diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
index 92c3146..46541e4 100644
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@@ -75,23 +75,30 @@ sans = [
   "airsonic.in.bb8.fun",
   "cadvisor.bb8.fun",
   "couchpotato.bb8.fun",
+  "debug.in.bb8.fun",
   "ebooks.bb8.fun",
   "ebooks.in.bb8.fun",
   "emby.bb8.fun",
   "emby.in.bb8.fun",
-  "debug.in.bb8.fun",
   "flexget.bb8.fun",
   "git.bb8.fun",
   "gitea.bb8.fun",
+  "grafana.bb8.fun",
   "headphones.bb8.fun",
   "home.bb8.fun",
   "home.in.bb8.fun",
   "library.bb8.fun",
+  "luke.bb8.fun",
+  "monitoring.bb8.fun",
   "muximux.bb8.fun",
   "muximux.in.bb8.fun",
+  "pics.bb8.fun",
+  "pics.in.bb8.fun",
   "read.bb8.fun",
   "read.in.bb8.fun",
+  "rey.bb8.fun",
   "scan.bb8.fun",
+  "tatooine.bb8.fun",
   "traefik.bb8.fun",
   "transmission.bb8.fun",
   "wiki.bb8.fun"
diff --git a/docker/data.tf b/docker/data.tf
index 65e8a68..b63b735 100644
--- a/docker/data.tf
+++ b/docker/data.tf
@@ -62,3 +62,7 @@ data "docker_registry_image" "headerdebug" {
 data "docker_registry_image" "cadvisor" {
   name = "google/cadvisor:latest"
 }
+
+data "docker_registry_image" "lychee" {
+  name = "linuxserver/lychee:latest"
+}
diff --git a/docker/db.tf b/docker/db.tf
index b1b39ec..a630259 100644
--- a/docker/db.tf
+++ b/docker/db.tf
@@ -30,12 +30,21 @@ resource "docker_container" "mariadb" {
     host_path      = "${docker_volume.mariadb_volume.mountpoint}"
   }
 
+  // This is so that other host-only services can share this
   ports {
     internal = 3306
     external = 3306
     ip       = "${var.ips["eth0"]}"
   }
 
+  // This is a not-so-great idea
+  // TODO: Figure out a better way to make terraform SSH and then connect to localhost
+  ports {
+    internal = 3306
+    external = 3306
+    ip       = "${var.ips["tun0"]}"
+  }
+
   memory                = 512
   restart               = "unless-stopped"
   destroy_grace_seconds = 10
diff --git a/docker/images.tf b/docker/images.tf
index 54b6c8b..638a2a5 100644
--- a/docker/images.tf
+++ b/docker/images.tf
@@ -75,3 +75,8 @@ resource "docker_image" "cadvisor" {
   name          = "${data.docker_registry_image.cadvisor.name}"
   pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
 }
+
+resource "docker_image" "lychee" {
+  name          = "${data.docker_registry_image.lychee.name}"
+  pull_triggers = ["${data.docker_registry_image.lychee.sha256_digest}"]
+}
diff --git a/docker/lychee.tf b/docker/lychee.tf
new file mode 100644
index 0000000..0494212
--- /dev/null
+++ b/docker/lychee.tf
@@ -0,0 +1,39 @@
+resource "docker_container" "lychee" {
+  name  = "lychee"
+  image = "${docker_image.lychee.latest}"
+
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+
+  volumes {
+    host_path      = "/mnt/xwing/config/lychee"
+    container_path = "/config"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/data/lychee"
+    container_path = "/pictures"
+  }
+
+  labels {
+    "traefik.port"                                     = 80
+    "traefik.frontend.passHostHeader"                  = "false"
+    "traefik.enable"                                   = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
+    "traefik.frontend.headers.contentTypeNosniff"      = "true"
+    "traefik.frontend.headers.browserXSSFilter"        = "true"
+    "traefik.frontend.headers.STSSeconds"              = "2592000"
+    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
+    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
+    "traefik.frontend.rule"                            = "Host:pics.${var.domain},pics.in.${var.domain}"
+  }
+
+  env = [
+    "PUID=986",
+    "PGID=984",
+  ]
+
+  links = ["mariadb"]
+}
diff --git a/docker/outputs.tf b/docker/outputs.tf
new file mode 100644
index 0000000..2cdad4b
--- /dev/null
+++ b/docker/outputs.tf
@@ -0,0 +1,3 @@
+output "lychee-ip" {
+  value = "${docker_container.lychee.ip_address}"
+}
diff --git a/main.tf b/main.tf
index ae4739c..c40336a 100644
--- a/main.tf
+++ b/main.tf
@@ -1,13 +1,3 @@
-provider "docker" {
-  host      = "tcp://docker.vpn.bb8.fun:2376"
-  cert_path = "./secrets"
-}
-
-provider "cloudflare" {
-  email = "bb8@captnemo.in"
-  token = "${var.cloudflare_key}"
-}
-
 module "cloudflare" {
   source = "cloudflare"
   domain = "bb8.fun"
@@ -15,8 +5,11 @@ module "cloudflare" {
 }
 
 module "mysql" {
-  source              = "mysql"
-  mysql_root_password = "${var.mysql_root_password}"
+  source                = "mysql"
+  mysql_root_password   = "${var.mysql_root_password}"
+  mysql_lychee_password = "${var.mysql_lychee_password}"
+  mysql_kodi_password   = "${var.mysql_kodi_password}"
+  lychee_ip             = "${module.docker.lychee-ip}"
 }
 
 module "docker" {
diff --git a/mysql/main.tf b/mysql/main.tf
index 7466e12..763a396 100644
--- a/mysql/main.tf
+++ b/mysql/main.tf
@@ -1,25 +1,23 @@
 # # This is pending on https://github.com/hashicorp/go-version/pull/34
-# provider "mysql" {
-#   endpoint = "docker.in.captnemo.in:3306"
-#   username = "root"
-#   password = "${var.mysql_root_password}"
-# }
-# # Create a Database
-# resource "mysql_database" "kodi" {
-#   name = "kodi"
-#   lifecycle {
-#     prevent_destroy = true
-#   }
-# }
-# resource "mysql_user" "kodi" {
-#   user     = "kodi"
-#   host     = "127.0.0.1"
-#   plaintext_password = "testing"
-# }
-# resource "mysql_grant" "kodi" {
-#   user       = "${mysql_user.kodi.user}"
-#   host       = "${mysql_user.kodi.host}"
-#   database   = "kodi"
-#   privileges = ["SUPER"]
-# }
 
+# Create a Database
+resource "mysql_database" "lychee" {
+  name = "lychee"
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+resource "mysql_user" "lychee" {
+  user               = "lychee"
+  host               = "${var.lychee_ip}"
+  plaintext_password = "${var.mysql_lychee_password}"
+}
+
+resource "mysql_grant" "lychee" {
+  user       = "${mysql_user.lychee.user}"
+  host       = "${mysql_user.lychee.host}"
+  database   = "${mysql_database.lychee.name}"
+  privileges = ["ALL"]
+}
diff --git a/mysql/variables.tf b/mysql/variables.tf
index 2c69125..2990d8d 100644
--- a/mysql/variables.tf
+++ b/mysql/variables.tf
@@ -1,3 +1,13 @@
 variable "mysql_root_password" {
   type = "string"
 }
+
+variable "mysql_lychee_password" {
+  type = "string"
+}
+
+variable "mysql_kodi_password" {
+  type = "string"
+}
+
+variable "lychee_ip" {}
diff --git a/providers.tf b/providers.tf
new file mode 100644
index 0000000..681734e
--- /dev/null
+++ b/providers.tf
@@ -0,0 +1,15 @@
+provider "docker" {
+  host      = "tcp://docker.vpn.bb8.fun:2376"
+  cert_path = "./secrets"
+}
+
+provider "cloudflare" {
+  email = "bb8@captnemo.in"
+  token = "${var.cloudflare_key}"
+}
+
+provider "mysql" {
+  endpoint = "mysql.vpn.bb8.fun:3306"
+  username = "root"
+  password = "${var.mysql_root_password}"
+}
diff --git a/variables.tf b/variables.tf
index 257c268..1028573 100644
--- a/variables.tf
+++ b/variables.tf
@@ -15,6 +15,10 @@ variable "mysql_root_password" {
   type = "string"
 }
 
+variable "mysql_lychee_password" {}
+
+variable "mysql_kodi_password" {}
+
 variable "wiki_session_secret" {
   type = "string"
 }