diff --git a/modules/servers/atticd.nix b/modules/servers/atticd.nix
index 836887f..e4b1ec5 100644
--- a/modules/servers/atticd.nix
+++ b/modules/servers/atticd.nix
@@ -31,7 +31,7 @@ in
         };
       };
       nginx.virtualHosts."cache.rotehaare.art" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverseFix cfg.hostName cfg.port // { }
+        setup.proxyReverseFix cfg // { }
       );
     };
   };
diff --git a/modules/servers/audiobookshelf.nix b/modules/servers/audiobookshelf.nix
index f3f6e4a..2b14461 100644
--- a/modules/servers/audiobookshelf.nix
+++ b/modules/servers/audiobookshelf.nix
@@ -6,15 +6,16 @@ in
 {
   options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;
   config = {
+    my.servers.audiobookshelf.ip = "127.0.0.3";
     services = {
       audiobookshelf = lib.mkIf cfg.enable {
         inherit (cfg) port;
         enable = true;
+        host = cfg.ip;
         group = "piracy";
-        openFirewall = true;
       };
       nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxy {
+        setup.proxy cfg {
           "/" = {
             proxyPass = cfg.local;
             extraConfig = ''
diff --git a/modules/servers/bazarr.nix b/modules/servers/bazarr.nix
index d5ed403..abb39d0 100644
--- a/modules/servers/bazarr.nix
+++ b/modules/servers/bazarr.nix
@@ -12,9 +12,7 @@ in
         enable = true;
         group = "piracy";
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }
diff --git a/modules/servers/flame.nix b/modules/servers/flame.nix
index 333463e..be3a905 100644
--- a/modules/servers/flame.nix
+++ b/modules/servers/flame.nix
@@ -47,8 +47,8 @@ in
     };
     services.nginx = {
       virtualHosts = lib.mkIf (cfg.enableProxy || cfgS.enableProxy) {
-        "${cfg.host}" = setup.proxyReverse cfg.hostName cfg.port // { };
-        "${cfgS.host}" = setup.proxyReverse cfgS.hostName cfgS.port // { };
+        "${cfg.host}" = setup.proxyReverse cfg // { };
+        "${cfgS.host}" = setup.proxyReverse cfgS // { };
       };
     };
   };
diff --git a/modules/servers/homepage.nix b/modules/servers/homepage.nix
index 1724a79..a32ae7e 100644
--- a/modules/servers/homepage.nix
+++ b/modules/servers/homepage.nix
@@ -22,9 +22,7 @@ in
           |> builtins.filter (file: builtins.match ".*\\.nix" file != null)
           |> map (file: import ./homepage/bookmarks/${file});
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }
diff --git a/modules/servers/kavita.nix b/modules/servers/kavita.nix
index 27e707d..06ee277 100644
--- a/modules/servers/kavita.nix
+++ b/modules/servers/kavita.nix
@@ -24,9 +24,7 @@ in
         enable = true;
         tokenKeyFile = config.sops.secrets.kavita-token.path;
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }
diff --git a/modules/servers/lidarr.nix b/modules/servers/lidarr.nix
index 5b3d2c0..a3990b8 100644
--- a/modules/servers/lidarr.nix
+++ b/modules/servers/lidarr.nix
@@ -30,7 +30,7 @@ in
       ];
     };
     services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-      setup.proxyReverseFix cfg.hostName cfg.port // { }
+      setup.proxyReverseFix cfg // { }
     );
   };
 }
diff --git a/modules/servers/maloja.nix b/modules/servers/maloja.nix
index d26dd2a..42859b8 100644
--- a/modules/servers/maloja.nix
+++ b/modules/servers/maloja.nix
@@ -23,7 +23,7 @@ in
       volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
     };
     services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-      setup.proxyReverse cfg.hostName cfg.port // { }
+      setup.proxyReverse cfg // { }
     );
   };
 }
diff --git a/modules/servers/mealie.nix b/modules/servers/mealie.nix
index 999a18a..fe8123e 100644
--- a/modules/servers/mealie.nix
+++ b/modules/servers/mealie.nix
@@ -27,9 +27,7 @@ in
         };
         credentialsFile = config.sops.secrets.mealie.path;
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }
diff --git a/modules/servers/metube.nix b/modules/servers/metube.nix
index 2082044..e172421 100644
--- a/modules/servers/metube.nix
+++ b/modules/servers/metube.nix
@@ -22,7 +22,7 @@ in
       };
     };
     services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-      setup.proxyReverse cfg.hostName cfg.port // { }
+      setup.proxyReverse cfg // { }
     );
   };
 }
diff --git a/modules/servers/microbin.nix b/modules/servers/microbin.nix
index fb9e18f..7cc65c5 100644
--- a/modules/servers/microbin.nix
+++ b/modules/servers/microbin.nix
@@ -20,9 +20,7 @@ in
           MICROBIN_ENCRYPTION_SERVER_SIDE = true;
         };
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }
diff --git a/modules/servers/multi-scrobbler.nix b/modules/servers/multi-scrobbler.nix
index f227535..c428575 100644
--- a/modules/servers/multi-scrobbler.nix
+++ b/modules/servers/multi-scrobbler.nix
@@ -24,7 +24,7 @@ in
       volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];
     };
     services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-      setup.proxyReverse cfg.hostName cfg.port // { }
+      setup.proxyReverse cfg // { }
     );
   };
 }
diff --git a/modules/servers/nix-serve.nix b/modules/servers/nix-serve.nix
index b413e5c..341bbd8 100644
--- a/modules/servers/nix-serve.nix
+++ b/modules/servers/nix-serve.nix
@@ -20,9 +20,7 @@ in
         inherit (cfg) port;
         secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path;
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }
diff --git a/modules/servers/ombi.nix b/modules/servers/ombi.nix
index 9f790ec..cf7524e 100644
--- a/modules/servers/ombi.nix
+++ b/modules/servers/ombi.nix
@@ -12,9 +12,7 @@ in
         port = cfg.port;
         openFirewall = (!cfg.isLocal);
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverseFix cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg // { });
     };
   };
 }
diff --git a/modules/servers/prowlarr.nix b/modules/servers/prowlarr.nix
index 758bfe8..bd21f43 100644
--- a/modules/servers/prowlarr.nix
+++ b/modules/servers/prowlarr.nix
@@ -23,9 +23,7 @@ in
         package = pkgs.nur.repos.xddxdd.flaresolverr-21hsmw;
         openFirewall = true;
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverseFix cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg // { });
     };
   };
 }
diff --git a/modules/servers/radarr.nix b/modules/servers/radarr.nix
index 62ec9ed..90a594f 100644
--- a/modules/servers/radarr.nix
+++ b/modules/servers/radarr.nix
@@ -12,9 +12,7 @@ in
         enable = true;
         group = "piracy";
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverseFix cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg // { });
     };
   };
 }
diff --git a/modules/servers/ryot.nix b/modules/servers/ryot.nix
index 62120d5..e72e24a 100644
--- a/modules/servers/ryot.nix
+++ b/modules/servers/ryot.nix
@@ -20,7 +20,7 @@ in
       volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
     };
     services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-      setup.proxyReverse cfg.hostName cfg.port // { }
+      setup.proxyReverse cfg // { }
     );
   };
 }
diff --git a/modules/servers/setup.nix b/modules/servers/setup.nix
index 880e479..9c9414d 100644
--- a/modules/servers/setup.nix
+++ b/modules/servers/setup.nix
@@ -41,30 +41,25 @@ let
       default = "${config.my.servers.${name}.hostName}" == config.my.mainServer;
     };
   };
-  proxy = locations: {
+  proxy = cfg: locations: {
     inherit locations;
     forceSSL = true;
     enableACME = true;
     http2 = true;
+    # listenAddresses = [ cfg.ip ];
   };
-  proxyReverse =
-    host: port:
-    let
-      useLocalhost = host == config.networking.hostName;
-      proxyTarget = if useLocalhost then config.my.localhost else config.my.ips."${host}";
-    in
-    proxy { "/".proxyPass = "http://${proxyTarget}:${toString port}/"; };
+  proxyReverse = cfg: proxy cfg { "/".proxyPass = "http://${cfg.ip}:${toString cfg.port}/"; };
   proxyReverseFix =
-    host: port:
+    cfg:
     let
-      useLocalhost = host == config.networking.hostName;
+      useLocalhost = cfg.hostName == config.networking.hostName;
       localHeaders = ''
         proxy_set_header   Host $host;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Proto $scheme;
       '';
     in
-    proxyReverse host port
+    proxyReverse cfg
     // {
       extraConfig = ''
         ${if useLocalhost then localHeaders else ""}
diff --git a/modules/servers/shiori.nix b/modules/servers/shiori.nix
index 0327c4f..4a5e0fb 100644
--- a/modules/servers/shiori.nix
+++ b/modules/servers/shiori.nix
@@ -10,14 +10,12 @@ in
     sops.secrets = lib.mkIf cfg.enable { shiori.sopsFile = ../../secrets/env.yaml; };
     services = {
       shiori = lib.mkIf cfg.enable {
-        enable = true;
         inherit (cfg) port;
+        enable = true;
         environmentFile = config.sops.secrets.shiori.path;
         databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }
diff --git a/modules/servers/sonarr.nix b/modules/servers/sonarr.nix
index db8080b..c0b2bd7 100644
--- a/modules/servers/sonarr.nix
+++ b/modules/servers/sonarr.nix
@@ -12,9 +12,7 @@ in
         group = "piracy";
         openFirewall = (!cfg.isLocal);
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverseFix cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg // { });
     };
   };
 }
diff --git a/modules/servers/vaultwarden.nix b/modules/servers/vaultwarden.nix
index 48bf795..61df3d9 100644
--- a/modules/servers/vaultwarden.nix
+++ b/modules/servers/vaultwarden.nix
@@ -31,9 +31,7 @@ in
           LOG_LEVEL = "warn";
         };
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
-        setup.proxyReverse cfg.hostName cfg.port // { }
-      );
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg // { });
     };
   };
 }