diff --git a/core/authelia.tf b/core/authelia.tf
index 5bda631..6e84dad 100644
--- a/core/authelia.tf
+++ b/core/authelia.tf
@@ -33,7 +33,7 @@ module "authelia" {
 
   service_tags = [
     # Configure traefik to add this middleware
-    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.thefij.rocks%2F",
+    "traefik.http.middlewares.authelia.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?rd=https%3A%2F%2Fauthelia.${var.base_hostname}%2F",
     "traefik.http.middlewares.authelia.forwardAuth.trustForwardHeader=true",
     "traefik.http.middlewares.authelia.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email",
     "traefik.http.middlewares.authelia-basic.forwardAuth.address=http://authelia.nomad:$${NOMAD_PORT_main}/api/verify?auth=basic",
@@ -112,7 +112,7 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
   default        = true
 
   config {
-    oidc_discovery_url = "https://authelia.thefij.rocks"
+    oidc_discovery_url = "https://authelia.${var.base_hostname}"
     oidc_client_id     = "nomad"
     oidc_client_secret = yamldecode(file("${path.module}/../ansible_playbooks/vars/nomad_vars.yml"))["nomad/oidc"]["secret"]
     bound_audiences    = ["nomad"]
@@ -121,8 +121,8 @@ resource "nomad_acl_auth_method" "nomad_authelia" {
       "openid",
     ]
     allowed_redirect_uris = [
-      "https://nomad.thefij.rocks/oidc/callback",
-      "https://nomad.thefij.rocks/ui/settings/tokens",
+      "https://nomad.${var.base_hostname}/oidc/callback",
+      "https://nomad.${var.base_hostname}/ui/settings/tokens",
     ]
     list_claim_mappings = {
       "groups" : "roles"
diff --git a/core/blocky/blocky.tf b/core/blocky/blocky.tf
index 2eb6a03..c3bf562 100644
--- a/core/blocky/blocky.tf
+++ b/core/blocky/blocky.tf
@@ -1,10 +1,5 @@
 locals {
-  config_data = templatefile(
-    "${path.module}/config.yml",
-    {
-      base_hostname = var.base_hostname,
-    }
-  )
+  config_data = file("${path.module}/config.yml")
 }
 
 resource "nomad_job" "blocky" {
diff --git a/core/blocky/vars.tf b/core/blocky/vars.tf
index 06c6ae3..aa5858a 100644
--- a/core/blocky/vars.tf
+++ b/core/blocky/vars.tf
@@ -1,9 +1,3 @@
-variable "base_hostname" {
-  type        = string
-  description = "Base hostname to serve content from"
-  default     = "dev.homelab"
-}
-
 variable "use_wesher" {
   type        = bool
   description = "Indicates whether or not services should expose themselves on the wesher network"
diff --git a/core/grafana/grafana.ini b/core/grafana/grafana.ini
index d2f4f10..842cd76 100644
--- a/core/grafana/grafana.ini
+++ b/core/grafana/grafana.ini
@@ -43,7 +43,7 @@ data = /var/lib/grafana
 
 # The full public facing url you use in browser, used for redirects and emails
 # If you use reverse proxy and sub path specify full url (with sub path)
-root_url = https://grafana.thefij.rocks
+root_url = https://grafana.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
 
 # Log web requests
 ;router_logging = false
@@ -264,9 +264,9 @@ name = Authelia
 client_id = grafana
 client_secret = from_env
 scopes = openid profile email groups
-auth_url = https://authelia.thefij.rocks/api/oidc/authorization
-token_url = https://authelia.thefij.rocks/api/oidc/token
-api_url = https://authelia.thefij.rocks/api/oidc/userinfo
+auth_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/authorization
+token_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/token
+api_url = https://authelia.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}/api/oidc/userinfo
 login_attribute_path = preferred_username
 groups_attribute_path = groups
 name_attribute_path = name
@@ -437,7 +437,7 @@ enabled           = true
 provider = s3
 
 [external_image_storage.s3]
-endpoint = https://minio.thefij.rocks
+endpoint = https://minio.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}
 bucket = grafana-images
 region = us-east-1
 path_style_access = true
diff --git a/core/main.tf b/core/main.tf
index a7597b4..81392be 100644
--- a/core/main.tf
+++ b/core/main.tf
@@ -1,8 +1,7 @@
 module "blocky" {
   source = "./blocky"
 
-  base_hostname = var.base_hostname
-  use_wesher    = var.use_wesher
+  use_wesher = var.use_wesher
 
   # Not in this module
   # depends_on = [module.databases]
@@ -10,8 +9,6 @@ module "blocky" {
 
 module "traefik" {
   source = "./traefik"
-
-  base_hostname = var.base_hostname
 }
 
 resource "nomad_job" "nomad-client-stalker" {
diff --git a/core/traefik/traefik.nomad b/core/traefik/traefik.nomad
index 4103ee0..1a38f31 100644
--- a/core/traefik/traefik.nomad
+++ b/core/traefik/traefik.nomad
@@ -1,9 +1,3 @@
-variable "base_hostname" {
-  type = string
-  description = "Base hostname to serve content from"
-  default = "dev.homelab"
-}
-
 job "traefik" {
   datacenters = ["dc1"]
   type = "service"
diff --git a/core/traefik/traefik.tf b/core/traefik/traefik.tf
index fe3827a..e0a8f44 100644
--- a/core/traefik/traefik.tf
+++ b/core/traefik/traefik.tf
@@ -1,15 +1,6 @@
-variable "base_hostname" {
-  type        = string
-  description = "Base hostname to serve content from"
-  default     = "dev.homelab"
-}
-
 resource "nomad_job" "traefik" {
   hcl2 {
     enabled = true
-    vars = {
-      "base_hostname" = var.base_hostname,
-    }
   }
 
   jobspec = file("${path.module}/traefik.nomad")
diff --git a/main.tf b/main.tf
index 8af89d2..5d85952 100644
--- a/main.tf
+++ b/main.tf
@@ -17,7 +17,8 @@ module "core" {
 module "services" {
   source = "./services"
 
-  use_wesher = var.use_wesher
+  base_hostname = var.base_hostname
+  use_wesher    = var.use_wesher
 
   # NOTE: It may be possible to flip this and core so core templates don't
   # need to be rerendered every time a service goes up or down.
diff --git a/services/photoprism.tf b/services/photoprism.tf
index 5163d0a..3be09b1 100644
--- a/services/photoprism.tf
+++ b/services/photoprism.tf
@@ -56,7 +56,7 @@ module "photoprism_module" {
     PHOTOPRISM_SITE_CAPTION     = "AI-Powered Photos App"
     PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
     PHOTOPRISM_SITE_TITLE       = "PhotoPrism"
-    PHOTOPRISM_SITE_URL         = "https://photoprism.thefij.rocks/"
+    PHOTOPRISM_SITE_URL         = "https://photoprism.${var.base_hostname}/"
     PHOTOPRISM_SPONSOR          = "true"
     # Worker config
     PHOTOPRISM_WORKERS = 2
diff --git a/services/vars.tf b/services/vars.tf
index aa5858a..06c6ae3 100644
--- a/services/vars.tf
+++ b/services/vars.tf
@@ -1,3 +1,9 @@
+variable "base_hostname" {
+  type        = string
+  description = "Base hostname to serve content from"
+  default     = "dev.homelab"
+}
+
 variable "use_wesher" {
   type        = bool
   description = "Indicates whether or not services should expose themselves on the wesher network"
diff --git a/vars.tf b/vars.tf
index 5cb1153..63f2d6f 100644
--- a/vars.tf
+++ b/vars.tf
@@ -6,7 +6,7 @@ variable "nomad_address" {
 variable "base_hostname" {
   type        = string
   description = "Base hostname to serve content from"
-  default     = "dev.homelab"
+  default     = "thefij.rocks"
 }
 
 variable "nomad_secret_id" {