diff --git a/.just/vars.just b/.just/vars.just
index 7f464fb..62a8bd9 100644
--- a/.just/vars.just
+++ b/.just/vars.just
@@ -36,20 +36,25 @@ remove machine key:
 
     echo "Done"
 
-[doc('Remove var by {key} for {machine}')]
+[doc('Generate var values for {machine}')]
 [script]
 generate machine:
     for key in $(nix eval --apply 'builtins.attrNames' --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets | jq -r '.[]'); do
-        # Skip if there's no script
-        [ -f "{{ justfile_directory() }}/script/$key" ] || continue
-
         # Skip if we already have a value
-        [ $(just vars get {{ machine }} "$key" | jq -r) ] && continue
+        [ $(just vars get "{{ machine }}" "$key" | jq -r) ] && continue
 
-        echo "Executing script for $key"
-        just vars set {{ machine }} "$key" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/$key")" && source "./$(basename $key)")"
+        just _rotate "{{ machine }}" "$key"
     done
 
+[doc('Regenerate var values for {machine}')]
+[script]
+_rotate machine key:
+    # Exit if there's no script
+    [ -f "{{ justfile_directory() }}/script/{{ key }}" ] || exit
+
+    echo "Executing script for {{ key }}"
+    just vars set "{{ machine }}" "{{ key }}" "$(cd -- "$(dirname "{{ justfile_directory() }}/script/{{ key }}")" && source "./$(basename "{{ key }}")")"
+
 [script]
 check:
     cd ..
diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix
index 6af52ef..c9da350 100644
--- a/modules/nixos/services/media/glance/default.nix
+++ b/modules/nixos/services/media/glance/default.nix
@@ -100,22 +100,22 @@ in {
                       }
                       {
                         title = "Radarr";
-                        url = "http://${config.networking.hostName}:2001";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.radarr.settings.server.port}";
                         icon = "sh:radarr";
                       }
                       {
                         title = "Sonarr";
-                        url = "http://${config.networking.hostName}:2002";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.sonarr.settings.server.port}";
                         icon = "sh:sonarr";
                       }
                       {
                         title = "Lidarr";
-                        url = "http://${config.networking.hostName}:2003";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.lidarr.settings.server.port}";
                         icon = "sh:lidarr";
                       }
                       {
                         title = "Prowlarr";
-                        url = "http://${config.networking.hostName}:2004";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.prowlarr.settings.server.port}";
                         icon = "sh:prowlarr";
                       }
                       {
@@ -125,7 +125,7 @@ in {
                       }
                       {
                         title = "SABnzbd";
-                        url = "http://${config.networking.hostName}:8080";
+                        url = "http://${config.networking.hostName}:${builtins.toString config.services.sabnzbd.settings.misc.port}";
                         icon = "sh:sabnzbd";
                       }
                     ];
diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix
index f868313..6953421 100644
--- a/modules/nixos/services/media/servarr/default.nix
+++ b/modules/nixos/services/media/servarr/default.nix
@@ -85,8 +85,11 @@ in {
               LegalNotice.Accepted = true;
 
               Prefecences.WebUI = {
+                AlternativeUIEnabled = true;
+                RootFolder = "''${pkgs.vuetorrent}/share/vuetorrent";
+
                 Username = "admin";
-                Password_PBKDF2 = config.sops.secrets."qbittorrent/password_hash".path;
+                Password_PBKDF2 = "@ByteArray(Yhyk8fzgSHuKcgcmIxhYzg==:9njltqI5znb98+n+eOqUvpe4xYj6Dcub994o2fe9kpTa1fczMdHf/fNoifLaGmEf69xkTNSztEuh6BqcR4/CbQ==)"; #config.sops.secrets."qbittorrent/password_hash".path;
               };
             };
 
diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy/default.nix
index f17c737..4cab016 100644
--- a/modules/nixos/services/networking/caddy/default.nix
+++ b/modules/nixos/services/networking/caddy/default.nix
@@ -29,7 +29,7 @@ in {
 
       package = pkgs.caddy.withPlugins {
         plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
-        hash = "sha256-AdL/LFKXbWmCsJ/xZWZmYBnw57c7sS6s1miR3sSx1Ow=";
+        hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
       };
 
       virtualHosts =
diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix
index e2040d4..a867351 100644
--- a/modules/nixos/services/observability/grafana/default.nix
+++ b/modules/nixos/services/observability/grafana/default.nix
@@ -36,7 +36,6 @@ in {
 
           auth = {
             disable_login_form = false;
-            oauth_auto_login = true;
           };
 
           "auth.basic".enable = false;
diff --git a/script/.shared/pwgen b/script/.shared/pwgen
new file mode 100644
index 0000000..85fc69f
--- /dev/null
+++ b/script/.shared/pwgen
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+pwgen -s 128 1