diff --git a/ci.docker-compose.yml b/ci.docker-compose.yml
index 30898d3..336856a 100644
--- a/ci.docker-compose.yml
+++ b/ci.docker-compose.yml
@@ -11,11 +11,7 @@ services:
       - SENTRY=True
       - PGSSLMODE=require
       - DB_NAME=${BUILD_NAME}
-      - PGDATABASE=${BUILD_NAME}
-      - DB_USER=${CI_PROJECT_NAME}
-      - PGUSER=${CI_PROJECT_NAME}
-      - DB_HOST=pgci.home.arpa
-      - PGHOST=pgci.home.arpa
+      - DB_HOST=TODO
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${DOMAIN}`)"
@@ -41,4 +37,4 @@ volumes:
 networks:
   traefik:
     external: true
-version: '3.7'
\ No newline at end of file
+version: '3.7'
diff --git a/clear-ci.secrets.docker-compose.yml b/clear-ci.secrets.docker-compose.yml
index b2d4b88..f04e794 100644
--- a/clear-ci.secrets.docker-compose.yml
+++ b/clear-ci.secrets.docker-compose.yml
@@ -1,11 +1,12 @@
 # never commit this file
 # only to set secrets
-# encrypt me with sops --age $KEYGENERATEDINCI --encrypt clear-ci.secrets.docker-compose.yml > ci.secrets.docker-compose.yml
+# encrypt me with:
+# sops --age $KEYGENERATEDINCI --encrypt clear-ci.secrets.docker-compose.yml > ci.secrets.docker-compose.yml
 # The sops public key ($KEYGENERATEDINCI) can be found in ~gitlab-runner/.config/sops/age/keys.txt
+>>>>>>> 079c2c9 (fixup! [FIX] PGPASSWORD -> DB_PASSWORD)
 version: "3.7"
 services:
   odoo:
     environment:
       - DB_PASSWORD=
-      - PGPASSWORD=
       - ENCRYPTION_KEY_CI=
diff --git a/clear-prod.secrets.docker-compose.yml b/clear-prod.secrets.docker-compose.yml
index fc19d1f..56a92e1 100644
--- a/clear-prod.secrets.docker-compose.yml
+++ b/clear-prod.secrets.docker-compose.yml
@@ -1,10 +1,12 @@
 # never commit this file
-# only to set secrets
-# encrypt me with sops --age $KEYGENERATEDINCI --encrypt clear-prod.secrets.docker-compose.yml > prod.secrets.docker-compose.yml
+# only used to set secrets
+# encrypt me with:
+# sops --age $KEYGENERATEDINPROD --encrypt clear-prod.secrets.docker-compose.yml > prod.secrets.docker-compose.yml
+# The sops public key ($KEYGENERATEDINPROD) can be found in ~app/.config/sops/age/keys.txt
 version: "3.7"
 services:
   odoo:
     environment:
       - DB_PASSWORD=
-      - PGPASSWORD=
       - ENCRYPTION_KEY_CI=
+      - ENCRYPTION_KEY_PROD=
diff --git a/docker-compose.yml b/docker-compose.yml
index f436634..20b5f94 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,6 +5,9 @@ services:
       - LOCAL_USER_ID=$UID
       - RUNNING_ENV=$ENV
       - MARABUNTA_MODE=demo
+      - DB_USER=$PGUSER
+      - DB_HOST=$PGHOST
+      - DB_NAME=$PGDATABASE
       - SERVER_WIDE_MODULES=web
       #,queue_job,sentry?
       - QUEUE_JOB_CHANNELS=
@@ -21,4 +24,4 @@ services:
     labels:
       docky.main.service: true
       docky.user: odoo
-version: '3.7'
\ No newline at end of file
+version: '3.7'
diff --git a/prod.docker-compose.yml b/prod.docker-compose.yml
index f850de5..b700f30 100644
--- a/prod.docker-compose.yml
+++ b/prod.docker-compose.yml
@@ -5,15 +5,10 @@ services:
     environment:
       - MARABUNTA_MODE=prod
       - ADDONS_PATH=/odoo/links,/odoo/local-src,/odoo/src/odoo/addons,/odoo/src/addons
-      - ODOO_BASE_URL=TODO
+      - ODOO_BASE_URL=https://TODO
       - SENTRY=True
       - PGSSLMODE=require
-      - DB_NAME=TODO
-      - PGDATABASE=TODO
-      - DB_USER=TODO
-      - PGUSER=TODO
-      - DB_HOST=TODO
-      - PGHOST=TODO
+      - DB_NAME=${COMPOSE_PROJECT_NAME}
     volumes:
       - ~/data/${COMPOSE_PROJECT_NAME}/addons:/data/odoo/addons
       - ~/data/${COMPOSE_PROJECT_NAME}/filestore:/data/odoo/filestore