diff --git a/README.md b/README.md
index 31d727c0..6b208bd3 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,6 @@
 | delugevpn | ghcr.io/binhex/arch-delugevpn:latest |
 | docker-socket-proxy | ghcr.io/tecnativa/docker-socket-proxy:latest |
 | docker-volume-backup | offen/docker-volume-backup:v2 |
-| docuseal | docuseal/docuseal:latest |
 | duplicati | lscr.io/linuxserver/duplicati:latest |
 | fastenhealth | ghcr.io/fastenhealth/fasten-onprem:main |
 | flaresolverr | ghcr.io/flaresolverr/flaresolverr:latest |
diff --git a/ansible/app-configs/ghost_config.production.json.j2 b/ansible/app-configs/ghost_config.production.json.j2
new file mode 100644
index 00000000..ad3488fd
--- /dev/null
+++ b/ansible/app-configs/ghost_config.production.json.j2
@@ -0,0 +1,41 @@
+{% set vault_addr = 'https://vault.trez.wtf' %}
+{% set secrets_path = 'rinoa-docker/env' %}
+
+{
+  "url": "blog.trez.wtf",
+  "database": {
+    "client": "mysql",
+    "connection": {
+      "host"     : "mariadb",
+      "user"     : "ghost",
+      "password" : "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GHOST_DB_PASSWORD'] }}",
+      "database" : "ghost"
+    }
+  },
+  "mail": {
+    "from": "'Ghost @ Rinoa' <noreply@trez.wtf>"
+    "transport": "SMTP",
+    "options": {
+      "host": "postal-smtp",
+      "port": 25,
+      "secure": false,
+      "auth": {
+        "user": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}",
+        "pass": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}"
+      }
+    }
+  },
+  "paths": {
+    "contentPath": "content/"
+  },
+  "privacy": {
+    "useGravatar": true
+  }
+  "logging": {
+    "level": "info",
+    "rotation": {
+      "enabled": true
+    },
+    "transports": ["file"]
+  }
+}
\ No newline at end of file
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 3bf03244..3ac5f989 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -1,14 +1,14 @@
 vault_addr: "https://vault.trez.wtf"
 vault_token: !vault |
   $ANSIBLE_VAULT;1.1;AES256
-  30623330336664656231653066343930303830343530323930613666643863623837633738346639
-  3734386663383333386635623931343361343363396434660a633637666539626264653437636134
-  36616334386264383330323164333432623538366234326563323664353338646331353233396161
-  3030623162373232320a386432393337613431303432613065626163326363316365613937623031
-  39316566343238363934383833376136323461336666663762383663633531303138616132333938
-  30316334363436333164303035643835316238313038663761636338313433303766626238656234
-  34373436396430646339326361366634363735346637303865373164363663663263646661366663
-  36336334393535386332646461313262646131383932353534363936623961613761333762376561
-  31366662626231346638346339626565653831613865646436643233653066366534
+  61383638616263666539386332333638356662623166393234383666366265346537353533653833
+  3333313230636166663734356261316132393834613737630a386166376365333862383031343838
+  35346338633530636463643165623432353466363230646239656463333263373738663639313136
+  3966633235393937350a343337613061616238323238386332363635623932333230323037353136
+  66616561613038656462636565656361613065373238613862386235623265396133633034326563
+  32663532343137366334366630356232313865666661326337326263613262306637663434646639
+  61623030383963623332333135396363643036646461303438643233313136346139343232353535
+  39356432623161333661333266333937626364643964333839333934306364373234653761326638
+  33396534396163373034666164393039303639643431353662666265666264353062
 vault_token_cleaned: "{{ vault_token | regex_replace('\\n', '') }}"
 secrets_path: "rinoa-docker/env"
diff --git a/docker-compose.yml b/docker-compose.yml
index 1e5b87c6..725a02ac 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1337,21 +1337,6 @@ services:
         condition: service_started
         required: true
         restart: true
-    environment:
-      database__client: mysql
-      database__connection__host: mariadb
-      database__connection__port: 3306
-      database__connection__user: ${GHOST_DB_USER}
-      database__connection__password: ${GHOST_DB_PASSWORD}
-      database__connection__database: ghost_db
-      mail__transport: SMTP
-      mail__options__host: postal-smtp
-      mail__options__port: 25
-      mail__options__secure: false
-      mail__options__auth__user: ${POSTAL_SMTP_AUTH_USER}
-      mail__options__auth__pass: ${POSTAL_SMTP_AUTH_PASSWORD}
-      mail__from: "noreply@trez.wtf"
-      url: https://blog.${MY_TLD}
     image: ghost:latest
     labels:
       homepage.group: Lifestyle
@@ -1367,9 +1352,11 @@ services:
       swag.uptime-kuma.monitor.url: https://blog.${MY_TLD}
     links:
       - mariadb
-    networks:
-      default: null
+    ports:
+      - 2368:2368
     restart: always
+    volumes:
+      - ${DOCKER_VOLUME_CONFIG}/ghost:/home/ghost
   gitea:
     container_name: gitea
     depends_on: