diff --git a/hosts/architect/lidarr.nix b/hosts/architect/lidarr.nix
index 9f9183d..c07fed5 100644
--- a/hosts/architect/lidarr.nix
+++ b/hosts/architect/lidarr.nix
@@ -3,6 +3,7 @@
 let
   domain = "htlid.giugl.io";
   network = import ./network.nix;
+  auth_block = (import ./openid.nix).openresty_oidc_block;
 in {
   services = {
     lidarr = {
@@ -15,12 +16,12 @@ in {
       enableACME = true;
       locations."/" = {
         proxyPass = "http://localhost:8686";
-        extraConfig = ''
-          allow 10.0.0.0/24;
-          ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
-          deny all;
-          deny 10.0.0.1;
-        '';
+        extraConfig = auth_block {
+          realm = "master";
+          client_id = "lidarr";
+          client_secret = "7s4dd1SEi84F4fUFsqRaQmSSucZhyTco";
+          redirect_uri = "https://${domain}";
+        };
       };
     };
   };
diff --git a/hosts/architect/sonarr.nix b/hosts/architect/sonarr.nix
index 2776fbe..5bccd50 100644
--- a/hosts/architect/sonarr.nix
+++ b/hosts/architect/sonarr.nix
@@ -3,6 +3,7 @@
 let
   domain = "htson.giugl.io";
   network = import ./network.nix;
+  auth_block = (import ./openid.nix).openresty_oidc_block;
 in {
   services = {
     sonarr = {
@@ -15,11 +16,12 @@ in {
       enableACME = true;
       locations."/" = {
         proxyPass = "http://localhost:8989";
-        extraConfig = ''
-          allow 10.0.0.0/24;
-          ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
-          deny all;
-        '';
+        extraConfig = auth_block {
+          realm = "master";
+          client_id = "sonarr";
+          client_secret = "d36ehMSPCI3xLfOGNcnSUKZWQblyGumi";
+          redirect_uri = "https://${domain}";
+        };
       };
     };
   };