diff --git a/ansible/roles/nextcloud/defaults/main.yml b/ansible/roles/nextcloud/defaults/main.yml
index d584d48..7341736 100644
--- a/ansible/roles/nextcloud/defaults/main.yml
+++ b/ansible/roles/nextcloud/defaults/main.yml
@@ -22,10 +22,12 @@ nextcloud_redis_host: "nextcloud-redis"
 nextcloud_redis_port: "6379"
 
 # OIDC configuration
+# Note: OIDC credentials are provided dynamically by the Authentik role
+# via /tmp/authentik_oidc_credentials.json during deployment
 nextcloud_oidc_enabled: true
-nextcloud_oidc_provider_url: "https://{{ zitadel_domain }}"
-nextcloud_oidc_client_id: ""  # Will be set after creating app in Zitadel
-nextcloud_oidc_client_secret: ""  # Will be set after creating app in Zitadel
+nextcloud_oidc_provider_url: "https://{{ authentik_domain }}"
+nextcloud_oidc_client_id: ""  # Set dynamically from Authentik
+nextcloud_oidc_client_secret: ""  # Set dynamically from Authentik
 
 # Trusted domains (for Nextcloud config)
 nextcloud_trusted_domains:
diff --git a/ansible/roles/traefik/templates/dynamic.yml.j2 b/ansible/roles/traefik/templates/dynamic.yml.j2
index 9d567e4..db3fed4 100644
--- a/ansible/roles/traefik/templates/dynamic.yml.j2
+++ b/ansible/roles/traefik/templates/dynamic.yml.j2
@@ -1,66 +1,8 @@
 # Traefik dynamic configuration
-# Managed by Ansible - do not edit manually
+# Managed by Ansible - Client-specific routes come from Docker labels
 
 http:
-  routers:
-    # Zitadel identity provider
-    zitadel:
-      rule: "Host(`zitadel.test.vrije.cloud`)"
-      service: zitadel
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - zitadel-headers
-
-    # Nextcloud file sync/share
-    nextcloud:
-      rule: "Host(`nextcloud.test.vrije.cloud`)"
-      service: nextcloud
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-      middlewares:
-        - nextcloud-headers
-        - nextcloud-redirectregex
-
-  services:
-    # Zitadel service
-    zitadel:
-      loadBalancer:
-        servers:
-          - url: "h2c://zitadel:8080"
-
-    # Nextcloud service
-    nextcloud:
-      loadBalancer:
-        servers:
-          - url: "http://nextcloud:80"
-
   middlewares:
-    # Zitadel-specific headers
-    zitadel-headers:
-      headers:
-        stsSeconds: 31536000
-        stsIncludeSubdomains: true
-        stsPreload: true
-
-    # Nextcloud-specific headers
-    nextcloud-headers:
-      headers:
-        stsSeconds: 31536000
-        stsIncludeSubdomains: true
-        stsPreload: true
-
-    # CalDAV/CardDAV redirect for Nextcloud
-    nextcloud-redirectregex:
-      redirectRegex:
-        permanent: true
-        regex: "https://(.*)/.well-known/(card|cal)dav"
-        replacement: "https://$1/remote.php/dav/"
-
     # Security headers
     security-headers:
       headers: