diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 35ad3bf..d9f3fa2 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -60,39 +60,29 @@ services:
       ca-lose-internal:
         ipv4_address: 172.25.0.53
 
-  # WireGuard VPN mit Web-UI (wg-easy)
   wireguard:
     image: ghcr.io/wg-easy/wg-easy:latest
     container_name: ca-lose-wireguard
+    hostname: wireguard
     cap_add:
       - NET_ADMIN
       - SYS_MODULE
-    command: /bin/sh -c 'export PASSWORD_HASH="$2a$12$NcTLIp6gMnPoJ9rxSLf1pOEvxtoEfofOsGFUBxIAGoQJ0SbAVxK82" && node /app/server.js'
     environment:
-      # Sprache
       LANG: de
-      # Deine Server-URL/IP
       WG_HOST: dus3.the1s.de
-      # WireGuard Port (anders als dein bestehender VPN!)
       WG_PORT: "51830"
-      # Web-UI Port (intern)
       PORT: "51821"
-      # Internes Subnetz für VPN-Clients
+      PASSWORD_HASH: $2a$12$NcTLIp6gMnPoJ9rxSLf1pOEvxtoEfofOsGFUBxIAGoQJ0SbAVxK82
       WG_DEFAULT_ADDRESS: 10.14.14.x
-      # DNS Server für VPN-Clients (zeigt auf unseren dnsmasq)
       WG_DEFAULT_DNS: "172.25.0.53"
-      # WICHTIG: Nur Zugriff auf das Frontend-Netzwerk erlauben!
       WG_ALLOWED_IPS: 172.25.0.0/24
-      # Persistenter Keepalive für NAT
       WG_PERSISTENT_KEEPALIVE: "25"
-      # PostUp/PostDown für Routing - NUR Frontend erlauben
       WG_POST_UP: "iptables -t nat -A POSTROUTING -s 10.14.14.0/24 -o eth0 -j MASQUERADE; iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT; iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -A FORWARD -i wg0 -d 172.25.0.2 -j ACCEPT; iptables -A FORWARD -i wg0 -d 172.25.0.53 -j ACCEPT; iptables -A FORWARD -i wg0 -j DROP"
       WG_POST_DOWN: "iptables -t nat -D POSTROUTING -s 10.14.14.0/24 -o eth0 -j MASQUERADE; iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT; iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -D FORWARD -i wg0 -d 172.25.0.2 -j ACCEPT; iptables -D FORWARD -i wg0 -d 172.25.0.53 -j ACCEPT; iptables -D FORWARD -i wg0 -j DROP"
     volumes:
       - wireguard-data:/etc/wireguard
       - /lib/modules:/lib/modules:ro
     ports:
-      # WireGuard UDP Port (öffentlich für VPN-Verbindungen)
       - "51830:51830/udp"
     sysctls:
       - net.ipv4.ip_forward=1
@@ -106,17 +96,3 @@ services:
         ipv4_address: 172.25.0.10
       proxynet:
         ipv4_address: 172.20.0.50
-
-volumes:
-  ca-lose_mysql:
-  wireguard-data:
-
-networks:
-  ca-lose-internal:
-    driver: bridge
-    ipam:
-      config:
-        - subnet: 172.25.0.0/24
-          gateway: 172.25.0.1
-  proxynet:
-    external: true