diff --git a/group_vars/all.yaml b/group_vars/all.yaml
index 119aefa..6043436 100644
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -39,20 +39,24 @@ keycloak_clients:
             - "https://images.potaris.de/*"
         description: "Images Factory"
         keycloak_id: "00000000-0000-0000-0000-000000000001"
+        groups: "images"
+
     simple-log-server:
         party_secret : "8fZpHISTORY_PURGED_SECRET"
         client_id: z_sls
-        client_secret: ""
+        client_secret: "HISTORY_PURGED_SECRET"
         redirect_uris: 
             - "https://sls.atlantishq.de/*"
         description: "Simple Log Server"
         keycloak_id: "00000000-0000-0000-0000-000000000002"
+        groups: "monitoring"
 
     soundlib-interface:
         party_secret : "zdHRHISTORY_PURGED_SECRET"
         client_id: z_soundlib
-        client_secret: ""
+        client_secret: "HISTORY_PURGED_SECRET"
         redirect_uris: 
             - "https://sounds.atlantishq.de/*"
         description: "Soundlib interface"
         keycloak_id: "00000000-0000-0000-0000-000000000003"
+        groups: "soundlib"
diff --git a/roles/web1/tasks/main.yaml b/roles/web1/tasks/main.yaml
index 205cd30..1146b17 100644
--- a/roles/web1/tasks/main.yaml
+++ b/roles/web1/tasks/main.yaml
@@ -77,7 +77,6 @@
     src: oauth-standalone-docker-compose.yaml
     dest: "/opt/oauth2proxy/{{ item }}/docker-compose.yaml"
   with_items:
-    - python-flask-picture-factory
     - simple-log-server
     - soundlib-interface
 
@@ -86,10 +85,10 @@
     src: "waitress-systemd-unit.j2"
     dest: "/etc/systemd/system/{{ item.name }}.service"
   with_items:
-    - { name : "image-factory",     path : "/var/www/python-flask-picture-factory", port : 5000 }
-    - { name : "serien-ampel",      path : "/var/www/serien-ampel",                 port : 5001 }
-    - { name : "simple-log-server", path : "/var/www/simple-log-server",            port : 5002 }
-    - { name : "soundlib",          path : "/var/www/soundlib-interface",           port : 5003 }
+    - { name : "image-factory",     path : "/var/www/python-flask-picture-factory" }
+    - { name : "serien-ampel",      path : "/var/www/serien-ampel"                 }
+    - { name : "simple-log-server", path : "/var/www/simple-log-server"            }
+    - { name : "soundlib",          path : "/var/www/soundlib-interface"           }
   notify:
     - daemon reload
 
diff --git a/templates/waitress-systemd-unit.j2 b/templates/waitress-systemd-unit.j2
index f75fcd9..e09dfa2 100644
--- a/templates/waitress-systemd-unit.j2
+++ b/templates/waitress-systemd-unit.j2
@@ -1,5 +1,15 @@
+{% if item.get("port") %}
+{% set port = item.port %}
+{% else %}
+{% set port = services[item.name].port %}
+{% endif %}
+
+{% if item.get("oidc") %}
+{% set port = port + 1000 %}
+{% endif %}
+
 [Unit]
-Description={{ item.name }} on {{ item.port }} at {{ item.path }}
+Description={{ item.name }} on {{ port }} at {{ item.path }}
 After=network.target
 
 [Service]
@@ -8,7 +18,7 @@ WorkingDirectory={{ item.path }}
 Type=simple
 User=www-data
 
-ExecStart=/usr/bin/waitress-serve --host 0.0.0.0 --port {{ item.port }} --call 'app:createApp'
+ExecStart=/usr/bin/waitress-serve --host 0.0.0.0 --port {{ port }} --call 'app:createApp'
 
 [Install]
 WantedBy=multi-user.target