diff --git a/group_vars/docker_hosts.yml b/group_vars/docker_hosts.yml
index 2da0437..999b17d 100644
--- a/group_vars/docker_hosts.yml
+++ b/group_vars/docker_hosts.yml
@@ -1,2 +1,6 @@
 ---
 my_svc_path: ~/services
+base_volume_path: /mnt/dock
+media_volume_path: /mnt/media
+
+traefik_ip: 172.16.122.254
diff --git a/roles/nextcloud/templates/.env.nextcloud.j2 b/roles/nextcloud/templates/.env.nextcloud.j2
index 602ced0..3d4cffd 100644
--- a/roles/nextcloud/templates/.env.nextcloud.j2
+++ b/roles/nextcloud/templates/.env.nextcloud.j2
@@ -17,6 +17,7 @@ SMTP_PASSWORD={{ sendgrid_api_key }}
 MAIL_FROM_ADDRESS=nc
 MAIL_DOMAIN=cazzzer.com
 
+TRUSTED_PROXIES={{ traefik_ip }}
 OVERWRITEHOST=nc.{{ domain }}
 OVERWRITEPROTOCOL=https
 OVERWRITECLIURL=https://nc.{{ domain }}
diff --git a/roles/traefik/templates/docker-compose.yml.j2 b/roles/traefik/templates/docker-compose.yml.j2
index 062945f..50bc863 100644
--- a/roles/traefik/templates/docker-compose.yml.j2
+++ b/roles/traefik/templates/docker-compose.yml.j2
@@ -1,7 +1,12 @@
 version: "3.9"
 
 networks:
+  default:
   traefik:
+    internal: true
+    ipam:
+      config:
+        - subnet: {{ traefik_ip }}/24
 
 volumes:
   logs:
@@ -10,6 +15,10 @@ services:
   traefik:
     image: traefik:v2.9
     container_name: traefik
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.traefik.rule=Host(`traefik.{{ domain }}`)
+      - traefik.http.services.traefik.loadbalancer.server.port=8080
     restart: unless-stopped
     ports:
       - "80:80"
@@ -17,7 +26,9 @@ services:
     env_file:
       - .env.traefik
     networks:
-      - traefik
+      default:
+      traefik:
+        ipv4_address: {{ traefik_ip }}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./traefik.yml:/etc/traefik/traefik.yml:ro