diff --git a/.gitea/workflows/pr-docker-deploy.yml b/.gitea/workflows/pr-docker-deploy.yml
index 4bf557d..cd22e0c 100644
--- a/.gitea/workflows/pr-docker-deploy.yml
+++ b/.gitea/workflows/pr-docker-deploy.yml
@@ -6,8 +6,7 @@ on:
     branches-ignore:
       - "main"
     paths:
-      - "docker-compose.misc.yml"
-      - "compose/docker-compose*.yml"
+      - "**/docker-compose*.yml"
 
 env:
   HC_VAULT_VERSION: "1.20.4"
@@ -186,18 +185,18 @@ jobs:
       - name: Checkout
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
-      # - name: Login to Gitea Container Registry
-      #   run: |
-      #     docker login -u gitea-sonarqube-bot -p ${REGISTRY_PASSWORD} git.trez.wtf
-
       - name: Login to Docker Hub
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_USER }}
@@ -205,24 +204,13 @@ jobs:
 
       - name: Login to Private Gitea Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           registry: git.trez.wtf
           username: ${{ secrets.BOT_GITEA_USER }}
           password: ${{ secrets.BOT_GITEA_PASSWORD }}
 
-      - name: Cache Vault install
-        id: cache-vault
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-        with:
-          path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
-          key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
-
-      - name: Install Vault (only if not cached)
-        if: steps.cache-vault.outputs.cache-hit != 'true'
-        uses: cpanato/vault-installer@main
-        with:
-          version: ${{ env.HC_VAULT_VERSION }}
-
       - name: Gotify Notification
         uses: eikendev/gotify-action@master
         with:
@@ -231,10 +219,6 @@ jobs:
           notification_title: "GITEA: Docker Compose Dry Run @ Benedikta"
           notification_message: "Starting Docker Compose dry run..."
 
-      - name: Generate .env file for Docker Compose
-        run: |
-          vault kv get -format=json benedikta-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-
       - name: Get list of Compose files
         id: compose_file_list
         run: |
@@ -249,6 +233,15 @@ jobs:
           echo "compose_list=$compose_list" >> "$GITHUB_OUTPUT"
           echo "Compose files: $compose_list"
 
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
+          HC_VAULT_PASSWORD: ${{ secrets.VAULT_GITEA_PASSWORD }}
+          HC_VAULT_SECRETS_PATH: benedikta-docker/env
+
       - name: Docker Compose Dry Run
         uses: cssnr/stack-deploy-action@d58b92bcd776afc57ef12f55bafff71200fd218e # v1.4.0
         with:
@@ -327,27 +320,18 @@ jobs:
         with:
           ref: main
 
-      - name: Cache Vault install
-        id: cache-vault
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-        with:
-          path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64
-          key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }}
-
-      - name: Install Vault (only if not cached)
-        if: steps.cache-vault.outputs.cache-hit != 'true'
-        uses: cpanato/vault-installer@main
-        with:
-          version: ${{ env.HC_VAULT_VERSION }}
-
       - name: Login to Docker Hub
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_USER }}
@@ -355,6 +339,8 @@ jobs:
 
       - name: Login to Private Gitea Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           registry: git.trez.wtf
           username: ${{ secrets.BOT_GITEA_USER }}
@@ -368,11 +354,14 @@ jobs:
           notification_title: "GITEA: Docker Compose Deployment @ Benedikta"
           notification_message: "Starting Docker Compose run..."
 
-      - name: Generate .env file for deployment
-        run: |
-          vault kv get -format=json benedikta-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-          echo ${DOCKER_SVC_LIST}
-          echo ${COMPOSE_FILE_LIST}
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
+          HC_VAULT_PASSWORD: ${{ secrets.VAULT_GITEA_PASSWORD }}
+          HC_VAULT_SECRETS_PATH: benedikta-docker/env
 
       - name: Docker Compose Deployment
         uses: cssnr/stack-deploy-action@d58b92bcd776afc57ef12f55bafff71200fd218e # v1.4.0
diff --git a/.gitea/workflows/renovate-pr-deploy.yml b/.gitea/workflows/renovate-pr-deploy.yml
index e59cfe1..af3949f 100644
--- a/.gitea/workflows/renovate-pr-deploy.yml
+++ b/.gitea/workflows/renovate-pr-deploy.yml
@@ -7,7 +7,7 @@ on:
     branches:
       - main
     paths:
-      - "./docker-compose.misc.yml"
+      - "**/docker-compose*.yml"
 
 env:
   VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
@@ -25,37 +25,13 @@ jobs:
       - name: Check out code
         uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
 
-      - name: Install Vault
-        uses: cpanato/vault-installer@main
-        with:
-          version: ${{ env.HC_VAULT_VERSION }}
-
-      - name: Detect Renovate update type
-        id: detect-update
-        env:
-          PR_BODY: ${{ github.event.pull_request.body }}
-        run: |
-          echo "PR body: $PR_BODY"
-
-          if echo "$PR_BODY" | grep -qE 'Update Type: (patch|minor|major|digest)'; then
-            echo "update=true" >> $GITHUB_OUTPUT
-          else
-            echo "update=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Stop if update not patch/minor/major/digest
-        if: steps.detect-update.outputs.update != 'true'
-        run: |
-          echo "::warning::This PR does not involve patch/minor/major/digest update. Skipping deployment."
-          exit 0
-
-      - name: Get changed services from docker-compose.yml
+      - name: Get changed services from all Compose files.
         id: services
         run: |
           echo "Getting services from main and ${{ github.ref_name }}"
 
           # Dynamically find all docker-compose YAML files (root + compose folder)
-          COMPOSE_FILES=($(find . -maxdepth 2 -type f -name 'docker-compose*.yml' | sort))
+          COMPOSE_FILES=($(find . -type f -name 'docker-compose*.yml' | sort))
 
           echo "Found Compose files:"
           printf '%s\n' "${COMPOSE_FILES[@]}"
@@ -140,18 +116,18 @@ jobs:
           echo "compose_list=$compose_list" >> "$GITHUB_OUTPUT"
           echo "Compose files: $compose_list"
 
-      - name: Generate .env file for Docker Compose
-        run: |
-          vault kv get -format=json benedikta-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env
-
       - name: Login to Docker Hub
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_USER }}
@@ -159,6 +135,8 @@ jobs:
 
       - name: Login to Private Gitea Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        env:
+          DOCKER_HOST: tcp://192.168.1.252:2375
         with:
           registry: git.trez.wtf
           username: ${{ secrets.BOT_GITEA_USER }}
@@ -172,6 +150,15 @@ jobs:
           notification_title: "GITEA: [RENOVATE] Docker Compose Deployment @ Rikku"
           notification_message: "Starting Docker Compose run..."
 
+      - name: Generate .env from Hashicorp Vault
+        uses: https://git.trez.wtf/Trez/hc-vault-env@main
+        with:
+          HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
+          HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
+          HC_VAULT_USERNAME: ${{ secrets.VAULT_GITEA_USER }}
+          HC_VAULT_PASSWORD: ${{ secrets.VAULT_GITEA_PASSWORD }}
+          HC_VAULT_SECRETS_PATH: benedikta-docker/env
+
       - name: Docker Compose Deployment
         uses: cssnr/stack-deploy-action@d58b92bcd776afc57ef12f55bafff71200fd218e # v1.4.0
         with: