diff --git a/flatcar/app/app.service b/flatcar/app/app.service
index b0fb480..36345be 100644
--- a/flatcar/app/app.service
+++ b/flatcar/app/app.service
@@ -4,8 +4,8 @@ After=docker.service
 Requires=docker.service
 [Service]
 TimeoutStartSec=0
-ExecStart=/usr/bin/docker compose -f /home/core/docker-compose.yaml up
-ExecStop=/usr/bin/docker compose -f /home/core/docker-compose.yaml stop
+ExecStart=/usr/bin/docker compose -f /app/docker-compose.yaml up
+ExecStop=/usr/bin/docker compose -f /app/docker-compose.yaml stop
 
 Restart=always
 RestartSec=5s
diff --git a/flatcar/app/docker-compose.yaml b/flatcar/app/docker-compose.yaml
index f4ebaac..cd7bee1 100644
--- a/flatcar/app/docker-compose.yaml
+++ b/flatcar/app/docker-compose.yaml
@@ -3,7 +3,7 @@ services:
   lb:
     image: docker.io/caddy:2
     volumes:
-      - /var/lb/caddy:/etc/caddy
+      - /app/lb:/etc/caddy
 #      - ./lb/:/etc/caddy
       - config:/config
       - data:/data
@@ -16,16 +16,16 @@ services:
   # thintz-com:
   #   image: docker.io/caddy:2
   #   volumes:
-  #     #- /var/thintz-com/caddy:/etc/caddy
+  #     #- /app/thintz-com/caddy:/etc/caddy
   #     - ./thintz-com/:/etc/caddy
   #   networks:
   #     - lb
   #   restart: unless-stopped
-  # nginx:
-  #   image: nginx
-  #   restart: unless-stopped
-  #   networks:
-  #     - lb
+  nginx:
+    image: nginx
+    restart: unless-stopped
+    networks:
+      - lb
   wg-easy:
     image: ghcr.io/wg-easy/wg-easy:15
     environment:
diff --git a/flatcar/app/lb/Caddyfile b/flatcar/app/lb/Caddyfile
index d0a7152..a7a0a83 100644
--- a/flatcar/app/lb/Caddyfile
+++ b/flatcar/app/lb/Caddyfile
@@ -3,5 +3,9 @@ wg-easy.nassella.cc {
 
   # tls internal
   # x
-  log
+  # log
+}
+
+nassella.cc {
+  reverse_proxy http://nginx:80
 }
\ No newline at end of file
diff --git a/flatcar/cl.yaml b/flatcar/cl.yaml
index 96bc05f..8ae8d5f 100644
--- a/flatcar/cl.yaml
+++ b/flatcar/cl.yaml
@@ -39,13 +39,16 @@ storage:
     - device: /dev/disk/by-label/appstorage
       format: ext4
       wipe_filesystem: false
+  trees:
+    - path: /app
+      local: app
   files:
-    - path: /var/lb/caddy/Caddyfile
-      contents:
-        local: app/lb/Caddyfile
-    - path: /var/thintz-com/caddy/Caddyfile
-      contents:
-        local: app/thintz-com/Caddyfile
+#    - path: /var/lb/caddy/Caddyfile
+#      contents:
+#        local: app/lb/Caddyfile
+#    - path: /var/thintz-com/caddy/Caddyfile
+#      contents:
+#        local: app/thintz-com/Caddyfile
     ### docker-compose sysext
     ### https://flatcar.github.io/sysext-bakery/docker_compose/
     - path: /opt/extensions/docker-compose/docker-compose-2.34.0-x86-64.raw
@@ -58,14 +61,14 @@ storage:
     - path: /etc/sysupdate.d/noop.conf
       contents:
         source: https://extensions.flatcar.org/extensions/noop.conf
-    - path: /home/core/docker-compose.yaml
-      mode: 0644
-      user:
-        name: core
-      group:
-        name: core
-      contents:
-        local: app/docker-compose.yaml
+#    - path: /var/docker-compose.yaml
+#      mode: 0644
+#      user:
+#        name: core
+#      group:
+#        name: core
+#      contents:
+#        local: app/docker-compose.yaml
   links:
     - target: /opt/extensions/docker-compose/docker-compose-2.34.0-x86-64.raw
       path: /etc/extensions/docker-compose.raw
diff --git a/main.tf b/main.tf
index 5b1a0f2..8604c16 100644
--- a/main.tf
+++ b/main.tf
@@ -74,6 +74,11 @@ variable "domain" {
   description = "Root domain to use"
 }
 
+variable "subdomains" {
+  type = list
+  description = "Subdomains to setup"
+}
+
 provider "digitalocean" {
   token = var.do_token
 }
@@ -97,15 +102,25 @@ resource "digitalocean_reserved_ip" "machine" {
   region     = digitalocean_droplet.machine.region
 }
 
-resource "cloudflare_dns_record" "machine" {
+resource "cloudflare_dns_record" "root" {
   zone_id = var.cloudflare_zone_id
-  name    = "wg-easy"
+  name    = "@"
   content   = digitalocean_reserved_ip.machine.ip_address
   type    = "A"
   proxied = false
   ttl = 300
 }
 
+resource "cloudflare_dns_record" "subdomains" {
+  for_each  = toset(var.subdomains)
+  zone_id = var.cloudflare_zone_id
+  name    = each.key
+  content   = var.domain
+  type    = "CNAME"
+  proxied = false
+  ttl = 300
+}
+
 resource "digitalocean_volume" "machine" {
   region    = var.datacenter
   name      = "${var.cluster_name}"
@@ -146,6 +161,6 @@ resource "digitalocean_volume_attachment" "machine" {
 
 output "domain-mappings" {
   value = {
-    "wg-easy.${var.domain}" = digitalocean_reserved_ip.machine.ip_address
+    "${var.domain}" = digitalocean_reserved_ip.machine.ip_address
   }
 }
diff --git a/template.tfvars b/template.tfvars
index 89f092e..afd9264 100644
--- a/template.tfvars
+++ b/template.tfvars
@@ -1,4 +1,5 @@
 domain = ""
+subdomains = ["wg-easy"]
 
 do_token = "" # token from "API" settings on DigitalOcean