diff --git a/deploy.sh b/deploy.sh
index 84024df..8dbb703 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -25,6 +25,12 @@ export lix_version="0.9.41"
 
 export systemuser="onfoss"
 export letsencryptemail="jarno@jarno.ca"
+export systempassword="$(< /dev/urandom tr -dc a-z | head -c${1:-8};echo;)"
+
+# Store the randomly generated password. This is used for the web interface
+# as well as for admin access for the game servers
+echo "$systempassword" > /etc/gameserverpassword
+chmod go= /etc/gameserverpassword
 
 # Install what we need
 apt update -y && apt full-upgrade -y
@@ -67,3 +73,6 @@ cp console2web/console2web.py /usr/bin/console2web
 # Deploy web interface stuff
 "$(dirname "$0")"/scripts/deploy_monitoring.sh
 "$(dirname "$0")"/scripts/deploy_webserver.sh
+
+echo
+echo "Installation complete. Password is ${systempassword}"
diff --git a/scripts/deploy_bzflag.sh b/scripts/deploy_bzflag.sh
index 63a8968..e390b2d 100755
--- a/scripts/deploy_bzflag.sh
+++ b/scripts/deploy_bzflag.sh
@@ -30,7 +30,7 @@ Description=BZFlag server
 After=network.target
 
 [Service]
-ExecStart=/usr/games/bzfs -ms 5 -j -t +r +f SW +f SB{2} +f GM +f ST{3} -d -d -d
+ExecStart=/usr/games/bzfs -ms 5 -j -t +r +f SW +f SB{2} +f GM +f ST{3} -d -d -d -passwd "${systempassword}"
 Restart=on-failure
 User=${systemuser}
 
diff --git a/scripts/deploy_openspades.sh b/scripts/deploy_openspades.sh
index b64fc26..fa6ca19 100755
--- a/scripts/deploy_openspades.sh
+++ b/scripts/deploy_openspades.sh
@@ -15,7 +15,7 @@ source /opt/openspades/env/bin/activate
 pip install -U piqueserver
 pip install "twisted<21.0.0" # Twisted 22 removed getPage that piqueserver depends on for 1.0.0
 sudo -u ${systemuser} /opt/openspades/env/bin/piqueserver --copy-config
-sudo -u ${systemuser} sed -i ${systemuserhome}/.config/piqueserver/config.toml -e s/"piqueserver instance"/"onFOSS"/
+sudo -u ${systemuser} sed -i ${systemuserhome}/.config/piqueserver/config.toml -e s/"piqueserver instance"/"onFOSS"/ -e s/"#admin = \[\"adminpass1\", \"adminpass2\"\]"/"admin = \[\"${systempassword}\"\]"/
 deactivate
 
 cat > /etc/systemd/system/openspades.service <<EOF
diff --git a/scripts/deploy_supertuxkart.sh b/scripts/deploy_supertuxkart.sh
index eaf329a..8495421 100755
--- a/scripts/deploy_supertuxkart.sh
+++ b/scripts/deploy_supertuxkart.sh
@@ -12,7 +12,6 @@ stk_dir="/opt/SuperTuxKart-${stk_version}"
 mkdir -p ${stk_dir}
 curl --location "https://github.com/supertuxkart/stk-code/releases/download/${stk_version}/SuperTuxKart-${stk_version}-linux-64bit.tar.xz" | tar --extract --xz --no-same-owner --strip-components=1 --directory=${stk_dir}
 ln -s ${stk_dir}/bin/supertuxkart /usr/games/supertuxkart
-curl --location "https://owncloud.hribhrib.at/index.php/s/nXJ8nhewqfTElsx/download" > /etc/supertuxkart.xml
 
 # Add firewall rules
 firewall-cmd --zone=public --add-port=2757/udp --permanent
diff --git a/scripts/deploy_webserver.sh b/scripts/deploy_webserver.sh
index ff5d3ce..418661f 100755
--- a/scripts/deploy_webserver.sh
+++ b/scripts/deploy_webserver.sh
@@ -38,10 +38,15 @@ patch --ignore-whitespace /etc/nginx/sites-available/default <<EOF
  # Default server configuration
  #
  server {
-@@ -121,6 +126,34 @@
+@@ -121,6 +126,39 @@
                 try_files \$uri \$uri/ =404;
         }
 
++        location ^~ /admin {
++                auth_basic “Restricted”;
++                auth_basic_user_file /etc/nginx/htpasswd;
++        }
++
 +        location /mindustry {
 +            proxy_pass http://localhost:62548/;
 +            proxy_http_version 1.1;
@@ -75,4 +80,8 @@ patch --ignore-whitespace /etc/nginx/sites-available/default <<EOF
         #location ~ \\.php\$ {
 EOF
 
+# Store password
+echo -n "${systemuser}:" > /etc/nginx/htpasswd
+echo "bcrypt.hashpw('${systempassword}'.encode('utf8'),bcrypt.gensalt(rounds=10))" | python3 >> /etc/nginx/htpasswd
+
 systemctl restart nginx