663430386361326333616334613065336439353334373764386136636237
+37643766323831646362303438663530363665616262353562333761313830633461343932373033
+61366537663534336639386438333033386463613030663666653566373563386337373066383761
+6164343639366533363732313836623865666538646331613738
diff --git a/tasks/nvidia.yml b/tasks/nvidia.yml
index 5d7f1d7..4c45414 100644
--- a/tasks/nvidia.yml
+++ b/tasks/nvidia.yml
@@ -4,7 +4,8 @@
       # nvidia.nvidia_driver # use fork with debain support instead
       name: nvidia_drivers
     vars:
-      nvidia_driver_skip_reboot: yes
+      nvidia_driver_branch: "550"
+      nvidia_driver_skip_reboot: no
 
   - name: Install nvidia container toolkit
     include_role: