diff --git a/main.tf b/main.tf
index 7d2238a..f285ec7 100644
--- a/main.tf
+++ b/main.tf
@@ -1,4 +1,40 @@
 terraform {
+  required_providers {
+    contabo = {
+      source = "contabo/contabo"
+      version = "~> 0.1.26"
+    }
+    hcloud = {
+      source = "hetznercloud/hcloud"
+      version = "~> 1.45.0"
+    }
+    healthchecksio = {
+      source = "kristofferahl/healthchecksio"
+      version = "~> 1.6.0"
+    }
+    ovh = {
+      source = "ovh/ovh"
+      version = "~> 0.48.0"
+    }
+    scaleway = {
+      source = "scaleway/scaleway"
+      version = "~> 2.43.0"
+    }
+    tailscale = {
+      source = "tailscale/tailscale"
+      version = "~> 0.16.0"
+    }
+
+    authentik = {
+      source = "goauthentik/authentik"
+      version = "~> 2024.8.0"
+    }
+    postgresql = {
+      source = "cyrilgdn/postgresql"
+      version = "~> 1.23.0"
+    }
+  }
+
   backend "s3" {
     bucket         = var.backend_bucket
     access_key     = var.backend_access_key
@@ -33,46 +69,74 @@ terraform {
   }
 }
 
-module "services" {
-  source = "./modules/services"
+provider "contabo" {
+  oauth2_client_id     = var.contabo_client_id
+  oauth2_client_secret = var.contabo_client_secret
+  oauth2_user          = var.contabo_user
+  oauth2_pass          = var.contabo_pass
+}
 
-  authentik_url = var.authentik_url
-  authentik_token = var.authentik_token
+provider "hcloud" {
+  token = var.hcloud_token
+}
 
-  postgresql_host = var.postgresql_host
-  postgresql_port = var.postgresql_port
-  postgresql_username = var.postgresql_username
-  postgresql_password = var.postgresql_password
+provider "healthchecksio" {
+  api_key = var.healthchecksio_api_key
+}
 
-  services = var.services
+provider "ovh" {
+  endpoint = "ovh-eu"
+  application_key = var.ovh_application_key
+  application_secret = var.ovh_application_secret
+  consumer_key = var.ovh_consumer_key
+}
+
+provider "scaleway" {
+  organization_id = var.scaleway_organization_id
+  project_id = var.scaleway_project_id
+  access_key = var.scaleway_access_key
+  secret_key = var.scaleway_secret_key
+  region = "nl-ams"
+  zone = "nl-ams-1"
+}
+
+provider "tailscale" {
+  api_key = var.tailscale_api_key
+  tailnet = var.tailscale_tailnet
 }
 
 module "infrastructure" {
   source = "./modules/infrastructure"
 
-  contabo_client_id = var.contabo_client_id
-  contabo_client_secret = var.contabo_client_secret
-  contabo_user = var.contabo_user
-  contabo_pass = var.contabo_pass
-
-  hcloud_token = var.hcloud_token
-
-  healthchecksio_api_key = var.healthchecksio_api_key
-
-  ovh_application_key = var.ovh_application_key
-  ovh_application_secret = var.ovh_application_secret
-  ovh_consumer_key = var.ovh_consumer_key
-
-  scaleway_access_key = var.scaleway_access_key
-  scaleway_secret_key = var.scaleway_secret_key
   scaleway_project_id = var.scaleway_project_id
-  scaleway_organization_id = var.scaleway_organization_id
-
-  tailscale_api_key = var.tailscale_api_key
-  tailscale_tailnet = var.tailscale_tailnet
 
   default_ssh_key = var.default_ssh_key
 
   hosts = var.hosts
   services = var.services
 }
+
+provider "authentik" {
+  url   = var.authentik_url
+  token = var.authentik_token
+}
+
+provider "postgresql" {
+  host            = var.postgresql_host
+  port            = var.postgresql_port
+  database        = "postgres"
+  username        = var.postgresql_username
+  password        = var.postgresql_password
+  sslmode         = "verify-full"
+  connect_timeout = 15
+}
+
+module "services" {
+  source = "./modules/services"
+
+  depends_on = [ module.infrastructure ]
+
+  authentik_url = var.authentik_url
+
+  services = var.services
+}
diff --git a/modules/infrastructure/main.tf b/modules/infrastructure/main.tf
index a184c5a..53784eb 100644
--- a/modules/infrastructure/main.tf
+++ b/modules/infrastructure/main.tf
@@ -27,42 +27,6 @@ terraform {
   }
 }
 
-provider "contabo" {
-  oauth2_client_id     = var.contabo_client_id
-  oauth2_client_secret = var.contabo_client_secret
-  oauth2_user          = var.contabo_user
-  oauth2_pass          = var.contabo_pass
-}
-
-provider "hcloud" {
-  token = var.hcloud_token
-}
-
-provider "healthchecksio" {
-  api_key = var.healthchecksio_api_key
-}
-
-provider "ovh" {
-  endpoint = "ovh-eu"
-  application_key = var.ovh_application_key
-  application_secret = var.ovh_application_secret
-  consumer_key = var.ovh_consumer_key
-}
-
-provider "scaleway" {
-  organization_id = var.scaleway_organization_id
-  project_id = var.scaleway_project_id
-  access_key = var.scaleway_access_key
-  secret_key = var.scaleway_secret_key
-  region = "nl-ams"
-  zone = "nl-ams-1"
-}
-
-provider "tailscale" {
-  api_key = var.tailscale_api_key
-  tailnet = var.tailscale_tailnet
-}
-
 
 locals {
   services_auth = {for key, val in var.services : key => val if val.auth}
diff --git a/modules/infrastructure/variables.tf b/modules/infrastructure/variables.tf
index 31821ab..8e95bde 100644
--- a/modules/infrastructure/variables.tf
+++ b/modules/infrastructure/variables.tf
@@ -1,69 +1,7 @@
-variable "contabo_client_id" {
-  sensitive = true
-}
-
-variable "contabo_client_secret" {
-  sensitive = true
-}
-
-variable "contabo_user" {
-  sensitive = true
-}
-
-variable "contabo_pass" {
-  sensitive = true
-}
-
-
-variable "hcloud_token" {
-  sensitive = true
-}
-
-
-variable "healthchecksio_api_key" {
-  sensitive = true
-}
-
-
-variable "ovh_application_key" {
-  sensitive = true
-}
-
-variable "ovh_application_secret" {
-  sensitive = true
-}
-
-variable "ovh_consumer_key" {
-  sensitive = true
-}
-
-
-variable "scaleway_organization_id" {
-  sensitive = true
-}
-
 variable "scaleway_project_id" {
   sensitive = true
 }
 
-variable "scaleway_access_key" {
-  sensitive = true
-}
-
-variable "scaleway_secret_key" {
-  sensitive = true
-}
-
-
-variable "tailscale_api_key" {
-  sensitive = true
-}
-
-variable "tailscale_tailnet" {
-  sensitive = false
-}
-
-
 variable "default_ssh_key" {
   type = object({
     name = string
diff --git a/modules/services/main.tf b/modules/services/main.tf
index 3185365..4337d11 100644
--- a/modules/services/main.tf
+++ b/modules/services/main.tf
@@ -11,21 +11,6 @@ terraform {
   }
 }
 
-provider "authentik" {
-  url   = var.authentik_url
-  token = var.authentik_token
-}
-
-provider "postgresql" {
-  host            = var.postgresql_host
-  port            = var.postgresql_port
-  database        = "postgres"
-  username        = var.postgresql_username
-  password        = var.postgresql_password
-  sslmode         = "verify-full"
-  connect_timeout = 15
-}
-
 locals {
   services_auth = {for key, val in var.services : key => val if val.auth}
   services_database = {for key, val in var.services : key => val if val.database}
diff --git a/modules/services/variables.tf b/modules/services/variables.tf
index eca2500..8cee45d 100644
--- a/modules/services/variables.tf
+++ b/modules/services/variables.tf
@@ -1,26 +1,6 @@
 variable "authentik_url" {
 }
 
-variable "authentik_token" {
-  sensitive = true
-}
-
-
-variable "postgresql_host" {
-}
-
-variable "postgresql_port" {
-}
-
-variable "postgresql_username" {
-  sensitive = true
-}
-
-variable "postgresql_password" {
-  sensitive = true
-}
-
-
 variable "services" {
   type = map(object({
     name = string