diff --git a/docs/services/firezone.md b/docs/services/firezone.md
index 3b3e574..707313f 100644
--- a/docs/services/firezone.md
+++ b/docs/services/firezone.md
@@ -1,15 +1,20 @@
 # Firezone
 
-[Firezone](https://www.firezone.dev/) is a self-hosted VPN server with Web UI that this playbook can install using the ansible role [moan0s/role-firezone](https://github.com/moan0s/role-firezone).
+[Firezone](https://www.firezone.dev/) is a self-hosted VPN server (based on [WireGuard](https://en.wikipedia.org/wiki/WireGuard)) with Web UI that this playbook can install, powered by the [moan0s/role-firezone](https://github.com/moan0s/role-firezone) Ansible role.
 
-To enable Firezone add the following to your `vars.yml`:
+## Configuration
+
+To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
 
 ```yaml
-##############
-## FIREZONE ##
-##############
+########################################################################
+#                                                                      #
+# firezone                                                             #
+#                                                                      #
+########################################################################
 
 firezone_enabled: true
+
 firezone_hostname: vpn.example.org
 
 firezone_default_admin_email: "user@invalid.org"
@@ -17,20 +22,28 @@ firezone_default_admin_password: "<securepassword>"
 
 # Generate this with `openssl rand -base64 32`
 firezone_database_encryption_key: "<secret>"
+
+########################################################################
+#                                                                      #
+# /firezone                                                            #
+#                                                                      #
+########################################################################
 ```
 
-Use `just run-tags firezone-create-or-reset-admin` to create the configured
-admin account or reset the password to the password set in `vars.yml`.
+After installation, you can use `just run-tags firezone-create-or-reset-admin` any time to:
+- create the configured admin account
+- or, reset the password to the current password configured in `vars.yml`
 
 ### Networking
 
 By default, the following ports will be exposed by the container on **all network interfaces**:
 
-- `51820` over **UDP**, controlled by `firezone_wireguard_bind_port` - used for your wireguard connections
+- `51820` over **UDP**, controlled by `firezone_wireguard_bind_port` - used for [Wireguard](https://en.wikipedia.org/wiki/WireGuard) connections
 
 Docker automatically opens these ports in the server's firewall, so you **likely don't need to do anything**. If you use another firewall in front of the server, you may need to adjust it.
 
 ### Usage
 
-After you started the service you can login at vpn.example.org with the credentials set in `firezone_default_admin_email/password`.
-After that refer to the [official documentation](https://www.firezone.dev/docs/user-guides/add-devices/) to add devices and more.
+After [installing](../installing.md), you can login at the URL specified in `firezone_hostname`, with the credentials set in `firezone_default_admin_email` and `firezone_default_admin_password`.
+
+Refer to the [official documentation](https://www.firezone.dev/docs/user-guides/add-devices/) to figure out how to add devices, etc.