diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml
index e85e909..5e26878 100644
--- a/ccp/docker-compose.yml
+++ b/ccp/docker-compose.yml
@@ -52,12 +52,6 @@ services:
       - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro
       - /srv/docker/bridgehead/ccp/root.crt.pem:/conf/root.crt.pem:ro
 
-  traefik:
-    labels:
-      - "traefik.http.middlewares.oidcAuth.forwardAuth.address=http://oauth2_proxy:4180/"
-      - "traefik.http.middlewares.oidcAuth.forwardAuth.trustForwardHeader=true"
-      - "traefik.http.middlewares.oidcAuth.forwardAuth.authResponseHeaders=X-Auth-Request-Access-Token,Authorization"
-
 
 volumes:
   blaze-data:
diff --git a/ccp/modules/datashield-compose.yml b/ccp/modules/datashield-compose.yml
index 19a5e35..48f5276 100644
--- a/ccp/modules/datashield-compose.yml
+++ b/ccp/modules/datashield-compose.yml
@@ -99,6 +99,10 @@ services:
       - rstudio
 
   traefik:
+    labels:
+      - "traefik.http.middlewares.oidcAuth.forwardAuth.address=http://oauth2_proxy:4180/"
+      - "traefik.http.middlewares.oidcAuth.forwardAuth.trustForwardHeader=true"
+      - "traefik.http.middlewares.oidcAuth.forwardAuth.authResponseHeaders=X-Auth-Request-Access-Token,Authorization"
     networks:
       - default
       - rstudio
diff --git a/ccp/modules/datashield-setup.sh b/ccp/modules/datashield-setup.sh
index 858d31f..7674ecf 100644
--- a/ccp/modules/datashield-setup.sh
+++ b/ccp/modules/datashield-setup.sh
@@ -1,6 +1,9 @@
 #!/bin/bash -e
 
 if [ "$ENABLE_DATASHIELD" == true ]; then
+  # HACK: This only works because exporter-setup.sh and teiler-setup.sh are sourced after datashield-setup.sh
+  ENABLE_EXPORTER=true
+  ENABLE_TEILER=true
   log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
   OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
   EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"
diff --git a/ccp/modules/teiler-setup.sh b/ccp/modules/teiler-setup.sh
index 1e97079..cc561d5 100644
--- a/ccp/modules/teiler-setup.sh
+++ b/ccp/modules/teiler-setup.sh
@@ -3,5 +3,7 @@
 if [ "$ENABLE_TEILER" == true ];then
   log INFO "Teiler setup detected -- will start Teiler services."
   OVERRIDE+=" -f ./$PROJECT/modules/teiler-compose.yml"
+  DEFAULT_LANGUAGE=DE
+  DEFAULT_LANGUAGE_LOWER_CASE=${DEFAULT_LANGUAGE,,}
   add_public_oidc_redirect_url "/ccp-teiler/*"
 fi
diff --git a/ccp/vars b/ccp/vars
index c1e9887..33f3e26 100644
--- a/ccp/vars
+++ b/ccp/vars
@@ -7,11 +7,6 @@ SUPPORT_EMAIL=support-ccp@dkfz-heidelberg.de
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 
 BROKER_URL_FOR_PREREQ=$BROKER_URL
-DEFAULT_LANGUAGE=DE
-DEFAULT_LANGUAGE_LOWER_CASE=${DEFAULT_LANGUAGE,,}
-ENABLE_EXPORTER=true
-ENABLE_TEILER=true
-#ENABLE_DATASHIELD=true
 
 OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
 OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
diff --git a/lib/functions.sh b/lib/functions.sh
index cc2f3ec..0e44a7f 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -133,11 +133,11 @@ fixPermissions() {
 	CHOWN=$(which chown)
 	sudo $CHOWN -R bridgehead /etc/bridgehead /srv/docker/bridgehead
 	if [ -d "/tmp/bridgehead" ]; then # Used by datashield
-		sudo chown -R bridgehead:docker "/tmp/bridgehead"
-    fi
+		sudo $CHOWN -R bridgehead:docker "/tmp/bridgehead"
+	fi
 	if [ -d "/var/cache/bridgehead" ]; then # Used by the teiler
-		sudo chown -R bridgehead:docker "/var/cache/bridgehead"
-    fi
+		sudo $CHOWN -R bridgehead:docker "/var/cache/bridgehead"
+	fi
 }
 
 source lib/monitoring.sh