diff --git a/nixos/lavender/containers/homepage.nix b/nixos/lavender/containers/homepage.nix
index 6980ccb..a4ae52c 100644
--- a/nixos/lavender/containers/homepage.nix
+++ b/nixos/lavender/containers/homepage.nix
@@ -7,6 +7,7 @@
     image = "ghcr.io/benphelps/homepage:latest";
     volumes = [
       "/srv/containers/homepage:/app/config"
+      "/srv/media:/srv/media:ro"
     ];
     ports = [ "3000:3000" ];
   };
diff --git a/nixos/lavender/containers/nginx.nix b/nixos/lavender/containers/nginx.nix
new file mode 100644
index 0000000..f837917
--- /dev/null
+++ b/nixos/lavender/containers/nginx.nix
@@ -0,0 +1,13 @@
+{ ... }:
+
+{
+  # Nginx
+  virtualisation.oci-containers.containers."nginx" = {
+    autoStart = true;
+    image = "nginx";
+    volumes = [
+      "/srv/containers/nginx:/usr/share/nginx/html"
+    ];
+    ports = [ "8282:80" ];
+  };
+}
diff --git a/nixos/lavender/containers/pihole.nix b/nixos/lavender/containers/pihole.nix
index 39f98eb..72385e5 100644
--- a/nixos/lavender/containers/pihole.nix
+++ b/nixos/lavender/containers/pihole.nix
@@ -8,14 +8,15 @@
     volumes = [
       "/srv/containers/pihole/etc-pihole:/etc/pihole"
       "/srv/containers/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
+      "/srv/containers/pihole/secrets:/secrets"
     ];
     ports = [ 
       "53:53/tcp"
       "53:53/udp"
-      "80:80/tcp"
+      "8181:80/tcp"
     ];
     environment = {
-      WEBPASSWORD = "";
+      WEBPASSWORD_FILE = "/secrets/admin-password";
       DNSMASQ_LISTENING = "all";
     };
   };
diff --git a/nixos/lavender/containers/plex.nix b/nixos/lavender/containers/plex.nix
index 64d31ff..1ed5981 100644
--- a/nixos/lavender/containers/plex.nix
+++ b/nixos/lavender/containers/plex.nix
@@ -7,7 +7,7 @@
     image = "lscr.io/linuxserver/plex:latest";
     volumes = [
       "/srv/containers/plex:/config"
-      "/srv/media:/media"
+      "/srv/data/media:/data/media:ro"
     ];
     ports = [ "32400:32400" ];
   };
diff --git a/nixos/lavender/containers/prowlarr.nix b/nixos/lavender/containers/prowlarr.nix
new file mode 100644
index 0000000..1a4bf1c
--- /dev/null
+++ b/nixos/lavender/containers/prowlarr.nix
@@ -0,0 +1,14 @@
+{ ... }:
+
+{
+  # Prowlarr
+  virtualisation.oci-containers.containers."prowlarr" = {
+    autoStart = true;
+    image = "cr.hotio.dev/hotio/prowlarr";
+    volumes = [
+      "/srv/containers/prowlarr:/config"
+      "/srv/media:/media"
+    ];
+    ports = [ "9696:9696" ];
+  };
+}
diff --git a/nixos/lavender/containers/qbittorrent.nix b/nixos/lavender/containers/qbittorrent.nix
index 60ac181..5e75745 100644
--- a/nixos/lavender/containers/qbittorrent.nix
+++ b/nixos/lavender/containers/qbittorrent.nix
@@ -4,11 +4,14 @@
   # Qbittorrent
   virtualisation.oci-containers.containers."qbittorrent" = {
     autoStart = true;
-    image = "cr.hotio.dev/hotio/qbittorrent";
+    image = "cr.hotio.dev/hotio/qbittorrent:release";
     volumes = [
       "/srv/containers/qbittorrent:/config"
-      "/srv/media:/media"
+      "/srv/data/torrents:/data/torrents"
+    ];
+    ports = [ 
+      "8383:8080"
+      "32372:32372"
     ];
-    ports = [ "8080:8080" ];
   };
 }
diff --git a/nixos/lavender/containers/radarr.nix b/nixos/lavender/containers/radarr.nix
index 1246bb6..de59203 100644
--- a/nixos/lavender/containers/radarr.nix
+++ b/nixos/lavender/containers/radarr.nix
@@ -7,7 +7,7 @@
     image = "cr.hotio.dev/hotio/radarr";
     volumes = [
       "/srv/containers/radarr:/config"
-      "/srv/media:/media"
+      "/srv/data:/data"
     ];
     ports = [ "7878:7878" ];
   };
diff --git a/nixos/lavender/containers/sonarr.nix b/nixos/lavender/containers/sonarr.nix
index 9101498..3465164 100644
--- a/nixos/lavender/containers/sonarr.nix
+++ b/nixos/lavender/containers/sonarr.nix
@@ -4,10 +4,10 @@
   # Sonarr
   virtualisation.oci-containers.containers."sonarr" = {
     autoStart = true;
-    image = "cr.hotio.dev/hotio/sonarr";
+    image = "cr.hotio.dev/hotio/sonarr:v4";
     volumes = [
       "/srv/containers/sonarr:/config"
-      "/srv/media:/media"
+      "/srv/data:/data"
     ];
     ports = [ "8989:8989" ];
   };
diff --git a/nixos/lavender/containers/traefik.nix b/nixos/lavender/containers/traefik.nix
new file mode 100644
index 0000000..32cd770
--- /dev/null
+++ b/nixos/lavender/containers/traefik.nix
@@ -0,0 +1,24 @@
+{ ... }:
+
+{
+  # Traefik
+  virtualisation.oci-containers.containers."traefik" = {
+    autoStart = true;
+    image = "traefik:v2.10";
+    volumes = [
+      "/srv/containers/traefik/traefik.yaml:/etc/traefik/traefik.yaml"
+      "/srv/containers/traefik/config:/config"
+      "/srv/containers/traefik/letsencrypt:/letsencrypt"
+      "/srv/containers/traefik/secrets:/secrets"
+    ];
+    ports = [
+      "80:80"
+      "443:443"
+      "8080:8080"
+    ];
+    environment = {
+      CF_API_EMAIL_FILE = "/secrets/cf-api-email";
+      CF_API_KEY_FILE = "/secrets/cf-api-key";
+    };
+  };
+}