diff --git a/nixos/mirai/services/gitea.nix b/nixos/mirai/services/gitea.nix
index d1c62367..3e2d223f 100644
--- a/nixos/mirai/services/gitea.nix
+++ b/nixos/mirai/services/gitea.nix
@@ -13,8 +13,26 @@
     };
     caddy = {
       virtualHosts."git.darksailor.dev".extraConfig = ''
+        forward_auth localhost:5555 {
+            uri /api/authz/forward-auth
+            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+        }
         reverse_proxy localhost:3000
       '';
     };
+    authelia = {
+      instances.darksailor = {
+        settings = {
+          access_control = {
+            rules = [
+              {
+                domain = "git.darksailor.dev";
+                policy = "one_factor";
+              }
+            ];
+          };
+        };
+      };
+    };
   };
 }