diff --git a/kustomize/bases/home-assistant/home-assistant-deployment.yaml b/kustomize/bases/home-assistant/home-assistant-deployment.yaml
index acbabe9..c6ff9bc 100644
--- a/kustomize/bases/home-assistant/home-assistant-deployment.yaml
+++ b/kustomize/bases/home-assistant/home-assistant-deployment.yaml
@@ -26,7 +26,7 @@ spec:
             nodeSelectorTerms:
               - matchExpressions:
                   # need a zigbee receiver
-                  - key: badjnet.home/zigbee-receiver
+                  - key: badjware.dev/zigbee-receiver
                     operator: Exists
       initContainers:
         - image: busybox:1.36.1
diff --git a/kustomize/bases/longhorn/kustomization.yaml b/kustomize/bases/longhorn/kustomization.yaml
index 53e0059..a7c53ba 100644
--- a/kustomize/bases/longhorn/kustomization.yaml
+++ b/kustomize/bases/longhorn/kustomization.yaml
@@ -12,7 +12,7 @@ commonLabels:
 configMapGenerator:
   - name: kustomize-generated-config
     literals:
-      - LONGHORN_EXTERNAL_HOST=longhorn.badjnet.home
+      - LONGHORN_EXTERNAL_HOST=longhorn.badjware.dev
 
 replacements:
   - source:
diff --git a/kustomize/bases/ollama/kustomization.yaml b/kustomize/bases/ollama/kustomization.yaml
index 39655b4..11d899f 100644
--- a/kustomize/bases/ollama/kustomization.yaml
+++ b/kustomize/bases/ollama/kustomization.yaml
@@ -10,8 +10,8 @@ commonLabels:
 configMapGenerator:
   - name: kustomize-generated-config
     literals:
-      - OLLAMA_EXTERNAL_HOST=ollama.badjnet.home
-      - OLLAMA_EXTERNAL_URL=http://ollama.badjnet.home
+      - OLLAMA_EXTERNAL_HOST=ollama.badjware.dev
+      - OLLAMA_EXTERNAL_URL=http://ollama.badjware.dev
 
 replacements:
   - source:
diff --git a/kustomize/bases/openwebui/kustomization.yaml b/kustomize/bases/openwebui/kustomization.yaml
index 34aaf4c..d755ef3 100644
--- a/kustomize/bases/openwebui/kustomization.yaml
+++ b/kustomize/bases/openwebui/kustomization.yaml
@@ -1,5 +1,6 @@
 resources:
   - openwebui-deployment.yaml
+  - openwebui-externalsecret.yaml
   - openwebui-ingress.yaml
 
 namePrefix: openwebui-
diff --git a/kustomize/bases/openwebui/openwebui-deployment.yaml b/kustomize/bases/openwebui/openwebui-deployment.yaml
index be7adcc..7821b23 100644
--- a/kustomize/bases/openwebui/openwebui-deployment.yaml
+++ b/kustomize/bases/openwebui/openwebui-deployment.yaml
@@ -29,6 +29,30 @@ spec:
               value: ollama
             - name: AUDIO_STT_ENGINE
               value: openai
+            - name: ENABLE_SIGNUP
+              value: "false" 
+            - name: ENABLE_OAUTH_SIGNUP
+              value: "true" 
+            - name: OAUTH_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: server-openid-config
+                  key: oauth_client_id
+            - name: OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: server-openid-config
+                  key: oauth_client_secret
+            - name: OPENID_PROVIDER_URL
+              valueFrom:
+                secretKeyRef:
+                  name: server-openid-config
+                  key: openid_provider_url
+            - name: OAUTH_PROVIDER_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: server-openid-config
+                  key: oauth_provider_name
             # - name: GLOBAL_LOG_LEVEL
             #   value: DEBUG
           resources:
diff --git a/kustomize/bases/openwebui/openwebui-externalsecret.yaml b/kustomize/bases/openwebui/openwebui-externalsecret.yaml
new file mode 100644
index 0000000..72fc32d
--- /dev/null
+++ b/kustomize/bases/openwebui/openwebui-externalsecret.yaml
@@ -0,0 +1,28 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: server-openid-config
+spec:
+  secretStoreRef:
+    name: aws-parameters-store
+    kind: ClusterSecretStore
+  target:
+    name: server-openid-config
+    template:
+      metadata:
+        labels:
+          app.kubernetes.io/managed-by: external-secret
+        annotations: {}
+  data:
+    - secretKey: oauth_client_id
+      remoteRef:
+        key: /k3s/prod/llm/openwebui/oauth_client_id
+    - secretKey: oauth_client_secret
+      remoteRef:
+        key: /k3s/prod/llm/openwebui/oauth_client_secret
+    - secretKey: openid_provider_url
+      remoteRef:
+        key: /k3s/prod/llm/openwebui/openid_provider_url
+    - secretKey: oauth_provider_name
+      remoteRef:
+        key: /k3s/prod/llm/openwebui/oauth_provider_name
\ No newline at end of file
diff --git a/kustomize/bases/prometheus/kustomization.yaml b/kustomize/bases/prometheus/kustomization.yaml
index 7110d62..5069beb 100644
--- a/kustomize/bases/prometheus/kustomization.yaml
+++ b/kustomize/bases/prometheus/kustomization.yaml
@@ -24,7 +24,7 @@ secretGenerator:
 configMapGenerator:
   - name: kustomize-generated-config
     literals:
-      - PROMETHEUS_EXTERNAL_HOST=prometheus.badjnet.home
+      - PROMETHEUS_EXTERNAL_HOST=prometheus.badjware.dev
 
 replacements:
   - source:
diff --git a/kustomize/bases/traefik/kustomization.yaml b/kustomize/bases/traefik/kustomization.yaml
index 84c0d70..b328340 100644
--- a/kustomize/bases/traefik/kustomization.yaml
+++ b/kustomize/bases/traefik/kustomization.yaml
@@ -12,7 +12,7 @@ commonLabels:
 configMapGenerator:
   - name: kustomize-generated-config
     literals:
-      - TRAEFIK_EXTERNAL_HOST=traefik.badjnet.home
+      - TRAEFIK_EXTERNAL_HOST=traefik.badjware.dev
 
 replacements:
   - source: