diff --git a/hosts/architect/jellyfin.nix b/hosts/architect/jellyfin.nix
index a9cc29f..61956d3 100644
--- a/hosts/architect/jellyfin.nix
+++ b/hosts/architect/jellyfin.nix
@@ -19,7 +19,7 @@ in
     nginx.virtualHosts.${domain} = {
       forceSSL = true;
       enableACME = true;
-      extraConfig = auth_block { access_role = "jellyfin"; } +
+      extraConfig = auth_block { access_role = "jellyfin"; whitelisted_ips = [ network.giuliopc-wg ]; } +
         ''
           # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
           #add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";