diff --git a/vingo/dev.env b/vingo/dev.env
index 89f05e6..af6ed66 100644
--- a/vingo/dev.env
+++ b/vingo/dev.env
@@ -1 +1,7 @@
 DEBUG_LOGIN="TRUE"
+DEVELOPMENT="TRUE"
+
+POSTGRES_CONNECTION_STRING="postgres://postgres:zess@host.docker.internal/zess?sslmode=disable"
+ZAUTH_URL="https://zauth.zeus.gent/"
+ZAUTH_CALLBACK_PATH="http://localhost:4000/api/auth/callback"
+FRONTEND_URL="http://localhost:5173/"
diff --git a/vingo/src/main.rs b/vingo/src/main.rs
index 41c1370..73950cf 100644
--- a/vingo/src/main.rs
+++ b/vingo/src/main.rs
@@ -2,7 +2,10 @@ mod entities;
 mod middleware;
 mod routes;
 
-use std::{env, sync::Arc};
+use std::{
+    env,
+    sync::{Arc, LazyLock},
+};
 
 use chrono::Local;
 use routes::{auth, cards, days, leaderboard, scans, seasons, settings};
@@ -23,7 +26,9 @@ use tower_sessions::{cookie::SameSite, MemoryStore, SessionManagerLayer};
 
 use migration::{Migrator, MigratorTrait};
 
-const DB_URL: &str = "postgres://postgres:zess@host.docker.internal/zess?sslmode=disable";
+const DB_URL: LazyLock<String> = LazyLock::new(|| {
+    env::var("POSTGRES_CONNECTION_STRING").expect("POSTGRES_CONNECTION_STRING not present")
+});
 
 #[derive(Clone, Debug)]
 struct AppState {
@@ -49,7 +54,7 @@ async fn main() {
         .with_same_site(SameSite::Lax)
         .with_http_only(false);
 
-    let db = Database::connect(DB_URL).await.unwrap();
+    let db = Database::connect(DB_URL.to_string()).await.unwrap();
     Migrator::up(&db, None).await.unwrap();
 
     let registering_state = RegisterState {
@@ -70,7 +75,9 @@ async fn main() {
         .layer(TraceLayer::new_for_http())
         .with_state(state);
 
-    if env::var("DEVELOPMENT").unwrap_or("".into()) != "TRUE" {
+    if env::var("DEVELOPMENT").unwrap_or("".into()) == "TRUE" {
+        println!("yay we are developing")
+    } else {
         app = app.fallback_service(
             ServeDir::new("public").not_found_service(ServeFile::new("public/index.html")),
         );
diff --git a/vingo/src/routes/auth.rs b/vingo/src/routes/auth.rs
index 20244ee..cfadf57 100644
--- a/vingo/src/routes/auth.rs
+++ b/vingo/src/routes/auth.rs
@@ -1,3 +1,6 @@
+use std::env;
+use std::sync::LazyLock;
+
 use axum::extract::{Query, State};
 use axum::response::Redirect;
 use axum::Json;
@@ -16,9 +19,12 @@ use crate::AppState;
 use super::util::errors::{ResponseResult, ResultAndLogError};
 use super::util::session::{get_user, SessionKeys};
 
-const ZAUTH_URL: &str = "https://zauth.zeus.gent";
-const CALLBACK_URL: &str = "http://localhost:4000/api/auth/callback";
-const FRONTEND_URL: &str = "http://localhost:5173";
+const ZAUTH_URL: LazyLock<String> =
+    LazyLock::new(|| env::var("ZAUTH_URL").expect("ZAUTH_URL not present"));
+const CALLBACK_URL: LazyLock<String> =
+    LazyLock::new(|| env::var("ZAUTH_CALLBACK_PATH").expect("ZAUTH_CALLBACK_PATH not present"));
+const FRONTEND_URL: LazyLock<String> =
+    LazyLock::new(|| env::var("FRONTEND_URL").expect("FRONTEND_URL not present"));
 
 pub async fn current_user(session: Session) -> ResponseResult<Json<Model>> {
     let user = get_user(&session).await?;
@@ -33,7 +39,9 @@ pub async fn login(session: Session) -> ResponseResult<Redirect> {
         "failed to insert state in session",
     ))?;
     // redirect to zauth to authenticate
-    Ok(Redirect::to(&format!("{ZAUTH_URL}/oauth/authorize?client_id=tomtest&response_type=code&state={state}&redirect_uri={CALLBACK_URL}")))
+    let zauth_url = ZAUTH_URL.to_string();
+    let callback_url = CALLBACK_URL.to_string();
+    Ok(Redirect::to(&format!("{zauth_url}/oauth/authorize?client_id=tomtest&response_type=code&state={state}&redirect_uri={callback_url}")))
 }
 
 pub async fn logout(session: Session) -> ResponseResult<Json<bool>> {
@@ -74,16 +82,18 @@ pub async fn callback(
         return Err((StatusCode::UNAUTHORIZED, "state does not match"));
     }
 
+    let callback_url = CALLBACK_URL.to_string();
     let client = reqwest::Client::new();
     let form = [
         ("grant_type", "authorization_code"),
         ("code", &params.code),
-        ("redirect_uri", CALLBACK_URL),
+        ("redirect_uri", &callback_url),
     ];
 
+    let zauth_url = ZAUTH_URL.to_string();
     // get token from zauth with code
     let token = client
-        .post(&format!("{ZAUTH_URL}/oauth/token"))
+        .post(&format!("{zauth_url}/oauth/token"))
         .basic_auth("tomtest", Some("blargh"))
         .form(&form)
         .send()
@@ -100,7 +110,7 @@ pub async fn callback(
 
     // get user info from zauth
     let zauth_user = client
-        .get(format!("{ZAUTH_URL}/current_user"))
+        .get(format!("{zauth_url}/current_user"))
         .header("Authorization", "Bearer ".to_owned() + &token.access_token)
         .send()
         .await
@@ -141,5 +151,6 @@ pub async fn callback(
             "failed to insert user in session",
         ))?;
 
-    Ok(Redirect::to(FRONTEND_URL))
+    let frontend_url = FRONTEND_URL.to_string();
+    Ok(Redirect::to(&frontend_url))
 }