diff --git a/nixos/mirai/services.nix b/nixos/mirai/services.nix
index 41d6e875..d3a1947f 100644
--- a/nixos/mirai/services.nix
+++ b/nixos/mirai/services.nix
@@ -7,16 +7,35 @@
   environment.systemPackages = with pkgs; [
     factorio-headless
   ];
-  # sops = {
-  #   secrets = {
-  #     "authelia/darksailor" = {};
-  #   };
-  # };
+  sops = {
+    secrets = {
+      "authelia/darksailor/jwtSecret" = {
+        owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
+      };
+      "authelia/darksailor/storageEncryptionSecret" = {
+        owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
+      };
+    };
+  };
   services = {
     authelia = {
-      darksailor = {
+      instances.darksailor = {
         enable = true;
-        # user =
+        settings = {
+          # server = {
+          #   address = "unix:///run/authelia/authelia.sock";
+          # };
+          # session.domain = "auth.darksailor.dev";
+          access_control = {
+            rules = {
+            };
+          };
+          storage = "local";
+        };
+        secrets = {
+          jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
+          storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
+        };
       };
     };
     tailscale = {
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index efd349b2..015bb4f3 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -2,6 +2,10 @@ nextcloud:
     adminpass: ENC[AES256_GCM,data:v9WXJ3Ig5NcWd+02P8VnaNkMy2yfEQ==,iv:LfS0avmRZfjdqjNE69h7L90ePzzdmtP57X+0U1vAMvs=,tag:Dq90tfGAUyqzTW3oM96IRg==,type:str]
 llama:
     user: ENC[AES256_GCM,data:qWbhnc/XLotWzqbEa6ekuMe5kD/GwC9SW8omXvgWqCG1BPPCOI3DtlS4YqKxsIhYmw8MQw+4DPnaWHqjrbIsVSrQ79M=,iv:VeqkKb1N9NSKfuilG6dzYdha8cO4JqJ+YUzmkjrPU+0=,tag:SYwR1oU6VWzNoCBPsMg0uQ==,type:str]
+authelia:
+    darksailor:
+        jwtSecret: ENC[AES256_GCM,data:7xRxh+1DkA+CRtgbdnfQWM205DZnkhX7VvUw9Xf6sPn1TpxU6wKTVA==,iv:82Z59P2ZZAMj8bHUvWfMsIRZDdLBXOmCkLq82m6ZbRo=,tag:DwwuUs4jva4gZRhgrIdRyg==,type:str]
+        storageEncryptionSecret: ENC[AES256_GCM,data:s6BtWvvF+kWmejlWCFbfl382L9hsAIItz7BvWD3mA2s3qVUV0pl92WrOS6d3gXqrRqnSy9djhk3pqmHH,iv:ChUd8CqcFvXRlCRXWOqd5U55Yn4UXImG3jJDz+kTa6s=,tag:uPnAZjI+O6kFjzZWbmFzKQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -17,8 +21,8 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-22T09:40:57Z"
-    mac: ENC[AES256_GCM,data:Y8D5L9EjuXw5tKx4RE8Kk+upfrp1Rq+KSL86enpuftLIxiAodedBAbxEqPO4vQshtUAorjj6AT1QF97L+OtfyKxVsicxar04beERe3xSNub71wrHAJ7sLSfB03ybpkZDEkmm8zpjEFoqFBg4HoMXLj3bNvaUQwrJ5lRs6XpCKOM=,iv:Hfuan61vWdTqblfGu+H/sBfw5x8Vxsg3MN4eNCPE1+M=,tag:3TEmXLqLitzPjLEMEN5l4g==,type:str]
+    lastmodified: "2024-11-22T12:28:32Z"
+    mac: ENC[AES256_GCM,data:0aEEjxPmDhiBz0IaptZqBjCD8yrSSYnhmiF81qD8KqhpvOfFyx9QvAhcfJKi5ZC5eECDyu0pt95VLzCdJqD11DqGu9CcQBV2Y23i4qgbPoognV0q1KZ4AJpuViGUqFQt2QW/ESNgjVRnmOteoaOkvB3K9EWr0Jt8eXMfoOE3lMw=,iv:P/Bcbpbq0mMNm6qHPWnT2gq7fn4xirDifJdHHrDidmU=,tag:P8eHjW6oHvBzz1fcxmnEIA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1