diff --git a/Dockerfile b/Dockerfile
index 65d96358..428b8d82 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -47,6 +47,7 @@ ENV DEBUG=Server,WireGuard,Database,CMD
 ENV PORT=51821
 ENV HOST=0.0.0.0
 ENV INSECURE=false
+ENV INIT_ENABLED=false
 
 LABEL org.opencontainers.image.source=https://github.com/wg-easy/wg-easy
 
diff --git a/Dockerfile.dev b/Dockerfile.dev
index b0c3a0dd..50d18112 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -26,7 +26,8 @@ RUN update-alternatives --install /usr/sbin/ip6tables ip6tables /usr/sbin/ip6tab
 ENV DEBUG=Server,WireGuard,Database,CMD
 ENV PORT=51821
 ENV HOST=0.0.0.0
-ENV INSECURE=false
+ENV INSECURE=true
+ENV INIT_ENABLED=false
 
 # Install Dependencies
 COPY src/package.json src/pnpm-lock.yaml ./
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index fc002bb3..8f9dad6e 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -15,6 +15,12 @@ services:
     cap_add:
       - NET_ADMIN
       - SYS_MODULE
+    environment:
+      - INIT_ENABLED=true
+      - INIT_HOST=test
+      - INIT_PORT=51820
+      - INIT_USERNAME=testtest
+      - INIT_PASSWORD=Qweasdyxcv!2
 
 # folders should be generated inside container
 volumes:
diff --git a/docs/content/advanced/config/unattended-setup.md b/docs/content/advanced/config/unattended-setup.md
new file mode 100644
index 00000000..ee864efe
--- /dev/null
+++ b/docs/content/advanced/config/unattended-setup.md
@@ -0,0 +1,32 @@
+---
+title: Unattended Setup
+---
+
+If you want to run the setup without any user interaction, e.g. with a tool like Ansible, you can use these environment variables to configure the setup.
+
+These will only be used during the first start of the container. After that, the setup will be disabled.
+
+| Env              | Example           | Description                                               | Group |
+| ---------------- | ----------------- | --------------------------------------------------------- | ----- |
+| `INIT_ENABLED`   | `true`            | Enables the below env vars                                | 0     |
+| `INIT_USERNAME`  | `admin`           | Sets admin username                                       | 1     |
+| `INIT_PASSWORD`  | `Se!ureP%ssw`     | Sets admin password                                       | 1     |
+| `INIT_HOST`      | `vpn.example.com` | Host clients will connect to                              | 1     |
+| `INIT_PORT`      | `51820`           | Port clients will connect to and wireguard will listen on | 1     |
+| `INIT_DNS`       | `1.1.1.1,8.8.8.8` | Sets global dns setting                                   | 2     |
+| `INIT_IPV4_CIDR` | `10.8.0.0/24`     | Sets IPv4 cidr                                            | 3     |
+| `INIT_IPV6_CIDR` | `2001:0DB8::/32`  | Sets IPv6 cidr                                            | 3     |
+
+/// warning | Variables have to be used together
+
+If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.
+
+If you want to skip the setup process, you have to configure group `1`
+///
+
+/// note | Security
+
+The initial username and password is not checked for complexity. Make sure to set a long enough username and a secure password. Otherwise, the user won't be able to log in.
+
+Its recommended to remove the variables after the setup is done to prevent the password from being exposed.
+///
diff --git a/src/app/components/Base/Tooltip.vue b/src/app/components/Base/Tooltip.vue
index ed01b150..80496ad0 100644
--- a/src/app/components/Base/Tooltip.vue
+++ b/src/app/components/Base/Tooltip.vue
@@ -1,14 +1,17 @@
 <template>
   <TooltipProvider>
-    <TooltipRoot>
+    <TooltipRoot :open="open" @update:open="open = $event">
       <TooltipTrigger
-        class="inline-flex h-8 w-8 items-center justify-center rounded-full text-gray-400 outline-none focus:shadow-sm focus:shadow-black"
+        class="mx-2 inline-flex h-4 w-4 items-center justify-center rounded-full text-gray-400 outline-none focus:shadow-sm focus:shadow-black"
+        as-child
       >
-        <slot />
+        <button @click="open = !open">
+          <slot />
+        </button>
       </TooltipTrigger>
       <TooltipPortal>
         <TooltipContent
-          class="select-none rounded bg-gray-600 px-3 py-2 text-sm leading-none text-white shadow-lg will-change-[transform,opacity]"
+          class="select-none whitespace-pre-line rounded bg-gray-600 px-3 py-2 text-sm leading-none text-white shadow-lg will-change-[transform,opacity]"
           :side-offset="5"
         >
           {{ text }}
@@ -21,4 +24,6 @@
 
 <script lang="ts" setup>
 defineProps<{ text: string }>();
+
+const open = ref(false);
 </script>
diff --git a/src/app/components/Form/Group.vue b/src/app/components/Form/Group.vue
index 56247f5b..83ae4299 100644
--- a/src/app/components/Form/Group.vue
+++ b/src/app/components/Form/Group.vue
@@ -1,5 +1,5 @@
 <template>
-  <section class="grid grid-cols-1 gap-4 md:grid-cols-2">
+  <section class="grid grid-cols-2 gap-4">
     <slot />
     <Separator
       decorative
diff --git a/src/app/components/Header/Logo.vue b/src/app/components/Header/Logo.vue
index 4256f8e3..05f79050 100644
--- a/src/app/components/Header/Logo.vue
+++ b/src/app/components/Header/Logo.vue
@@ -1,5 +1,5 @@
 <template>
-  <NuxtLink to="/" class="mb-4 flex-grow self-start">
+  <NuxtLink to="/" class="mb-4">
     <h1 class="text-4xl font-medium dark:text-neutral-200">
       <img
         src="/logo.png"
diff --git a/src/app/components/Header/Update.vue b/src/app/components/Header/Update.vue
index ce1e9f91..a23bb89a 100644
--- a/src/app/components/Header/Update.vue
+++ b/src/app/components/Header/Update.vue
@@ -1,6 +1,10 @@
 <template>
   <div
-    v-if="globalStore.release?.updateAvailable"
+    v-if="
+      globalStore.release?.updateAvailable &&
+      authStore.userData &&
+      hasPermissions(authStore.userData, 'admin', 'any')
+    "
     class="font-small mb-10 rounded-md bg-red-800 p-4 text-sm text-white shadow-lg dark:bg-red-100 dark:text-red-600"
     :title="`v${globalStore.release.currentRelease} → v${globalStore.release.latestRelease.version}`"
   >
@@ -23,6 +27,5 @@
 
 <script lang="ts" setup>
 const globalStore = useGlobalStore();
-
-// TODO: only show this to admins
+const authStore = useAuthStore();
 </script>
diff --git a/src/app/layouts/default.vue b/src/app/layouts/default.vue
index efa369a6..2bc05c1f 100644
--- a/src/app/layouts/default.vue
+++ b/src/app/layouts/default.vue
@@ -1,23 +1,23 @@
 <template>
   <div>
-    <header class="container mx-auto mt-4 max-w-3xl px-3 xs:mt-6 md:px-0">
+    <header class="mx-auto mt-4 flex max-w-3xl flex-col justify-center">
       <div
-        class="mb-5"
+        class="mb-5 w-full"
         :class="
           loggedIn
-            ? 'flex flex-auto flex-col-reverse items-center gap-3 xxs:flex-row'
+            ? 'flex flex-col items-center justify-between sm:flex-row'
             : 'flex justify-end'
         "
       >
         <HeaderLogo v-if="loggedIn" />
-        <div class="flex grow-0 items-center gap-3 self-end xxs:self-center">
+        <div class="flex flex-row gap-3">
           <HeaderLangSelector />
           <HeaderThemeSwitch />
           <HeaderChartToggle v-if="loggedIn" />
           <UiUserMenu v-if="loggedIn" />
         </div>
       </div>
-      <HeaderUpdate class="mt-5" />
+      <HeaderUpdate class="mt-4" />
     </header>
     <slot />
     <UiFooter />
diff --git a/src/app/layouts/setup.vue b/src/app/layouts/setup.vue
index 7e6f5dfb..717dc254 100644
--- a/src/app/layouts/setup.vue
+++ b/src/app/layouts/setup.vue
@@ -11,8 +11,8 @@
     </header>
     <main>
       <Panel>
-        <PanelBody class="mx-auto mt-10 p-4 md:w-[70%] lg:w-[60%]">
-          <h2 class="mb-16 mt-8 text-3xl font-medium">
+        <PanelBody class="m-4 mx-auto mt-10 md:w-[70%] lg:w-[60%]">
+          <h2 class="mb-16 mt-8 text-center text-3xl font-medium">
             {{ $t('setup.welcome') }}
           </h2>
 
diff --git a/src/app/pages/admin.vue b/src/app/pages/admin.vue
index b2f2f180..9cf4a4fd 100644
--- a/src/app/pages/admin.vue
+++ b/src/app/pages/admin.vue
@@ -1,8 +1,8 @@
 <template>
   <div>
     <div class="container mx-auto p-4">
-      <div class="flex">
-        <div class="mr-4 w-64 rounded-lg bg-white p-4 dark:bg-neutral-700">
+      <div class="flex flex-col gap-4 lg:flex-row">
+        <div class="rounded-lg bg-white p-4 lg:w-64 dark:bg-neutral-700">
           <NuxtLink to="/admin">
             <h2 class="mb-4 text-xl font-bold dark:text-neutral-200">
               {{ t('pages.admin.panel') }}
@@ -13,6 +13,7 @@
               v-for="(item, index) in menuItems"
               :key="index"
               :to="`/admin/${item.id}`"
+              active-class="bg-red-800 rounded"
             >
               <BaseButton
                 as="span"
@@ -27,7 +28,7 @@
         <div
           class="flex-1 rounded-lg bg-white p-6 dark:bg-neutral-700 dark:text-neutral-200"
         >
-          <h1 class="mb-6 text-3xl font-bold">{{ activeMenuItem?.name }}</h1>
+          <h1 class="mb-6 text-3xl font-bold">{{ activeMenuItem.name }}</h1>
           <NuxtPage />
         </div>
       </div>
@@ -44,13 +45,17 @@ const { t } = useI18n();
 const route = useRoute();
 
 const menuItems = [
-  { id: '', name: t('pages.admin.general') },
+  { id: 'general', name: t('pages.admin.general') },
   { id: 'config', name: t('pages.admin.config') },
   { id: 'interface', name: t('pages.admin.interface') },
   { id: 'hooks', name: t('pages.admin.hooks') },
 ];
 
+const defaultItem = { id: '', name: t('pages.admin.panel') };
+
 const activeMenuItem = computed(() => {
-  return menuItems.find((item) => route.path === `/admin/${item.id}`);
+  return (
+    menuItems.find((item) => route.path === `/admin/${item.id}`) ?? defaultItem
+  );
 });
 </script>
diff --git a/src/app/pages/admin/general.vue b/src/app/pages/admin/general.vue
new file mode 100644
index 00000000..701664e3
--- /dev/null
+++ b/src/app/pages/admin/general.vue
@@ -0,0 +1,64 @@
+<template>
+  <main v-if="data">
+    <FormElement @submit.prevent="submit">
+      <FormGroup>
+        <FormNumberField
+          id="session"
+          v-model="data.sessionTimeout"
+          :label="$t('admin.general.sessionTimeout')"
+          :description="$t('admin.general.sessionTimeoutDesc')"
+        />
+      </FormGroup>
+      <FormGroup>
+        <FormHeading>{{ $t('admin.general.metrics') }}</FormHeading>
+        <FormNullTextField
+          id="password"
+          v-model="data.metricsPassword"
+          :label="$t('admin.general.metricsPassword')"
+          :description="$t('admin.general.metricsPasswordDesc')"
+        />
+        <FormSwitchField
+          id="prometheus"
+          v-model="data.metricsPrometheus"
+          :label="$t('admin.general.prometheus')"
+          :description="$t('admin.general.prometheusDesc')"
+        />
+        <FormSwitchField
+          id="json"
+          v-model="data.metricsJson"
+          :label="$t('admin.general.json')"
+          :description="$t('admin.general.jsonDesc')"
+        />
+      </FormGroup>
+      <FormGroup>
+        <FormHeading>{{ $t('form.actions') }}</FormHeading>
+        <FormActionField type="submit" :label="$t('form.save')" />
+        <FormActionField :label="$t('form.revert')" @click="revert" />
+      </FormGroup>
+    </FormElement>
+  </main>
+</template>
+
+<script setup lang="ts">
+const { data: _data, refresh } = await useFetch(`/api/admin/general`, {
+  method: 'get',
+});
+const data = toRef(_data.value);
+
+const _submit = useSubmit(
+  `/api/admin/general`,
+  {
+    method: 'post',
+  },
+  { revert }
+);
+
+function submit() {
+  return _submit(data.value);
+}
+
+async function revert() {
+  await refresh();
+  data.value = toRef(_data.value).value;
+}
+</script>
diff --git a/src/app/pages/admin/index.vue b/src/app/pages/admin/index.vue
index 701664e3..9f69e46b 100644
--- a/src/app/pages/admin/index.vue
+++ b/src/app/pages/admin/index.vue
@@ -1,64 +1,5 @@
 <template>
-  <main v-if="data">
-    <FormElement @submit.prevent="submit">
-      <FormGroup>
-        <FormNumberField
-          id="session"
-          v-model="data.sessionTimeout"
-          :label="$t('admin.general.sessionTimeout')"
-          :description="$t('admin.general.sessionTimeoutDesc')"
-        />
-      </FormGroup>
-      <FormGroup>
-        <FormHeading>{{ $t('admin.general.metrics') }}</FormHeading>
-        <FormNullTextField
-          id="password"
-          v-model="data.metricsPassword"
-          :label="$t('admin.general.metricsPassword')"
-          :description="$t('admin.general.metricsPasswordDesc')"
-        />
-        <FormSwitchField
-          id="prometheus"
-          v-model="data.metricsPrometheus"
-          :label="$t('admin.general.prometheus')"
-          :description="$t('admin.general.prometheusDesc')"
-        />
-        <FormSwitchField
-          id="json"
-          v-model="data.metricsJson"
-          :label="$t('admin.general.json')"
-          :description="$t('admin.general.jsonDesc')"
-        />
-      </FormGroup>
-      <FormGroup>
-        <FormHeading>{{ $t('form.actions') }}</FormHeading>
-        <FormActionField type="submit" :label="$t('form.save')" />
-        <FormActionField :label="$t('form.revert')" @click="revert" />
-      </FormGroup>
-    </FormElement>
+  <main class="flex flex-col gap-3">
+    <p class="whitespace-pre-line">{{ $t('admin.introText') }}</p>
   </main>
 </template>
-
-<script setup lang="ts">
-const { data: _data, refresh } = await useFetch(`/api/admin/general`, {
-  method: 'get',
-});
-const data = toRef(_data.value);
-
-const _submit = useSubmit(
-  `/api/admin/general`,
-  {
-    method: 'post',
-  },
-  { revert }
-);
-
-function submit() {
-  return _submit(data.value);
-}
-
-async function revert() {
-  await refresh();
-  data.value = toRef(_data.value).value;
-}
-</script>
diff --git a/src/app/pages/login.vue b/src/app/pages/login.vue
index 5f45a0b9..098f2d05 100644
--- a/src/app/pages/login.vue
+++ b/src/app/pages/login.vue
@@ -54,6 +54,9 @@
 </template>
 
 <script setup lang="ts">
+const authStore = useAuthStore();
+authStore.update();
+
 const authenticating = ref(false);
 const remember = ref(false);
 const username = ref<null | string>(null);
diff --git a/src/app/pages/setup/1.vue b/src/app/pages/setup/1.vue
index af0fd2b5..8bb5a063 100644
--- a/src/app/pages/setup/1.vue
+++ b/src/app/pages/setup/1.vue
@@ -1,9 +1,9 @@
 <template>
-  <div>
-    <p class="px-8 pt-8 text-center text-2xl">
+  <div class="flex flex-col items-center">
+    <p class="px-8 text-center text-2xl">
       {{ $t('setup.welcomeDesc') }}
     </p>
-    <NuxtLink to="/setup/2">
+    <NuxtLink to="/setup/2" class="mt-8">
       <BaseButton as="span">{{ $t('general.continue') }}</BaseButton>
     </NuxtLink>
   </div>
diff --git a/src/app/pages/setup/2.vue b/src/app/pages/setup/2.vue
index a3807550..9b6a1b4a 100644
--- a/src/app/pages/setup/2.vue
+++ b/src/app/pages/setup/2.vue
@@ -1,9 +1,9 @@
 <template>
   <div>
-    <p class="p-8 text-center text-lg">
+    <p class="text-center text-lg">
       {{ $t('setup.createAdminDesc') }}
     </p>
-    <div class="flex flex-col gap-3">
+    <div class="mt-8 flex flex-col gap-3">
       <div class="flex flex-col">
         <FormNullTextField
           id="username"
@@ -28,7 +28,7 @@
           :label="$t('general.confirmPassword')"
         />
       </div>
-      <div>
+      <div class="mt-4 flex justify-center">
         <BaseButton @click="submit">{{ $t('setup.createAccount') }}</BaseButton>
       </div>
     </div>
diff --git a/src/app/pages/setup/3.vue b/src/app/pages/setup/3.vue
index a6bb8bf5..2b4312e7 100644
--- a/src/app/pages/setup/3.vue
+++ b/src/app/pages/setup/3.vue
@@ -1,14 +1,18 @@
 <template>
   <div>
-    <p class="p-8 text-center text-lg">
+    <p class="text-center text-lg">
       {{ $t('setup.existingSetup') }}
     </p>
-    <div class="mb-8 flex justify-center">
-      <NuxtLink to="/setup/4">
-        <BaseButton as="span">{{ $t('general.no') }}</BaseButton>
+    <div class="mt-4 flex justify-center gap-3">
+      <NuxtLink to="/setup/4" class="w-20">
+        <BaseButton as="span" class="w-full justify-center">
+          {{ $t('general.no') }}
+        </BaseButton>
       </NuxtLink>
-      <NuxtLink to="/setup/migrate">
-        <BaseButton as="span">{{ $t('general.yes') }}</BaseButton>
+      <NuxtLink to="/setup/migrate" class="w-20">
+        <BaseButton as="span" class="w-full justify-center">
+          {{ $t('general.yes') }}
+        </BaseButton>
       </NuxtLink>
     </div>
   </div>
diff --git a/src/app/pages/setup/4.vue b/src/app/pages/setup/4.vue
index 6163b1e3..594dc16b 100644
--- a/src/app/pages/setup/4.vue
+++ b/src/app/pages/setup/4.vue
@@ -1,21 +1,27 @@
 <template>
   <div>
-    <p class="p-8 text-center text-lg">
+    <p class="text-center text-lg">
       {{ $t('setup.setupConfigDesc') }}
     </p>
-    <div class="flex flex-col gap-3">
+    <div class="mt-8 flex flex-col gap-3">
       <div class="flex flex-col">
         <FormNullTextField
           id="host"
           v-model="host"
           :label="$t('general.host')"
           placeholder="vpn.example.com"
+          :description="$t('setup.hostDesc')"
         />
       </div>
       <div class="flex flex-col">
-        <FormNumberField id="port" v-model="port" :label="$t('general.port')" />
+        <FormNumberField
+          id="port"
+          v-model="port"
+          :label="$t('general.port')"
+          :description="$t('setup.portDesc')"
+        />
       </div>
-      <div>
+      <div class="mt-4 flex justify-center">
         <BaseButton @click="submit">{{ $t('general.continue') }}</BaseButton>
       </div>
     </div>
diff --git a/src/app/pages/setup/migrate.vue b/src/app/pages/setup/migrate.vue
index a1185bbd..95e0fa24 100644
--- a/src/app/pages/setup/migrate.vue
+++ b/src/app/pages/setup/migrate.vue
@@ -1,13 +1,15 @@
 <template>
-  <div>
-    <p class="p-8 text-center text-lg">
+  <div class="flex flex-col items-center">
+    <p class="text-center text-lg">
       {{ $t('setup.setupMigrationDesc') }}
     </p>
-    <div>
+    <div class="mt-8 flex gap-3">
       <Label for="migration">{{ $t('setup.migration') }}</Label>
       <input id="migration" type="file" @change="onChangeFile" />
     </div>
-    <BaseButton @click="submit">{{ $t('setup.upload') }}</BaseButton>
+    <div class="mt-4">
+      <BaseButton @click="submit">{{ $t('setup.upload') }}</BaseButton>
+    </div>
   </div>
 </template>
 
diff --git a/src/app/pages/setup/success.vue b/src/app/pages/setup/success.vue
index 7fa8fd05..8792fe9f 100644
--- a/src/app/pages/setup/success.vue
+++ b/src/app/pages/setup/success.vue
@@ -1,7 +1,7 @@
 <template>
-  <div>
+  <div class="flex flex-col items-center">
     <p>{{ $t('setup.successful') }}</p>
-    <NuxtLink to="/login">
+    <NuxtLink to="/login" class="mt-4">
       <BaseButton as="span">{{ $t('login.signIn') }}</BaseButton>
     </NuxtLink>
   </div>
diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json
index 52bcc586..a4203365 100644
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@@ -35,16 +35,18 @@
     "confirmPassword": "Confirm Password"
   },
   "setup": {
-    "welcome": "Welcome to your first setup of wg-easy !",
-    "welcomeDesc": "You have found the easiest way to install and manage WireGuard on any Linux host!",
+    "welcome": "Welcome to your first setup of wg-easy",
+    "welcomeDesc": "You have found the easiest way to install and manage WireGuard on any Linux host",
     "existingSetup": "Do you have an existing setup?",
     "createAdminDesc": "Please first enter an admin username and a strong secure password. This information will be used to log in to your administration panel.",
     "setupConfigDesc": "Please enter the host and port information. This will be used for the client configuration when setting up WireGuard on their devices.",
     "setupMigrationDesc": "Please provide the backup file if you want to migrate your data from your previous wg-easy version to your new setup.",
     "upload": "Upload",
-    "migration": "Restore the backup",
+    "migration": "Restore the backup:",
     "createAccount": "Create Account",
-    "successful": "Setup successful"
+    "successful": "Setup successful",
+    "hostDesc": "Public hostname clients will connect to",
+    "portDesc": "Public UDP port clients will connect to and WireGuard will listen on"
   },
   "update": {
     "updateAvailable": "There is an update available!",
@@ -141,7 +143,7 @@
     "config": {
       "connection": "Connection",
       "hostDesc": "Public hostname clients will connect to (invalidates config)",
-      "portDesc": "Public UDP port clients will connect to (invalidates config)",
+      "portDesc": "Public UDP port clients will connect to (invalidates config, you probably want to change Interface Port too)",
       "allowedIpsDesc": "Allowed IPs clients will use (global config)",
       "dnsDesc": "DNS server clients will use (global config)",
       "mtuDesc": "MTU clients will use (only for new clients)",
@@ -153,9 +155,10 @@
       "device": "Device",
       "deviceDesc": "Ethernet device the wireguard traffic should be forwarded through",
       "mtuDesc": "MTU WireGuard will use",
-      "portDesc": "UDP Port WireGuard will listen on (could invalidate config)",
+      "portDesc": "UDP Port WireGuard will listen on (you probably want to change Config Port too)",
       "changeCidr": "Change CIDR"
-    }
+    },
+    "introText": "Welcome to the admin panel.\n\nHere you can manage the general settings, the configuration, the interface settings and the hooks.\n\nStart by choosing one of the sections in the sidebar."
   },
   "zod": {
     "generic": {
diff --git a/src/nuxt.config.ts b/src/nuxt.config.ts
index 78b5973f..a91578d2 100644
--- a/src/nuxt.config.ts
+++ b/src/nuxt.config.ts
@@ -28,7 +28,9 @@ export default defineNuxtConfig({
     },
     locales: [
       {
+        // same as i18n.config.ts
         code: 'en',
+        // BCP 47 language tag
         language: 'en-US',
         name: 'English',
       },
diff --git a/src/server/api/session.get.ts b/src/server/api/session.get.ts
index e86b6845..a16ef0fb 100644
--- a/src/server/api/session.get.ts
+++ b/src/server/api/session.get.ts
@@ -2,11 +2,10 @@ export default defineEventHandler(async (event) => {
   const session = await useWGSession(event);
 
   if (!session.data.userId) {
-    throw createError({
-      statusCode: 401,
-      statusMessage: 'Not logged in',
-    });
+    // not logged in
+    return null;
   }
+
   const user = await Database.users.get(session.data.userId);
   if (!user) {
     throw createError({
diff --git a/src/server/database/repositories/userConfig/service.ts b/src/server/database/repositories/userConfig/service.ts
index 6f4e2d40..4004d60e 100644
--- a/src/server/database/repositories/userConfig/service.ts
+++ b/src/server/database/repositories/userConfig/service.ts
@@ -1,6 +1,7 @@
 import { eq, sql } from 'drizzle-orm';
 import { userConfig } from './schema';
 import type { UserConfigUpdateType } from './types';
+import { wgInterface } from '#db/schema';
 import type { DBType } from '#db/sqlite';
 
 function createPreparedStatement(db: DBType) {
@@ -8,14 +9,6 @@ function createPreparedStatement(db: DBType) {
     get: db.query.userConfig
       .findFirst({ where: eq(userConfig.id, sql.placeholder('interface')) })
       .prepare(),
-    updateHostPort: db
-      .update(userConfig)
-      .set({
-        host: sql.placeholder('host') as never as string,
-        port: sql.placeholder('port') as never as number,
-      })
-      .where(eq(userConfig.id, sql.placeholder('interface')))
-      .prepare(),
   };
 }
 
@@ -38,11 +31,26 @@ export class UserConfigService {
     return userConfig;
   }
 
+  // TODO: wrap ipv6 host in square brackets
+
+  /**
+   * sets host of user config
+   *
+   * sets port of user config and interface
+   */
   updateHostPort(host: string, port: number) {
-    return this.#statements.updateHostPort.execute({
-      interface: 'wg0',
-      host,
-      port,
+    return this.#db.transaction(async (tx) => {
+      await tx
+        .update(userConfig)
+        .set({ host, port })
+        .where(eq(userConfig.id, 'wg0'))
+        .execute();
+
+      await tx
+        .update(wgInterface)
+        .set({ port })
+        .where(eq(wgInterface.name, 'wg0'))
+        .execute();
     });
   }
 
diff --git a/src/server/database/sqlite.ts b/src/server/database/sqlite.ts
index c1062e4c..dbfade9b 100644
--- a/src/server/database/sqlite.ts
+++ b/src/server/database/sqlite.ts
@@ -19,7 +19,13 @@ const db = drizzle({ client, schema });
 
 export async function connect() {
   await migrate();
-  return new DBService(db);
+  const dbService = new DBService(db);
+
+  if (WG_INITIAL_ENV.ENABLED) {
+    await initialSetup(dbService);
+  }
+
+  return dbService;
 }
 
 class DBService {
@@ -58,3 +64,47 @@ async function migrate() {
     }
   }
 }
+
+async function initialSetup(db: DBServiceType) {
+  const setup = await db.general.getSetupStep();
+
+  if (setup.done) {
+    DB_DEBUG('Setup already done. Skiping initial setup.');
+    return;
+  }
+
+  if (WG_INITIAL_ENV.IPV4_CIDR && WG_INITIAL_ENV.IPV6_CIDR) {
+    DB_DEBUG('Setting initial CIDR...');
+    await db.interfaces.updateCidr({
+      ipv4Cidr: WG_INITIAL_ENV.IPV4_CIDR,
+      ipv6Cidr: WG_INITIAL_ENV.IPV6_CIDR,
+    });
+  }
+
+  if (WG_INITIAL_ENV.DNS) {
+    DB_DEBUG('Setting initial DNS...');
+    const userConfig = await db.userConfigs.get();
+    await db.userConfigs.update({
+      ...userConfig,
+      defaultDns: WG_INITIAL_ENV.DNS,
+    });
+  }
+
+  if (
+    WG_INITIAL_ENV.USERNAME &&
+    WG_INITIAL_ENV.PASSWORD &&
+    WG_INITIAL_ENV.HOST &&
+    WG_INITIAL_ENV.PORT
+  ) {
+    DB_DEBUG('Creating initial user...');
+    await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD);
+
+    DB_DEBUG('Setting initial host and port...');
+    await db.userConfigs.updateHostPort(
+      WG_INITIAL_ENV.HOST,
+      WG_INITIAL_ENV.PORT
+    );
+
+    await db.general.setSetupStep(0);
+  }
+}
diff --git a/src/server/utils/config.ts b/src/server/utils/config.ts
index fb656fc1..f6e89242 100644
--- a/src/server/utils/config.ts
+++ b/src/server/utils/config.ts
@@ -19,6 +19,19 @@ export const WG_ENV = {
   PORT: assertEnv('PORT'),
 };
 
+export const WG_INITIAL_ENV = {
+  ENABLED: process.env.INIT_ENABLED === 'true',
+  USERNAME: process.env.INIT_USERNAME,
+  PASSWORD: process.env.INIT_PASSWORD,
+  DNS: process.env.INIT_DNS?.split(',').map((x) => x.trim()),
+  IPV4_CIDR: process.env.INIT_IPV4_CIDR,
+  IPV6_CIDR: process.env.INIT_IPV6_CIDR,
+  HOST: process.env.INIT_HOST,
+  PORT: process.env.INIT_PORT
+    ? Number.parseInt(process.env.INIT_PORT, 10)
+    : undefined,
+};
+
 function assertEnv<T extends string>(env: T) {
   const val = process.env[env];