diff --git a/update-setup.sh b/update-setup.sh
index 77d17cf..6ad7d62 100755
--- a/update-setup.sh
+++ b/update-setup.sh
@@ -62,6 +62,7 @@ create_backup() {
     cp "$1" "$2"
 }
 
+
 ##################################################
 # PART 1: Update .env file from .env.example
 ##################################################
@@ -205,6 +206,7 @@ update_env_file() {
     echo -e "\n${BLUE}Review your updated $ENV_FILE file and adjust any values as needed.${NC}"
 }
 
+
 ##################################################
 # PART 2: Update Authelia configuration
 ##################################################
@@ -270,61 +272,60 @@ update_authelia_config() {
             local existing_notifier=$(yq e '.notifier // ""' "$AUTHELIA_CONFIG_BACKUP")
 
             # Update secrets in temp file if they existed in the backup
-            if [[ -n "$existing_jwt_secret" && "$existing_jwt_secret" != '""' && "$existing_jwt_secret" != "null" ]]; then
-                yq e -i '.identity_validation.reset_password.jwt_secret = strenv(existing_jwt_secret)' --env existing_jwt_secret="$existing_jwt_secret" "$TEMP_CONFIG"
-            fi
-            if [[ -n "$existing_session_secret" && "$existing_session_secret" != '""' && "$existing_session_secret" != "null" ]]; then
-                yq e -i '.session.secret = strenv(existing_session_secret)' --env existing_session_secret="$existing_session_secret" "$TEMP_CONFIG"
-            fi
-            if [[ -n "$existing_storage_key" && "$existing_storage_key" != '""' && "$existing_storage_key" != "null" ]]; then
-                yq e -i '.storage.encryption_key = strenv(existing_storage_key)' --env existing_storage_key="$existing_storage_key" "$TEMP_CONFIG"
-            fi
-            if [[ -n "$existing_redis_pass" && "$existing_redis_pass" != '""' && "$existing_redis_pass" != "null" ]]; then
-                yq e -i '.session.redis.password = strenv(existing_redis_pass)' --env existing_redis_pass="$existing_redis_pass" "$TEMP_CONFIG"
-            fi
-            if [[ -n "$existing_notifier" && "$existing_notifier" != '""' && "$existing_notifier" != "null" ]]; then
-                yq e -i '.notifier = strenv(existing_notifier)' --env existing_notifier="$existing_notifier" "$TEMP_CONFIG"
-            fi
+           if [[ -n "$existing_jwt_secret" && "$existing_jwt_secret" != '""' && "$existing_jwt_secret" != "null" ]]; then
+             existing_jwt_secret="$existing_jwt_secret" \
+             yq e -i '.identity_validation.reset_password.jwt_secret = strenv(existing_jwt_secret)' "$TEMP_CONFIG"
+           fi
+           
+           if [[ -n "$existing_session_secret" && "$existing_session_secret" != '""' && "$existing_session_secret" != "null" ]]; then
+             existing_session_secret="$existing_session_secret" \
+             yq e -i '.session.secret = strenv(existing_session_secret)' "$TEMP_CONFIG"
+           fi
+           
+           if [[ -n "$existing_storage_key" && "$existing_storage_key" != '""' && "$existing_storage_key" != "null" ]]; then
+             existing_storage_key="$existing_storage_key" \
+             yq e -i '.storage.encryption_key = strenv(existing_storage_key)' "$TEMP_CONFIG"
+           fi
+           
+           if [[ -n "$existing_redis_pass" && "$existing_redis_pass" != '""' && "$existing_redis_pass" != "null" ]]; then
+             existing_redis_pass="$existing_redis_pass" \
+             yq e -i '.session.redis.password = strenv(existing_redis_pass)' "$TEMP_CONFIG"
+           fi
+           
+           if [[ -n "$existing_notifier" && "$existing_notifier" != '""' && "$existing_notifier" != "null" ]]; then
+             existing_notifier="$existing_notifier" \
+             yq e -i '.notifier = strenv(existing_notifier)' "$TEMP_CONFIG"
+           fi
         fi
 
         # Update domain settings from .env
         echo -e "${BLUE}Applying Tailscale domain settings...${NC}"
-        
-        # Update domain in session section
-        yq e -i ".session.cookies[0].domain = \"${TAILNET_DOMAIN}\"" "$TEMP_CONFIG"
-        
-        # Update domain in access_control (find wildcard domain rule and update it)
-        # This assumes there's a rule with a wildcard domain like "*.example.com"
-        local domain_rule_index=$(yq e ".access_control.rules | map(.domain) | map(select(. == \"*.*\")) | indices" "$TEMP_CONFIG" | head -n 1 | tr -d '[]')
-        if [[ -n "$domain_rule_index" && "$domain_rule_index" != "null" ]]; then
-            yq e -i ".access_control.rules[$domain_rule_index].domain = \"${WILDCARD_DOMAIN}\"" "$TEMP_CONFIG"
-        fi
-        
-        # Update authelia_url if it exists (it's a URL that must match cookie scope)
-        if yq e -e '.identity_validation.reset_password.authelia_url' "$TEMP_CONFIG" &>/dev/null; then
-            yq e -i ".identity_validation.reset_password.authelia_url = \"https://${FULL_HOSTNAME}\"" "$TEMP_CONFIG"
-        fi
-        
-        # Move the temp file to the final location
+
+        # Replace placeholder full hostname
+        yq e -i "walk(if type == \"string\" and . == \"tailscale-nas.your-tailnet.ts.net\" then \"${FULL_HOSTNAME}\" else . end)" "$TEMP_CONFIG"
+
+        # Replace placeholder tailnet domain
+        yq e -i "walk(if type == \"string\" and . == \"your-tailnet.ts.net\" then \"${TAILNET_DOMAIN}\" else . end)" "$TEMP_CONFIG"
+
+        # Move temp file to final location
         mv "$TEMP_CONFIG" "$AUTHELIA_CONFIG"
-        
+
         echo -e "${GREEN}Authelia configuration updated successfully!${NC}"
     else
         echo -e "${YELLOW}Warning: 'yq' is not installed. Using sed to update configuration.${NC}"
         echo -e "${YELLOW}This is less reliable and may not preserve all settings.${NC}"
-        
+
         # Create a new file from the example
         cp "$AUTHELIA_CONFIG_EXAMPLE" "$AUTHELIA_CONFIG.new"
-        
-        # Update domain settings with sed (more fragile)
-        sed -i "s/domain: \".*\"/domain: \"${TAILNET_DOMAIN}\"/" "$AUTHELIA_CONFIG.new"
-        sed -i "s/domain: \"\\*\\..*\"/domain: \"${WILDCARD_DOMAIN}\"/" "$AUTHELIA_CONFIG.new"
-        sed -i "s|authelia_url: \"https://.*\"|authelia_url: \"https://${FULL_HOSTNAME}\"|" "$AUTHELIA_CONFIG.new"
-        
+
+        # Replace placeholders manually
+        sed -i "s|tailscale-nas\.your-tailnet\.ts\.net|${FULL_HOSTNAME}|g" "$AUTHELIA_CONFIG.new"
+        sed -i "s|your-tailnet\.ts\.net|${TAILNET_DOMAIN}|g" "$AUTHELIA_CONFIG.new"
+
         # Move the new file to the final location
         mv "$AUTHELIA_CONFIG.new" "$AUTHELIA_CONFIG"
-        
-        echo -e "${YELLOW}Authelia configuration updated with sed. Secret values might need to be manually transferred.${NC}"
+
+        echo -e "${YELLOW}Authelia configuration updated with sed.${NC}"
     fi
     
     echo -e "${GREEN}Authelia configuration update completed.${NC}"
@@ -690,8 +691,7 @@ update_service_configs() {
     fi
 }
 
-##################################################
-# PART 5: Authelia Account Management
+
 ##################################################
 # PART 4: Authelia Policy Management
 ##################################################
@@ -1367,4 +1367,4 @@ case "$1" in
         ;;
 esac
 
-exit 0
\ No newline at end of file
+exit 0