diff --git a/hosts/architect/bazarr.nix b/hosts/architect/bazarr.nix
index 2e68e67..706ef3b 100644
--- a/hosts/architect/bazarr.nix
+++ b/hosts/architect/bazarr.nix
@@ -3,6 +3,7 @@
 let
   domain = "htbaz.giugl.io";
   network = import ./network.nix;
+  auth_block = (import ./openid.nix).openresty_oidc_block;
 in {
   services = {
     bazarr = {
@@ -15,11 +16,12 @@ in {
       enableACME = true;
       locations."/" = {
         proxyPass = "http://localhost:6767";
-        extraConfig = ''
-          allow 10.0.0.0/24;
-          ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
-          deny all;
-        '';
+        extraConfig = auth_block {
+          realm = "master";
+          client_id = "bazarr";
+          client_secret = "OPn4Mmto2m3dDPji1cjPfHy9W55M9JFq";
+          redirect_uri = "https://${domain}";
+        };
       };
     };
   };