diff --git a/dd-apps/docker/postgresql/postgresql.yml b/dd-apps/docker/postgresql/postgresql.yml
index 1c510b7..5bca788 100644
--- a/dd-apps/docker/postgresql/postgresql.yml
+++ b/dd-apps/docker/postgresql/postgresql.yml
@@ -23,10 +23,23 @@ services:
     image: ${POSTGRESQL_IMG-postgres:13.5-alpine3.15}
     container_name: dd-apps-postgresql
     restart: unless-stopped
-    env_file: .env
     environment:
+      # Postgres
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
       - POSTGRES_USER=${POSTGRES_USER}
+      # Etherpad
+      - ETHERPAD_POSTGRES_USER=${ETHERPAD_POSTGRES_USER:-etherpard}
+      - ETHERPAD_POSTGRES_PASSWORD=${ETHERPAD_POSTGRES_PASSWORD}
+      # Keycloak
+      - KEYCLOAK_DB_DATABASE=${KEYCLOAK_DB_DATABASE:-keycloak}
+      - KEYCLOAK_DB_USER=${KEYCLOAK_DB_USER:-keycloak}
+      - KEYCLOAK_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+      # Moodle
+      - MOODLE_POSTGRES_USER=${MOODLE_POSTGRES_USER:-moodle}
+      - MOODLE_POSTGRES_PASSWORD=${MOODLE_POSTGRES_PASSWORD}
+      # Nextcloud
+      - NEXTCLOUD_POSTGRES_USER=${NEXTCLOUD_POSTGRES_USER:-nextcloud}
+      - NEXTCLOUD_POSTGRES_PASSWORD=${NEXTCLOUD_POSTGRES_PASSWORD}
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - ${DB_FOLDER}/postgres:/var/lib/postgresql/data
diff --git a/dd-apps/docker/wordpress/wordpress.yml b/dd-apps/docker/wordpress/wordpress.yml
index b6a88a0..12acad3 100644
--- a/dd-apps/docker/wordpress/wordpress.yml
+++ b/dd-apps/docker/wordpress/wordpress.yml
@@ -36,6 +36,7 @@ services:
     volumes:
       *wordpress-volumes
     environment:
+      DOMAIN: ${DOMAIN}
       WORDPRESS_DB_HOST: dd-apps-mariadb
       WORDPRESS_DB_NAME: "wordpress"
       WORDPRESS_DB_USER: ${WORDPRESS_MARIADB_USER}
diff --git a/dd-ctl b/dd-ctl
index d37f512..8aa12c7 100755
--- a/dd-ctl
+++ b/dd-ctl
@@ -112,9 +112,11 @@ fi
 REPO_BRANCH="${1:-main}"
 
 
-cp dd.conf .env
 CUSTOM_PATH=$(pwd)
-. ./.env
+if [ -f dd.conf ]; then
+	cp dd.conf .env
+	. ./.env
+fi
 
 prerequisites_docker(){
 	# Remove uncompatible docker packages
@@ -180,9 +182,18 @@ build_compose(){
 	setconf DD_BUILD "${DD_BUILD}" .env
 
 	setconf CUSTOM_PATH "$CUSTOM_PATH" .env
+
 	setconf BUILD_APPS_ROOT_PATH "$CUSTOM_PATH/dd-apps" .env
 	setconf BUILD_SSO_ROOT_PATH "$CUSTOM_PATH/dd-sso" .env
 
+	# SMTP (needed for e.g. Nextcloud's more granular settings)
+	SMTP_LOCAL_PART="$(echo "${SMTP_USER:-}" | cut -d '@' -f 1)"
+	export SMTP_LOCAL_PART
+	SMTP_DOMAIN="$(echo "${SMTP_USER:-}" | cut -d '@' -f 2)"
+	export SMTP_DOMAIN
+	setconf SMTP_LOCAL_PART "${SMTP_LOCAL_PART}" .env
+	setconf SMTP_DOMAIN "${SMTP_DOMAIN}" .env
+
 	# Choose HAProxy configuration flavour
 	if [ "${PROXY_PROTOCOL:-false}" = "true" ]; then
 		HAPROXY_YML="haproxy.proxy.yml"
@@ -207,7 +218,7 @@ build_compose(){
 	setconf HAPROXY_CFG "${HAPROXY_CFG}"
 	setconf HAPROXY_CFG "${HAPROXY_CFG}" .env
 
-	# Enable or disable ClamAV
+	# Enable or disable ClamAV's container
 	if [ "${DISABLE_CLAMAV:-true}" = "true" ]; then
 		# Current default (might change)
 		CLAMAV_YML="clamav.disabled.yml"
@@ -215,18 +226,16 @@ build_compose(){
 		CLAMAV_YML="clamav.yml"
 	fi
 
-	## Prepare apps environment
-	ln -sf "${CUSTOM_PATH}/.env" dd-apps/.env
-	ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/postgresql && \
-	ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/mariadb && \
-	ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/moodle && \
-	ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/nextcloud && \
-	ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/wordpress && \
-	ln -sf "${CUSTOM_PATH}/.env" dd-apps/docker/etherpad
-
-	## Prepare sso environment
-	ln -sf "${CUSTOM_PATH}/.env" dd-sso/.env
-	ln -sf "${CUSTOM_PATH}/.env" dd-sso/docker-compose-parts/.env
+	# Clean up redundant .env files
+	for f in	dd-apps \
+			dd-apps/docker/postgresql dd-apps/docker/mariadb \
+			dd-apps/docker/moodle dd-apps/docker/nextcloud \
+			dd-apps/docker/wordpress dd-apps/docker/etherpad \
+			dd-sso dd-sso/docker-compose-parts; do
+		if [ -f "${f}/.env" ]; then
+			rm "${f}/.env"
+		fi
+	done
 
 	# Clean up older custom data
 	rm -rf custom/system/keycloak-themes
@@ -234,12 +243,13 @@ build_compose(){
 
 	# Build compose ymls
 	docker-compose \
+			--env-file "${CUSTOM_PATH}/.env" \
+					\
 			-f "dd-sso/docker-compose-parts/$WAF_YML" \
 			-f "dd-sso/docker-compose-parts/$HAPROXY_YML"\
 			-f dd-sso/docker-compose-parts/api.yml \
 			-f dd-sso/docker-compose-parts/keycloak.yml \
 			-f dd-sso/docker-compose-parts/avatars.yml \
-			-f dd-apps/docker/postgresql/postgresql.yml \
 			-f dd-sso/docker-compose-parts/admin.yml \
 					\
 			-f dd-apps/docker/moodle/moodle.yml \
diff --git a/dd-sso/docker-compose-parts/admin.yml b/dd-sso/docker-compose-parts/admin.yml
index 054baf9..2dd9b24 100644
--- a/dd-sso/docker-compose-parts/admin.yml
+++ b/dd-sso/docker-compose-parts/admin.yml
@@ -39,8 +39,6 @@ services:
     - ${DATA_FOLDER}/legal:/admin/admin/static/templates/pages/legal:rw
     - ${DATA_FOLDER}/dd-admin:/data:rw
     - ${DATA_FOLDER}/nc-mail-queue:/nc-mail-queue:rw
-    env_file:
-      - .env
     environment:
       - VERIFY="false"  # In development do not verify certificates
       - DOMAIN=${DOMAIN}
@@ -53,3 +51,5 @@ services:
       - AVATARS_SERVER_HOST=dd-sso-avatars:9000
       - AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
       - AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
+    # TODO: Check missing env vars and pass them on the environment
+    env_file: ${CUSTOM_PATH}/.env
diff --git a/dd-sso/docker-compose-parts/api.yml b/dd-sso/docker-compose-parts/api.yml
index 94e968e..42a6925 100644
--- a/dd-sso/docker-compose-parts/api.yml
+++ b/dd-sso/docker-compose-parts/api.yml
@@ -28,6 +28,10 @@ services:
         DOMAIN: $DOMAIN
         NGINX_ALPINE_IMG: ${NGINX_ALPINE_IMG-nginx:1.21.6-alpine}
     container_name: dd-sso-api
+    environment:
+      DOMAIN: ${DOMAIN}
+      KEYCLOAK_USER: ${KEYCLOAK_USER}
+      KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - ${CUSTOM_PATH}/custom/menu:/api/menu
@@ -37,8 +41,3 @@ services:
     restart: unless-stopped
     networks:
       - dd_net
-    # ports:
-    # - published: 7039
-    #   target: 7039
-    env_file:
-      - .env
diff --git a/dd-sso/docker-compose-parts/haproxy.no-ports.yml b/dd-sso/docker-compose-parts/haproxy.no-ports.yml
index 2ef11c9..b6a7dc0 100644
--- a/dd-sso/docker-compose-parts/haproxy.no-ports.yml
+++ b/dd-sso/docker-compose-parts/haproxy.no-ports.yml
@@ -28,6 +28,12 @@ services:
       dockerfile: Dockerfile
       target: production
     container_name: dd-sso-haproxy
+    environment:
+      DOMAIN: ${DOMAIN}
+      HAPROXY_CFG: ${HAPROXY_CFG:-haproxy.no-waf.no-haproxy.cfg}
+      LETSENCRYPT_DOMAIN: ${LETSENCRYPT_DOMAIN}
+      LETSENCRYPT_DOMAIN_ROOT: ${LETSENCRYPT_DOMAIN_ROOT}
+      LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
     restart: unless-stopped
     volumes:
       - /etc/localtime:/etc/localtime:ro
@@ -35,8 +41,6 @@ services:
       - ${SRC_FOLDER}/haproxy/certs:/certs:rw
     networks:
       - dd_net
-    env_file:
-      - .env
     logging:
       driver: "json-file"
       options:
diff --git a/dd-sso/docker-compose-parts/haproxy.proxy.yml b/dd-sso/docker-compose-parts/haproxy.proxy.yml
index d5830c5..3597131 100644
--- a/dd-sso/docker-compose-parts/haproxy.proxy.yml
+++ b/dd-sso/docker-compose-parts/haproxy.proxy.yml
@@ -28,6 +28,12 @@ services:
       dockerfile: Dockerfile
       target: production
     container_name: dd-sso-haproxy
+    environment:
+      DOMAIN: ${DOMAIN}
+      HAPROXY_CFG: ${HAPROXY_CFG:-haproxy.no-waf.no-haproxy.cfg}
+      LETSENCRYPT_DOMAIN: ${LETSENCRYPT_DOMAIN}
+      LETSENCRYPT_DOMAIN_ROOT: ${LETSENCRYPT_DOMAIN_ROOT}
+      LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
     restart: unless-stopped
     volumes:
       - /etc/localtime:/etc/localtime:ro
@@ -45,8 +51,6 @@ services:
       target: 8888
     - published: 591
       target: 591
-    env_file:
-      - .env
     logging:
       driver: "json-file"
       options:
diff --git a/dd-sso/docker-compose-parts/haproxy.yml b/dd-sso/docker-compose-parts/haproxy.yml
index c373259..2e1be97 100644
--- a/dd-sso/docker-compose-parts/haproxy.yml
+++ b/dd-sso/docker-compose-parts/haproxy.yml
@@ -28,6 +28,12 @@ services:
       dockerfile: Dockerfile
       target: production
     container_name: dd-sso-haproxy
+    environment:
+      DOMAIN: ${DOMAIN}
+      HAPROXY_CFG: ${HAPROXY_CFG:-haproxy.no-waf.no-haproxy.cfg}
+      LETSENCRYPT_DOMAIN: ${LETSENCRYPT_DOMAIN}
+      LETSENCRYPT_DOMAIN_ROOT: ${LETSENCRYPT_DOMAIN_ROOT}
+      LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
     restart: unless-stopped
     volumes:
       - /etc/localtime:/etc/localtime:ro
@@ -40,8 +46,6 @@ services:
       target: 80
     - published: 443
       target: 443
-    env_file:
-      - .env
     logging:
       driver: "json-file"
       options:
diff --git a/dd-sso/docker-compose-parts/postgresql.yml b/dd-sso/docker-compose-parts/postgresql.yml
deleted file mode 100644
index 60f9585..0000000
--- a/dd-sso/docker-compose-parts/postgresql.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-#
-#   Copyright © 2021,2022 IsardVDI S.L.
-#
-#   This file is part of DD
-#
-#   DD is free software: you can redistribute it and/or modify
-#   it under the terms of the GNU Affero General Public License as published by
-#   the Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   DD is distributed in the hope that it will be useful, but WITHOUT ANY
-#   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-#   FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
-#   details.
-#
-#   You should have received a copy of the GNU Affero General Public License
-#   along with DD. If not, see <https://www.gnu.org/licenses/>.
-#
-# SPDX-License-Identifier: AGPL-3.0-or-later
-version: '3.7'
-services:
-  dd-sso-postgresql:
-    image: ${POSTGRESQL_IMG-postgres:13.5-alpine3.15}
-    container_name: dd-sso-postgresql
-    restart: unless-stopped
-    env_file:
-      - .env
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - ${DB_FOLDER}/postgres:/var/lib/postgresql/data
-      - ${BUILD_SSO_ROOT_PATH}/init/databases:/docker-entrypoint-initdb.d
-    networks:
-      - dd_net
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "5m"
-        max-file: "10"
diff --git a/dd-sso/docker-compose-parts/waf-modsecurity.yml b/dd-sso/docker-compose-parts/waf-modsecurity.yml
index 1817fb8..31295aa 100644
--- a/dd-sso/docker-compose-parts/waf-modsecurity.yml
+++ b/dd-sso/docker-compose-parts/waf-modsecurity.yml
@@ -7,8 +7,8 @@ services:
       dockerfile: Dockerfile
       target: production
     container_name: dd-waf-apache
-    env_file:
-      - .env
+    environment:
+      DISABLE_WAF: ${DISABLE_WAF:-true}
     restart: unless-stopped
     volumes:
       - /etc/localtime:/etc/localtime:ro
diff --git a/dd.conf.sample b/dd.conf.sample
index 407b43e..18b6159 100644
--- a/dd.conf.sample
+++ b/dd.conf.sample
@@ -187,8 +187,7 @@ POSTGRESQL_IMG=postgres:14.1-alpine3.15
 #MARIADB_IMG=mariadb:10.6.5
 
 ## NGINX
-#NGINX_IMG=nginx:1.21.6
-#NGINX_ALPINE_IMG=nginx:1.21.6-alpine
+#NGINX_ALPINE_IMG=nginx:1.22.1-alpine
 
 ## REDIS
 #REDIS_IMG=redis:6.2.6-alpine3.15