diff --git a/deploy.sh b/deploy.sh
index 242f963..b113f41 100644
--- a/deploy.sh
+++ b/deploy.sh
@@ -606,16 +606,14 @@ nix_generation() {
   cp -avu templates/nix-config/misc/* final-nix-config/etc/nixos/misc/
 
   echo -e "\n✅ Writing correct ips to configuration.nix..."
-  sed -i "s|HOME_SERVER_IP|${HOME_SERVER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
-  sed -i "s|HOME_ROUTER_IP|${HOME_ROUTER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
-  sed -i "s|TARGET_INTERFACE|${TARGET_INTERFACE}|g" final-nix-config/etc/nixos/misc/networking.nix
-  sed -i "s|DOMAIN_NAME|${DOMAIN_NAME}|g" final-nix-config/etc/nixos/misc/mail.nix
-  sed -i "s|EMAIL_ADDRESS|${EMAIL_ADDRESS}|g" final-nix-config/etc/nixos/misc/mail.nix
-  sed -i "s|SENDER_MAIL_DOMAIN|${SENDER_EMAIL_DOMAIN}|g" final-nix-config/etc/nixos/misc/mail.nix
-  sed -i "s|SENDER_MAIL_ADDRESS|${SENDER_EMAIL_ADDRESS}|g" final-nix-config/etc/nixos/misc/mail.nix
-  sed -i "s|PODMAN_NETWORKS|${PODMAN_NETWORKS//$'\n'/\\n}|" final-nix-config/etc/nixos/misc/activation.nix
-  sed -i "s|TRAEFIK_NETWORKS|${TRAEFIK_NETWORKS//$'\n'/\\n}|" final-nix-config/etc/nixos/podman/traefik.nix
-  sed -i "s|TRAEFIK_REF_NETWORKS|${TRAEFIK_REF_NETWORKS//$'\n'/\\n}|" final-nix-config/etc/nixos/podman/traefik.nix
+  envsubst '$HOME_SERVER_IP $HOME_ROUTER_IP $TARGET_INTERFACE' < final-nix-config/etc/nixos/misc/networking.nix > final-nix-config/etc/nixos/misc/networking.nix.tmp
+  mv final-nix-config/etc/nixos/misc/networking.nix.tmp final-nix-config/etc/nixos/misc/networking.nix
+  envsubst '$DOMAIN_NAME $EMAIL_ADDRESS $SENDER_EMAIL_DOMAIN $SENDER_EMAIL_ADDRESS' < final-nix-config/etc/nixos/misc/mail.nix > final-nix-config/etc/nixos/misc/mail.nix.tmp
+  mv final-nix-config/etc/nixos/misc/mail.nix.tmp final-nix-config/etc/nixos/misc/mail.nix
+  envsubst '$PODMAN_NETWORKS' < final-nix-config/etc/nixos/misc/activation.nix > final-nix-config/etc/nixos/misc/activation.nix.tmp
+  mv final-nix-config/etc/nixos/misc/activation.nix.tmp final-nix-config/etc/nixos/misc/activation.nix
+  envsubst '$TRAEFIK_NETWORKS $TRAEFIK_REF_NETWORKS' < final-nix-config/etc/nixos/podman/traefik.nix > final-nix-config/etc/nixos/podman/traefik.nix.tmp
+  mv final-nix-config/etc/nixos/podman/traefik.nix.tmp final-nix-config/etc/nixos/podman/traefik.nix
   if [[ "${TARGET_TPM}" == "true" ]]; then
     sed -i "s|#  boot.initrd.systemd.tpm2.enable = true;|  boot.initrd.systemd.tpm2.enable = true;|" final-nix-config/etc/nixos/configuration.nix
     sed -i "s|#    ./disks/pcr-check.nix|    ./disks/pcr-check.nix|" final-nix-config/etc/nixos/configuration.nix
diff --git a/templates/nix-config/misc/activation.nix b/templates/nix-config/misc/activation.nix
index 4eca75d..5a9b519 100644
--- a/templates/nix-config/misc/activation.nix
+++ b/templates/nix-config/misc/activation.nix
@@ -43,7 +43,7 @@
         exit 0
       fi
 
-PODMAN_NETWORKS
+$PODMAN_NETWORKS
 
       ${pkgs.coreutils}/bin/mkdir -p /home/numbus-admin/.numbus-server/
       ${pkgs.coreutils}/bin/touch /home/numbus-admin/.numbus-server/networked.true
diff --git a/templates/nix-config/misc/mail.nix b/templates/nix-config/misc/mail.nix
index 5e7397d..46a1a5c 100644
--- a/templates/nix-config/misc/mail.nix
+++ b/templates/nix-config/misc/mail.nix
@@ -11,22 +11,22 @@ in
     fromAddress = lib.mkOption {
       description = "The 'from' address";
       type = lib.types.str;
-      default = "no-reply@DOMAIN_NAME";
+      default = "no-reply@$DOMAIN_NAME";
     };
     toAddress = lib.mkOption {
       description = "The 'to' address";
       type = lib.types.str;
-      default = "EMAIL_ADDRESS";
+      default = "$EMAIL_ADDRESS";
     };
     smtpServer = lib.mkOption {
       description = "The SMTP server address";
       type = lib.types.str;
-      default = "SENDER_MAIL_DOMAIN";
+      default = "$SENDER_MAIL_DOMAIN";
     };
     smtpUsername = lib.mkOption {
       description = "The SMTP username";
       type = lib.types.str;
-      default = "SENDER_MAIL_ADDRESS";
+      default = "$SENDER_MAIL_ADDRESS";
     };
     smtpPasswordPath = lib.mkOption {
       description = "Path to the secret containing SMTP password";
diff --git a/templates/nix-config/misc/networking.nix b/templates/nix-config/misc/networking.nix
index 5e510fe..c7575ff 100644
--- a/templates/nix-config/misc/networking.nix
+++ b/templates/nix-config/misc/networking.nix
@@ -11,15 +11,15 @@
   networking.firewall.enable = true;
 
   # Bridge configuration for VMs
-  networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
+  networking.bridges.br0.interfaces = [ "$TARGET_INTERFACE" ];
   networking.interfaces.br0.useDHCP = false;
-  networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
+  networking.nameservers = [ "$HOME_SERVER_IP" "9.9.9.9" ];
   networking.interfaces.br0.ipv4.addresses = [{
-    address = "HOME_SERVER_IP";
+    address = "$HOME_SERVER_IP";
     prefixLength = 24;
   }];
   networking.defaultGateway = {
-    address = "HOME_ROUTER_IP";
+    address = "$HOME_ROUTER_IP";
     interface = "br0";
   };
 
diff --git a/templates/nix-config/podman/traefik.nix b/templates/nix-config/podman/traefik.nix
index db1a0e8..74d933d 100644
--- a/templates/nix-config/podman/traefik.nix
+++ b/templates/nix-config/podman/traefik.nix
@@ -18,7 +18,7 @@ in
             image: docker.io/library/traefik:latest
             container_name: traefik
             networks:
-TRAEFIK_NETWORKS
+$TRAEFIK_NETWORKS
             ports:
               - 8080:80
               - 8443:443
@@ -39,7 +39,7 @@ TRAEFIK_NETWORKS
               - traefik.http.routers.traefik-https.tls.certresolver=cloudflare
             restart: always
         networks:
-TRAEFIK_REF_NETWORKS
+$TRAEFIK_REF_NETWORKS
       '';
 
     systemd.services.traefik = {