diff --git a/hosts/architect/bazarr.nix b/hosts/architect/bazarr.nix
index 4586da8..85d0179 100644
--- a/hosts/architect/bazarr.nix
+++ b/hosts/architect/bazarr.nix
@@ -12,10 +12,10 @@ in
   architect.vhost.${domain} = with config.architect.networks; {
     dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
     locations."/" = {
+      allowLan = true;
       port = 6767;
-      deny = [ lan.devices.router.address ];
+      
       allow = [
-        lan.net
         wireguard.net
         tailscale.net
       ];
diff --git a/hosts/architect/prowlarr.nix b/hosts/architect/prowlarr.nix
index ad5b8e8..2fff070 100644
--- a/hosts/architect/prowlarr.nix
+++ b/hosts/architect/prowlarr.nix
@@ -2,41 +2,18 @@
 
 let
   domain = "htpro.giugl.io";
-  
-  utilities = import ./utilities.nix { inherit lib config; };
-  inherit (utilities) architectInterfaceAddress;
 in
 {
-  services = {
-    prowlarr.enable = true;
+  services.prowlarr.enable = true;
 
-    nginx.virtualHosts.${domain} = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:9696";
-        extraConfig = ''
-          allow ${config.architect.networks.lan.net};
-          allow ${config.architect.networks.tailscale.net};
-          deny all;
-        '';
-      };
+  architect.vhost.${domain} = {
+    dnsInterfaces = [ "tailscale" "wireguard" ];
 
-      #      locations."/api" = {
-      #        proxyPass = "http://127.0.0.1:9696/prowlarr/api";
-      #      };
-      #
-      #      locations."/Content" = {
-      #        proxyPass = "http://127.0.0.1:9696/prowlarr/Content";
-      #      };
+    locations."/" = {
+      port = 9696;
+      allowLan = true;
     };
   };
-  
-  networking.extraHosts = ''
-    ${architectInterfaceAddress "lan"} ${domain}
-    ${architectInterfaceAddress "wireguard"} ${domain}
-    ${architectInterfaceAddress "tailscale"} ${domain}
-  '';
 
   users.groups.media.members = [ "prowlarr" ];
 }
diff --git a/hosts/architect/radarr.nix b/hosts/architect/radarr.nix
index 39b4ff7..46491cd 100644
--- a/hosts/architect/radarr.nix
+++ b/hosts/architect/radarr.nix
@@ -10,12 +10,12 @@ in
   };
 
   architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
+    dnsInterfaces = [ "wireguard" "tailscale" ];
     locations."/" = {
       port = 7878;
-      deny = [ lan.devices.router.address ];
+      allowLan = true;
+
       allow = [
-        lan.net
         wireguard.net
         tailscale.net
       ];